05-30-2019 03:11 AM
05-30-2019 03:11 AM
We are trying to enable delegation for scheduling Teams meetings via Outlook. I am able to schedule a Skype meeting as a delegate but not a Teams meeting - I get the error “Sorry, but we can’t connect to the server right now. Please try again later”.
The slight complication is that Exchange is still on-prem in a hybrid environment.
Does anyone one know how to get Teams meeting delegation working please?
06-25-2019 12:52 PM
Did you get this working, we are having the same luck with Teams and calendar delegation with a Hybrid Exchange solution.
07-05-2019 05:43 AM
@EB_Rich Yes we now have it working. We had to set up oAuth and it then started working.
We did then see some problems with individual users not being able to do this - it turned out that their UPN and primary email address didn't match. Setting these to be the same resolved the problem for those users too.
03-19-2020 01:22 PM - edited 03-19-2020 01:41 PM
i am having the same problem. I have delegate access on my test users account but cannot open their calendar from my account, right click their calendar, and create a teams meeting. I get this every time i try.
With the transition from skype to teams, people are expecting that it will work the same as it does for a skype for business meeting and are dissapointed it does not. This is the only result in search engines for this problem currently. Since everyone is massively deploying teams because of covid, i am sure others will have this problem. Will post back when i find a solution for it. We are hybrid exchange as well well but have no mailboxes in the cloud really as we have not migrated over yet.
You mentioned oauth needing to be enabled, and i think we have that, becuase when i run the following it reports success:
Test-OAuthConnectivity -Service EWS -TargetUri https://outlook.office365.com/ews/exchange.asmx -Mailbox <On-Premises Mailbox> -Verbose | Format-List
(are you kidding, there is no POWERSHELL code option on these forums? garbage...)
03-23-2020 03:53 PM
experiencing the same issue here. Works ok if just setting up a normal Teams meeting via Outlook, but the moment you try to do it on behalf of someone, boo...
same environment as you, exchange hybrid and OAuth setup.
Any chance your side found a solution?
03-24-2020 11:02 AM
hi there, i just spent a few hours on the phone with microsoft and they say that mailboxes need to be in ofice365 to make this happen. I am not sure i 100% believe that this is the case, but that is what they are saying right now. They recommended anyone with the issue vote on the uservoice website in order to get some engineer to look at it.
Hopefully someone else can find a work around while we wait engineering teams fix.
I will hopefully get some time to test this with some test exchange online users. We are planning to move to exchange online soon, and its all setup to do so, just management is holding off for now.
04-06-2020 04:32 PM
ITs planned but not implemented yet.
04-27-2020 09:03 AM
There are two things we needed to do in order to get this working. First we had to enable OAuth for Exchange Online as detailed here: https://docs.microsoft.com/en-us/microsoftteams/exchange-teams-interact Then we had to do steps 2 and 3 from this article: https://docs.microsoft.com/en-us/skypeforbusiness/deploy/integrate-with-exchange-server/oauth-with-o...
We're running Exchange 2016 CU16 on premise with Exchange Online and a hybrid connector.
04-27-2020 09:52 AM - edited 04-27-2020 09:54 AM
Hi David, this is some interesting news for this topic :)
Can you elaborate on your exact environment (Azure AD Connect config, Hybrid Wizard config,..) a bit?
I have the same problem and also still fighting with the calendar sync from on-premise mailboxes to teams calender without any hope in sight.
I configured Azure AD Connect with Exchange hybrid option, Hybrid Wizrad with Full classic, Exchange 2016 CU 10, configured OAuth manually and it was working for exact 1 day. Since then nothing is syncing anymore and user delegation is also requested more and more from our customers within teams.
I went through your links again and will test delegation tomorrow, maybe this is working now at least :)
04-27-2020 10:08 AM
@Julian12 Hi Julian. I'm running Azure Ad Connect with pass through authentication. All of our user, group and device objects are replicated to AZAD. Like you, our hybrid is full classic. Our mailboxes are 100% on prem. We did get a flurry of authentication messages immediately after enabling modern authentication but that's settled down nicely. In setting up the modern authentication I did find (via Fiddler trace) that one SPN wasn't registered in Azure. We were missing https://owa.<domain>/ We had all the /EWS, /MAPI, /OAB but found we needed just the base URL too. Today, with regard to the delegation problem, I found that creating the partner app for Skype For Business was the "secret sauce" to enable the delegation. That's steps 2 and 3 from the second linked article.
