Teams Calendar App: Nightmare


Summary

1    introduction    4

2    Technical Articles    4

3    OnPremiseConfiguration    5

Exchange server version    5

3.1    Installed program on the Exchange server    5

3.2    Teams version    5

3.3    Get-OrganizationConfig | Select-Object Ews*    5

3.4    Get-CasMailbox jbon@cloudmenow.net | Select-Object Ews*    6

3.5    On Premise Autodiscover and Web Service test    6

3.6    Get-SharingPolicy    7

3.7    Test-OutlookWebServices -identity jbon@cloudmenow.net -MailboxCredential $C [OK]    8

3.8    Test-OAuthConnectivity -Service EWS -TargetUri https://outlook.office365.com/ews/exchange.asmx -Mailbox jbon@cloudmenow.net [OK]    8

3.9    Test-OAuthConnectivity -Service EWS -TargetUri https://exwebservices.cloudmenow.net/metadata/json/1 -Mailbox CloudMailboxUser@cloudmelater.online -Verbose | Format-List [NONE OK]    8

3.10    Invoke-RestMethod [OK]    11

3.11    Test-Federationtrust [OK]    11

3.12    Get-WebserviceVirtualDirectory -server EX1-SRv-01 | fl *auth* [OK]    12

3.13    Get-authserver [OK]    12

3.13.1    Microsoft ACS    12

3.13.2    EVOSTS    13

3.14    Get-partnerApplication [OK]    14

3.15    Get-ADUser -Identity jbon -properties *    14

3.16    Set-Virtual directory Configuration    16

4    Online configuration    17

4.1    Get-OrganizationConfig | Select-Object Ews*    17

4.2    Teams calendar APP enabled    17

4.3    Get-Sharingpolicy    18

4.4    Get-federation Information    18

4.5    Get-OrganizationRelationship    18

4.6    Get-mailuser -identity « jean Bon »    18

4.7    Get-MsolServicePrincipal -AppPrincipalId 00000002-0000-0ff1-ce00-000000000000 | select -ExpandProperty ServicePrincipalNames    21

4.8    Autodiscover Request in IIS WSC1    21

4.9    get-msoluser -UserPrincipalName jbon@cloudmenow.net | fl    22

4.10    Get-CsOnlineUser -Identity jbon@cloudmenow.net | fl    24

5    Tests    26

5.1    Test Calendar    26

5.2    Autodiscover Test    27

5.3    Free BusyTEst    29

5.4    Calendar Tab    30

5.5    Free Busy Test with other EWS configuration    31

6    Analysis    31

7    Actions    33

7.1    28 Jun 2021    33

7.1.1    Set-OrganizationConfig    33

7.1.2    Rerun the HCW    34

7.2    01/07/2021    35

7.3    02/07/2021    36

7.3.1    Comparing configuration    36

7.3.2    Get-MsolServicePrincipal -AppPrincipalId 00000002-0000-0ff1-ce00-000000000000 | select -ExpandProperty ServicePrincipalNames    39

8    Annexes    42

8.1    Log Test-OAuthConnectivity -Service EWS -TargetUri https://exwebservices.cloudmenow.net/metadata/json/1    42

 

This article in PDF here : https://1drv.ms/b/s!AlKfEdbwpIS_iPw3i076hzW3Ivov8A?e=N8X4O2

 

  1. introduction

    Well, it’s been more than three days now that I’ve been trying to make it work so that a Teams client can display the calendar of an On premise mailbox. After more than 35 hours of work on a simplistic environment (no load balancer, no reverse proxy, only one Exchange server etc..) no way. The configuration has been reviewed dozens of times, we have changed and re-changed some settings, nothing happens. Online users can’t access on Premise calendars, and Teams is unable to retrieve the calendar from an on Premise mailbox.

    You will find below the configuration used

  2. Technical Articles

    https://support.microsoft.com/en-us/topic/how-to-troubleshoot-free-busy-issues-in-a-hybrid-deployment-of-on-premises-exchange-server-and-exchange-online-in-office-365-ae03e199-b439-a84f-8db6-11bc0d7fbdf0

    https://docs.microsoft.com/en-us/microsoftteams/troubleshoot/exchange-integration/teams-exchange-interaction-issue

    https://techcommunity.microsoft.com/t5/exchange-team-blog/demystifying-hybrid-free-busy-finding-errors-and-troubleshooting/ba-p/607727

    https://docs.microsoft.com/en-us/exchange/configure-oauth-authentication-between-exchange-and-exchange-online-organizations-exchange-2013-help

    https://techcommunity.microsoft.com/t5/exchange-team-blog/announcing-hybrid-modern-authentication-for-exchange-on-premises/ba-p/607476

    https://www.kpcs.cz/cs/novinky/blog/exchange-hybrid-a-microsoft-teams.html

     

  3. OnPremiseConfiguration

    Exchange server version

  4. Installed program on the Exchange server

  5. Teams version

  6. Get-OrganizationConfig | Select-Object Ews*

  7. Get-CasMailbox jbon@cloudmenow.net | Select-Object Ews*

  8. On Premise Autodiscover and Web Service test

  9. Get-SharingPolicy

    If the free/busy problem persists, make sure that the sharing policies in the on-premises Exchange Server environment and in Exchange Online match. To determine this, run the following command in the Exchange Management Shell, and then note the value in the Domains field in the results:

  10. Test-OutlookWebServices -identity jbon@cloudmenow.net -MailboxCredential $C [OK]

  11. Test-OAuthConnectivity -Service EWS -TargetUri https://outlook.office365.com/ews/exchange.asmx -Mailbox jbon@cloudmenow.net [OK]

     

  12. Test-OAuthConnectivity -Service EWS -TargetUri https://exwebservices.cloudmenow.net/metadata/json/1 -Mailbox CloudMailboxUser@cloudmelater.online -Verbose | Format-List [NONE OK]

     

     

    RunspaceId : 0536bca5-4975-4e68-b865-1ed0e16326d5

    Task : Checking EWS API Call Under Oauth

    Detail : The configuration was last successfully loaded at 1/1/0001 12:00:00 AM UTC. This was 1062674647 minutes ago.

    The token cache is being cleared because « use cached token » was set to false.

    Exchange Outbound Oauth Log:

    Client request ID: 1ab7109f-ce1d-4dd0-b36e-2f95ae35037f

    Information:[OAuthCredentials:Authenticate] entering

    Information:[OAuthCredentials:Authenticate] challenge from ‘https://exwebservices.cloudmenow.net/ews/Exchange.asmx’ received: Bearer client_id= »00000002-0000-0ff1-ce00-000000000000″,

    trusted_issuers= »00000001-0000-0000-c000-000000000000@41de3d62-e522-457d-af39-e4a9ecf064f8″, token_types= »app_asserted_user_v1 service_asserted_app_v1″,Basic realm= »exwebservices.cloudmenow.net »,Negotiate,NTLM

    Information:[OAuthCredentials:GetToken] client-id: ‘00000002-0000-0ff1-ce00-000000000000’, realm:  », trusted_issuer: ‘00000001-0000-0000-c000-000000000000@41de3d62-e522-457d-af39-e4a9ecf064f8’

    Information:[OAuthCredentials:GetToken] Start building a token using organizationId ’41de3d62-e522-457d-af39-e4a9ecf064f8′

    Information:[OAuthCredentials:GetToken] Start building a token using adUser

    Information:[OAuthTokenBuilder:GetAppToken] start building the apptoken

    Information:[OAuthTokenBuilder:GetAppToken] checking enabled auth servers

    Information:[OAuthTokenBuilder:GetAppToken] trusted_issuer includes the auth server ‘MicrosoftSts’: 00000001-0000-0000-c000-000000000000@*,

    Information:[OAuthTokenBuilder:GetAppToken] trying to get the apptoken from the auth server ‘MicrosoftSts’ for resource

    ‘00000002-0000-0ff1-ce00-000000000000/exwebservices.cloudmenow.net@41de3d62-e522-457d-af39-e4a9ecf064f8′, tenantId ’41de3d62-e522-457d-af39-e4a9ecf064f8’, userDomain ‘cloudmelater.online’

    Information:[TokenCache:GetActorToken] Each key and its counts are L:00000002-0000-0ff1-ce00-000000000000-AS:00000001-0000-0000-c000-000000000000@*, 0

    Information:[TokenCache:GetActorToken] cache size is 0

    Information:[TokenCache:GetActorToken] try to get a new token synchronously

    Information:[ACSTokenBuildRequest:BuildToken] started

    Information:[TokenBuildRequest:GetActorTokenFromAuthServer] Sending token request to ‘https://accounts.accesscontrol.windows.net/tokens/OAuth/2’ for the resource

    ‘00000002-0000-0ff1-ce00-000000000000/exwebservices.cloudmenow.net@41de3d62-e522-457d-af39-e4a9ecf064f8’ with token: grant_type=http%3a%2f%2foauth.net%2fgrant_type%2fjwt%2f1.0%2fbearer&assertion=eyJhbGciOiJSUzI1NiIsImtpZCI

    6IjkzMUU5MjNBMDVEODI5Nzk3ODBGNDAxM0I0M0E4QTc0REQ0QTUxRDEiLCJ0eXAiOiJKV1QiLCJ4NWMiOiJNSUlHNERDQ0JjaWdBd0lCQWdJVGZ3Q01lVjNwd3ZBVy9tWXArZ0FDQUl4NVhUQU5CZ2txaGtpRzl3MEJBUXNGQURCRU1STXdFUVlLQ1pJbWlaUHlMR1FCR1JZRFIwSk1NUk13RVFZS

    0NaSW1pWlB5TEdRQkdSWURRVTFGTVJnd0ZnWURWUVFERXc5QlRVVWdTVzVtY21FZ1EwRWdNREl3SGhjTk1qRXdNekExTURneE5ESTVXaGNOTWpJd01qSTRNRGd4TkRJNVdqQXFNU2d3SmdZRFZRUURFeDlsYzNSelkyeHBaVzUwTG1OdmNtVmhkWFJvTG05MWRHeHZiMnN1WTI5dE1JSUJJakFOQmd

    rcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBMDlUWlJrNDFNU3dJWjVobEZna01jYm1KRmkycjdPVzlKZ29uTTFmYnUxUy9aNnZBMklhZXFBVURaWVpOQ21iVzdpdDhHend0VjQrVlVMQkU3QXh0ck1VMk9YU2hjWHk4Q1ZBYmNoRDc3VE9xU0xkMjM1ZVZFM1BzTnJFa3ZGcUNPNlliV

    FNGK1FRWHh6Z0pwd0FDTDNJSEdjUHMyVnJZS09vRkoyNjN3bUpwWUJ1bzFKMmhZK0VVQ0ZXcU9YQnVWNmJQRFM2RHFvSzlJMi82YXJMUTNtTEkzQ0NTVk9TV2NnTmhnU1FuaUxISzcxSi9hb1ExN2FhQ0hFRWY0WFJKMEk4ZnhkU3hJcTJsdmhoODlENXBmMlVqdjBZM0VRQ1BidHdNS1VmUzc3N0h

    1cE8xaU5xbVRoVk1XWm9zQ2FOMWFHcXdSWnhUcVpIRlE2OG9lU043MzJRSURBUUFCbzRJRDR6Q0NBOTh3SndZSkt3WUJCQUdDTnhVS0JCb3dHREFLQmdnckJnRUZCUWNEQVRBS0JnZ3JCZ0VGQlFjREFqQTlCZ2tyQmdFRUFZSTNGUWNFTURBdUJpWXJCZ0VFQVlJM0ZRaUdrT01OaE5XMGVJVHhpe

    jZGbTkwV3pwMFNnV0NDOWZZcmcvTFJJQUlCWkFJQkNqQ0NBZG9HQ0NzR0FRVUZCd0VCQklJQnpEQ0NBY2d3WmdZSUt3WUJCUVVITUFLR1dtaDBkSEE2THk5amNtd3ViV2xqY205emIyWjBMbU52YlM5d2EybHBibVp5WVM5RFpYSjBjeTlDVERKUVMwbEpUbFJEUVRBeExrRk5SUzVIUWt4ZlFVMUZ

    KVEl3U1c1bWNtRWxNakJEUVNVeU1EQXlLRElwTG1OeWREQldCZ2dyQmdFRkJRY3dBb1pLYUhSMGNEb3ZMMk55YkRFdVlXMWxMbWRpYkM5aGFXRXZRa3d5VUV0SlNVNVVRMEV3TVM1QlRVVXVSMEpNWDBGTlJTVXlNRWx1Wm5KaEpUSXdRMEVsTWpBd01pZ3lLUzVqY25Rd1ZnWUlLd1lCQlFVSE1BS

    0dTbWgwZEhBNkx5OWpjbXd5TG1GdFpTNW5ZbXd2WVdsaEwwSk1NbEJMU1VsT1ZFTkJNREV1UVUxRkxrZENURjlCVFVVbE1qQkpibVp5WVNVeU1FTkJKVEl3TURJb01pa3VZM0owTUZZR0NDc0dBUVVGQnpBQ2hrcG9kSFJ3T2k4dlkzSnNNeTVoYldVdVoySnNMMkZwWVM5Q1RESlFTMGxKVGxSRFF

    UQXhMa0ZOUlM1SFFreGZRVTFGSlRJd1NXNW1jbUVsTWpCRFFTVXlNREF5S0RJcExtTnlkREJXQmdnckJnRUZCUWN3QW9aS2FIUjBjRG92TDJOeWJEUXVZVzFsTG1kaWJDOWhhV0V2UWt3eVVFdEpTVTVVUTBFd01TNUJUVVV1UjBKTVgwRk5SU1V5TUVsdVpuSmhKVEl3UTBFbE1qQXdNaWd5S1M1a

    mNuUXdIUVlEVlIwT0JCWUVGSVUrbm1tdHJVMWNlS0E3aGZhUnlRWDV3UytmTUE0R0ExVWREd0VCL3dRRUF3SUZvRENDQVNZR0ExVWRId1NDQVIwd2dnRVpNSUlCRmFDQ0FSR2dnZ0VOaGo5b2RIUndPaTh2WTNKc0xtMXBZM0p2YzI5bWRDNWpiMjB2Y0d0cGFXNW1jbUV2UTFKTUwwRk5SU1V5TUV

    sdVpuSmhKVEl3UTBFbE1qQXdNaTVqY215R01XaDBkSEE2THk5amNtd3hMbUZ0WlM1blltd3ZZM0pzTDBGTlJTVXlNRWx1Wm5KaEpUSXdRMEVsTWpBd01pNWpjbXlHTVdoMGRIQTZMeTlqY213eUxtRnRaUzVuWW13dlkzSnNMMEZOUlNVeU1FbHVabkpoSlRJd1EwRWxNakF3TWk1amNteUdNV2gwZ

    EhBNkx5OWpjbXd6TG1GdFpTNW5ZbXd2WTNKc0wwRk5SU1V5TUVsdVpuSmhKVEl3UTBFbE1qQXdNaTVqY215R01XaDBkSEE2THk5amNtdzBMbUZ0WlM1blltd3ZZM0pzTDBGTlJTVXlNRWx1Wm5KaEpUSXdRMEVsTWpBd01pNWpjbXd3SHdZRFZSMGpCQmd3Rm9BVXo0UllmbmIrZFlHTzJ6QnJma1p

    lN3BLVWx6WXdIUVlEVlIwbEJCWXdGQVlJS3dZQkJRVUhBd0VHQ0NzR0FRVUZCd01DTUEwR0NTcUdTSWIzRFFFQkN3VUFBNElCQVFCbXdUZUVCT21ZdXYvMVRWZGZvN3V3cWRydXhaKzRDaU9KOUZERlFzYVJic0VjZ1k2dVpXS0xNZmxXQ2pjTGR0UXhiVEZhMHZGTFlEZ1hBS1p0WU1xZUFJL0F1O

    StEeEtKOVJ4by9UVGx5MHE2YUNleGFvemVGdmVEbENJbWV0Smo0UXppaEV3Nkp5MlV5bElVT0duT2o2SlI0cEhKSGZ5NTZTUkU4d1QvSTB5NFdoRjRJbFpoYnowMEtYaUtNMEt2Qi95Tks2V2lnc28wNUVsRkhUU1BhcWtPZm1tUC9JR0hYWWhFWlRZQ2F2eWZRWmRDNDRDb1pRY0FGdmM3NGxEcGZ

    mVy8wZ1hic3l3K3ZaTXkrZEpwTlpKcWJnbFNLU0prVWVkdXlpRlBhWXc3M2VSa0IvTHk5a0hPK294M0NDQ1J2VzNNYlZZTVV2U2hrUnlETCsvU0IiLCJ4NXQiOiJreDZTT2dYWUtYbDREMEFUdERxS2ROMUtVZEUifQ.eyJuYmYiOjE2MjQ4ODIwMzksImV4cCI6MTYyNDg4MjYzOSwiaXNzIjoiMD

    AwMDAwMDItMDAwMC0wZmYxLWNlMDAtMDAwMDAwMDAwMDAwQDQxZGUzZDYyLWU1MjItNDU3ZC1hZjM5LWU0YTllY2YwNjRmOCIsImF1ZCI6IjAwMDAwMDAxLTAwMDAtMDAwMC1jMDAwLTAwMDAwMDAwMDAwMC9hY2NvdW50cy5hY2Nlc3Njb250cm9sLndpbmRvd3MubmV0QDQxZGUzZDYyLWU1MjIt

    NDU3ZC1hZjM5LWU0YTllY2YwNjRmOCJ9.c0eViEt90t-UbubEgdRmFU1ixSrpoY0Ls5FaFikRqiSCI91mkPiocG7dQQ1ZKfnvUIUjpyrUzRTihDaVV_CAKtW_DmAt9Bkcrgr2fLYPLqlxoonaaOuUjIbUqt4lxouTCxiXeE-UEn9vsRn35vcGSPw890cQkGedOMiKRQc6hnh7FT9F4U4Bwz_QxNkLE

    eDVPU3RIQgqx2qEwxnnFKu1g95Pe-COOL1oJgYpMfIAEYoLAjLTor1ZxYN3d_6pxzW_aghutRwTI11O6XPqYywMfzQl4lOIMMC9CV8_aAxGNKKrYQCKgIbcTDqX0KG7lWfwYOhUqFpsOfRmxKG2f7skzA&resource=00000002-0000-0ff1-ce00-000000000000%2fexwebservices.cloudm

    enow.net%4041de3d62-e522-457d-af39-e4a9ecf064f8

    Information:[TokenBuildRequest:GetActorTokenFromAuthServer] response headers was

    Pragma: no-cache

    Strict-Transport-Security: max-age=31536000; includeSubDomains

    X-Content-Type-Options: nosniff

    client-request-id: 1ab7109f-ce1d-4dd0-b36e-2f95ae35037f

    x-ms-request-id: 0c5afa47-12ae-41b2-a7f3-5df28dcc9400

    x-ms-ests-server: 2.1.11829.8 – WEULR1 ProdSlices

    Cache-Control: no-store, no-cache

    Content-Type: application/json; charset=utf-8

    Expires: -1

    P3P: CP= »DSP CUR OTPi IND OTRi ONL FIN »

    Set-Cookie: fpc=Ahd3WaFsh7NGlCNWAWGbua4l2yrbAQAAAHaya9gOAAAA; expires=Wed, 28-Jul-2021 12:07:19 GMT; path=/; secure; HttpOnly; SameSite=None,esctx=AQABAAAAAAD–DLA3VO7QrddgJg7Wevrf_nk3Ftaq0q8-8HxaPhO8JFmgmtjSzERXYXVoCXQitT

    2wf-VJ3MkoXjN7Qj5KWwQTsEzgbRkL1yuq1HqCROLqytxonH5kuNCq1a8eNSjCNQt9dYI94hQ71m9w94AaeNYkXLDO8njpA77BMz7MGZMAgMkn_6tG13PBCAyPUIow2sgAA; domain=.accounts.accesscontrol.windows.net; path=/; secure; HttpOnly;

    SameSite=None,x-ms-gateway-slice=estsfd; path=/; secure; httponly,stsservicecookie=estsfd; path=/; secure; httponly

    Date: Mon, 28 Jun 2021 12:07:18 GMT

    Content-Length: 1433

    Information:[ACSTokenBuildRequest:BuildToken] finished

    Information:[OAuthTokenBuilder:GetAppToken] finish building apptoken; the token is {« typ »: »JWT », »alg »: »RS256″, »x5t »: »nOo3ZDrODXEK1jKWhXslHR_KXEg », »kid »: »nOo3ZDrODXEK1jKWhXslHR_KXEg »}. »oid »:

    «  »6768ea00-362c-495c-9e04-330cd89360e9″ » « iss »: «  »00000001-0000-0000-c000-000000000000@41de3d62-e522-457d-af39-e4a9ecf064f8″ » « aud »:

    «  »00000002-0000-0ff1-ce00-000000000000/exwebservices.cloudmenow.net@41de3d62-e522-457d-af39-e4a9ecf064f8″ » « nbf »: « 1624881739 » « exp »: « 1624968439 »

    Information:[OAuthTokenBuilder.GetAppWithUserToken] nameid is allowed to be included in the claim set

    Information:[OAuthTokenBuilder.GetAppWithUserToken] only nameid to be included in the claim: no

    Information:[OAuthTokenBuilder.GetAppWithUserToken] building token with user context for the audience ‘00000002-0000-0ff1-ce00-000000000000/exwebservices.cloudmenow.net@41de3d62-e522-457d-af39-e4a9ecf064f8’

    Information:[OAuthTokenBuilder.GetAppWithUserToken] claims count: 5

    Information:[OAuthCredentials:Authenticate] send request to ‘https://exwebservices.cloudmenow.net/ews/Exchange.asmx’ with the bearer token: ‘{« alg »: »none », »typ »: »JWT »}. »iss »:

    «  »00000002-0000-0ff1-ce00-000000000000@41de3d62-e522-457d-af39-e4a9ecf064f8″ » « aud »: «  »00000002-0000-0ff1-ce00-000000000000/exwebservices.cloudmenow.net@41de3d62-e522-457d-af39-e4a9ecf064f8″ » « nbf »: « 1624882039 » « exp »:

    « 1624910839 » ; actor: {« typ »: »JWT », »alg »: »RS256″, »x5t »: »nOo3ZDrODXEK1jKWhXslHR_KXEg », »kid »: »nOo3ZDrODXEK1jKWhXslHR_KXEg »}. »oid »: «  »6768ea00-362c-495c-9e04-330cd89360e9″ » « iss »:

    «  »00000001-0000-0000-c000-000000000000@41de3d62-e522-457d-af39-e4a9ecf064f8″ » « aud »: «  »00000002-0000-0ff1-ce00-000000000000/exwebservices.cloudmenow.net@41de3d62-e522-457d-af39-e4a9ecf064f8″ » « nbf »: « 1624881739 » « exp »:

    « 1624968439 » ‘

    Token:{« alg »: »none », »typ »: »JWT »}. »iss »: «  »00000002-0000-0ff1-ce00-000000000000@41de3d62-e522-457d-af39-e4a9ecf064f8″ » « aud »:

    «  »00000002-0000-0ff1-ce00-000000000000/exwebservices.cloudmenow.net@41de3d62-e522-457d-af39-e4a9ecf064f8″ » « nbf »: « 1624882039 » « exp »: « 1624910839 » ; actor:

    {« typ »: »JWT », »alg »: »RS256″, »x5t »: »nOo3ZDrODXEK1jKWhXslHR_KXEg », »kid »: »nOo3ZDrODXEK1jKWhXslHR_KXEg »}. »oid »: «  »6768ea00-362c-495c-9e04-330cd89360e9″ » « iss »:

    «  »00000001-0000-0000-c000-000000000000@41de3d62-e522-457d-af39-e4a9ecf064f8″ » « aud »: «  »00000002-0000-0ff1-ce00-000000000000/exwebservices.cloudmenow.net@41de3d62-e522-457d-af39-e4a9ecf064f8″ » « nbf »: « 1624881739 » « exp »:

    « 1624968439 »

     

    Exchange Response Details:

    HTTP response message:

    Exception:

    System.Net.WebException: The remote server returned an error: (401) Unauthorized.

    at System.Net.HttpWebRequest.GetResponse()

    at Microsoft.Exchange.Monitoring.TestOAuthConnectivityHelper.SendExchangeOAuthRequest(ADUser user, String orgDomain, Uri targetUri, String& diagnosticMessage, Boolean appOnly, Boolean useCachedToken, Boolean

    reloadConfig), diagnostics: 2000005;reason= »The user specified by the user-context in the token does not exist. »;error_category= »invalid_user »

     

    ResultType : Error

    Identity : Microsoft.Exchange.Security.OAuth.ValidationResultNodeId

    IsValid : True

    ObjectState : New

     

    This is the problem that I cannot resolve.

  13. Invoke-RestMethod [OK]

  14. Test-Federationtrust [OK]

     

    [PS] C:\Windows\system32>Test-FederationTrust -UserIdentity jbon@cloudmenow.net -verbose

     

     

    Begin process.

    STEP 1 of 6: Getting ADUser information for jbon@cloudmenow.net…

    RESULT: Success.

    STEP 2 of 6: Getting FederationTrust object for jbon@cloudmenow.net…

    RESULT: Success.

    STEP 3 of 6: Validating that the FederationTrust has the same STS certificates as the actual certificates published by the STS in the federation metadata.

    RESULT: Success.

    STEP 4 of 6: Getting STS and Organization certificates from the federation trust object…

    RESULT: Success.

     

    Validating current configuration for FYDIBOHF25SPDLT.cloudmenow.net…

     

    Validation successful.

    STEP 5 of 6: Requesting delegation token…

    RESULT: Success. Token retrieved.

    STEP 6 of 6: Validating delegation token…

    RESULT: Success.

    Closing Test-FederationTrust…

     

    RunspaceId : 96fa5a83-87bc-4bd8-9a6f-8fd8c3e312b8

    Id : FederationTrustConfiguration

    Type : Success

    Message : FederationTrust object in ActiveDirectory is valid.

     

    RunspaceId : 96fa5a83-87bc-4bd8-9a6f-8fd8c3e312b8

    Id : FederationMetadata

    Type : Success

    Message : The federation trust contains the same certificates published by the security token service in its federation metadata.

     

    RunspaceId : 96fa5a83-87bc-4bd8-9a6f-8fd8c3e312b8

    Id : StsCertificate

    Type : Success

    Message : Valid certificate referenced by property TokenIssuerCertificate in the FederationTrust object.

     

    RunspaceId : 96fa5a83-87bc-4bd8-9a6f-8fd8c3e312b8

    Id : StsPreviousCertificate

    Type : Success

    Message : Valid certificate referenced by property TokenIssuerPrevCertificate in the FederationTrust object.

     

    RunspaceId : 96fa5a83-87bc-4bd8-9a6f-8fd8c3e312b8

    Id : OrganizationCertificate

    Type : Success

    Message : Valid certificate referenced by property OrgPrivCertificate in the FederationTrust object.

     

    RunspaceId : 96fa5a83-87bc-4bd8-9a6f-8fd8c3e312b8

    Id : TokenRequest

    Type : Success

    Message : Request for delegation token succeeded.

     

    RunspaceId : 96fa5a83-87bc-4bd8-9a6f-8fd8c3e312b8

    Id : TokenValidation

    Type : Success

    Message : Requested delegation token is valid.

     

  15. Get-WebserviceVirtualDirectory -server EX1-SRv-01 | fl *auth* [OK]

  16. Get-authserver [OK]

  17. Microsoft ACS

     

    [PS] C:\Windows\system32>Get-AuthServer | fl

     

     

    RunspaceId : 6ee88102-fba1-49ec-a818-8c13e1fd356d

    IssuerIdentifier : 00000001-0000-0000-c000-000000000000

    CertificateStrings : {MIIC8TCCAdmgAwIBAgIQQrXPXIlUE4JMTMkVj+02YTANBgkqhkiG9w0BAQsFADAjMSEwHwYDVQQDExhsb2dpbi5taWNyb3NvZnRvbmxpbmUudXMwHhcNMjEwMzEwMDAwMDAwWhcNMjYwMzEwMDAwMDAwWjAjMSEwHwYDVQQDExhsb2dpbi5taWNyb3NvZnRvbmxpbmUudX

    MwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTWt71rYFRO0210XMs0j5AQdbxeEOIMwNsYyTEdEhhcfjXMFxyxfAf28yLQe7Fcelc7PC1RgrCX3dlHfu2nqWm/CVTUd482Zmkn0P5cC9TvfHTdgqhkR1oUHf1WxXIuKHd+4+/oM8TapP5M0Tdflh0hY4YWtwyR

    xcuyM74EKripxJ0EfaUGARBS4Pqeqt4tmyD6A/NIOGNVJwhRkaIPwzawrEAOIgejkqVpkjK7fa3wmRq8/2Mzsi1ICPOKDVbbK9VDNRBkD7FmomjaPEHeD9/KB09QcrpQ379yqSt/Gfb5VYfXAyGWb3RKnFMwPgehg5WLPWCAfwYJfZoGJfk7NDpAgMBAAGjITAfMB0GA1Ud

    DgQWBBTECjBRANDPLGrn1p7qtwswtBU7JzANBgkqhkiG9w0BAQsFAAOCAQEAq1Ib4ERvXG5kiVmhfLOpun2ElVOLY+XkvVlyVjq35rZmSIGxgfFc08QOQFVmrWQYrlss0LbboH0cIKiD6+rVoZTMWxGEicOcGNFzrkcG0ulu0cghKYID3GKDTftYKEPkvu2vQmueqa4t2tT

    3PlYF7Fi2dboR5Y96Ugs8zqNwdBMRm677N/tJBk53CsOf9NnBaxZ1EGArmEHHIb80vODStv35ueLrfMRtCF/HcgkGxy2U8kaCzYmmzHh4zYDkeCwM3Cq2bGkG+Efe9hFYfDHw13DzTR+h9pPqFFiAxnZ3ofT96NrZHdYjwbfmM8cw3ldg0xQzGcwZjtyYmwJ6sDdRvQ==,

     

    v2ga5JsXlcOJ3gP/lE5WC1S0rjfabzdMOGP8qZQhXk4wBOgtFBaisDnbjV5pcIrjRPlhoCxvKgC/290nZ9/DLBH3TbHk8xwHXeBAnAjyAqOZij92uksAv7ZLq4MODcn

    QshVINXwsYshG1pQqOLwMertNaY5WtrubMRku44Dw7R}

    RsaKeyModulusExponents : <RsaKeyModulusExponentArray><RsaKeyModulusExponents /></RsaKeyModulusExponentArray>

    CurrentEncryptedAppSecret :

    PreviousEncryptedAppSecret :

    TokenIssuingEndpoint : https://accounts.accesscontrol.windows.net/41de3d62-e522-457d-af39-e4a9ecf064f8/tokens/OAuth/2

    AuthorizationEndpoint :

    ApplicationIdentifier :

    AuthMetadataUrl : https://accounts.accesscontrol.windows.net/41de3d62-e522-457d-af39-e4a9ecf064f8/metadata/json/1

    DomainName : {cloudmenow.mail.onmicrosoft.com, cloudmenow.net, cloudmelater.online}

    Realm : 41de3d62-e522-457d-af39-e4a9ecf064f8

    Type : MicrosoftACS

    Enabled : True

    IsDefaultAuthorizationEndpoint : False

    AdminDisplayName :

    ExchangeVersion : 0.20 (15.0.0.0)

    Name : ACS – 424d73fb-860e-45c4-a7fc-f08db2cc1de4

    DistinguishedName : CN=ACS – 424d73fb-860e-45c4-a7fc-f08db2cc1de4,CN=Auth Servers,CN=Auth Configuration,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=lt01,DC=Loc

    Identity : ACS – 424d73fb-860e-45c4-a7fc-f08db2cc1de4

    Guid : c4e1a855-3717-4ac8-8cd1-7a3638a0d232

    ObjectCategory : lt01.Loc/Configuration/Schema/ms-Exch-Auth-Auth-Server

    ObjectClass : {top, msExchAuthAuthServer}

    WhenChanged : 6/25/2021 8:13:25 AM

    WhenCreated : 6/7/2021 12:51:29 AM

    WhenChangedUTC : 6/25/2021 3:13:25 PM

    WhenCreatedUTC : 6/7/2021 7:51:29 AM

    OrganizationId :

    Id : ACS – 424d73fb-860e-45c4-a7fc-f08db2cc1de4

    OriginatingServer : WIN2K16-DC1-01.lt01.Loc

    IsValid : True

    ObjectState : Unchanged

     

     

     

  18. EVOSTS

    RunspaceId : 6ee88102-fba1-49ec-a818-8c13e1fd356d

    IssuerIdentifier : https://sts.windows.net/41de3d62-e522-457d-af39-e4a9ecf064f8/

    CertificateStrings : {MIIC8TCCAdmgAwIBAgIQQrXPXIlUE4JMTMkVj+02YTANBgkqhkiG9w0BAQsFADAjMSEwHwYDVQQDExhsb2dpbi5taWNyb3NvZnRvbmxpbmUudXMwHhcNMjEwMzEwMDAwMDAwWhcNMjYwMzEwMDAwMDAwWjAjMSEwHwYDVQQDExhsb2dpbi5taWNyb3NvZnRvbmxpbmUudX

    MwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTWt71rYFRO0210XMs0j5AQdbxeEOIMwNsYyTEdEhhcfjXMFxyxfAf28yLQe7Fcelc7PC1RgrCX3dlHfu2nqWm/CVTUd482Zmkn0P5cC9TvfHTdgqhkR1oUHf1WxXIuKHd+4+/oM8TapP5M0Tdflh0hY4YWtwyR

    xcuyM74EKripxJ0EfaUGARBS4Pqeqt4tmyD6A/NIOGNVJwhRkaIPwzawrEAOIgejkqVpkjK7fa3wmRq8/2Mzsi1ICPOKDVbbK9VDNRBkD7FmomjaPEHeD9/KB09QcrpQ379yqSt/Gfb5VYfXAyGWb3RKnFMwPgehg5WLPWCAfwYJfZoGJfk7NDpAgMBAAGjITAfMB0GA1Ud

    DgQWBBTECjBRANDPLGrn1p7qtwswtBU7JzANBgkqhkiG9w0BAQsFAAOCAQEAq1Ib4ERvXG5kiVmhfLOpun2ElVOLY+XkvVlyVjq35rZmSIGxgfFc08QOQFVmrWQYrlss0LbboH0cIKiD6+rVoZTMWxGEicOcGNFzrkcG0ulu0cghKYID3GKDTftYKEPkvu2vQmueqa4t2tT

    3PlYF7Fi2dboR5Y96Ugs8zqNwdBMRm677N/tJBk53CsOf9NnBaxZ1EGArmEHHIb80vODStv35ueLrfMRtCF/HcgkGxy2U8kaCzYmmzHh4zYDkeCwM3Cq2bGkG+Efe9hFYfDHw13DzTR+h9pPqFFiAxnZ3ofT96NrZHdYjwbfmM8cw3ldg0xQzGcwZjtyYmwJ6sDdRvQ==,

    MIIC8TCCAdmgAwIBAgIQYVk/tJ1e4phISvVrAALNKTANBgkqhkiG9w0BAQsFADAjMSEwHwYDVQQDExhsb2dpbi5taWNyb3NvZnRvbmxpbmUudXMwHhcNMjAxMjIxMDAwMDAwWhcNMjUxMjIxMDAwMDAwWjAjMSEwHwYDVQQDExhsb2dpbi5taWNyb3NvZnRvbmxpbmUudXM

    wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDWfv6dZIt65ZDMFGVhJtLxGO9a+RB4PtAv185ZoZdtbvdU0YfRiKlmKw8KUW/obPB9YQJNZCnX1YV7+UBKRrn4oRaRBXMJsQxppp84izuELrU/lwaDDt2G5bizt/plgZkTNDgXmscT5g1Fu8PnWqKs83MoeTeeOL

    XCuHRi1s88h/741sj3xsLAsuH1q9506aoRLNY4YQIQxe/wtIz4H1IqD/hC4G3IHDAhqRO6qjzizBMEznDw92GlZlkO0+AfztbP79aNa+T30CNeXuXylY9AmIo26O39yTc0MWnNosSmmh2FSwgPSm1EDTTx4JTqXxP67HX3BmZv/IGcdxXekVaFAgMBAAGjITAfMB0GA1UdD

    gQWBBQ2r//lgTPcKughDkzmCtRlw+P9SzANBgkqhkiG9w0BAQsFAAOCAQEAsFdRyczNWh/qpYvcIZbDvWYzlrmFZc6blcUzns9zf7sUWtQZrZPu5DbetV2Gr2r3qtMDKXCUaR+pqoy3I2zxTX3x8bTNhZD9YAgAFlTLNSydTaK5RHyB/5kr6B7ZJeNIk3PRVhRGt6ybCJSj

    V/VYVkLR5fdLP+5GhvBESobAR/d0ntriTzp7/tLMb/oXx7w5Hu1m3I8rpMocoXfH2SH1GLmMXj6Mx1dtwCDYM6bsb3fhWRz9O9OMR6QNiTnq8q9wn1QzBAnRcswYzT1LKKBPNFSasCvLYOCPOZCL+W8N8jqa9ZRYNYKWXzmiSptgBEM24t3m5FUWzWqoLu9pIcnkPQ==, M

    IIDBTCCAe2gAwIBAgIQWPB1ofOpA7FFlOBk5iPaNTANBgkqhkiG9w0BAQsFADAtMSswKQYDVQQDEyJhY2NvdW50cy5hY2Nlc3Njb250cm9sLndpbmRvd3MubmV0MB4XDTIxMDIwNzE3MDAzOVoXDTI2MDIwNjE3MDAzOVowLTErMCkGA1UEAxMiYWNjb3VudHMuYWNjZXNz

    Y29udHJvbC53aW5kb3dzLm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALH7FzF1rjvnZ4i2iBC2tz8qs/WP61n3/wFawgJxUnTx2vP/z5pG7f8qvumd7taOII0aSlp648SIfMw59WdUUtup5CnDYOcX1sUdivAj20m2PIDK6f+KWZ+7YKxJqCzJMH4GGlQ

    vuDIhRKNT9oHfZgnYCCAmjXmJBtWyD052qqrkzOSn0/e9TKbjlTnTNcrIno3XDQ7xG+79vOD2GZMNopsKogWNxUdLFRu44ClKLRb4Xe00eVrANtBkv+mSJFFJS1Gxv611hpdGI2S0v1H+KvB26O7vuzGhZ/AevRemGhXQ5V5vwNEqXnVRVkBRszLKeN/+rxM436xQyVQGJM

    G+sVECAwEAAaMhMB8wHQYDVR0OBBYEFLlRBSxxgmNPObCFrl+hSsbcvRkcMA0GCSqGSIb3DQEBCwUAA4IBAQB+UQFTNs6BUY3AIGkS2ZRuZgJsNEr/ZEM4aCs2domd2Oqj7+5iWsnPh5CugFnI4nd+ZLgKVHSD6acQ27we+eNY6gxfpQCY1fiN/uKOOsA0If8IbPdBEhtPe

    rRgPJFXLHaYVqD8UYDo5KNCcoB4Kh8nvCWRGPUUHPRqp7AnAcVrcbiXA/bmMCnFWuNNahcaAKiJTxYlKDaDIiPN35yECYbDj0PBWJUxobrvj5I275jbikkp8QSLYnSU/v7dMDUbxSLfZ7zsTuaF2Qx+L62PsYTwLzIFX3M8EMSQ6h68TupFTi5n0M2yIXQgoRoNEDWNJZ/a

    ZMY/gqT02GQGBWrh+/vJ, MIIDBTCCAe2gAwIBAgIQN33ROaIJ6bJBWDCxtmJEbjANBgkqhkiG9w0BAQsFADAtMSswKQYDVQQDEyJhY2NvdW50cy5hY2Nlc3Njb250cm9sLndpbmRvd3MubmV0MB4XDTIwMTIyMTIwNTAxN1oXDTI1MTIyMDIwNTAxN1owLTErMCkGA1UEA

    xMiYWNjb3VudHMuYWNjZXNzY29udHJvbC53aW5kb3dzLm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKGiy0/YZHEo9rRn2bI27u189Sq7NKhInFz5hLCSjgUB2rmf5ETNR3RJIDiW1M51LKROsTrjkl45cxK6gcVwLuEgr3L1TgmBtr/Rt/riKyxeXbLQ

    9LGBwaNVaJrSscxfdFbJa5J+qzUIFBiFoL7kE8ZtbkZJWBTxHEyEcNC52JJ8ydOhgvZYykete8AAVa2TZAbg4ECo9+6nMsaGsSBncRHJlRWVycq8Q4HV4faMEZmZ+iyCZRo2fZufXpn7sJwZ7CEBuw4qycHvUl6y153sUUFqsswnZGGjqpKSq7I7sVI9vjB199RarHaSSbD

    gL2FxjmASiUY4RqxnTjVa2XVHUwUCAwEAAaMhMB8wHQYDVR0OBBYEFI5mN5ftHloEDVNoIa8sQs7kJAeTMA0GCSqGSIb3DQEBCwUAA4IBAQBnaGnojxNgnV4+TCPZ9br4ox1nRn9tzY8b5pwKTW2McJTe0yEvrHyaItK8KbmeKJOBvASf+QwHkp+F2BAXzRiTl4Z+gNFQUL

    PzsQWpmKlz6fIWhc7ksgpTkMK6AaTbwWYTfmpKnQw/KJm/6rboLDWYyKFpQcStu67RZ+aRvQz68Ev2ga5JsXlcOJ3gP/lE5WC1S0rjfabzdMOGP8qZQhXk4wBOgtFBaisDnbjV5pcIrjRPlhoCxvKgC/290nZ9/DLBH3TbHk8xwHXeBAnAjyAqOZij92uksAv7ZLq4MODcn

    QshVINXwsYshG1pQqOLwMertNaY5WtrubMRku44Dw7R}

    RsaKeyModulusExponents : <RsaKeyModulusExponentArray><RsaKeyModulusExponents /></RsaKeyModulusExponentArray>

    CurrentEncryptedAppSecret :

    PreviousEncryptedAppSecret :

    TokenIssuingEndpoint : https://login.windows.net/common/oauth2/token

    AuthorizationEndpoint : https://login.windows.net/common/oauth2/authorize

    ApplicationIdentifier :

    AuthMetadataUrl : https://login.windows.net/cloudmenow.onmicrosoft.com/federationmetadata/2007-06/federationmetadata.xml

    DomainName : {}

    Realm : 41de3d62-e522-457d-af39-e4a9ecf064f8

    Type : AzureAD

    Enabled : True

    IsDefaultAuthorizationEndpoint : False

    AdminDisplayName :

    ExchangeVersion : 0.20 (15.0.0.0)

    Name : EvoSts – 424d73fb-860e-45c4-a7fc-f08db2cc1de4

    DistinguishedName : CN=EvoSts – 424d73fb-860e-45c4-a7fc-f08db2cc1de4,CN=Auth Servers,CN=Auth Configuration,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=lt01,DC=Loc

    Identity : EvoSts – 424d73fb-860e-45c4-a7fc-f08db2cc1de4

    Guid : 7025a371-a955-49c4-86e5-283851e577dc

    ObjectCategory : lt01.Loc/Configuration/Schema/ms-Exch-Auth-Auth-Server

    ObjectClass : {top, msExchAuthAuthServer}

    WhenChanged : 6/7/2021 12:51:29 AM

    WhenCreated : 6/7/2021 12:51:29 AM

    WhenChangedUTC : 6/7/2021 7:51:29 AM

    WhenCreatedUTC : 6/7/2021 7:51:29 AM

    OrganizationId :

    Id : EvoSts – 424d73fb-860e-45c4-a7fc-f08db2cc1de4

    OriginatingServer : WIN2K16-DC1-01.lt01.Loc

    IsValid : True

    ObjectState : Unchanged

     

  19. Get-partnerApplication [OK]

     

     

  20. Get-ADUser -Identity jbon -properties *

     

     

    AccountExpirationDate :

    accountExpires : 9223372036854775807

    AccountLockoutTime :

    AccountNotDelegated : False

    adminCount : 1

    AllowReversiblePasswordEncryption : False

    AuthenticationPolicy : {}

    AuthenticationPolicySilo : {}

    BadLogonCount : 0

    badPasswordTime : 132693409367793020

    badPwdCount : 0

    CannotChangePassword : False

    CanonicalName : lt01.Loc/Adsync/Jean Bon

    Certificates : {}

    City :

    CN : Jean Bon

    codePage : 0

    Company :

    CompoundIdentitySupported : {}

    Country :

    countryCode : 0

    Created : 6/24/2021 2:31:28 AM

    createTimeStamp : 6/24/2021 2:31:28 AM

    Deleted :

    Department :

    Description :

    DisplayName : Jean Bon

    DistinguishedName : CN=Jean Bon,OU=Adsync,DC=lt01,DC=Loc

    Division :

    DoesNotRequirePreAuth : False

    dSCorePropagationData : {6/24/2021 5:52:11 AM, 6/24/2021 2:31:43 AM, 12/31/1600 4:00:00 PM}

    EmailAddress : jbon@cloudmenow.net

    EmployeeID :

    EmployeeNumber :

    Enabled : True

    Fax :

    GivenName : Jean

    HomeDirectory :

    HomedirRequired : False

    HomeDrive :

    homeMDB : CN=Mailbox Database 0469707868,CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=First Organization,CN=Microsoft

    Exchange,CN=Services,CN=Configuration,DC=lt01,DC=Loc

    HomePage :

    HomePhone :

    Initials :

    instanceType : 4

    isDeleted :

