Jun 29 2020 07:11 AM
Migrating users from Exchange 2010 to O365. Clients are using Outlook 2016 MSI install. After a successful migration, Outlook goes into the "disconnected" state and doesn't prompt for O365 credentials. HOWEVER, if I go into control panel and create a new profile it sets right up with the O365 account but here is the CRAZY part. After I create that new profile, I don't need to use it. I just launch the old profile and it connects to O365 not problem. Of course the new profile works as well. When it is in the disconnected state prior to creating the new profile, if I do an autodiscover test from the systray it works just fine and finds the O365 mailbox. Tried rebooting and disabling add-ins.
Some other things you might ask about...
Jun 29 2020 12:47 PM
That is an odd one. I would have immediately suggested autodiscover as the issue if you hadn't succeeded with the systray test.
Maybe try running the Support and Recovery Assistant on one of the affected machines to see if that;
A). Sheds anymore light on the issue.
B). Corrects the problem without you having to create the separate new profile.
You can find the SARA tool at https://www.microsoft.com/en-us/download/100607
Jun 29 2020 12:54 PM
Thanks Peter,
SARA is a good idea and I'll give it a shot but I really need to get to the root cause of the problem because this was a small pilot of about 10 users and I'm going to need to migrate another 500 or so for this organization so I need to figure out something proactive. I know as a last resort I can push a GPO and force a rebuild of the profile if I need to but what's the fun of doing a hybrid migration if you can't keep your old profile. I'll let you know what SARA tells me. In the mean time I'm setting up a test so I can do some Fidler traces when the client comes up and can't figure out what to do...maybe that will show something. It almost seems like the client isn't in the mood to do autodiscover until you poke at the config with a new profile.
Jun 29 2020 01:59 PM - edited Jun 29 2020 02:25 PM
Solution@Rob Axelrod Hello, not in my comfort zone here but I've heard of an almost identical issue before where they disabled MFA (temporarily) to get it to work.
If that's not the case maybe this is applicable
Jun 29 2020 10:56 PM
@Rob Axelrod Yes I agree that for that many migrations you need a resolution, not a workaround ideally.
Did this happen on every one of the pilot migrations?
@ChristianBergstrom As ever my friend, some very useful ideas. With modern authentication enabled, MFA should not be an issue, but you just never know.
Jun 30 2020 05:38 AM
Thanks for your tips!
You first inclination was 100% correct.
Jun 30 2020 07:29 AM
@Rob Axelrod Hey Rod! Glad to hear that the solution worked for you! But I can't say I know what's going on as the "456 authentication error" should indicate that MFA is enabled for your account while modern authentication is not enabled in EXO. Perhaps open a MS ticket as you said all those settings are OK.
@PeterRising Any idea?
Jun 30 2020 07:35 AM
Jun 30 2020 07:39 AM
@Rob Axelrod Great! Would you mind sharing the response when you get it? Thanks!
Jun 30 2020 09:19 AM
@Rob Axelrod I have no idea which particular CA policy setting might be at fault I'm afraid. Definitely one for MS ticket. As @ChristianBergstrom says, I'd be interested to hear the outcome as well.
Mar 27 2021 12:44 PM
@Rob Axelrod I'm also interested in knowing Ms's response to your ticket. I am doing a migration and I have encountered the same problem. Thanks.
Jun 29 2020 01:59 PM - edited Jun 29 2020 02:25 PM
Solution@Rob Axelrod Hello, not in my comfort zone here but I've heard of an almost identical issue before where they disabled MFA (temporarily) to get it to work.
If that's not the case maybe this is applicable