04-27-2020 12:02 PM
Hey so this is very promising that you got it work.
I have run steps 1-4 from this guide:
Seems like we are creating a user and then just dumping from exhange and then uploading to o365 a certificate.
However when i go to upload the certificate by script (step5), i get the following error:
Import-Module : The specified module 'msonlineextended' was not loaded because no valid module file was found in any module directory
And when i looked it up, the module appears to have been depreciated.
I installed the binary for "Microsoft Online Services Sign-In Assistant for IT Professionals RTW" (date on the binary was 2014) which apparently contains that module. To no effect.
I believe i have to do that last step to make this work, if it does.
i guess i should also mention that we just depreciated skype for business. And that this whole thing is for teams. But i will assume that just because it says "s4b" everywhere does not preclude it from working. I know there is some integration between the two programs.
Another interesting thing, is the error message has changed now when i try and put a meeting as a delegate on an owners calendar. I am not sure if this is the recent thing i have changed or what. I now get the following message displayed:
04-27-2020 12:08 PM
I think you only need to implement steps 2 and 3, the following actions are not necessary.
Also this article seems very old, this powershell module doens't exist anymore and you don't need it anyways, all commands exist already in the msonline module.
I guess you tried with restarting teams and maybe rebooting your machine?
04-27-2020 12:49 PM
actually you are correct. when i go to verify that the certificate has been installed, it has been.
Get-MsolServicePrincipalCredential -AppPrincipalId 00000004-0000-0ff1-ce00-000000000000
So i guess it just complained about the one command but executed the rest of them.
and it WORKS! but not on my test machine. Another machine, it totally does. Figures.
So in summary, i ran the following commands to get this to work. I am not sure if uploading the certificate helped at all, someone can confirm if it works without it. here are the commands that i ran on my on prem exchange server:
$user = New-MailUser -Name SfBOnline-ApplicationAccount -ExternalEmailAddress SfBOnline-ApplicationAccount@DOMAIN.ca -DomainController dc1.DOMAIN.ca Set-MailUser -Identity $user.Identity -HiddenFromAddressListsEnabled $True -DomainController dc1.DOMAIN.ca New-ManagementRoleAssignment -Role UserApplication -User $user.Identity -DomainController dc1.DOMAIN.ca New-ManagementRoleAssignment -Role ArchiveApplication -User $user.Identity -DomainController dc1.DOMAIN.ca New-PartnerApplication -Name SfBOnline -ApplicationIdentifier 00000004-0000-0ff1-ce00-000000000000 -Enabled $True -LinkedAccount $user.Identity
replacing domain.ca with your domain and dc1.domain.ca with your domain controller.
i think the problem i was having with my test machine was because i had another setting i was testing applied to it via gpo, to do with registering machines in azure AD, which hasn't quite worked right yet. Im going to reimage the machine and try it, but i emailed my executive assistants to get them to try as well and will edit this when they do.
05-13-2020 02:37 PM
And update, it does work. Need to have the mailbox owner give "delegate" permissions on the mailbox.
Otherwise you get "looks like you don't have permission to schedule meetings for this account. talk to the owner to get permission and try again"
So now how do i give a mailbox this permission via command line? we are talking about executives mailboxes here, so i would prefer to do it behind the scenes. will post back if i do find the command. Seems like the delegate permissions that work are as follows:
05-14-2020 08:49 AM
05-14-2020 09:05 AM
the -sharingpermissionflags delegate command only works on office365. Not on prem 2016. does it work in 2019? for me the command does not exist
06-04-2020 05:19 AM
As many of the posts below state this works. The one thing that moreteamsfeatures points out later on in this tread is that you have to have a delegate set on the account. It is not enough to have full access permissions to the mailbox or just editor right on a calendar. Thanks again for posting this.
07-14-2020 10:13 AM
Microsoft contacted me and solved a problem.
The 365 Outlook Client allows a Teams meeting to be created from a delegated user. However, some premises need to be met. Below are the premises: