Account locking from microsoft IPs.

Copper Contributor

in our hybrid exchange an user is constantly locking for long. After checking logs I see it's locking on our on-prem servers. When I dig up exchange IIS logs it's locking with EAS ending with error code 401. I asked user to uninstall outlook/teams on mobile just to reproduce issue but that didn't help. I also disable ActiveSync for this user and that also didn't help. Checking logs further it seems those failed connections coming from Microsoft IPs. What else I can check. 


See the IPs in the end of each line............



Sample log from IIS logs ... 




2 Replies

Hi @jaysheezzy,

it looks that the account lockouts are coming from unsuccessful authentication attempts originating from Microsoft IPs.

To try to solve this issue, try following these troubleshooting steps:

  1. Authentication Credentials Check:
    Verify that the request contains accurate authentication credentials.
  2. Username and Password Verification:
    Ensure correctness of the provided username and password.
  3. IP Address Filter Examination:
    If an IP address filter is in place, confirm that the connection is coming from an approved IP address.
  4. API Key Validation: Check the validity and expiration status of your API key.
  5. SPN Presence Check: If the Service Principal Name (SPN) is absent, use the Exchange Management Shell command Get-IntraOrganizationConfiguration to inspect OnPremisesDiscoveryEndPoint and OnPremisesWebServiceEndPoint.

401 Access denied when running Test-OAuthConnectivity - Exchange | Microsoft Learn

Hybrid Exchange causing account lockouts - Microsoft Community

401 Access denied when running Test-OAuthConnectivity - Exchange | Microsoft Learn

Please click Mark as Best Response & Like if my post helped you to solve your issue.
This will help others to find the correct solution easily. It also closes the item.

If the post was useful in other ways, please consider giving it Like.

Kindest regards,

Leon Pavesic

Hi Leon

Thanks for reply.

I tested OAuthConnectivity for impacted and that succeeded.

ResultType : Success
Identity : Microsoft.Exchange.Security.OAuth.ValidationResultNodeId
IsValid : True
ObjectState : New

Other than that, I tried to check Get-IntraOrganizationConfiguration

But there's no any values for OnPremisesDiscoveryEndPoint and OnPremisesWebServiceEndPoint.
it's blank.

OnlineDiscoveryEndpoint : Has value
OnlineTargetAddress : Has value
OnPremiseTargetAddresses : Has value
OnPremiseDiscoveryEndpoint :
OnPremiseWebServiceEndpoint :
DeploymentIsCompleteIOCReady :
HasNonIOCReadyExchangeCASServerVersions :
HasNonIOCReadyExchangeMailboxServerVersions :

User mailbox was on-prem where 90% users are using exchange online. I migrated this to exchange online but that didn't make any difference.