Forum Discussion
Question on Issues with Exchange Online
So, I have had a few support tickets open for a couple weeks now, and one that I opened late last week as we have a percentage of users that cannot access using Outlook desktop.
The gist of our issues is that mailboxes cant be found / accessed depending on the method used to access it. For example:
Global Admin accounts can do a get-mailbox, but get-mailboxRegionalConfiguration fails, as does get-mailboxAutoReplyConfiguration. These state that the mailbox with guid … can't be accessed because of outdated information.
Some end users, as I said above, are not able to access their mailboxes in Outlook Desktop. Others are not able to use ActiveSync in addition. Outlook on the Web seems to be unaffected.
We recently had trouble where service accounts mysteriously lost permissions / roles to be able to access Exchange Online via EWS.
Working with support, it was mentioned that they think this has to do with global admin accounts being in a different region, and therefore in a different forest, thus the trouble. But I honestly don't know what this actually means.
There have been some reported advisories and incidents in our Service Health dashboard, but all are marked as resolved at this point, and we are still in the same boat.
Sorry if this is still vague, but does what I describe above resonate with anyone here? Any advice would be tremendously appreciated!
I mean it's a stretch, but did you guys setup MFA at all on your accounts? MFA will cause Outlook desktop to stop working if you don't enable Modern Authentication.
It's possible the multi region stuff doesn't like having modern auth off as well. Check your tenant and make sure you guys use Modern Auth?
Get-OrganizationConfig | Format-Table -Auto Name,OAuth*Other things I believe changed recently are some old TLS no longer being supported recently could have hit and causing issue? I dunno just tossing a few idea's out.
- David LevineCopper Contributor
Hi Chris,
I have MFA enabled on my account, but not the rest as of yet. The output of the command you suggested is OAuthClientProfileEnabled is False.
Thanks for the suggestion. We are a small org, so only a few hundred users... not sure what the whole multiregion thing is as we are 100% stateside... unless its referring to different regions within the US...?
Thanks!
- Oh you said different regions I was thinking the whole different data centers etc. I really think you should try enabling modern auth to support the newer auth methods it should be true. I can find how to enable but quick google search will show you how. And do it for Skype for B at same time. There really isn’t any side effects other than a possible password prompt. Worth a shot and you need it for future state anyway and is recommended to use.
Unless you have old versions of office etc. you’ll need to research that part.
- David LevineCopper Contributor
So this is happening again.
After 4-5 days it was resolved last time... apparently "a recent update cased the issue"... not really sure what it was, but our users were not able to use Outlook desktop or mobile, EAS, etc. Outlook on the Web was the only functioning email client.
So, it started again yesterday just after midnight, so we are entering our second day with an increasing count of users who cannot use Outlook desktop or mobile, EAS, etc. Again - Outlook on the Web is the only functional means of accessing email for a growing number of users.
Anyone have any thoughts? I really wish I could actually talk to someone in support who is not an "ambassador"...
:(
- You can, go to your office 365 admin center under support tab, and submit a new request. You should be able to get in touch with Support that should be able to assist.
- David LevineCopper Contributor
Hi Chris,
Thanks for responding to this thread once again :)
So, I opened a ticket yesterday. I got an initial phone call and then ran RCAT, SARA, provided some results and that was it. It is just generally difficult to coordinate with them - when dealing with internal support needs and users, and then trying to be available for whatever time you get a call back from MSFT support, etc. I wish that I was affected by the service issue so I could run whatever they need from my laptop... instead of being asked to get an affected users' machine to do stuff on... oh - and I need their password for the tests, and its not like we have loaner systems to give out to folks...
Meh. Sorry. :)
Its just being the middle man feels quite helpless.