    KerberosEncryptionType : {}

    LastBadPasswordAttempt : 6/28/2021 1:02:16 AM

    LastKnownParent :

    lastLogoff : 0

    lastLogon : 132693409471854815

    LastLogonDate : 6/24/2021 2:41:27 AM

    lastLogonTimestamp : 132690012872263554

    legacyExchangeDN : /o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=0ef04deb1c4c413796590fb415143682-Jean

    LockedOut : False

    lockoutTime : 0

    logonCount : 19

    LogonWorkstations :

    mail : jbon@cloudmenow.net

    mailNickname : jbon

    Manager :

    mDBUseDefaults : True

    MemberOf : {CN=Domain Admins,CN=Users,DC=lt01,DC=Loc, CN=Remote Desktop Users,CN=Builtin,DC=lt01,DC=Loc}

    MNSLogonAccount : False

    MobilePhone :

    Modified : 6/28/2021 5:20:37 AM

    modifyTimeStamp : 6/28/2021 5:20:37 AM

    mS-DS-ConsistencyGuid : {97, 95, 233, 100…}

    msDS-ExternalDirectoryObjectId : User_6d10553b-0bf2-492c-96f4-c53a60f3eddf

    msDS-User-Account-Control-Computed : 0

    msExchArchiveQuota : 104857600

    msExchArchiveWarnQuota : 94371840

    msExchCalendarLoggingQuota : 6291456

    msExchDumpsterQuota : 31457280

    msExchDumpsterWarningQuota : 20971520

    msExchELCMailboxFlags : 130

    msExchEwsEnabled : 1

    msExchEwsWellKnownApplicationPolicies : {Allow:Outlook}

    msExchHomeServerName : /o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=EX16-SRV-01

    msExchMailboxGuid : {91, 91, 82, 188…}

    msExchMailboxSecurityDescriptor : System.DirectoryServices.ActiveDirectorySecurity

    msExchPoliciesIncluded : {879d1743-4986-490f-947a-82afa2a09728, {26491cfc-9e50-4857-861b-0cb8df22b5d7}}

    msExchRBACPolicyLink : CN=Default Role Assignment Policy,CN=Policies,CN=RBAC,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=lt01,DC=Loc

    msExchRecipientDisplayType : 1073741824

    msExchRecipientTypeDetails : 1

    msExchTextMessagingState : {302120705, 16842751}

    msExchUMDtmfMap : {emailAddress:5266, lastNameFirstName:2665326, firstNameLastName:5326266}

    msExchUserAccountControl : 0

    msExchUserCulture : en-US

    msExchVersion : 88218628259840

    msExchWhenMailboxCreated : 6/24/2021 2:32:42 AM

    Name : Jean Bon

    nTSecurityDescriptor : System.DirectoryServices.ActiveDirectorySecurity

    ObjectCategory : CN=Person,CN=Schema,CN=Configuration,DC=lt01,DC=Loc

    ObjectClass : user

    ObjectGUID : 64e95f61-b315-44e3-83fd-4da0f5a29a40

    objectSid : S-1-5-21-1038480083-3023236116-986656425-2603

    Office :

    OfficePhone :

    Organization :

    OtherName :

    PasswordExpired : False

    PasswordLastSet : 6/25/2021 7:43:33 AM

    PasswordNeverExpires : True

    PasswordNotRequired : False

    POBox :

    PostalCode :

    PrimaryGroup : CN=Domain Users,CN=Users,DC=lt01,DC=Loc

    primaryGroupID : 513

    PrincipalsAllowedToDelegateToAccount : {}

    ProfilePath :

    ProtectedFromAccidentalDeletion : False

    proxyAddresses : {x500:/o=ExchangeLabs/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=6b1c479b974b4ca58ebfabc4d2ed11f6-jbon, smtp:jbon@cloudmenow.mail.onmicrosoft.com,

    SMTP:jbon@cloudmenow.net}

    pwdLastSet : 132691058135187292

    SamAccountName : jbon

    sAMAccountType : 805306368

    ScriptPath :

    sDRightsEffective : 15

    ServicePrincipalNames : {}

    showInAddressBook : {CN=Mailboxes(VLV),CN=All System Address Lists,CN=Address Lists Container,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=lt01,DC=Loc, CN=All Mailboxes(VLV),CN=All

    System Address Lists,CN=Address Lists Container,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=lt01,DC=Loc, CN=All Recipients(VLV),CN=All System Address

    Lists,CN=Address Lists Container,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=lt01,DC=Loc, CN=Default Global Address List,CN=All Global Address Lists,CN=Address

    Lists Container,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=lt01,DC=Loc…}

    SID : S-1-5-21-1038480083-3023236116-986656425-2603

    SIDHistory : {}

    SmartcardLogonRequired : False

    sn : Bon

    State :

    StreetAddress :

    Surname : Bon

    Title :

    TrustedForDelegation : False

    TrustedToAuthForDelegation : False

    UseDESKeyOnly : False

    userAccountControl : 66048

    userCertificate : {}

    UserPrincipalName : jbon@cloudmenow.net

    uSNChanged : 3539745

    uSNCreated : 3485170

    whenChanged : 6/28/2021 5:20:37 AM

    whenCreated : 6/24/2021 2:31:28 AM

     

     

     

  21. Set-Virtual directory Configuration

     

  22. Online configuration

  23. Get-OrganizationConfig | Select-Object Ews*

  24. Teams calendar APP enabled

  25. Get-Sharingpolicy

  26. Get-federation Information

  27. Get-OrganizationRelationship

    The TargetApplicationUri and TargetAutodiscoverEpr values match the equivalent values from the Get-FederationInformation cmdlet.

  28. Get-mailuser -identity « jean Bon »

    PS C:\Users\administrator.LT01> Get-MailUser -Identity « Jean Bon » | fl

     

     

    RunspaceId : b7f28250-72c7-48ec-9280-af5e57721faa

    DeliverToMailboxAndForward : False

    ExchangeGuid : bc525b5b-9b34-4a0d-955e-7d9b1151893b

    MailboxContainerGuid :

    AggregatedMailboxGuids : {}

    ArchiveGuid : 00000000-0000-0000-0000-000000000000

    ArchiveName : {}

    ArchiveQuota : Unlimited

    ArchiveWarningQuota : Unlimited

    ProhibitSendQuota : 99 GB (106,300,440,576 bytes)

    ProhibitSendReceiveQuota : 100 GB (107,374,182,400 bytes)

    IssueWarningQuota : 98 GB (105,226,698,752 bytes)

    ForwardingAddress :

    ArchiveDatabase :

    ArchiveStatus : None

    DisabledArchiveDatabase :

    DisabledArchiveGuid : 00000000-0000-0000-0000-000000000000

    MailboxProvisioningConstraint :

    MailboxRegion :

    MailboxRegionSuffix : None

    MailboxRegionLastUpdateTime :

    MailboxProvisioningPreferences : {}

    ExchangeUserAccountControl : None

    ExternalEmailAddress : SMTP:jbon@cloudmenow.net

    UsePreferMessageFormat : False

    JournalArchiveAddress :

    MessageFormat : Mime

    MessageBodyFormat : TextAndHtml

    MacAttachmentFormat : BinHex

    ProtocolSettings : {}

    RecipientLimits : Unlimited

    SamAccountName : $GO3E71-K7O9ME0J7PNF

    UseMapiRichTextFormat : UseDefaultSettings

    UserPrincipalName : jbon@cloudmenow.net

    WindowsLiveID : jbon@cloudmenow.net

    MicrosoftOnlineServicesID : jbon@cloudmenow.net

    MailboxMoveTargetMDB :

    MailboxMoveSourceMDB :

    MailboxMoveFlags : None

    MailboxMoveRemoteHostName :

    MailboxMoveBatchName :

    MailboxMoveStatus : None

    MailboxRelease :

    ArchiveRelease :

    ImmutableId :

    PersistedCapabilities : {}

    SKUAssigned :

    ResetPasswordOnNextLogon : False

    WhenMailboxCreated :

    LitigationHoldEnabled : False

    SingleItemRecoveryEnabled : False

    ComplianceTagHoldApplied : False

    WasInactiveMailbox : False

    DelayHoldApplied : False

    DelayReleaseHoldApplied : False

    InactiveMailboxRetireTime :

    OrphanSoftDeleteTrackingTime :

    RetentionHoldEnabled : False

    EndDateForRetentionHold :

    StartDateForRetentionHold :

    RetentionComment :

    RetentionUrl :

    LitigationHoldDate :

    LitigationHoldOwner :

    RetainDeletedItemsFor : 14.00:00:00

    CalendarVersionStoreDisabled : False

    UsageLocation : France

    SharedWithReference :

    JoinedSmtpAddress :

    MailboxLocations : {1;832db1bd-bcf7-49cf-985b-db7e0ea735e7;ComponentShared;eurprd08.prod.outlook.com;f9dd1e3a-1f0c-47c3-a8ca-afc33ecb790b}

    IsSoftDeletedByRemove : False

    IsSoftDeletedByDisable : False

    IsInactiveMailbox : False

    WhenSoftDeleted :

    InPlaceHolds : {}

    RecoverableItemsQuota : 100 GB (107,374,182,400 bytes)

    RecoverableItemsWarningQuota : 98 GB (105,226,698,752 bytes)

    UserCertificate : {}

    UserSMimeCertificate : {}

    AccountDisabled : False

    StsRefreshTokensValidFrom : 6/24/2021 2:35:21 AM

    DataEncryptionPolicy :

    OtherMail :

    GuestInfo :

    Extensions : {}

    HasPicture : False

    HasSpokenName : False

    IsDirSynced : True

    AcceptMessagesOnlyFrom : {}

    AcceptMessagesOnlyFromDLMembers : {}

    AcceptMessagesOnlyFromSendersOrMembers : {}

    AddressListMembership : {\All Mail Users(VLV), \All Recipients(VLV), \Offline Global Address List, \All Users…}

    AdministrativeUnits : {}

    Alias : jbon

    ArbitrationMailbox :

    BypassModerationFromSendersOrMembers : {}

    OrganizationalUnit : eurpr08a001.prod.outlook.com/Microsoft Exchange Hosted Organizations/cloudmenow.onmicrosoft.com

    CustomAttribute1 :

    CustomAttribute10 :

    CustomAttribute11 :

    CustomAttribute12 :

    CustomAttribute13 :

    CustomAttribute14 :

    CustomAttribute15 :

    CustomAttribute2 :

    CustomAttribute3 :

    CustomAttribute4 :

    CustomAttribute5 :

    CustomAttribute6 :

    CustomAttribute7 :

    CustomAttribute8 :

    CustomAttribute9 :

    ExtensionCustomAttribute1 : {}

    ExtensionCustomAttribute2 : {}

    ExtensionCustomAttribute3 : {}

    ExtensionCustomAttribute4 : {}

    ExtensionCustomAttribute5 : {}

    DisplayName : Jean Bon

    EmailAddresses : {SIP:jbon@cloudmenow.net, smtp:jbon@cloudmenow.mail.onmicrosoft.com, smtp:jbon@cloudmenow.onmicrosoft.com, X500:/o=First Organization/ou=Exchange Administrative Group

    (FYDIBOHF23SPDLT)/cn=Recipients/cn=0ef04deb1c4c413796590fb415143682-Jean…}

    GrantSendOnBehalfTo : {}

    ExternalDirectoryObjectId : 6d10553b-0bf2-492c-96f4-c53a60f3eddf

    HiddenFromAddressListsEnabled : False

    LastExchangeChangedTime :

    LegacyExchangeDN : /o=ExchangeLabs/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=6b1c479b974b4ca58ebfabc4d2ed11f6-jbon

    MaxSendSize : Unlimited

    MaxReceiveSize : Unlimited

    ModeratedBy : {}

    ModerationEnabled : False

    PoliciesIncluded : {}

    PoliciesExcluded : {{26491cfc-9e50-4857-861b-0cb8df22b5d7}}

    EmailAddressPolicyEnabled : False

    PrimarySmtpAddress : jbon@cloudmenow.net

    RecipientType : MailUser

    RecipientTypeDetails : MailUser

    RejectMessagesFrom : {}

    RejectMessagesFromDLMembers : {}

    RejectMessagesFromSendersOrMembers : {}

    RequireSenderAuthenticationEnabled : False

    SimpleDisplayName :

    SendModerationNotifications : Always

    UMDtmfMap : {emailAddress:5266, lastNameFirstName:2665326, firstNameLastName:5326266}

    WindowsEmailAddress : jbon@cloudmenow.net

    MailTip :

    MailTipTranslations : {}

    Identity : Jean Bon

    Id : Jean Bon

    IsValid : True

    ExchangeVersion : 1.1 (15.0.0.0)

    Name : Jean Bon

    DistinguishedName : CN=Jean Bon,OU=cloudmenow.onmicrosoft.com,OU=Microsoft Exchange Hosted Organizations,DC=EURPR08A001,DC=prod,DC=outlook,DC=com

    ObjectCategory : EURPR08A001.prod.outlook.com/Configuration/Schema/Person

    ObjectClass : {top, person, organizationalPerson, user}

    WhenChanged : 6/24/2021 3:23:35 AM

    WhenCreated : 6/24/2021 2:35:55 AM

    WhenChangedUTC : 6/24/2021 10:23:35 AM

    WhenCreatedUTC : 6/24/2021 9:35:55 AM

    ExchangeObjectId : 669270d5-4da0-41e9-a57a-5763c4d1abdf

    OrganizationId : EURPR08A001.prod.outlook.com/Microsoft Exchange Hosted Organizations/cloudmenow.onmicrosoft.com – EURPR08A001.prod.outlook.com/ConfigurationUnits/cloudmenow.onmicrosoft.com/Configuration

    Guid : 669270d5-4da0-41e9-a57a-5763c4d1abdf

    OriginatingServer : DB8PR08A01DC003.EURPR08A001.prod.outlook.com

    ObjectState : Changed

     

     

     

  29. Get-MsolServicePrincipal -AppPrincipalId 00000002-0000-0ff1-ce00-000000000000 | select -ExpandProperty ServicePrincipalNames

     


     

  30. Autodiscover Request in IIS WSC1

    In my IIS Server I can see the Autodiscover request

    2021-06-25 13:31:11 10.10.10.22 POST /autodiscover/autodiscover.svc &CorrelationID=<empty>;&cafeReqId=5164f6da-87fd-4dd6-9762-690d84dfdf3d; 443 00000002-0000-0ff1-ce00-000000000000 40.101.49.141 ASAutoDiscover/CrossForest/EmailDomain//15.20.4219.029/Freebusy – 200 0 0 3075

    But for the Freebusy request

    ASAutoDiscover/CrossForest/EmailDomain//15.20.4219.029/Freebusy – 200 0 0 3075

    2021-06-25 13:31:11 10.10.10.22 POST /ews/exchange.asmx &CorrelationID=<empty>;&cafeReqId=f0bbfe48-dd5c-40e8-87d1-d59a3d912969; 443 – 40.101.49.141 ASProxy/CrossForest/EmailDomain//15.20.4219.029/Freebusy – 401 0 0 61
    2021-06-25 13:31:11 10.10.10.22 POST /ews/exchange.asmx &CorrelationID=<empty>;&cafeReqId=6c12146e-e579-4503-955c-ef6a9bf08113; 443 – 40.101.49.141 ASProxy/CrossForest/EmailDomain//15.20.4219.029/Freebusy – 401 0 0 64
    2021-06-25 13:31:11 10.10.10.22 POST /ews/exchange.asmx &CorrelationID=<empty>;&cafeReqId=676cb8ff-dadb-40d9-8aba-86fd88d32069; 443 – 40.101.49.141 ASProxy/CrossForest/EmailDomain//15.20.4219.029/Freebusy – 401 0 0 107
    2021-06-25 13:31:11 10.10.10.22 POST /ews/exchange.asmx &CorrelationID=<empty>;&cafeReqId=7d91a8e1-a0fc-49ea-adc9-e380f8c2ad2f; 443 – 40.101.49.141 ASProxy/CrossForest/EmailDomain//15.20.4219.029/Freebusy – 401 0 0 52
    2021-06-25 13:31:11 10.10.10.22 POST /ews/exchange.asmx &CorrelationID=<empty>;&cafeReqId=bafb0853-c145-40ab-bd44-088d6d3e0a79; 443 – 40.101.49.141 ASProxy/CrossForest/EmailDomain//15.20.4219.029/Freebusy – 401 0 0 51
    2021-06-25 13:31:11 10.10.10.22 POST /ews/exchange.asmx &CorrelationID=<empty>;&cafeReqId=a279b9c2-9820-47e3-8bb4-20a559dc6f59; 443 – 40.101.49.141 ASProxy/CrossForest/EmailDomain//15.20.4219.029/Freebusy – 401 0 0 249


     

  31. get-msoluser -UserPrincipalName jbon@cloudmenow.net | fl

     

     

    ExtensionData : System.Runtime.Serialization.ExtensionDataObject

    AlternateEmailAddresses : {}

    AlternateMobilePhones : {}

    AlternativeSecurityIds : {}

    BlockCredential : False

    City :

    CloudExchangeRecipientDisplayType : -2147483642

    Country :

    Department :

    DirSyncProvisioningErrors : {}

    DisplayName : Jean Bon

    Errors :

    Fax :

    FirstName : Jean

    ImmutableId : YV/pZBWz40SD/U2g9aKaQA==

    IndirectLicenseErrors : {}

    IsBlackberryUser : False

    IsLicensed : True

    LastDirSyncTime : 6/24/2021 10:38:25 AM

    LastName : Bon

    LastPasswordChangeTimestamp :

    LicenseAssignmentDetails : {Microsoft.Online.Administration.LicenseAssignmentDetail}

    LicenseReconciliationNeeded : False

    Licenses : {cloudmenow:ENTERPRISEPACK}

    LiveId : 1003200156B0B79B

    MSExchRecipientTypeDetails : 1

    MSRtcSipDeploymentLocator :

    MSRtcSipPrimaryUserAddress :

    MobilePhone :

    ObjectId : 6d10553b-0bf2-492c-96f4-c53a60f3eddf

    Office :

    OverallProvisioningStatus : Success

    PasswordNeverExpires :

    PasswordResetNotRequiredDuringActivate :

    PhoneNumber :

    PortalSettings :

    PostalCode :

    PreferredDataLocation :

    PreferredLanguage :

    ProxyAddresses : {smtp:jbon@cloudmenow.onmicrosoft.com, smtp:jbon@cloudmenow.mail.onmicrosoft.com, SMTP:jbon@cloudmenow.net}

    ReleaseTrack :

    ServiceInformation : {}

    SignInName : jbon@cloudmenow.net

    SoftDeletionTimestamp :

    State :

    StreetAddress :

    StrongAuthenticationMethods : {}

    StrongAuthenticationPhoneAppDetails : {}

    StrongAuthenticationProofupTime :

    StrongAuthenticationRequirements : {}

    StrongAuthenticationUserDetails :

    StrongPasswordRequired :

    StsRefreshTokensValidFrom : 6/24/2021 9:35:21 AM

    Title :

    UsageLocation : FR

    UserLandingPageIdentifierForO365Shell :

    UserPrincipalName : jbon@cloudmenow.net

    UserThemeIdentifierForO365Shell :

    UserType : Member

    ValidationStatus : Healthy

    WhenCreated : 6/24/2021 9:35:20 AM

     

  32. Get-CsOnlineUser -Identity jbon@cloudmenow.net | fl

     

     

    RunspaceId : b0b3b18f-4b1e-44c1-8bbe-6c49691670d8

    UserAccountControl : PasswordNotRequired, NormalAccount

    Id : CN=6d10553b-0bf2-492c-96f4-c53a60f3eddf,OU=41de3d62-e522-457d-af39-e4a9ecf064f8,OU=OCS Tenants,DC=lync1e001,DC=local

    CountryAbbreviation :

    CountryOrRegionDisplayName :

    Company :

    Department :

    Description : {}

    Fax :

    HomePhone :

    IPPhone :

    City :

    Manager :

    MobilePhone :

    OriginatorSid :

    OtherTelephone : {}

    Office :

    PostalCode :

    PreferredLanguage :

    Puid : 1003200156B0B79B

    ServiceInfo : {}

    StateOrProvince :

    Street :

    StreetAddress :

    ThumbnailPhoto :

    Title :

    Phone :

    WebPage :

    AdminDescription :

    AssignedPlan : {<XmlValueAssignedPlan xmlns:xsd= »http://www.w3.org/2001/XMLSchema &raquo; xmlns:xsi= »http://www.w3.org/2001/XMLSchema-instance »&gt;

    <Plan SubscribedPlanId= »8b8f6a7c-9ac7-4354-a3cd-dd1f209fa0ad » ServiceInstance= »TeamspaceAPI/NA001″ CapabilityStatus= »Enabled » AssignedTimestamp= »2021-06-24T09:35:20Z »

    ServicePlanId= »57ff2da0-773e-42df-b2af-ffb7a2317929″ xmlns= »http://schemas.microsoft.com/online/directoryservices/change/2008/11″&gt;

    <Capability>

    <Capability Plan= »Teams » xmlns= »http://schemas.microsoft.com/online/TeamspaceAPI/2016/09&Prime; />

    </Capability>

    </Plan>

    </XmlValueAssignedPlan>}

    InterpretedUserType : AADConnectEnabledOnlineTeamsOnlyUser

    Alias : jbon

    BaseSimpleUrl :

    DirSyncEnabled : True

    ObjectId : 6d10553b-0bf2-492c-96f4-c53a60f3eddf

    UsageLocation : FR

    HideFromAddressLists : False

    OnPremHideFromAddressLists : False

    ProvisionedPlan : {}

    ProvisioningStamp :

    SubProvisioningStamp :

    UpgradeRetryCounter : 0

    SyncingCounter :

    ProvisioningCounter : 0

    SubProvisioningCounter : 0

    PublishingStamp :

    PublishingCounter : 0

    OnPremHostingProvider :

    OnPremOptionFlags : 0

    OnPremEnterpriseVoiceEnabled : False

    OnPremSIPEnabled :

    OnPremSipAddress :

    OnPremLineURI :

    MCOValidationError : {}

    ShadowProxyAddresses : {x500:/o=ExchangeLabs/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=6b1c479b974b4ca58ebfabc4d2ed11f6-jbon, SMTP:jbon@cloudmenow.net,

    smtp:jbon@cloudmenow.mail.onmicrosoft.com}

    SipProxyAddress : sip:jbon@cloudmenow.net

    ServiceInstance : microsoftcommunicationsonline/emea-1e-m1

    StsRefreshTokensValidFrom : 6/24/2021 11:35:21 AM

    LicenseRemovalTimestamp :

    LastSyncTimeStamp : 6/24/2021 12:40:15 PM

    LastProvisionTimeStamp : 6/24/2021 11:45:39 AM

    LastPublishTimeStamp : 6/24/2021 11:48:10 AM

    LastSubProvisionTimeStamp : 6/24/2021 11:47:07 AM

    ExchUserHoldPolicies : {}

    OwnerUrn :

    ContactOptionFlags :

    OnlineDialinConferencingPolicy :

    OverridePreferredDataLocation :

    PreferredDataLocation :

    SubProvisionLineType :

    UserProvisionType :

    SamAccountName : $ITREV9-1PNNF5A2GETB

    UserPrincipalName : jbon@cloudmenow.net

    FirstName : Jean

    LastName : Bon

    WindowsEmailAddress : jbon@cloudmenow.net

    Sid : S-1-5-21-2325497807-2625590715-1296953786-334983090

    LineServerURI :

    SoftDeletionTimestamp :

    PendingDeletion : False

    AudioVideoDisabled : False

    IPPBXSoftPhoneRoutingEnabled : False

    RemoteCallControlTelephonyEnabled : False

    PrivateLine :

    AcpInfo : {}

    OriginalPreferredDataLocation :

    HostedVoiceMail :

    DisplayName : Jean Bon

    ProxyAddresses : {x500:/o=ExchangeLabs/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=6b1c479b974b4ca58ebfabc4d2ed11f6-jbon, sip:jbon@cloudmenow.net, SMTP:jbon@cloudmenow.net,

    smtp:jbon@cloudmenow.mail.onmicrosoft.com…}

    HomeServer :

    TargetServerIfMoving :

    EnterpriseVoiceEnabled : False

    EnabledForRichPresence : True

    ExchangeArchivingPolicy : Uninitialized

    NonPrimaryResource : False

    MNCReady : True

    TeamsVoiceRoute : False

    OnPremLineURIManuallySet : False

    OptionFlags : 131328

    LineURI :

    SipAddress : sip:jbon@cloudmenow.net

    Enabled : True

    TenantId : 41de3d62-e522-457d-af39-e4a9ecf064f8

    UserRoutingGroupId : a8b22dae-883f-5213-a0c3-3ee912a7747d

    TargetRegistrarPool :

    VoicePolicy :

    CallerIdPolicy :

    CallingLineIdentity :

    MobilityPolicy : MobilityEnableOutsideVoice

    ConferencingPolicy : BposSAllModality

    BroadcastMeetingPolicy :

    CloudMeetingPolicy :

    CloudMeetingOpsPolicy :

    TeamsMeetingPolicy :

    TeamsCallingPolicy :

    TeamsInteropPolicy :

    TeamsMessagingPolicy :

    TeamsUpgradeEffectiveMode : TeamsOnly

    TeamsUpgradeNotificationsEnabled : False

    TeamsUpgradePolicyIsReadOnly : ModeAndNotifications

    TeamsUpgradePolicy :

    TeamsCortanaPolicy :

    TeamsOwnersPolicy :

    TeamsMeetingBroadcastPolicy :

    TeamsAppPermissionPolicy :

    TeamsAppSetupPolicy :

    TeamsCallParkPolicy :

    TeamsEnhancedEncryptionPolicy :

    TeamsEducationAssignmentsAppPolicy :

    TeamsUpdateManagementPolicy :

    TeamsNotificationAndFeedsPolicy :

    TeamsChannelsPolicy :

    TeamsSyntheticAutomatedCallPolicy :

    TeamsTargetingPolicy :

    TeamsVerticalPackagePolicy :

    TeamsComplianceRecordingPolicy :

    TeamsMobilityPolicy :

    TeamsTasksPolicy :

    TeamsIPPhonePolicy :

    TeamsEmergencyCallRoutingPolicy :

    TeamsNetworkRoamingPolicy :

    TeamsCarrierEmergencyCallRoutingPolicy :

    TeamsEmergencyCallingPolicy :

    TeamsShiftsAppPolicy :

    TeamsShiftsPolicy :

    TeamsUpgradeOverridePolicy :

    TeamsVideoInteropServicePolicy :

    TeamsWorkLoadPolicy :

    ClientUpdatePolicy :

    ClientUpdateOverridePolicy :

    OnlineVoicemailPolicy :

    PresencePolicy :

    VoiceRoutingPolicy :

    RegistrarPool : sippoolDB41E07.infra.lync.com

    DialPlan : FR

    TenantDialPlan :

    IPPhonePolicy :

    LocationPolicy :

    ClientPolicy :

    ClientVersionPolicy :

    ArchivingPolicy :

    LegalInterceptPolicy :

    PinPolicy :

    CallViaWorkPolicy :

    GraphPolicy :

    ExternalAccessPolicy :

    HostedVoicemailPolicy :

    UserServicesPolicy :

    ExperiencePolicy : W15DefaultUX

    XForestMovePolicy :

    PreferredDataLocationOverwritePolicy :

    AddressBookPolicy :

    SmsServicePolicy :

    ExternalUserCommunicationPolicy :

    ThirdPartyVideoSystemPolicy :

    CloudVideoInteropPolicy :

    ApplicationAccessPolicy :

    OnlineDialOutPolicy :

    OnlineVoiceRoutingPolicy :

    OnlineAudioConferencingRoutingPolicy :

    TeamsSurvivableBranchAppliancePolicy :

    TeamsAudioConferencingPolicy :

    TeamsMeetingBrandingPolicy :

    TeamsVdiPolicy :

    TeamsTemplatePermissionPolicy :

    HostingProvider : sipfed.online.lync.com

    ExUmEnabled : False

    TeamsFeedbackPolicy :

    TeamsCallHoldPolicy :

    TeamsFilesPolicy :

    Name : 6d10553b-0bf2-492c-96f4-c53a60f3eddf

    DistinguishedName : CN=6d10553b-0bf2-492c-96f4-c53a60f3eddf,OU=41de3d62-e522-457d-af39-e4a9ecf064f8,OU=OCS Tenants,DC=lync1e001,DC=local

    Identity : CN=6d10553b-0bf2-492c-96f4-c53a60f3eddf,OU=41de3d62-e522-457d-af39-e4a9ecf064f8,OU=OCS Tenants,DC=lync1e001,DC=local

    Guid : 43973b13-6371-42d0-8154-f681ebf2e4f9

    ObjectCategory : CN=Person,CN=Schema,CN=Configuration,DC=lync1e001,DC=local

    ObjectClass : {top, person, organizationalPerson, user}

    WhenChanged : 6/24/2021 12:40:35 PM

    WhenCreated : 6/24/2021 11:42:32 AM

    OriginatingServer : WE01E00ADS02.lync1e001.local

    IsByPassValidation : True

    IsValid : True

    ObjectState : Unchanged

     

  33. https://exwebservices.cloudmenow.net/autodiscover/autodiscover.json/v1.0/jbon2@cloudmenow.net?Protocol=Rest

     


  34. get-user jbon2@cloudmenow.net | select mailboxlocations

     


     

     

     

  35. Tests

  36. Test Calendar

     

  37. Autodiscover Test

     

     

  38. Free BusyTEst

     

  39. Calendar Tab

  40. Free Busy Test with other EWS configuration

     

     

  41. Analysis

    This morning after having searched for two hours in the EWS logs of exchange Onprem and having found nothing I was interested in the analysis of the logs of the command

    Test-OAuthConnectivity -Service EWS -TargetUri https://exwebservices.cloudmenow.net/metadata/json/1 -Mailbox CloudMailboxUser@cloudmelater.online -Verbose | Format-List

    This command reproduces a freebusy request from Exchange Online to Exchange OnPrem. We know that this request is not successful because it is refused.

    If we look closely at the EWS logs of the local server we can see the consequence of this error but above all we can see that the request sent from Exchange Online to the Exchange OnPrem server is not authenticated (IsAuthenticated column)

     

    Figure 1 : EWS Log

    By analyzing the logs of the Test-OAuthConnectivity command, we can observe the following

    System.Net.WebException: The remote server returned an error: (401) Unauthorized.

    at System.Net.HttpWebRequest.GetResponse()

    at Microsoft.Exchange.Monitoring.TestOAuthConnectivityHelper.SendExchangeOAuthRequest(ADUser user, String orgDomain, Uri targetUri, String& diagnosticMessage, Boolean appOnly, Boolean useCachedToken, Boolean reloadConfig), diagnostics: 2000005;reason= »The user specified by the user-context in the token does not exist. »;error_category= »invalid_user »

    .

    We can see that the test tries to connect with modern auth (with Bearer Token) on the Exchange 2016 On premise services but the Exchange 2016 On prem services are not configured for modern auth. As a result the authentication fails and generates a 401 access denied.

    The problem in all this is that nowhere in the Microsoft documentation is there any reference to the need to implement modern authentication on Onpremise servers.

    Either the Oauth authentication set on the web services (see section Get-webservices) does not work.

    The complete log of this command could be found in this section

    If we do a Google search on the expression « diagnostics: 2000005;reason= »The user specified by the user context in the token does not exist. »;error_category= »invalid_user » » we find the following link: https://techcommunity.microsoft.com/t5/exchange-team-blog/announcing-hybrid-modern-authentication-for-exchange-on-premises/ba-p/607476

    In our configuration the user is synchronized in Azure AD and represented as a mail user in Exchange online . see section mailuser

     

  42. Actions

  43. 28 Jun 2021

  44. Set-OrganizationConfig

    When I read this article it implie that

    After looking at my configuration I can see that it is not the case . I decide to change that

    1. Another point is « Enable the OAuth client feature for Windows Outlook:

      Set-OrganizationConfig -OAuth2ClientProfileEnabled $True »

       

    I update my config by adding this command let and try again the Free busy but still the same error on free busy test

    Another point ACS authserver. I red that ACS is used for FreeBusy access and by looking the configuration i can see that

    IsDefaultAuthorizationEndpoint : False

    I treid to change this like the Authserver EvoSTS to $true by using this cmdlet but 

  45. Rerun the HCW










    But the free busy test is still nok

  46. 01/07/2021

    Microsoft support [Case #:26301830] call me back and ask me for a extract of the configuration Get-csuseronline -jbond@cloudmenow.net

    I decided to install a new simple mockup with another tenant another local AD but without federation : Cloudmelater.online

    Just to see and to check if this issue seems linked to OKTA Federation or not.

    So I installed a new Exchange 2016 CU 20 server with an AD and and AD Connect. No federation but rather passwordHash.

    I published everything on a web service exwebservices.cloudmelater.online and did some tests

    I created two users for this

  • Jbon@cloudmelater.online (Synchronized account)
  • and CloudMailboxuser@cloudmelater.online (Cloud account with an E3 license)

I set the internal urls of the virtual directory so that they can all point to https://exwebservices.cloudmelater.online/…. Exactly as in the model 1 (Fed with Okta)

I made a test of Freebusy with the remote connectivity analyse from the cloud to the onpremise. I have the same error message as on the model 1 (Fed with Okta) (401). But on the other hand to my great surprise the Teams calendar Tab works !!!!!!!!


So already what we can say is that if the FreeBusy from Online to Onprem does not work it does not prevent the Teams calendar Tab to work

Tomorrow I’m going to go back to the settings of model 2 (Password Hash) and see if there are differences with the environment of model 1 (Fed With Okta). I’m going to drop this free busy thing for the moment.

  1. 02/07/2021

  2. Comparing configuration

    Now that I have a Lab2 that works and a Lab1 that doesn’t, I can compare the settings. Let’s go

    Lab 1

    Lab 2

    I decide to change the configuration to reflect lab2

    PS] C:\Windows\system32>Set-OrganizationConfig -EwsEnabled $Null

    [PS] C:\Windows\system32>Set-OrganizationConfig -EwsAllowOutlook $null

    I decide to change the casmailbox settings

    set-CASMailbox -Identity jbon@cloudmenow.net -EwsEnabled $null -EwsAllowOutlook $null


     

    Get-WebServicesVirtualDirectory -Server EX16-SRV-01 | Set-WebServicesVirtualDirectory -BasicAut

    hentication $False

       

     

    Let try if now it is working on lab1


    Not this time. Same player shoot Again !: Let’s continue

    Lab 1

    Lab 2

    Get-authserver

     

    Type : MicrosoftACS

    DomainName : {autod:cloudmenow.net, cloudmenow.mail.onmicrosoft.com, cloudmelater.online}

     

    *********************

     

    Type : AzureAD

    IsDefaultAuthorizationEndpoint : True


     

    Get-authserver

     

    Type : MicrosoftACS

    DomainName : {M365x648763.mail.onmicrosoft.com, cloudmelater.online}

     

     

     

    Type : AzureAD

    IsDefaultAuthorizationEndpoint : False

    I decide to change this in a lab1 as below

    set-authserver -identity « ACS – 424d73fb-860e-45c4-a7fc-f08db2cc1de4 » -domainName cloudmenow.net, cloudmenow.mail.onmicrosoft.com

    Let try if now it is working on lab1

    Not this time. Same player shoot Again !: Let’s continue

    I decide to change in Microsoft AzureAD in lab 1 the value of IsDefaultAuthorizationEndpoint : True to False in order to reflect the Lab2 Configuration

    Let try if now it is working on lab1

    Not this time. Same player shoot Again !: Let’s continue

     

     

  3. Get-MsolServicePrincipal -AppPrincipalId 00000002-0000-0ff1-ce00-000000000000 | select -ExpandProperty ServicePrincipalNames

  4. Just test with new fresh user (KO)

    Let’s try on lab1 to create a new mailboxuser .. jbon2@cloudmenow.net

    Exchange Online configuration

    Online user information

     

  5. Teams Logs : isMailboxDiscoverable: false

    In the teams log we can observe that the mailbox is not discoverable . why ? I don’t know

    The test https://exwebservices.cloudmenow.net/autodiscover/autodiscover.json/v1.0/jbon2@cloudmenow.net?Protocol=Rest is good

    The mailbox location is good

    But the mailbox is still not discoverable

     

    2021-07-02T15:25:34.803Z Inf    UserAppsStore: Skipped calendar app with isFirstParty as true. isMailboxDiscoverable: false,
    isFreemiumTenant: false, enableFreemiumCalendar: true

    2021-07-02T15:25:34.793Z Inf    UserAppsStore: Added Insights app with isFirstParty as false

    2021-07-02T15:25:34.793Z Inf    UserAppsStore: Added OneNote app with isFirstParty as false

    2021-07-02T15:25:34.793Z Inf    UserAppsStore: Added Approvals app with isFirstParty as false

    2021-07-02T15:25:34.793Z Inf    UserAppsStore: Added Tasks by Planner and To Do app with isFirstParty as false

    2021-07-02T15:25:34.793Z Inf    UserAppsStore: Added Help app with isFirstParty as false

    2021-07-02T15:25:34.793Z Inf    UserAppsStore: Added Wiki app with isFirstParty as false

     

     

     

  6. Annexes

  7. Log Test-OAuthConnectivity -Service EWS -TargetUri https://exwebservices.cloudmenow.net/metadata/json/1

     

    PS C:\Users\administrator.LT01> Test-OAuthConnectivity -Service EWS -TargetUri https://exwebservices.cloudmenow.net/metadata/json/1 -Mailbox CloudMailboxUser@cloudmelater.online -Verbose | Format-List

     

     

    RunspaceId : 912b6819-a6d2-44fa-8111-5a1ba0308410

    Task : Checking EWS API Call Under Oauth

    Detail : The configuration was last successfully loaded at 1/1/0001 12:00:00 AM UTC. This was 1062675853 minutes ago.

    The token cache is being cleared because « use cached token » was set to false.

    Exchange Outbound Oauth Log:

    Client request ID: e7e64d23-ecd9-4f8a-80af-066da3f5d121

    Information:[OAuthCredentials:Authenticate] entering

    Information:[OAuthCredentials:Authenticate] challenge from ‘https://exwebservices.cloudmenow.net/ews/Exchange.asmx&rsquo; received: Bearer client_id= »00000002-0000-0ff1-ce00-000000000000″,

    trusted_issuers= »00000001-0000-0000-c000-000000000000@41de3d62-e522-457d-af39-e4a9ecf064f8″, token_types= »app_asserted_user_v1 service_asserted_app_v1″,Basic realm= »exwebservices.cloudmenow.net »,Negotiate,NTLM

    Information:[OAuthCredentials:GetToken] client-id: ‘00000002-0000-0ff1-ce00-000000000000’, realm:  », trusted_issuer: ‘00000001-0000-0000-c000-000000000000@41de3d62-e522-457d-af39-e4a9ecf064f8’

    Information:[OAuthCredentials:GetToken] Start building a token using organizationId ’41de3d62-e522-457d-af39-e4a9ecf064f8′

    Information:[OAuthCredentials:GetToken] Start building a token using adUser

    Information:[OAuthTokenBuilder:GetAppToken] start building the apptoken

    Information:[OAuthTokenBuilder:GetAppToken] checking enabled auth servers

    Information:[OAuthTokenBuilder:GetAppToken] trusted_issuer includes the auth server ‘MicrosoftSts’: 00000001-0000-0000-c000-000000000000@*,

    Information:[OAuthTokenBuilder:GetAppToken] trying to get the apptoken from the auth server ‘MicrosoftSts’ for resource

    ‘00000002-0000-0ff1-ce00-000000000000/exwebservices.cloudmenow.net@41de3d62-e522-457d-af39-e4a9ecf064f8′, tenantId ’41de3d62-e522-457d-af39-e4a9ecf064f8’, userDomain ‘cloudmelater.online’

    Information:[TokenCache:GetActorToken] Each key and its counts are L:00000002-0000-0ff1-ce00-000000000000-AS:00000001-0000-0000-c000-000000000000@*, 0

    Information:[TokenCache:GetActorToken] cache size is 0

    Information:[TokenCache:GetActorToken] try to get a new token synchronously

    Information:[ACSTokenBuildRequest:BuildToken] started

    Information:[TokenBuildRequest:GetActorTokenFromAuthServer] Sending token request to ‘https://accounts.accesscontrol.windows.net/tokens/OAuth/2&rsquo; for the resource

    ‘00000002-0000-0ff1-ce00-000000000000/exwebservices.cloudmenow.net@41de3d62-e522-457d-af39-e4a9ecf064f8’ with token: grant_type=http%3a%2f%2foauth.net%2fgrant_type%2fjwt%2f1.0%2fbearer&assertion=eyJhbGciOiJSUzI1NiIsImtpZCI

    6IjkzMUU5MjNBMDVEODI5Nzk3ODBGNDAxM0I0M0E4QTc0REQ0QTUxRDEiLCJ0eXAiOiJKV1QiLCJ4NWMiOiJNSUlHNERDQ0JjaWdBd0lCQWdJVGZ3Q01lVjNwd3ZBVy9tWXArZ0FDQUl4NVhUQU5CZ2txaGtpRzl3MEJBUXNGQURCRU1STXdFUVlLQ1pJbWlaUHlMR1FCR1JZRFIwSk1NUk13RVFZS

    0NaSW1pWlB5TEdRQkdSWURRVTFGTVJnd0ZnWURWUVFERXc5QlRVVWdTVzVtY21FZ1EwRWdNREl3SGhjTk1qRXdNekExTURneE5ESTVXaGNOTWpJd01qSTRNRGd4TkRJNVdqQXFNU2d3SmdZRFZRUURFeDlsYzNSelkyeHBaVzUwTG1OdmNtVmhkWFJvTG05MWRHeHZiMnN1WTI5dE1JSUJJakFOQmd

    rcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBMDlUWlJrNDFNU3dJWjVobEZna01jYm1KRmkycjdPVzlKZ29uTTFmYnUxUy9aNnZBMklhZXFBVURaWVpOQ21iVzdpdDhHend0VjQrVlVMQkU3QXh0ck1VMk9YU2hjWHk4Q1ZBYmNoRDc3VE9xU0xkMjM1ZVZFM1BzTnJFa3ZGcUNPNlliV

    FNGK1FRWHh6Z0pwd0FDTDNJSEdjUHMyVnJZS09vRkoyNjN3bUpwWUJ1bzFKMmhZK0VVQ0ZXcU9YQnVWNmJQRFM2RHFvSzlJMi82YXJMUTNtTEkzQ0NTVk9TV2NnTmhnU1FuaUxISzcxSi9hb1ExN2FhQ0hFRWY0WFJKMEk4ZnhkU3hJcTJsdmhoODlENXBmMlVqdjBZM0VRQ1BidHdNS1VmUzc3N0h

    1cE8xaU5xbVRoVk1XWm9zQ2FOMWFHcXdSWnhUcVpIRlE2OG9lU043MzJRSURBUUFCbzRJRDR6Q0NBOTh3SndZSkt3WUJCQUdDTnhVS0JCb3dHREFLQmdnckJnRUZCUWNEQVRBS0JnZ3JCZ0VGQlFjREFqQTlCZ2tyQmdFRUFZSTNGUWNFTURBdUJpWXJCZ0VFQVlJM0ZRaUdrT01OaE5XMGVJVHhpe

    jZGbTkwV3pwMFNnV0NDOWZZcmcvTFJJQUlCWkFJQkNqQ0NBZG9HQ0NzR0FRVUZCd0VCQklJQnpEQ0NBY2d3WmdZSUt3WUJCUVVITUFLR1dtaDBkSEE2THk5amNtd3ViV2xqY205emIyWjBMbU52YlM5d2EybHBibVp5WVM5RFpYSjBjeTlDVERKUVMwbEpUbFJEUVRBeExrRk5SUzVIUWt4ZlFVMUZ

    KVEl3U1c1bWNtRWxNakJEUVNVeU1EQXlLRElwTG1OeWREQldCZ2dyQmdFRkJRY3dBb1pLYUhSMGNEb3ZMMk55YkRFdVlXMWxMbWRpYkM5aGFXRXZRa3d5VUV0SlNVNVVRMEV3TVM1QlRVVXVSMEpNWDBGTlJTVXlNRWx1Wm5KaEpUSXdRMEVsTWpBd01pZ3lLUzVqY25Rd1ZnWUlLd1lCQlFVSE1BS

    0dTbWgwZEhBNkx5OWpjbXd5TG1GdFpTNW5ZbXd2WVdsaEwwSk1NbEJMU1VsT1ZFTkJNREV1UVUxRkxrZENURjlCVFVVbE1qQkpibVp5WVNVeU1FTkJKVEl3TURJb01pa3VZM0owTUZZR0NDc0dBUVVGQnpBQ2hrcG9kSFJ3T2k4dlkzSnNNeTVoYldVdVoySnNMMkZwWVM5Q1RESlFTMGxKVGxSRFF

    UQXhMa0ZOUlM1SFFreGZRVTFGSlRJd1NXNW1jbUVsTWpCRFFTVXlNREF5S0RJcExtTnlkREJXQmdnckJnRUZCUWN3QW9aS2FIUjBjRG92TDJOeWJEUXVZVzFsTG1kaWJDOWhhV0V2UWt3eVVFdEpTVTVVUTBFd01TNUJUVVV1UjBKTVgwRk5SU1V5TUVsdVpuSmhKVEl3UTBFbE1qQXdNaWd5S1M1a

    mNuUXdIUVlEVlIwT0JCWUVGSVUrbm1tdHJVMWNlS0E3aGZhUnlRWDV3UytmTUE0R0ExVWREd0VCL3dRRUF3SUZvRENDQVNZR0ExVWRId1NDQVIwd2dnRVpNSUlCRmFDQ0FSR2dnZ0VOaGo5b2RIUndPaTh2WTNKc0xtMXBZM0p2YzI5bWRDNWpiMjB2Y0d0cGFXNW1jbUV2UTFKTUwwRk5SU1V5TUV

    sdVpuSmhKVEl3UTBFbE1qQXdNaTVqY215R01XaDBkSEE2THk5amNtd3hMbUZ0WlM1blltd3ZZM0pzTDBGTlJTVXlNRWx1Wm5KaEpUSXdRMEVsTWpBd01pNWpjbXlHTVdoMGRIQTZMeTlqY213eUxtRnRaUzVuWW13dlkzSnNMMEZOUlNVeU1FbHVabkpoSlRJd1EwRWxNakF3TWk1amNteUdNV2gwZ

    EhBNkx5OWpjbXd6TG1GdFpTNW5ZbXd2WTNKc0wwRk5SU1V5TUVsdVpuSmhKVEl3UTBFbE1qQXdNaTVqY215R01XaDBkSEE2THk5amNtdzBMbUZ0WlM1blltd3ZZM0pzTDBGTlJTVXlNRWx1Wm5KaEpUSXdRMEVsTWpBd01pNWpjbXd3SHdZRFZSMGpCQmd3Rm9BVXo0UllmbmIrZFlHTzJ6QnJma1p

    lN3BLVWx6WXdIUVlEVlIwbEJCWXdGQVlJS3dZQkJRVUhBd0VHQ0NzR0FRVUZCd01DTUEwR0NTcUdTSWIzRFFFQkN3VUFBNElCQVFCbXdUZUVCT21ZdXYvMVRWZGZvN3V3cWRydXhaKzRDaU9KOUZERlFzYVJic0VjZ1k2dVpXS0xNZmxXQ2pjTGR0UXhiVEZhMHZGTFlEZ1hBS1p0WU1xZUFJL0F1O

    StEeEtKOVJ4by9UVGx5MHE2YUNleGFvemVGdmVEbENJbWV0Smo0UXppaEV3Nkp5MlV5bElVT0duT2o2SlI0cEhKSGZ5NTZTUkU4d1QvSTB5NFdoRjRJbFpoYnowMEtYaUtNMEt2Qi95Tks2V2lnc28wNUVsRkhUU1BhcWtPZm1tUC9JR0hYWWhFWlRZQ2F2eWZRWmRDNDRDb1pRY0FGdmM3NGxEcGZ

    mVy8wZ1hic3l3K3ZaTXkrZEpwTlpKcWJnbFNLU0prVWVkdXlpRlBhWXc3M2VSa0IvTHk5a0hPK294M0NDQ1J2VzNNYlZZTVV2U2hrUnlETCsvU0IiLCJ4NXQiOiJreDZTT2dYWUtYbDREMEFUdERxS2ROMUtVZEUifQ.eyJuYmYiOjE2MjQ5NTQzOTAsImV4cCI6MTYyNDk1NDk5MCwiaXNzIjoiMD

    AwMDAwMDItMDAwMC0wZmYxLWNlMDAtMDAwMDAwMDAwMDAwQDQxZGUzZDYyLWU1MjItNDU3ZC1hZjM5LWU0YTllY2YwNjRmOCIsImF1ZCI6IjAwMDAwMDAxLTAwMDAtMDAwMC1jMDAwLTAwMDAwMDAwMDAwMC9hY2NvdW50cy5hY2Nlc3Njb250cm9sLndpbmRvd3MubmV0QDQxZGUzZDYyLWU1MjIt

    NDU3ZC1hZjM5LWU0YTllY2YwNjRmOCJ9.Bh3oZnDknFGrCHm4dUF4w54CpmOeMZrDaKyIJH3OGpIwz1Gm8vs2pPe_k8GMfwMgztAtHkE8r6MwoLyLh3d04JYr2DewD9jsIgvOrJm97jhtxz9PhTj2Be3tArfEaoqsnEzpZpexrftJ6sn_2LAuxXQTLE15ksWMpgzNpN_QJX7zSIN5vaFvFRjOl8CpJ

    fg-2Vs5TVeVFwp4VX4A1qrUhOIfxOwC66VinuTBBTuMOruDyqXpbgbJWSnRH9djuejso5_v4fucqp3F5OCby4ab95tPq4XRrFXsser1heH4ak1XWX95k0VnLeX3tuV0aB3kwB3uiqKYHXlbZo_diPLiHA&resource=00000002-0000-0ff1-ce00-000000000000%2fexwebservices.cloudm

    enow.net%4041de3d62-e522-457d-af39-e4a9ecf064f8

    Information:[TokenBuildRequest:GetActorTokenFromAuthServer] response headers was

    Pragma: no-cache

    Strict-Transport-Security: max-age=31536000; includeSubDomains

    X-Content-Type-Options: nosniff

    client-request-id: e7e64d23-ecd9-4f8a-80af-066da3f5d121

    x-ms-request-id: 2be2af34-f374-40fe-ac03-79ca23bb7900

    x-ms-ests-server: 2.1.11829.8 – NEULR2 ProdSlices

    Cache-Control: no-store, no-cache

    Content-Type: application/json; charset=utf-8

    Expires: -1

    P3P: CP= »DSP CUR OTPi IND OTRi ONL FIN »

    Set-Cookie: fpc=ArvCnr7H9dhCuBChHqn4zI8l2yrbAQAAABXNbNgOAAAA; expires=Thu, 29-Jul-2021 08:13:10 GMT; path=/; secure; HttpOnly; SameSite=None,esctx=AQABAAAAAAD–DLA3VO7QrddgJg7WevrVr0ZGbDnoLLwBBbpA-DBO6L6NAQ9is8CGouHGlRscJ0

    MjfDDtspRarOWbC7H6KvVC8cHv8qZJtX7v2vB0Ak7YQjRdsb81yCexNPqqxRMFwXoqrXCmdzbaQUHYF3_1i49fBzSa5SCoGqfdZaDfFjRHcRZX562HYiQlSmAcCnpFNIgAA; domain=.accounts.accesscontrol.windows.net; path=/; secure; HttpOnly;

    SameSite=None,x-ms-gateway-slice=estsfd; path=/; secure; httponly,stsservicecookie=estsfd; path=/; secure; httponly

    Date: Tue, 29 Jun 2021 08:13:09 GMT

    Content-Length: 1433

     

     

    Information:[ACSTokenBuildRequest:BuildToken] finished

    Information:[OAuthTokenBuilder:GetAppToken] finish building apptoken; the token is {« typ »: »JWT », »alg »: »RS256″, »x5t »: »nOo3ZDrODXEK1jKWhXslHR_KXEg », »kid »: »nOo3ZDrODXEK1jKWhXslHR_KXEg »}. »oid »:

    «  »6768ea00-362c-495c-9e04-330cd89360e9″ » « iss »: «  »00000001-0000-0000-c000-000000000000@41de3d62-e522-457d-af39-e4a9ecf064f8″ » « aud »:

    «  »00000002-0000-0ff1-ce00-000000000000/exwebservices.cloudmenow.net@41de3d62-e522-457d-af39-e4a9ecf064f8″ » « nbf »: « 1624954090 » « exp »: « 1625040790 »

    Information:[OAuthTokenBuilder.GetAppWithUserToken] nameid is allowed to be included in the claim set

    Information:[OAuthTokenBuilder.GetAppWithUserToken] only nameid to be included in the claim: no

    Information:[OAuthTokenBuilder.GetAppWithUserToken] building token with user context for the audience ‘00000002-0000-0ff1-ce00-000000000000/exwebservices.cloudmenow.net@41de3d62-e522-457d-af39-e4a9ecf064f8’

    Information:[OAuthTokenBuilder.GetAppWithUserToken] claims count: 5

    Information:[OAuthCredentials:Authenticate] send request to ‘https://exwebservices.cloudmenow.net/ews/Exchange.asmx&rsquo; with the bearer token: ‘{« alg »: »none », »typ »: »JWT »}. »iss »:

    «  »00000002-0000-0ff1-ce00-000000000000@41de3d62-e522-457d-af39-e4a9ecf064f8″ » « aud »: «  »00000002-0000-0ff1-ce00-000000000000/exwebservices.cloudmenow.net@41de3d62-e522-457d-af39-e4a9ecf064f8″ » « nbf »: « 1624954390 » « exp »:

    « 1624983190 » ; actor: {« typ »: »JWT », »alg »: »RS256″, »x5t »: »nOo3ZDrODXEK1jKWhXslHR_KXEg », »kid »: »nOo3ZDrODXEK1jKWhXslHR_KXEg »}. »oid »: «  »6768ea00-362c-495c-9e04-330cd89360e9″ » « iss »:

    «  »00000001-0000-0000-c000-000000000000@41de3d62-e522-457d-af39-e4a9ecf064f8″ » « aud »: «  »00000002-0000-0ff1-ce00-000000000000/exwebservices.cloudmenow.net@41de3d62-e522-457d-af39-e4a9ecf064f8″ » « nbf »: « 1624954090 » « exp »:

    « 1625040790 » ‘

    Token:{« alg »: »none », »typ »: »JWT »}. »iss »: «  »00000002-0000-0ff1-ce00-000000000000@41de3d62-e522-457d-af39-e4a9ecf064f8″ » « aud »:

    «  »00000002-0000-0ff1-ce00-000000000000/exwebservices.cloudmenow.net@41de3d62-e522-457d-af39-e4a9ecf064f8″ » « nbf »: « 1624954390 » « exp »: « 1624983190 » ; actor:

    {« typ »: »JWT », »alg »: »RS256″, »x5t »: »nOo3ZDrODXEK1jKWhXslHR_KXEg », »kid »: »nOo3ZDrODXEK1jKWhXslHR_KXEg »}. »oid »: «  »6768ea00-362c-495c-9e04-330cd89360e9″ » « iss »:

    «  »00000001-0000-0000-c000-000000000000@41de3d62-e522-457d-af39-e4a9ecf064f8″ » « aud »: «  »00000002-0000-0ff1-ce00-000000000000/exwebservices.cloudmenow.net@41de3d62-e522-457d-af39-e4a9ecf064f8″ » « nbf »: « 1624954090 » « exp »:

    « 1625040790 »

     

    Exchange Response Details:

    HTTP response message:

    Exception:

    System.Net.WebException: The remote server returned an error: (401) Unauthorized.

    at System.Net.HttpWebRequest.GetResponse()

    at Microsoft.Exchange.Monitoring.TestOAuthConnectivityHelper.SendExchangeOAuthRequest(ADUser user, String orgDomain, Uri targetUri, String& diagnosticMessage, Boolean appOnly, Boolean useCachedToken, Boolean

    reloadConfig), diagnostics: 2000005;reason= »The user specified by the user-context in the token does not exist. »;error_category= »invalid_user »

     

    ResultType : Error

    Identity : Microsoft.Exchange.Security.OAuth.ValidationResultNodeId

    IsValid : True

    ObjectState : New

     

     

     

    PS C:\Users\administrator.LT01> Test-OAuthConnectivity -Service EWS -TargetUri https://exwebservices.cloudmenow.net/metadata/json/1 -Mailbox CloudMailboxUser@cloudmelater.online -Verbose | Format-List

     

     

    RunspaceId : 912b6819-a6d2-44fa-8111-5a1ba0308410

    Task : Checking EWS API Call Under Oauth

    Detail : The configuration was last successfully loaded at 1/1/0001 12:00:00 AM UTC. This was 1062675921 minutes ago.

    The token cache is being cleared because « use cached token » was set to false.

    Exchange Outbound Oauth Log:

    Client request ID: a54bb27e-1040-4459-8953-61d83af8d862

    Information:[OAuthCredentials:Authenticate] entering

    Information:[OAuthCredentials:Authenticate] challenge from ‘https://exwebservices.cloudmenow.net/ews/Exchange.asmx&rsquo; received: Bearer client_id= »00000002-0000-0ff1-ce00-000000000000″,

    trusted_issuers= »00000001-0000-0000-c000-000000000000@41de3d62-e522-457d-af39-e4a9ecf064f8″, token_types= »app_asserted_user_v1 service_asserted_app_v1″,Basic realm= »exwebservices.cloudmenow.net »,Negotiate,NTLM

    Information:[OAuthCredentials:GetToken] client-id: ‘00000002-0000-0ff1-ce00-000000000000’, realm:  », trusted_issuer: ‘00000001-0000-0000-c000-000000000000@41de3d62-e522-457d-af39-e4a9ecf064f8’

    Information:[OAuthCredentials:GetToken] Start building a token using organizationId ’41de3d62-e522-457d-af39-e4a9ecf064f8′

    Information:[OAuthCredentials:GetToken] Start building a token using adUser

    Information:[OAuthTokenBuilder:GetAppToken] start building the apptoken

    Information:[OAuthTokenBuilder:GetAppToken] checking enabled auth servers

    Information:[OAuthTokenBuilder:GetAppToken] trusted_issuer includes the auth server ‘MicrosoftSts’: 00000001-0000-0000-c000-000000000000@*,

    Information:[OAuthTokenBuilder:GetAppToken] trying to get the apptoken from the auth server ‘MicrosoftSts’ for resource

    ‘00000002-0000-0ff1-ce00-000000000000/exwebservices.cloudmenow.net@41de3d62-e522-457d-af39-e4a9ecf064f8′, tenantId ’41de3d62-e522-457d-af39-e4a9ecf064f8’, userDomain ‘cloudmelater.online’

    Information:[TokenCache:GetActorToken] Each key and its counts are L:00000002-0000-0ff1-ce00-000000000000-AS:00000001-0000-0000-c000-000000000000@*, 0

    Information:[TokenCache:GetActorToken] cache size is 0

    Information:[TokenCache:GetActorToken] try to get a new token synchronously

    Information:[ACSTokenBuildRequest:BuildToken] started

    Information:[TokenBuildRequest:GetActorTokenFromAuthServer] Sending token request to ‘https://accounts.accesscontrol.windows.net/tokens/OAuth/2&rsquo; for the resource

    ‘00000002-0000-0ff1-ce00-000000000000/exwebservices.cloudmenow.net@41de3d62-e522-457d-af39-e4a9ecf064f8’ with token: grant_type=http%3a%2f%2foauth.net%2fgrant_type%2fjwt%2f1.0%2fbearer&assertion=eyJhbGciOiJSUzI1NiIsImtpZCI

    6IjkzMUU5MjNBMDVEODI5Nzk3ODBGNDAxM0I0M0E4QTc0REQ0QTUxRDEiLCJ0eXAiOiJKV1QiLCJ4NWMiOiJNSUlHNERDQ0JjaWdBd0lCQWdJVGZ3Q01lVjNwd3ZBVy9tWXArZ0FDQUl4NVhUQU5CZ2txaGtpRzl3MEJBUXNGQURCRU1STXdFUVlLQ1pJbWlaUHlMR1FCR1JZRFIwSk1NUk13RVFZS

    0NaSW1pWlB5TEdRQkdSWURRVTFGTVJnd0ZnWURWUVFERXc5QlRVVWdTVzVtY21FZ1EwRWdNREl3SGhjTk1qRXdNekExTURneE5ESTVXaGNOTWpJd01qSTRNRGd4TkRJNVdqQXFNU2d3SmdZRFZRUURFeDlsYzNSelkyeHBaVzUwTG1OdmNtVmhkWFJvTG05MWRHeHZiMnN1WTI5dE1JSUJJakFOQmd

    rcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBMDlUWlJrNDFNU3dJWjVobEZna01jYm1KRmkycjdPVzlKZ29uTTFmYnUxUy9aNnZBMklhZXFBVURaWVpOQ21iVzdpdDhHend0VjQrVlVMQkU3QXh0ck1VMk9YU2hjWHk4Q1ZBYmNoRDc3VE9xU0xkMjM1ZVZFM1BzTnJFa3ZGcUNPNlliV

    FNGK1FRWHh6Z0pwd0FDTDNJSEdjUHMyVnJZS09vRkoyNjN3bUpwWUJ1bzFKMmhZK0VVQ0ZXcU9YQnVWNmJQRFM2RHFvSzlJMi82YXJMUTNtTEkzQ0NTVk9TV2NnTmhnU1FuaUxISzcxSi9hb1ExN2FhQ0hFRWY0WFJKMEk4ZnhkU3hJcTJsdmhoODlENXBmMlVqdjBZM0VRQ1BidHdNS1VmUzc3N0h

    1cE8xaU5xbVRoVk1XWm9zQ2FOMWFHcXdSWnhUcVpIRlE2OG9lU043MzJRSURBUUFCbzRJRDR6Q0NBOTh3SndZSkt3WUJCQUdDTnhVS0JCb3dHREFLQmdnckJnRUZCUWNEQVRBS0JnZ3JCZ0VGQlFjREFqQTlCZ2tyQmdFRUFZSTNGUWNFTURBdUJpWXJCZ0VFQVlJM0ZRaUdrT01OaE5XMGVJVHhpe

    jZGbTkwV3pwMFNnV0NDOWZZcmcvTFJJQUlCWkFJQkNqQ0NBZG9HQ0NzR0FRVUZCd0VCQklJQnpEQ0NBY2d3WmdZSUt3WUJCUVVITUFLR1dtaDBkSEE2THk5amNtd3ViV2xqY205emIyWjBMbU52YlM5d2EybHBibVp5WVM5RFpYSjBjeTlDVERKUVMwbEpUbFJEUVRBeExrRk5SUzVIUWt4ZlFVMUZ

    KVEl3U1c1bWNtRWxNakJEUVNVeU1EQXlLRElwTG1OeWREQldCZ2dyQmdFRkJRY3dBb1pLYUhSMGNEb3ZMMk55YkRFdVlXMWxMbWRpYkM5aGFXRXZRa3d5VUV0SlNVNVVRMEV3TVM1QlRVVXVSMEpNWDBGTlJTVXlNRWx1Wm5KaEpUSXdRMEVsTWpBd01pZ3lLUzVqY25Rd1ZnWUlLd1lCQlFVSE1BS

    0dTbWgwZEhBNkx5OWpjbXd5TG1GdFpTNW5ZbXd2WVdsaEwwSk1NbEJMU1VsT1ZFTkJNREV1UVUxRkxrZENURjlCVFVVbE1qQkpibVp5WVNVeU1FTkJKVEl3TURJb01pa3VZM0owTUZZR0NDc0dBUVVGQnpBQ2hrcG9kSFJ3T2k4dlkzSnNNeTVoYldVdVoySnNMMkZwWVM5Q1RESlFTMGxKVGxSRFF

    UQXhMa0ZOUlM1SFFreGZRVTFGSlRJd1NXNW1jbUVsTWpCRFFTVXlNREF5S0RJcExtTnlkREJXQmdnckJnRUZCUWN3QW9aS2FIUjBjRG92TDJOeWJEUXVZVzFsTG1kaWJDOWhhV0V2UWt3eVVFdEpTVTVVUTBFd01TNUJUVVV1UjBKTVgwRk5SU1V5TUVsdVpuSmhKVEl3UTBFbE1qQXdNaWd5S1M1a

    mNuUXdIUVlEVlIwT0JCWUVGSVUrbm1tdHJVMWNlS0E3aGZhUnlRWDV3UytmTUE0R0ExVWREd0VCL3dRRUF3SUZvRENDQVNZR0ExVWRId1NDQVIwd2dnRVpNSUlCRmFDQ0FSR2dnZ0VOaGo5b2RIUndPaTh2WTNKc0xtMXBZM0p2YzI5bWRDNWpiMjB2Y0d0cGFXNW1jbUV2UTFKTUwwRk5SU1V5TUV

    sdVpuSmhKVEl3UTBFbE1qQXdNaTVqY215R01XaDBkSEE2THk5amNtd3hMbUZ0WlM1blltd3ZZM0pzTDBGTlJTVXlNRWx1Wm5KaEpUSXdRMEVsTWpBd01pNWpjbXlHTVdoMGRIQTZMeTlqY213eUxtRnRaUzVuWW13dlkzSnNMMEZOUlNVeU1FbHVabkpoSlRJd1EwRWxNakF3TWk1amNteUdNV2gwZ

    EhBNkx5OWpjbXd6TG1GdFpTNW5ZbXd2WTNKc0wwRk5SU1V5TUVsdVpuSmhKVEl3UTBFbE1qQXdNaTVqY215R01XaDBkSEE2THk5amNtdzBMbUZ0WlM1blltd3ZZM0pzTDBGTlJTVXlNRWx1Wm5KaEpUSXdRMEVsTWpBd01pNWpjbXd3SHdZRFZSMGpCQmd3Rm9BVXo0UllmbmIrZFlHTzJ6QnJma1p

    lN3BLVWx6WXdIUVlEVlIwbEJCWXdGQVlJS3dZQkJRVUhBd0VHQ0NzR0FRVUZCd01DTUEwR0NTcUdTSWIzRFFFQkN3VUFBNElCQVFCbXdUZUVCT21ZdXYvMVRWZGZvN3V3cWRydXhaKzRDaU9KOUZERlFzYVJic0VjZ1k2dVpXS0xNZmxXQ2pjTGR0UXhiVEZhMHZGTFlEZ1hBS1p0WU1xZUFJL0F1O

    StEeEtKOVJ4by9UVGx5MHE2YUNleGFvemVGdmVEbENJbWV0Smo0UXppaEV3Nkp5MlV5bElVT0duT2o2SlI0cEhKSGZ5NTZTUkU4d1QvSTB5NFdoRjRJbFpoYnowMEtYaUtNMEt2Qi95Tks2V2lnc28wNUVsRkhUU1BhcWtPZm1tUC9JR0hYWWhFWlRZQ2F2eWZRWmRDNDRDb1pRY0FGdmM3NGxEcGZ

    mVy8wZ1hic3l3K3ZaTXkrZEpwTlpKcWJnbFNLU0prVWVkdXlpRlBhWXc3M2VSa0IvTHk5a0hPK294M0NDQ1J2VzNNYlZZTVV2U2hrUnlETCsvU0IiLCJ4NXQiOiJreDZTT2dYWUtYbDREMEFUdERxS2ROMUtVZEUifQ.eyJuYmYiOjE2MjQ5NTg0MzMsImV4cCI6MTYyNDk1OTAzMywiaXNzIjoiMD

    AwMDAwMDItMDAwMC0wZmYxLWNlMDAtMDAwMDAwMDAwMDAwQDQxZGUzZDYyLWU1MjItNDU3ZC1hZjM5LWU0YTllY2YwNjRmOCIsImF1ZCI6IjAwMDAwMDAxLTAwMDAtMDAwMC1jMDAwLTAwMDAwMDAwMDAwMC9hY2NvdW50cy5hY2Nlc3Njb250cm9sLndpbmRvd3MubmV0QDQxZGUzZDYyLWU1MjIt

    NDU3ZC1hZjM5LWU0YTllY2YwNjRmOCJ9.jNcPg7h_c4qsAFMkPZxWqT1yao3FZw6sj5-4LlsPgN-I50tJuGA5LPu8b4R21DaWwGkrnVz7Q8gXYsDO8VX1UyzI6iShvv4PQBrU5iDhSOi3naX3GBu9dywtStuH789lXb-XTdcxitxGqkVFhgVhTA4GC15LRDjrGxgq6amXm7zRRl35cvM_gYqK-bh0d

    FQYwKRI6SFGo5ju5a4XM5KhU0I8DbBDNmzNg00_jXuoHUz13TUCnAj_zbBGEouL0MULj3FC4rqjzCd8Zp4ELeWy9i8sbiqvd1P3tQ7xZP_8WMK3D0jk0j-kuYytOENWE8URpItfAwYbJzwQCiva8XrMGg&resource=00000002-0000-0ff1-ce00-000000000000%2fexwebservices.cloudm

    enow.net%4041de3d62-e522-457d-af39-e4a9ecf064f8

    Information:[TokenBuildRequest:GetActorTokenFromAuthServer] response headers was

    Pragma: no-cache

    Strict-Transport-Security: max-age=31536000; includeSubDomains

    X-Content-Type-Options: nosniff

    client-request-id: a54bb27e-1040-4459-8953-61d83af8d862

    x-ms-request-id: fbb08bf6-9b74-4e8e-89ad-fa8107769600

    x-ms-ests-server: 2.1.11829.8 – WEULR2 ProdSlices

    Cache-Control: no-store, no-cache

    Content-Type: application/json; charset=utf-8

    Expires: -1

    P3P: CP= »DSP CUR OTPi IND OTRi ONL FIN »

    Set-Cookie: fpc=Aq9YqFGX07JGjH4Yz3S2Eokl2yrbAQAAAODcbNgOAAAA; expires=Thu, 29-Jul-2021 09:20:33 GMT; path=/; secure; HttpOnly; SameSite=None,esctx=AQABAAAAAAD–DLA3VO7QrddgJg7WevrK5LLnt3Qo0u6izu_lPbiLpb8V8baZau5fOr_f6dZAiJ

    gVcrmZuBJCzIKZM6LRXJTd3vvxsy-8CpDVwwZC9BrozaMPaAtFbsyvDEAdtg14pseacRvjSqJs493e-ksN4rFuQfCgx-J9EiFC3PjQt4ELO27MI_1EcA-oalZlfq2MXQgAA; domain=.accounts.accesscontrol.windows.net; path=/; secure; HttpOnly;

    SameSite=None,x-ms-gateway-slice=estsfd; path=/; secure; httponly,stsservicecookie=estsfd; path=/; secure; httponly

    Date: Tue, 29 Jun 2021 09:20:33 GMT

    Content-Length: 1433

     

     

    Information:[ACSTokenBuildRequest:BuildToken] finished

    Information:[OAuthTokenBuilder:GetAppToken] finish building apptoken; the token is {« typ »: »JWT », »alg »: »RS256″, »x5t »: »nOo3ZDrODXEK1jKWhXslHR_KXEg », »kid »: »nOo3ZDrODXEK1jKWhXslHR_KXEg »}. »oid »:

    «  »6768ea00-362c-495c-9e04-330cd89360e9″ » « iss »: «  »00000001-0000-0000-c000-000000000000@41de3d62-e522-457d-af39-e4a9ecf064f8″ » « aud »:

    «  »00000002-0000-0ff1-ce00-000000000000/exwebservices.cloudmenow.net@41de3d62-e522-457d-af39-e4a9ecf064f8″ » « nbf »: « 1624958133 » « exp »: « 1625044833 »

    Information:[OAuthTokenBuilder.GetAppWithUserToken] nameid is allowed to be included in the claim set

    Information:[OAuthTokenBuilder.GetAppWithUserToken] only nameid to be included in the claim: no

    Information:[OAuthTokenBuilder.GetAppWithUserToken] building token with user context for the audience ‘00000002-0000-0ff1-ce00-000000000000/exwebservices.cloudmenow.net@41de3d62-e522-457d-af39-e4a9ecf064f8’

    Information:[OAuthTokenBuilder.GetAppWithUserToken] claims count: 5

    Information:[OAuthCredentials:Authenticate] send request to ‘https://exwebservices.cloudmenow.net/ews/Exchange.asmx&rsquo; with the bearer token: ‘{« alg »: »none », »typ »: »JWT »}. »iss »:

    «  »00000002-0000-0ff1-ce00-000000000000@41de3d62-e522-457d-af39-e4a9ecf064f8″ » « aud »: «  »00000002-0000-0ff1-ce00-000000000000/exwebservices.cloudmenow.net@41de3d62-e522-457d-af39-e4a9ecf064f8″ » « nbf »: « 1624958433 » « exp »:

    « 1624987233 » ; actor: {« typ »: »JWT », »alg »: »RS256″, »x5t »: »nOo3ZDrODXEK1jKWhXslHR_KXEg », »kid »: »nOo3ZDrODXEK1jKWhXslHR_KXEg »}. »oid »: «  »6768ea00-362c-495c-9e04-330cd89360e9″ » « iss »:

    «  »00000001-0000-0000-c000-000000000000@41de3d62-e522-457d-af39-e4a9ecf064f8″ » « aud »: «  »00000002-0000-0ff1-ce00-000000000000/exwebservices.cloudmenow.net@41de3d62-e522-457d-af39-e4a9ecf064f8″ » « nbf »: « 1624958133 » « exp »:

    « 1625044833 » ‘

    Token:{« alg »: »none », »typ »: »JWT »}. »iss »: «  »00000002-0000-0ff1-ce00-000000000000@41de3d62-e522-457d-af39-e4a9ecf064f8″ » « aud »:

    «  »00000002-0000-0ff1-ce00-000000000000/exwebservices.cloudmenow.net@41de3d62-e522-457d-af39-e4a9ecf064f8″ » « nbf »: « 1624958433 » « exp »: « 1624987233 » ; actor:

    {« typ »: »JWT », »alg »: »RS256″, »x5t »: »nOo3ZDrODXEK1jKWhXslHR_KXEg », »kid »: »nOo3ZDrODXEK1jKWhXslHR_KXEg »}. »oid »: «  »6768ea00-362c-495c-9e04-330cd89360e9″ » « iss »:

    «  »00000001-0000-0000-c000-000000000000@41de3d62-e522-457d-af39-e4a9ecf064f8″ » « aud »: «  »00000002-0000-0ff1-ce00-000000000000/exwebservices.cloudmenow.net@41de3d62-e522-457d-af39-e4a9ecf064f8″ » « nbf »: « 1624958133 » « exp »:

    « 1625044833 »

     

    Exchange Response Details:


    HTTP response message:

    Exception:

    System.Net.WebException: The remote server returned an error: (401) Unauthorized.

    at System.Net.HttpWebRequest.GetResponse()

    at Microsoft.Exchange.Monitoring.TestOAuthConnectivityHelper.SendExchangeOAuthRequest(ADUser user, String orgDomain, Uri targetUri, String& diagnosticMessage, Boolean appOnly, Boolean useCachedToken, Boolean

    reloadConfig), diagnostics: 2000005;reason= »The user specified by the user-context in the token does not exist. »;error_category= »invalid_user »

     

    ResultType : Error

    Identity : Microsoft.Exchange.Security.OAuth.ValidationResultNodeId

    IsValid : True

    ObjectState : New

     

     

     

     

     

Votre commentaire

Choisissez une méthode de connexion pour poster votre commentaire:

Logo WordPress.com

Vous commentez à l’aide de votre compte WordPress.com. Déconnexion /  Changer )

Photo Google

Vous commentez à l’aide de votre compte Google. Déconnexion /  Changer )

Image Twitter

Vous commentez à l’aide de votre compte Twitter. Déconnexion /  Changer )

Photo Facebook

Vous commentez à l’aide de votre compte Facebook. Déconnexion /  Changer )

Connexion à %s