#StackBounty: #powershell #microsoft-office-365 #exchange-2013 Can't use UPN credentials with New-MoveRequest?

Bounty: 50

We’re on a hybrid setup (Exchange 2013 on-prem), and MRSproxy is enabled and working. We want to archive our user’s mailbox when they leave the company. So we want to migrate those mailbox from the Office 365 back to our on premise server. I’ve been trying to create a leaving script, and the New-MoveRequest cmdlet keeps on giving the following error:

The Mailbox Replication Service was unable to connect to the remote server using the credentials provided. Please check the credentials and try again. The call to 'https://webmail.blah.com/EWS/mrsproxy.svc' failed.
Error details: The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The authentication header received from the server was 'Negotiate,NTLM'. --> The remote server returned an error:
(401) Unauthorized.. --> The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The authentication header received from the server was 'Negotiate,NTLM'. --> The remote server returned an
error: (401) Unauthorized.
    + CategoryInfo          : NotSpecified: (:) [New-MoveRequest], RemotePermanentException
    +9,Microsoft.Exchange.Man
   agement.Migration.MailboxReplication.MoveRequest.NewMoveRequest
    + PSComputerName        : outlook.office365.com

So I tested with Test-MigrationServerAvailability -ExchangeRemoteMove -RemoteServer webmail.blah.com -Credentials $UserName<#> with the 3 following type of PSCredentials:

UserName1 : <domain><SamAccountName>

UserName2 : <SamAccountName>

UserName3 : <SamAccountName>@<domain> (UPN)

With UserName1 and UserName2 I get

RunspaceId         : 3966b356-0f49-46c3-9373-e914827fc6ed
Result             : Success
Message            :
ConnectionSettings : <ExchangeConnectionSettings HasAdminPrivilege="True" HasAutodiscovery="False" HasMrsProxy="True" AutodiscoverUrl="" IncomingEmailAddress="" IncomingRPCProxyServer="webmail.blah.ccom"
                     IncomingExchangeServer="webmail.blah.com" IncomingNSPIServer="" IncomingDomain="" IncomingUserName="UserName<#>" EncryptedIncomingPassword="something"
                     IncomingAuthentication="Basic" ServerVersion="" TargetDomainName="" SourceMailboxLegDn="" PublicFolderDatabaseServerLegacyDN="" IsPublicFolderMailboxesMigrationSource="False" />
SupportsCutover    : False
ErrorDetail        :
IsValid            : True
Identity           :
ObjectState        : New

but with UserName3 I get :

RunspaceId         : 3966b356-0f49-46c3-9373-e914827fc6ed
Result             : Failed
Message            : The connection to the server 'webmail.blah.com' could not be completed.
ConnectionSettings :
SupportsCutover    : False
ErrorDetail        : Microsoft.Exchange.Migration.MigrationServerConnectionFailedException: The connection to the server 'webmail.blah.com' could not be completed. --->
                     Microsoft.Exchange.MailboxReplicationService.RemotePermanentException: The Mailbox Replication Service was unable to connect to the remote server using the credentials provided. Please check
                     the credentials and try again. The call to 'https://webmail.blah.com/EWS/mrsproxy.svc' failed. Error details: The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The
                     authentication header received from the server was 'Negotiate,NTLM'. --> The remote server returned an error: (401) Unauthorized.. --> The HTTP request is unauthorized with client
                     authentication scheme 'Negotiate'. The authentication header received from the server was 'Negotiate,NTLM'. --> The remote server returned an error: (401) Unauthorized. --->
                     Microsoft.Exchange.MailboxReplicationService.RemotePermanentException: The call to 'https://webmail.blah.com/EWS/mrsproxy.svc' failed. Error details: The HTTP request is unauthorized with client
                     authentication scheme 'Negotiate'. The authentication header received from the server was 'Negotiate,NTLM'. --> The remote server returned an error: (401) Unauthorized.. --->
                     Microsoft.Exchange.MailboxReplicationService.RemotePermanentException: The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The authentication header received from
                     the server was 'Negotiate,NTLM'. ---> Microsoft.Exchange.MailboxReplicationService.RemotePermanentException: The remote server returned an error: (401) Unauthorized.
                        --- End of inner exception stack trace ---
                        --- End of inner exception stack trace ---
                        --- End of inner exception stack trace ---
                        at Microsoft.Exchange.MailboxReplicationService.MailboxReplicationServiceFault.<>c__DisplayClass97_0.<ReconstructAndThrow>b__0()
                        at Microsoft.Exchange.MailboxReplicationService.ExecutionContext.Execute(Action operation)
                        at Microsoft.Exchange.MailboxReplicationService.MailboxReplicationServiceFault.ReconstructAndThrow(String serverName, VersionInformation serverVersion)
                        at Microsoft.Exchange.MailboxReplicationService.WcfClientWithFaultHandling`2.<>c__DisplayClass7_0.<CallService>b__0()
                        at Microsoft.Exchange.Net.WcfClientBase`1.CallService(Action serviceCall, String context)
                        at Microsoft.Exchange.MailboxReplicationService.WcfClientWithFaultHandling`2.CallService(Action serviceCall, String context)
                        at Microsoft.Exchange.Migration.MigrationExchangeProxyRpcClient.CanConnectToMrsProxy(Fqdn serverName, Guid mbxGuid, NetworkCredential credentials, LocalizedException& error)
                        --- End of inner exception stack trace ---
                        at Microsoft.Exchange.Migration.DataAccessLayer.ExchangeRemoteMoveEndpoint.VerifyConnectivity()
                        at Microsoft.Exchange.Management.Migration.MigrationService.Endpoint.TestMigrationServerAvailability.InternalProcessEndpoint(Boolean fromAutoDiscover)
IsValid            : True
Identity           :
ObjectState        : New

Looking at the TechNet article for both New-MoveRequest and Test-MigrationServer the Credentials/RemoteCredential parameter should accept UPN usernames.

Is this a limit with Exchange 2013? I can Remote-PSSession to the on premise Exchange server with the UPN username, and import the CMDlet, so I’m at a lost why it doesn’t work with New-MoveRequest and Test-MigrationServer loaded from Office 365?


Get this bounty!!!

#StackBounty: #powershell #microsoft-office-365 #exchange-2013 Can't use UPN credentials with New-MoveRequest?

Bounty: 50

We’re on a hybrid setup (Exchange 2013 on-prem), and MRSproxy is enabled and working. We want to archive our user’s mailbox when they leave the company. So we want to migrate those mailbox from the Office 365 back to our on premise server. I’ve been trying to create a leaving script, and the New-MoveRequest cmdlet keeps on giving the following error:

The Mailbox Replication Service was unable to connect to the remote server using the credentials provided. Please check the credentials and try again. The call to 'https://webmail.blah.com/EWS/mrsproxy.svc' failed.
Error details: The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The authentication header received from the server was 'Negotiate,NTLM'. --> The remote server returned an error:
(401) Unauthorized.. --> The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The authentication header received from the server was 'Negotiate,NTLM'. --> The remote server returned an
error: (401) Unauthorized.
    + CategoryInfo          : NotSpecified: (:) [New-MoveRequest], RemotePermanentException
    +9,Microsoft.Exchange.Man
   agement.Migration.MailboxReplication.MoveRequest.NewMoveRequest
    + PSComputerName        : outlook.office365.com

So I tested with Test-MigrationServerAvailability -ExchangeRemoteMove -RemoteServer webmail.blah.com -Credentials $UserName<#> with the 3 following type of PSCredentials:

UserName1 : <domain><SamAccountName>

UserName2 : <SamAccountName>

UserName3 : UPN

With UserName1 and UserName2 I get

RunspaceId         : 3966b356-0f49-46c3-9373-e914827fc6ed
Result             : Success
Message            :
ConnectionSettings : <ExchangeConnectionSettings HasAdminPrivilege="True" HasAutodiscovery="False" HasMrsProxy="True" AutodiscoverUrl="" IncomingEmailAddress="" IncomingRPCProxyServer="webmail.blah.ccom"
                     IncomingExchangeServer="webmail.blah.com" IncomingNSPIServer="" IncomingDomain="" IncomingUserName="UserName<#>" EncryptedIncomingPassword="something"
                     IncomingAuthentication="Basic" ServerVersion="" TargetDomainName="" SourceMailboxLegDn="" PublicFolderDatabaseServerLegacyDN="" IsPublicFolderMailboxesMigrationSource="False" />
SupportsCutover    : False
ErrorDetail        :
IsValid            : True
Identity           :
ObjectState        : New

but with UserName3 I get :

RunspaceId         : 3966b356-0f49-46c3-9373-e914827fc6ed
Result             : Failed
Message            : The connection to the server 'webmail.blah.com' could not be completed.
ConnectionSettings :
SupportsCutover    : False
ErrorDetail        : Microsoft.Exchange.Migration.MigrationServerConnectionFailedException: The connection to the server 'webmail.blah.com' could not be completed. --->
                     Microsoft.Exchange.MailboxReplicationService.RemotePermanentException: The Mailbox Replication Service was unable to connect to the remote server using the credentials provided. Please check
                     the credentials and try again. The call to 'https://webmail.blah.com/EWS/mrsproxy.svc' failed. Error details: The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The
                     authentication header received from the server was 'Negotiate,NTLM'. --> The remote server returned an error: (401) Unauthorized.. --> The HTTP request is unauthorized with client
                     authentication scheme 'Negotiate'. The authentication header received from the server was 'Negotiate,NTLM'. --> The remote server returned an error: (401) Unauthorized. --->
                     Microsoft.Exchange.MailboxReplicationService.RemotePermanentException: The call to 'https://webmail.blah.com/EWS/mrsproxy.svc' failed. Error details: The HTTP request is unauthorized with client
                     authentication scheme 'Negotiate'. The authentication header received from the server was 'Negotiate,NTLM'. --> The remote server returned an error: (401) Unauthorized.. --->
                     Microsoft.Exchange.MailboxReplicationService.RemotePermanentException: The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The authentication header received from
                     the server was 'Negotiate,NTLM'. ---> Microsoft.Exchange.MailboxReplicationService.RemotePermanentException: The remote server returned an error: (401) Unauthorized.
                        --- End of inner exception stack trace ---
                        --- End of inner exception stack trace ---
                        --- End of inner exception stack trace ---
                        at Microsoft.Exchange.MailboxReplicationService.MailboxReplicationServiceFault.<>c__DisplayClass97_0.<ReconstructAndThrow>b__0()
                        at Microsoft.Exchange.MailboxReplicationService.ExecutionContext.Execute(Action operation)
                        at Microsoft.Exchange.MailboxReplicationService.MailboxReplicationServiceFault.ReconstructAndThrow(String serverName, VersionInformation serverVersion)
                        at Microsoft.Exchange.MailboxReplicationService.WcfClientWithFaultHandling`2.<>c__DisplayClass7_0.<CallService>b__0()
                        at Microsoft.Exchange.Net.WcfClientBase`1.CallService(Action serviceCall, String context)
                        at Microsoft.Exchange.MailboxReplicationService.WcfClientWithFaultHandling`2.CallService(Action serviceCall, String context)
                        at Microsoft.Exchange.Migration.MigrationExchangeProxyRpcClient.CanConnectToMrsProxy(Fqdn serverName, Guid mbxGuid, NetworkCredential credentials, LocalizedException& error)
                        --- End of inner exception stack trace ---
                        at Microsoft.Exchange.Migration.DataAccessLayer.ExchangeRemoteMoveEndpoint.VerifyConnectivity()
                        at Microsoft.Exchange.Management.Migration.MigrationService.Endpoint.TestMigrationServerAvailability.InternalProcessEndpoint(Boolean fromAutoDiscover)
IsValid            : True
Identity           :
ObjectState        : New

Looking at the TechNet article for both New-MoveRequest and Test-MigrationServer the Credentials/RemoteCredential parameter should accept UPN usernames.

Is this a limit with Exchange 2013? I can Remote-PSSession to the on premise Exchange server with the UPN username, and import the CMDlet, so I’m at a lost why it doesn’t work with New-MoveRequest and Test-MigrationServer loaded from Office 365?


Get this bounty!!!

#StackBounty: #powershell #microsoft-office-365 #exchange-2013 Can't use UPN credentials with New-MoveRequest?

Bounty: 50

We’re on a hybrid setup (Exchange 2013 on-prem), and MRSproxy is enabled and working. We want to archive our user’s mailbox when they leave the company. So we want to migrate those mailbox from the Office 365 back to our on premise server. I’ve been trying to create a leaving script, and the New-MoveRequest cmdlet keeps on giving the following error:

The Mailbox Replication Service was unable to connect to the remote server using the credentials provided. Please check the credentials and try again. The call to 'https://webmail.blah.com/EWS/mrsproxy.svc' failed.
Error details: The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The authentication header received from the server was 'Negotiate,NTLM'. --> The remote server returned an error:
(401) Unauthorized.. --> The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The authentication header received from the server was 'Negotiate,NTLM'. --> The remote server returned an
error: (401) Unauthorized.
    + CategoryInfo          : NotSpecified: (:) [New-MoveRequest], RemotePermanentException
    +9,Microsoft.Exchange.Man
   agement.Migration.MailboxReplication.MoveRequest.NewMoveRequest
    + PSComputerName        : outlook.office365.com

So I tested with Test-MigrationServerAvailability -ExchangeRemoteMove -RemoteServer webmail.blah.com -Credentials $UserName<#> with the 3 following type of PSCredentials:

UserName1 : <domain><SamAccountName>

UserName2 : <SamAccountName>

UserName3 : UPN

With UserName1 and UserName2 I get

RunspaceId         : 3966b356-0f49-46c3-9373-e914827fc6ed
Result             : Success
Message            :
ConnectionSettings : <ExchangeConnectionSettings HasAdminPrivilege="True" HasAutodiscovery="False" HasMrsProxy="True" AutodiscoverUrl="" IncomingEmailAddress="" IncomingRPCProxyServer="webmail.blah.ccom"
                     IncomingExchangeServer="webmail.blah.com" IncomingNSPIServer="" IncomingDomain="" IncomingUserName="UserName<#>" EncryptedIncomingPassword="something"
                     IncomingAuthentication="Basic" ServerVersion="" TargetDomainName="" SourceMailboxLegDn="" PublicFolderDatabaseServerLegacyDN="" IsPublicFolderMailboxesMigrationSource="False" />
SupportsCutover    : False
ErrorDetail        :
IsValid            : True
Identity           :
ObjectState        : New

but with UserName3 I get :

RunspaceId         : 3966b356-0f49-46c3-9373-e914827fc6ed
Result             : Failed
Message            : The connection to the server 'webmail.blah.com' could not be completed.
ConnectionSettings :
SupportsCutover    : False
ErrorDetail        : Microsoft.Exchange.Migration.MigrationServerConnectionFailedException: The connection to the server 'webmail.blah.com' could not be completed. --->
                     Microsoft.Exchange.MailboxReplicationService.RemotePermanentException: The Mailbox Replication Service was unable to connect to the remote server using the credentials provided. Please check
                     the credentials and try again. The call to 'https://webmail.blah.com/EWS/mrsproxy.svc' failed. Error details: The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The
                     authentication header received from the server was 'Negotiate,NTLM'. --> The remote server returned an error: (401) Unauthorized.. --> The HTTP request is unauthorized with client
                     authentication scheme 'Negotiate'. The authentication header received from the server was 'Negotiate,NTLM'. --> The remote server returned an error: (401) Unauthorized. --->
                     Microsoft.Exchange.MailboxReplicationService.RemotePermanentException: The call to 'https://webmail.blah.com/EWS/mrsproxy.svc' failed. Error details: The HTTP request is unauthorized with client
                     authentication scheme 'Negotiate'. The authentication header received from the server was 'Negotiate,NTLM'. --> The remote server returned an error: (401) Unauthorized.. --->
                     Microsoft.Exchange.MailboxReplicationService.RemotePermanentException: The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The authentication header received from
                     the server was 'Negotiate,NTLM'. ---> Microsoft.Exchange.MailboxReplicationService.RemotePermanentException: The remote server returned an error: (401) Unauthorized.
                        --- End of inner exception stack trace ---
                        --- End of inner exception stack trace ---
                        --- End of inner exception stack trace ---
                        at Microsoft.Exchange.MailboxReplicationService.MailboxReplicationServiceFault.<>c__DisplayClass97_0.<ReconstructAndThrow>b__0()
                        at Microsoft.Exchange.MailboxReplicationService.ExecutionContext.Execute(Action operation)
                        at Microsoft.Exchange.MailboxReplicationService.MailboxReplicationServiceFault.ReconstructAndThrow(String serverName, VersionInformation serverVersion)
                        at Microsoft.Exchange.MailboxReplicationService.WcfClientWithFaultHandling`2.<>c__DisplayClass7_0.<CallService>b__0()
                        at Microsoft.Exchange.Net.WcfClientBase`1.CallService(Action serviceCall, String context)
                        at Microsoft.Exchange.MailboxReplicationService.WcfClientWithFaultHandling`2.CallService(Action serviceCall, String context)
                        at Microsoft.Exchange.Migration.MigrationExchangeProxyRpcClient.CanConnectToMrsProxy(Fqdn serverName, Guid mbxGuid, NetworkCredential credentials, LocalizedException& error)
                        --- End of inner exception stack trace ---
                        at Microsoft.Exchange.Migration.DataAccessLayer.ExchangeRemoteMoveEndpoint.VerifyConnectivity()
                        at Microsoft.Exchange.Management.Migration.MigrationService.Endpoint.TestMigrationServerAvailability.InternalProcessEndpoint(Boolean fromAutoDiscover)
IsValid            : True
Identity           :
ObjectState        : New

Looking at the TechNet article for both New-MoveRequest and Test-MigrationServer the Credentials/RemoteCredential parameter should accept UPN usernames.

Is this a limit with Exchange 2013? I can Remote-PSSession to the on premise Exchange server with the UPN username, and import the CMDlet, so I’m at a lost why it doesn’t work with New-MoveRequest and Test-MigrationServer loaded from Office 365?


Get this bounty!!!

#StackBounty: #powershell #microsoft-office-365 #exchange-2013 Can't use UPN credentials with New-MoveRequest?

Bounty: 50

We’re on a hybrid setup (Exchange 2013 on-prem), and MRSproxy is enabled and working. We want to archive our user’s mailbox when they leave the company. So we want to migrate those mailbox from the Office 365 back to our on premise server. I’ve been trying to create a leaving script, and the New-MoveRequest cmdlet keeps on giving the following error:

The Mailbox Replication Service was unable to connect to the remote server using the credentials provided. Please check the credentials and try again. The call to 'https://webmail.blah.com/EWS/mrsproxy.svc' failed.
Error details: The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The authentication header received from the server was 'Negotiate,NTLM'. --> The remote server returned an error:
(401) Unauthorized.. --> The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The authentication header received from the server was 'Negotiate,NTLM'. --> The remote server returned an
error: (401) Unauthorized.
    + CategoryInfo          : NotSpecified: (:) [New-MoveRequest], RemotePermanentException
    +9,Microsoft.Exchange.Man
   agement.Migration.MailboxReplication.MoveRequest.NewMoveRequest
    + PSComputerName        : outlook.office365.com

So I tested with Test-MigrationServerAvailability -ExchangeRemoteMove -RemoteServer webmail.blah.com -Credentials $UserName<#> with the 3 following type of PSCredentials:

UserName1 : <domain><SamAccountName>

UserName2 : <SamAccountName>

UserName3 : UPN

With UserName1 and UserName2 I get

RunspaceId         : 3966b356-0f49-46c3-9373-e914827fc6ed
Result             : Success
Message            :
ConnectionSettings : <ExchangeConnectionSettings HasAdminPrivilege="True" HasAutodiscovery="False" HasMrsProxy="True" AutodiscoverUrl="" IncomingEmailAddress="" IncomingRPCProxyServer="webmail.blah.ccom"
                     IncomingExchangeServer="webmail.blah.com" IncomingNSPIServer="" IncomingDomain="" IncomingUserName="UserName<#>" EncryptedIncomingPassword="something"
                     IncomingAuthentication="Basic" ServerVersion="" TargetDomainName="" SourceMailboxLegDn="" PublicFolderDatabaseServerLegacyDN="" IsPublicFolderMailboxesMigrationSource="False" />
SupportsCutover    : False
ErrorDetail        :
IsValid            : True
Identity           :
ObjectState        : New

but with UserName3 I get :

RunspaceId         : 3966b356-0f49-46c3-9373-e914827fc6ed
Result             : Failed
Message            : The connection to the server 'webmail.blah.com' could not be completed.
ConnectionSettings :
SupportsCutover    : False
ErrorDetail        : Microsoft.Exchange.Migration.MigrationServerConnectionFailedException: The connection to the server 'webmail.blah.com' could not be completed. --->
                     Microsoft.Exchange.MailboxReplicationService.RemotePermanentException: The Mailbox Replication Service was unable to connect to the remote server using the credentials provided. Please check
                     the credentials and try again. The call to 'https://webmail.blah.com/EWS/mrsproxy.svc' failed. Error details: The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The
                     authentication header received from the server was 'Negotiate,NTLM'. --> The remote server returned an error: (401) Unauthorized.. --> The HTTP request is unauthorized with client
                     authentication scheme 'Negotiate'. The authentication header received from the server was 'Negotiate,NTLM'. --> The remote server returned an error: (401) Unauthorized. --->
                     Microsoft.Exchange.MailboxReplicationService.RemotePermanentException: The call to 'https://webmail.blah.com/EWS/mrsproxy.svc' failed. Error details: The HTTP request is unauthorized with client
                     authentication scheme 'Negotiate'. The authentication header received from the server was 'Negotiate,NTLM'. --> The remote server returned an error: (401) Unauthorized.. --->
                     Microsoft.Exchange.MailboxReplicationService.RemotePermanentException: The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The authentication header received from
                     the server was 'Negotiate,NTLM'. ---> Microsoft.Exchange.MailboxReplicationService.RemotePermanentException: The remote server returned an error: (401) Unauthorized.
                        --- End of inner exception stack trace ---
                        --- End of inner exception stack trace ---
                        --- End of inner exception stack trace ---
                        at Microsoft.Exchange.MailboxReplicationService.MailboxReplicationServiceFault.<>c__DisplayClass97_0.<ReconstructAndThrow>b__0()
                        at Microsoft.Exchange.MailboxReplicationService.ExecutionContext.Execute(Action operation)
                        at Microsoft.Exchange.MailboxReplicationService.MailboxReplicationServiceFault.ReconstructAndThrow(String serverName, VersionInformation serverVersion)
                        at Microsoft.Exchange.MailboxReplicationService.WcfClientWithFaultHandling`2.<>c__DisplayClass7_0.<CallService>b__0()
                        at Microsoft.Exchange.Net.WcfClientBase`1.CallService(Action serviceCall, String context)
                        at Microsoft.Exchange.MailboxReplicationService.WcfClientWithFaultHandling`2.CallService(Action serviceCall, String context)
                        at Microsoft.Exchange.Migration.MigrationExchangeProxyRpcClient.CanConnectToMrsProxy(Fqdn serverName, Guid mbxGuid, NetworkCredential credentials, LocalizedException& error)
                        --- End of inner exception stack trace ---
                        at Microsoft.Exchange.Migration.DataAccessLayer.ExchangeRemoteMoveEndpoint.VerifyConnectivity()
                        at Microsoft.Exchange.Management.Migration.MigrationService.Endpoint.TestMigrationServerAvailability.InternalProcessEndpoint(Boolean fromAutoDiscover)
IsValid            : True
Identity           :
ObjectState        : New

