10-15-2018 02:52 PM
10-15-2018 02:52 PM
So, I have had a few support tickets open for a couple weeks now, and one that I opened late last week as we have a percentage of users that cannot access using Outlook desktop.
The gist of our issues is that mailboxes cant be found / accessed depending on the method used to access it. For example:
Global Admin accounts can do a get-mailbox, but get-mailboxRegionalConfiguration fails, as does get-mailboxAutoReplyConfiguration. These state that the mailbox with guid … can't be accessed because of outdated information.
Some end users, as I said above, are not able to access their mailboxes in Outlook Desktop. Others are not able to use ActiveSync in addition. Outlook on the Web seems to be unaffected.
We recently had trouble where service accounts mysteriously lost permissions / roles to be able to access Exchange Online via EWS.
Working with support, it was mentioned that they think this has to do with global admin accounts being in a different region, and therefore in a different forest, thus the trouble. But I honestly don't know what this actually means.
There have been some reported advisories and incidents in our Service Health dashboard, but all are marked as resolved at this point, and we are still in the same boat.
Sorry if this is still vague, but does what I describe above resonate with anyone here? Any advice would be tremendously appreciated!
10-15-2018 03:11 PM - edited 10-15-2018 03:14 PM
I mean it's a stretch, but did you guys setup MFA at all on your accounts? MFA will cause Outlook desktop to stop working if you don't enable Modern Authentication.
It's possible the multi region stuff doesn't like having modern auth off as well. Check your tenant and make sure you guys use Modern Auth?
Get-OrganizationConfig | Format-Table -Auto Name,OAuth*
Other things I believe changed recently are some old TLS no longer being supported recently could have hit and causing issue? I dunno just tossing a few idea's out.
10-15-2018 04:26 PM
I have MFA enabled on my account, but not the rest as of yet. The output of the command you suggested is OAuthClientProfileEnabled is False.
Thanks for the suggestion. We are a small org, so only a few hundred users... not sure what the whole multiregion thing is as we are 100% stateside... unless its referring to different regions within the US...?
10-15-2018 05:58 PM
11-08-2018 06:02 AM
So this is happening again.
After 4-5 days it was resolved last time... apparently "a recent update cased the issue"... not really sure what it was, but our users were not able to use Outlook desktop or mobile, EAS, etc. Outlook on the Web was the only functioning email client.
So, it started again yesterday just after midnight, so we are entering our second day with an increasing count of users who cannot use Outlook desktop or mobile, EAS, etc. Again - Outlook on the Web is the only functional means of accessing email for a growing number of users.
Anyone have any thoughts? I really wish I could actually talk to someone in support who is not an "ambassador"...
11-08-2018 06:43 AM
11-08-2018 06:55 AM
Thanks for responding to this thread once again :)
So, I opened a ticket yesterday. I got an initial phone call and then ran RCAT, SARA, provided some results and that was it. It is just generally difficult to coordinate with them - when dealing with internal support needs and users, and then trying to be available for whatever time you get a call back from MSFT support, etc. I wish that I was affected by the service issue so I could run whatever they need from my laptop... instead of being asked to get an affected users' machine to do stuff on... oh - and I need their password for the tests, and its not like we have loaner systems to give out to folks...
Meh. Sorry. :)
Its just being the middle man feels quite helpless.