Looking at the TechNet article for both New-MoveRequest and Test-MigrationServer the Credentials/RemoteCredential parameter should accept UPN usernames.

Is this a limit with Exchange 2013? I can Remote-PSSession to the on premise Exchange server with the UPN username, and import the CMDlet, so I’m at a lost why it doesn’t work with New-MoveRequest and Test-MigrationServer loaded from Office 365?


Get this bounty!!!

#StackBounty: #powershell #microsoft-office-365 #exchange-2013 Can't use UPN credentials with New-MoveRequest?

Bounty: 50

We’re on a hybrid setup (Exchange 2013 on-prem), and MRSproxy is enabled and working. We want to archive our user’s mailbox when they leave the company. So we want to migrate those mailbox from the Office 365 back to our on premise server. I’ve been trying to create a leaving script, and the New-MoveRequest cmdlet keeps on giving the following error:

The Mailbox Replication Service was unable to connect to the remote server using the credentials provided. Please check the credentials and try again. The call to 'https://webmail.blah.com/EWS/mrsproxy.svc' failed.
Error details: The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The authentication header received from the server was 'Negotiate,NTLM'. --> The remote server returned an error:
(401) Unauthorized.. --> The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The authentication header received from the server was 'Negotiate,NTLM'. --> The remote server returned an
error: (401) Unauthorized.
    + CategoryInfo          : NotSpecified: (:) [New-MoveRequest], RemotePermanentException
    +9,Microsoft.Exchange.Man
   agement.Migration.MailboxReplication.MoveRequest.NewMoveRequest
    + PSComputerName        : outlook.office365.com

So I tested with Test-MigrationServerAvailability -ExchangeRemoteMove -RemoteServer webmail.blah.com -Credentials $UserName<#> with the 3 following type of PSCredentials:

UserName1 : <domain><SamAccountName>

UserName2 : <SamAccountName>

UserName3 : UPN

With UserName1 and UserName2 I get

RunspaceId         : 3966b356-0f49-46c3-9373-e914827fc6ed
Result             : Success
Message            :
ConnectionSettings : <ExchangeConnectionSettings HasAdminPrivilege="True" HasAutodiscovery="False" HasMrsProxy="True" AutodiscoverUrl="" IncomingEmailAddress="" IncomingRPCProxyServer="webmail.blah.ccom"
                     IncomingExchangeServer="webmail.blah.com" IncomingNSPIServer="" IncomingDomain="" IncomingUserName="UserName<#>" EncryptedIncomingPassword="something"
                     IncomingAuthentication="Basic" ServerVersion="" TargetDomainName="" SourceMailboxLegDn="" PublicFolderDatabaseServerLegacyDN="" IsPublicFolderMailboxesMigrationSource="False" />
SupportsCutover    : False
ErrorDetail        :
IsValid            : True
Identity           :
ObjectState        : New

but with UserName3 I get :

RunspaceId         : 3966b356-0f49-46c3-9373-e914827fc6ed
Result             : Failed
Message            : The connection to the server 'webmail.blah.com' could not be completed.
ConnectionSettings :
SupportsCutover    : False
ErrorDetail        : Microsoft.Exchange.Migration.MigrationServerConnectionFailedException: The connection to the server 'webmail.blah.com' could not be completed. --->
                     Microsoft.Exchange.MailboxReplicationService.RemotePermanentException: The Mailbox Replication Service was unable to connect to the remote server using the credentials provided. Please check
                     the credentials and try again. The call to 'https://webmail.blah.com/EWS/mrsproxy.svc' failed. Error details: The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The
                     authentication header received from the server was 'Negotiate,NTLM'. --> The remote server returned an error: (401) Unauthorized.. --> The HTTP request is unauthorized with client
                     authentication scheme 'Negotiate'. The authentication header received from the server was 'Negotiate,NTLM'. --> The remote server returned an error: (401) Unauthorized. --->
                     Microsoft.Exchange.MailboxReplicationService.RemotePermanentException: The call to 'https://webmail.blah.com/EWS/mrsproxy.svc' failed. Error details: The HTTP request is unauthorized with client
                     authentication scheme 'Negotiate'. The authentication header received from the server was 'Negotiate,NTLM'. --> The remote server returned an error: (401) Unauthorized.. --->
                     Microsoft.Exchange.MailboxReplicationService.RemotePermanentException: The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The authentication header received from
                     the server was 'Negotiate,NTLM'. ---> Microsoft.Exchange.MailboxReplicationService.RemotePermanentException: The remote server returned an error: (401) Unauthorized.
                        --- End of inner exception stack trace ---
                        --- End of inner exception stack trace ---
                        --- End of inner exception stack trace ---
                        at Microsoft.Exchange.MailboxReplicationService.MailboxReplicationServiceFault.<>c__DisplayClass97_0.<ReconstructAndThrow>b__0()
                        at Microsoft.Exchange.MailboxReplicationService.ExecutionContext.Execute(Action operation)
                        at Microsoft.Exchange.MailboxReplicationService.MailboxReplicationServiceFault.ReconstructAndThrow(String serverName, VersionInformation serverVersion)
                        at Microsoft.Exchange.MailboxReplicationService.WcfClientWithFaultHandling`2.<>c__DisplayClass7_0.<CallService>b__0()
                        at Microsoft.Exchange.Net.WcfClientBase`1.CallService(Action serviceCall, String context)
                        at Microsoft.Exchange.MailboxReplicationService.WcfClientWithFaultHandling`2.CallService(Action serviceCall, String context)
                        at Microsoft.Exchange.Migration.MigrationExchangeProxyRpcClient.CanConnectToMrsProxy(Fqdn serverName, Guid mbxGuid, NetworkCredential credentials, LocalizedException& error)
                        --- End of inner exception stack trace ---
                        at Microsoft.Exchange.Migration.DataAccessLayer.ExchangeRemoteMoveEndpoint.VerifyConnectivity()
                        at Microsoft.Exchange.Management.Migration.MigrationService.Endpoint.TestMigrationServerAvailability.InternalProcessEndpoint(Boolean fromAutoDiscover)
IsValid            : True
Identity           :
ObjectState        : New

Looking at the TechNet article for both New-MoveRequest and Test-MigrationServer the Credentials/RemoteCredential parameter should accept UPN usernames.

Is this a limit with Exchange 2013? I can Remote-PSSession to the on premise Exchange server with the UPN username, and import the CMDlet, so I’m at a lost why it doesn’t work with New-MoveRequest and Test-MigrationServer loaded from Office 365?


Get this bounty!!!

#StackBounty: #powershell #microsoft-office-365 #exchange-2013 Can't use UPN credentials with New-MoveRequest?

Bounty: 50

We’re on a hybrid setup (Exchange 2013 on-prem), and MRSproxy is enabled and working. We want to archive our user’s mailbox when they leave the company. So we want to migrate those mailbox from the Office 365 back to our on premise server. I’ve been trying to create a leaving script, and the New-MoveRequest cmdlet keeps on giving the following error:

The Mailbox Replication Service was unable to connect to the remote server using the credentials provided. Please check the credentials and try again. The call to 'https://webmail.blah.com/EWS/mrsproxy.svc' failed.
Error details: The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The authentication header received from the server was 'Negotiate,NTLM'. --> The remote server returned an error:
(401) Unauthorized.. --> The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The authentication header received from the server was 'Negotiate,NTLM'. --> The remote server returned an
error: (401) Unauthorized.
    + CategoryInfo          : NotSpecified: (:) [New-MoveRequest], RemotePermanentException
    +9,Microsoft.Exchange.Man
   agement.Migration.MailboxReplication.MoveRequest.NewMoveRequest
    + PSComputerName        : outlook.office365.com

So I tested with Test-MigrationServerAvailability -ExchangeRemoteMove -RemoteServer webmail.blah.com -Credentials $UserName<#> with the 3 following type of PSCredentials:

UserName1 : <domain><SamAccountName>

UserName2 : <SamAccountName>

UserName3 : UPN

With UserName1 and UserName2 I get

RunspaceId         : 3966b356-0f49-46c3-9373-e914827fc6ed
Result             : Success
Message            :
ConnectionSettings : <ExchangeConnectionSettings HasAdminPrivilege="True" HasAutodiscovery="False" HasMrsProxy="True" AutodiscoverUrl="" IncomingEmailAddress="" IncomingRPCProxyServer="webmail.blah.ccom"
                     IncomingExchangeServer="webmail.blah.com" IncomingNSPIServer="" IncomingDomain="" IncomingUserName="UserName<#>" EncryptedIncomingPassword="something"
                     IncomingAuthentication="Basic" ServerVersion="" TargetDomainName="" SourceMailboxLegDn="" PublicFolderDatabaseServerLegacyDN="" IsPublicFolderMailboxesMigrationSource="False" />
SupportsCutover    : False
ErrorDetail        :
IsValid            : True
Identity           :
ObjectState        : New

but with UserName3 I get :

RunspaceId         : 3966b356-0f49-46c3-9373-e914827fc6ed
Result             : Failed
Message            : The connection to the server 'webmail.blah.com' could not be completed.
ConnectionSettings :
SupportsCutover    : False
ErrorDetail        : Microsoft.Exchange.Migration.MigrationServerConnectionFailedException: The connection to the server 'webmail.blah.com' could not be completed. --->
                     Microsoft.Exchange.MailboxReplicationService.RemotePermanentException: The Mailbox Replication Service was unable to connect to the remote server using the credentials provided. Please check
                     the credentials and try again. The call to 'https://webmail.blah.com/EWS/mrsproxy.svc' failed. Error details: The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The
                     authentication header received from the server was 'Negotiate,NTLM'. --> The remote server returned an error: (401) Unauthorized.. --> The HTTP request is unauthorized with client
                     authentication scheme 'Negotiate'. The authentication header received from the server was 'Negotiate,NTLM'. --> The remote server returned an error: (401) Unauthorized. --->
                     Microsoft.Exchange.MailboxReplicationService.RemotePermanentException: The call to 'https://webmail.blah.com/EWS/mrsproxy.svc' failed. Error details: The HTTP request is unauthorized with client
                     authentication scheme 'Negotiate'. The authentication header received from the server was 'Negotiate,NTLM'. --> The remote server returned an error: (401) Unauthorized.. --->
                     Microsoft.Exchange.MailboxReplicationService.RemotePermanentException: The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The authentication header received from
                     the server was 'Negotiate,NTLM'. ---> Microsoft.Exchange.MailboxReplicationService.RemotePermanentException: The remote server returned an error: (401) Unauthorized.
                        --- End of inner exception stack trace ---
                        --- End of inner exception stack trace ---
                        --- End of inner exception stack trace ---
                        at Microsoft.Exchange.MailboxReplicationService.MailboxReplicationServiceFault.<>c__DisplayClass97_0.<ReconstructAndThrow>b__0()
                        at Microsoft.Exchange.MailboxReplicationService.ExecutionContext.Execute(Action operation)
                        at Microsoft.Exchange.MailboxReplicationService.MailboxReplicationServiceFault.ReconstructAndThrow(String serverName, VersionInformation serverVersion)
                        at Microsoft.Exchange.MailboxReplicationService.WcfClientWithFaultHandling`2.<>c__DisplayClass7_0.<CallService>b__0()
                        at Microsoft.Exchange.Net.WcfClientBase`1.CallService(Action serviceCall, String context)
                        at Microsoft.Exchange.MailboxReplicationService.WcfClientWithFaultHandling`2.CallService(Action serviceCall, String context)
                        at Microsoft.Exchange.Migration.MigrationExchangeProxyRpcClient.CanConnectToMrsProxy(Fqdn serverName, Guid mbxGuid, NetworkCredential credentials, LocalizedException& error)
                        --- End of inner exception stack trace ---
                        at Microsoft.Exchange.Migration.DataAccessLayer.ExchangeRemoteMoveEndpoint.VerifyConnectivity()
                        at Microsoft.Exchange.Management.Migration.MigrationService.Endpoint.TestMigrationServerAvailability.InternalProcessEndpoint(Boolean fromAutoDiscover)
IsValid            : True
Identity           :
ObjectState        : New

Looking at the TechNet article for both New-MoveRequest and Test-MigrationServer the Credentials/RemoteCredential parameter should accept UPN usernames.

Is this a limit with Exchange 2013? I can Remote-PSSession to the on premise Exchange server with the UPN username, and import the CMDlet, so I’m at a lost why it doesn’t work with New-MoveRequest and Test-MigrationServer loaded from Office 365?


Get this bounty!!!

#StackBounty: #powershell #microsoft-office-365 #exchange-2013 Can't use UPN credentials with New-MoveRequest?

Bounty: 50

We’re on a hybrid setup (Exchange 2013 on-prem), and MRSproxy is enabled and working. We want to archive our user’s mailbox when they leave the company. So we want to migrate those mailbox from the Office 365 back to our on premise server. I’ve been trying to create a leaving script, and the New-MoveRequest cmdlet keeps on giving the following error:

The Mailbox Replication Service was unable to connect to the remote server using the credentials provided. Please check the credentials and try again. The call to 'https://webmail.blah.com/EWS/mrsproxy.svc' failed.
Error details: The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The authentication header received from the server was 'Negotiate,NTLM'. --> The remote server returned an error:
(401) Unauthorized.. --> The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The authentication header received from the server was 'Negotiate,NTLM'. --> The remote server returned an
error: (401) Unauthorized.
    + CategoryInfo          : NotSpecified: (:) [New-MoveRequest], RemotePermanentException
    +9,Microsoft.Exchange.Man
   agement.Migration.MailboxReplication.MoveRequest.NewMoveRequest
    + PSComputerName        : outlook.office365.com

So I tested with Test-MigrationServerAvailability -ExchangeRemoteMove -RemoteServer webmail.blah.com -Credentials $UserName<#> with the 3 following type of PSCredentials:

UserName1 : <domain><SamAccountName>

UserName2 : <SamAccountName>

UserName3 : UPN

With UserName1 and UserName2 I get

RunspaceId         : 3966b356-0f49-46c3-9373-e914827fc6ed
Result             : Success
Message            :
ConnectionSettings : <ExchangeConnectionSettings HasAdminPrivilege="True" HasAutodiscovery="False" HasMrsProxy="True" AutodiscoverUrl="" IncomingEmailAddress="" IncomingRPCProxyServer="webmail.blah.ccom"
                     IncomingExchangeServer="webmail.blah.com" IncomingNSPIServer="" IncomingDomain="" IncomingUserName="UserName<#>" EncryptedIncomingPassword="something"
                     IncomingAuthentication="Basic" ServerVersion="" TargetDomainName="" SourceMailboxLegDn="" PublicFolderDatabaseServerLegacyDN="" IsPublicFolderMailboxesMigrationSource="False" />
SupportsCutover    : False
ErrorDetail        :
IsValid            : True
Identity           :
ObjectState        : New

but with UserName3 I get :

RunspaceId         : 3966b356-0f49-46c3-9373-e914827fc6ed
Result             : Failed
Message            : The connection to the server 'webmail.blah.com' could not be completed.
ConnectionSettings :
SupportsCutover    : False
ErrorDetail        : Microsoft.Exchange.Migration.MigrationServerConnectionFailedException: The connection to the server 'webmail.blah.com' could not be completed. --->
                     Microsoft.Exchange.MailboxReplicationService.RemotePermanentException: The Mailbox Replication Service was unable to connect to the remote server using the credentials provided. Please check
                     the credentials and try again. The call to 'https://webmail.blah.com/EWS/mrsproxy.svc' failed. Error details: The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The
                     authentication header received from the server was 'Negotiate,NTLM'. --> The remote server returned an error: (401) Unauthorized.. --> The HTTP request is unauthorized with client
                     authentication scheme 'Negotiate'. The authentication header received from the server was 'Negotiate,NTLM'. --> The remote server returned an error: (401) Unauthorized. --->
                     Microsoft.Exchange.MailboxReplicationService.RemotePermanentException: The call to 'https://webmail.blah.com/EWS/mrsproxy.svc' failed. Error details: The HTTP request is unauthorized with client
                     authentication scheme 'Negotiate'. The authentication header received from the server was 'Negotiate,NTLM'. --> The remote server returned an error: (401) Unauthorized.. --->
                     Microsoft.Exchange.MailboxReplicationService.RemotePermanentException: The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The authentication header received from
                     the server was 'Negotiate,NTLM'. ---> Microsoft.Exchange.MailboxReplicationService.RemotePermanentException: The remote server returned an error: (401) Unauthorized.
                        --- End of inner exception stack trace ---
                        --- End of inner exception stack trace ---
                        --- End of inner exception stack trace ---
                        at Microsoft.Exchange.MailboxReplicationService.MailboxReplicationServiceFault.<>c__DisplayClass97_0.<ReconstructAndThrow>b__0()
                        at Microsoft.Exchange.MailboxReplicationService.ExecutionContext.Execute(Action operation)
                        at Microsoft.Exchange.MailboxReplicationService.MailboxReplicationServiceFault.ReconstructAndThrow(String serverName, VersionInformation serverVersion)
                        at Microsoft.Exchange.MailboxReplicationService.WcfClientWithFaultHandling`2.<>c__DisplayClass7_0.<CallService>b__0()
                        at Microsoft.Exchange.Net.WcfClientBase`1.CallService(Action serviceCall, String context)
                        at Microsoft.Exchange.MailboxReplicationService.WcfClientWithFaultHandling`2.CallService(Action serviceCall, String context)
                        at Microsoft.Exchange.Migration.MigrationExchangeProxyRpcClient.CanConnectToMrsProxy(Fqdn serverName, Guid mbxGuid, NetworkCredential credentials, LocalizedException& error)
                        --- End of inner exception stack trace ---
                        at Microsoft.Exchange.Migration.DataAccessLayer.ExchangeRemoteMoveEndpoint.VerifyConnectivity()
                        at Microsoft.Exchange.Management.Migration.MigrationService.Endpoint.TestMigrationServerAvailability.InternalProcessEndpoint(Boolean fromAutoDiscover)
IsValid            : True
Identity           :
ObjectState        : New

Looking at the TechNet article for both New-MoveRequest and Test-MigrationServer the Credentials/RemoteCredential parameter should accept UPN usernames.

Is this a limit with Exchange 2013? I can Remote-PSSession to the on premise Exchange server with the UPN username, and import the CMDlet, so I’m at a lost why it doesn’t work with New-MoveRequest and Test-MigrationServer loaded from Office 365?


Get this bounty!!!

#StackBounty: #powershell #microsoft-office-365 #exchange-2013 Can't use UPN credentials with New-MoveRequest?

Bounty: 50

We’re on a hybrid setup (Exchange 2013 on-prem), and MRSproxy is enabled and working. We want to archive our user’s mailbox when they leave the company. So we want to migrate those mailbox from the Office 365 back to our on premise server. I’ve been trying to create a leaving script, and the New-MoveRequest cmdlet keeps on giving the following error:

The Mailbox Replication Service was unable to connect to the remote server using the credentials provided. Please check the credentials and try again. The call to 'https://webmail.blah.com/EWS/mrsproxy.svc' failed.
Error details: The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The authentication header received from the server was 'Negotiate,NTLM'. --> The remote server returned an error:
(401) Unauthorized.. --> The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The authentication header received from the server was 'Negotiate,NTLM'. --> The remote server returned an
error: (401) Unauthorized.
    + CategoryInfo          : NotSpecified: (:) [New-MoveRequest], RemotePermanentException
    +9,Microsoft.Exchange.Man
   agement.Migration.MailboxReplication.MoveRequest.NewMoveRequest
    + PSComputerName        : outlook.office365.com

So I tested with Test-MigrationServerAvailability -ExchangeRemoteMove -RemoteServer webmail.blah.com -Credentials $UserName<#> with the 3 following type of PSCredentials:

UserName1 : <domain><SamAccountName>

UserName2 : <SamAccountName>

UserName3 : UPN

With UserName1 and UserName2 I get

RunspaceId         : 3966b356-0f49-46c3-9373-e914827fc6ed
Result             : Success
Message            :
ConnectionSettings : <ExchangeConnectionSettings HasAdminPrivilege="True" HasAutodiscovery="False" HasMrsProxy="True" AutodiscoverUrl="" IncomingEmailAddress="" IncomingRPCProxyServer="webmail.blah.ccom"
                     IncomingExchangeServer="webmail.blah.com" IncomingNSPIServer="" IncomingDomain="" IncomingUserName="UserName<#>" EncryptedIncomingPassword="something"
                     IncomingAuthentication="Basic" ServerVersion="" TargetDomainName="" SourceMailboxLegDn="" PublicFolderDatabaseServerLegacyDN="" IsPublicFolderMailboxesMigrationSource="False" />
SupportsCutover    : False
ErrorDetail        :
IsValid            : True
Identity           :
ObjectState        : New

but with UserName3 I get :

RunspaceId         : 3966b356-0f49-46c3-9373-e914827fc6ed
Result             : Failed
Message            : The connection to the server 'webmail.blah.com' could not be completed.
ConnectionSettings :
SupportsCutover    : False
ErrorDetail        : Microsoft.Exchange.Migration.MigrationServerConnectionFailedException: The connection to the server 'webmail.blah.com' could not be completed. --->
                     Microsoft.Exchange.MailboxReplicationService.RemotePermanentException: The Mailbox Replication Service was unable to connect to the remote server using the credentials provided. Please check
                     the credentials and try again. The call to 'https://webmail.blah.com/EWS/mrsproxy.svc' failed. Error details: The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The
                     authentication header received from the server was 'Negotiate,NTLM'. --> The remote server returned an error: (401) Unauthorized.. --> The HTTP request is unauthorized with client
                     authentication scheme 'Negotiate'. The authentication header received from the server was 'Negotiate,NTLM'. --> The remote server returned an error: (401) Unauthorized. --->
                     Microsoft.Exchange.MailboxReplicationService.RemotePermanentException: The call to 'https://webmail.blah.com/EWS/mrsproxy.svc' failed. Error details: The HTTP request is unauthorized with client
                     authentication scheme 'Negotiate'. The authentication header received from the server was 'Negotiate,NTLM'. --> The remote server returned an error: (401) Unauthorized.. --->
                     Microsoft.Exchange.MailboxReplicationService.RemotePermanentException: The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The authentication header received from
                     the server was 'Negotiate,NTLM'. ---> Microsoft.Exchange.MailboxReplicationService.RemotePermanentException: The remote server returned an error: (401) Unauthorized.
                        --- End of inner exception stack trace ---
                        --- End of inner exception stack trace ---
                        --- End of inner exception stack trace ---
                        at Microsoft.Exchange.MailboxReplicationService.MailboxReplicationServiceFault.<>c__DisplayClass97_0.<ReconstructAndThrow>b__0()
                        at Microsoft.Exchange.MailboxReplicationService.ExecutionContext.Execute(Action operation)
                        at Microsoft.Exchange.MailboxReplicationService.MailboxReplicationServiceFault.ReconstructAndThrow(String serverName, VersionInformation serverVersion)
                        at Microsoft.Exchange.MailboxReplicationService.WcfClientWithFaultHandling`2.<>c__DisplayClass7_0.<CallService>b__0()
                        at Microsoft.Exchange.Net.WcfClientBase`1.CallService(Action serviceCall, String context)
                        at Microsoft.Exchange.MailboxReplicationService.WcfClientWithFaultHandling`2.CallService(Action serviceCall, String context)
                        at Microsoft.Exchange.Migration.MigrationExchangeProxyRpcClient.CanConnectToMrsProxy(Fqdn serverName, Guid mbxGuid, NetworkCredential credentials, LocalizedException& error)
                        --- End of inner exception stack trace ---
                        at Microsoft.Exchange.Migration.DataAccessLayer.ExchangeRemoteMoveEndpoint.VerifyConnectivity()
                        at Microsoft.Exchange.Management.Migration.MigrationService.Endpoint.TestMigrationServerAvailability.InternalProcessEndpoint(Boolean fromAutoDiscover)
IsValid            : True
Identity           :
ObjectState        : New

Looking at the TechNet article for both New-MoveRequest and Test-MigrationServer the Credentials/RemoteCredential parameter should accept UPN usernames.

Is this a limit with Exchange 2013? I can Remote-PSSession to the on premise Exchange server with the UPN username, and import the CMDlet, so I’m at a lost why it doesn’t work with New-MoveRequest and Test-MigrationServer loaded from Office 365?


Get this bounty!!!

#StackBounty: #powershell #microsoft-office-365 #exchange-2013 Can't use UPN credentials with New-MoveRequest?

Bounty: 50

We’re on a hybrid setup (Exchange 2013 on-prem), and MRSproxy is enabled and working. We want to archive our user’s mailbox when they leave the company. So we want to migrate those mailbox from the Office 365 back to our on premise server. I’ve been trying to create a leaving script, and the New-MoveRequest cmdlet keeps on giving the following error:

The Mailbox Replication Service was unable to connect to the remote server using the credentials provided. Please check the credentials and try again. The call to 'https://webmail.blah.com/EWS/mrsproxy.svc' failed.
Error details: The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The authentication header received from the server was 'Negotiate,NTLM'. --> The remote server returned an error:
(401) Unauthorized.. --> The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The authentication header received from the server was 'Negotiate,NTLM'. --> The remote server returned an
error: (401) Unauthorized.
    + CategoryInfo          : NotSpecified: (:) [New-MoveRequest], RemotePermanentException
    +9,Microsoft.Exchange.Man
   agement.Migration.MailboxReplication.MoveRequest.NewMoveRequest
    + PSComputerName        : outlook.office365.com

So I tested with Test-MigrationServerAvailability -ExchangeRemoteMove -RemoteServer webmail.blah.com -Credentials $UserName<#> with the 3 following type of PSCredentials:

UserName1 : <domain><SamAccountName>

UserName2 : <SamAccountName>

UserName3 : UPN

With UserName1 and UserName2 I get

RunspaceId         : 3966b356-0f49-46c3-9373-e914827fc6ed
Result             : Success
Message            :
ConnectionSettings : <ExchangeConnectionSettings HasAdminPrivilege="True" HasAutodiscovery="False" HasMrsProxy="True" AutodiscoverUrl="" IncomingEmailAddress="" IncomingRPCProxyServer="webmail.blah.ccom"
                     IncomingExchangeServer="webmail.blah.com" IncomingNSPIServer="" IncomingDomain="" IncomingUserName="UserName<#>" EncryptedIncomingPassword="something"
                     IncomingAuthentication="Basic" ServerVersion="" TargetDomainName="" SourceMailboxLegDn="" PublicFolderDatabaseServerLegacyDN="" IsPublicFolderMailboxesMigrationSource="False" />
SupportsCutover    : False
ErrorDetail        :
IsValid            : True
Identity           :
ObjectState        : New

but with UserName3 I get :

RunspaceId         : 3966b356-0f49-46c3-9373-e914827fc6ed
Result             : Failed
Message            : The connection to the server 'webmail.blah.com' could not be completed.
ConnectionSettings :
SupportsCutover    : False
ErrorDetail        : Microsoft.Exchange.Migration.MigrationServerConnectionFailedException: The connection to the server 'webmail.blah.com' could not be completed. --->
                     Microsoft.Exchange.MailboxReplicationService.RemotePermanentException: The Mailbox Replication Service was unable to connect to the remote server using the credentials provided. Please check
                     the credentials and try again. The call to 'https://webmail.blah.com/EWS/mrsproxy.svc' failed. Error details: The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The
                     authentication header received from the server was 'Negotiate,NTLM'. --> The remote server returned an error: (401) Unauthorized.. --> The HTTP request is unauthorized with client
                     authentication scheme 'Negotiate'. The authentication header received from the server was 'Negotiate,NTLM'. --> The remote server returned an error: (401) Unauthorized. --->
                     Microsoft.Exchange.MailboxReplicationService.RemotePermanentException: The call to 'https://webmail.blah.com/EWS/mrsproxy.svc' failed. Error details: The HTTP request is unauthorized with client
                     authentication scheme 'Negotiate'. The authentication header received from the server was 'Negotiate,NTLM'. --> The remote server returned an error: (401) Unauthorized.. --->
                     Microsoft.Exchange.MailboxReplicationService.RemotePermanentException: The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The authentication header received from
                     the server was 'Negotiate,NTLM'. ---> Microsoft.Exchange.MailboxReplicationService.RemotePermanentException: The remote server returned an error: (401) Unauthorized.
                        --- End of inner exception stack trace ---
                        --- End of inner exception stack trace ---
                        --- End of inner exception stack trace ---
                        at Microsoft.Exchange.MailboxReplicationService.MailboxReplicationServiceFault.<>c__DisplayClass97_0.<ReconstructAndThrow>b__0()
                        at Microsoft.Exchange.MailboxReplicationService.ExecutionContext.Execute(Action operation)
                        at Microsoft.Exchange.MailboxReplicationService.MailboxReplicationServiceFault.ReconstructAndThrow(String serverName, VersionInformation serverVersion)
                        at Microsoft.Exchange.MailboxReplicationService.WcfClientWithFaultHandling`2.<>c__DisplayClass7_0.<CallService>b__0()
                        at Microsoft.Exchange.Net.WcfClientBase`1.CallService(Action serviceCall, String context)
                        at Microsoft.Exchange.MailboxReplicationService.WcfClientWithFaultHandling`2.CallService(Action serviceCall, String context)
                        at Microsoft.Exchange.Migration.MigrationExchangeProxyRpcClient.CanConnectToMrsProxy(Fqdn serverName, Guid mbxGuid, NetworkCredential credentials, LocalizedException& error)
                        --- End of inner exception stack trace ---
                        at Microsoft.Exchange.Migration.DataAccessLayer.ExchangeRemoteMoveEndpoint.VerifyConnectivity()
                        at Microsoft.Exchange.Management.Migration.MigrationService.Endpoint.TestMigrationServerAvailability.InternalProcessEndpoint(Boolean fromAutoDiscover)
IsValid            : True
Identity           :
ObjectState        : New

Looking at the TechNet article for both New-MoveRequest and Test-MigrationServer the Credentials/RemoteCredential parameter should accept UPN usernames.

Is this a limit with Exchange 2013? I can Remote-PSSession to the on premise Exchange server with the UPN username, and import the CMDlet, so I’m at a lost why it doesn’t work with New-MoveRequest and Test-MigrationServer loaded from Office 365?


Get this bounty!!!

#StackBounty: #powershell #microsoft-office-365 #exchange-2013 Can't use UPN credentials with New-MoveRequest?

Bounty: 50

We’re on a hybrid setup (Exchange 2013 on-prem), and MRSproxy is enabled and working. We want to archive our user’s mailbox when they leave the company. So we want to migrate those mailbox from the Office 365 back to our on premise server. I’ve been trying to create a leaving script, and the New-MoveRequest cmdlet keeps on giving the following error:

The Mailbox Replication Service was unable to connect to the remote server using the credentials provided. Please check the credentials and try again. The call to 'https://webmail.blah.com/EWS/mrsproxy.svc' failed.
Error details: The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The authentication header received from the server was 'Negotiate,NTLM'. --> The remote server returned an error:
(401) Unauthorized.. --> The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The authentication header received from the server was 'Negotiate,NTLM'. --> The remote server returned an
error: (401) Unauthorized.
    + CategoryInfo          : NotSpecified: (:) [New-MoveRequest], RemotePermanentException
    +9,Microsoft.Exchange.Man
   agement.Migration.MailboxReplication.MoveRequest.NewMoveRequest
    + PSComputerName        : outlook.office365.com

So I tested with Test-MigrationServerAvailability -ExchangeRemoteMove -RemoteServer webmail.blah.com -Credentials $UserName<#> with the 3 following type of PSCredentials:

UserName1 : <domain><SamAccountName>

UserName2 : <SamAccountName>

UserName3 : UPN

With UserName1 and UserName2 I get

RunspaceId         : 3966b356-0f49-46c3-9373-e914827fc6ed
Result             : Success
Message            :
ConnectionSettings : <ExchangeConnectionSettings HasAdminPrivilege="True" HasAutodiscovery="False" HasMrsProxy="True" AutodiscoverUrl="" IncomingEmailAddress="" IncomingRPCProxyServer="webmail.blah.ccom"
                     IncomingExchangeServer="webmail.blah.com" IncomingNSPIServer="" IncomingDomain="" IncomingUserName="UserName<#>" EncryptedIncomingPassword="something"
                     IncomingAuthentication="Basic" ServerVersion="" TargetDomainName="" SourceMailboxLegDn="" PublicFolderDatabaseServerLegacyDN="" IsPublicFolderMailboxesMigrationSource="False" />
SupportsCutover    : False
ErrorDetail        :
IsValid            : True
Identity           :
ObjectState        : New

but with UserName3 I get :

RunspaceId         : 3966b356-0f49-46c3-9373-e914827fc6ed
Result             : Failed
Message            : The connection to the server 'webmail.blah.com' could not be completed.
ConnectionSettings :
SupportsCutover    : False
ErrorDetail        : Microsoft.Exchange.Migration.MigrationServerConnectionFailedException: The connection to the server 'webmail.blah.com' could not be completed. --->
                     Microsoft.Exchange.MailboxReplicationService.RemotePermanentException: The Mailbox Replication Service was unable to connect to the remote server using the credentials provided. Please check
                     the credentials and try again. The call to 'https://webmail.blah.com/EWS/mrsproxy.svc' failed. Error details: The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The
                     authentication header received from the server was 'Negotiate,NTLM'. --> The remote server returned an error: (401) Unauthorized.. --> The HTTP request is unauthorized with client
                     authentication scheme 'Negotiate'. The authentication header received from the server was 'Negotiate,NTLM'. --> The remote server returned an error: (401) Unauthorized. --->
                     Microsoft.Exchange.MailboxReplicationService.RemotePermanentException: The call to 'https://webmail.blah.com/EWS/mrsproxy.svc' failed. Error details: The HTTP request is unauthorized with client
                     authentication scheme 'Negotiate'. The authentication header received from the server was 'Negotiate,NTLM'. --> The remote server returned an error: (401) Unauthorized.. --->
                     Microsoft.Exchange.MailboxReplicationService.RemotePermanentException: The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The authentication header received from
                     the server was 'Negotiate,NTLM'. ---> Microsoft.Exchange.MailboxReplicationService.RemotePermanentException: The remote server returned an error: (401) Unauthorized.
                        --- End of inner exception stack trace ---
                        --- End of inner exception stack trace ---
                        --- End of inner exception stack trace ---
                        at Microsoft.Exchange.MailboxReplicationService.MailboxReplicationServiceFault.<>c__DisplayClass97_0.<ReconstructAndThrow>b__0()
                        at Microsoft.Exchange.MailboxReplicationService.ExecutionContext.Execute(Action operation)
                        at Microsoft.Exchange.MailboxReplicationService.MailboxReplicationServiceFault.ReconstructAndThrow(String serverName, VersionInformation serverVersion)
                        at Microsoft.Exchange.MailboxReplicationService.WcfClientWithFaultHandling`2.<>c__DisplayClass7_0.<CallService>b__0()
                        at Microsoft.Exchange.Net.WcfClientBase`1.CallService(Action serviceCall, String context)
                        at Microsoft.Exchange.MailboxReplicationService.WcfClientWithFaultHandling`2.CallService(Action serviceCall, String context)
                        at Microsoft.Exchange.Migration.MigrationExchangeProxyRpcClient.CanConnectToMrsProxy(Fqdn serverName, Guid mbxGuid, NetworkCredential credentials, LocalizedException& error)
                        --- End of inner exception stack trace ---
                        at Microsoft.Exchange.Migration.DataAccessLayer.ExchangeRemoteMoveEndpoint.VerifyConnectivity()
                        at Microsoft.Exchange.Management.Migration.MigrationService.Endpoint.TestMigrationServerAvailability.InternalProcessEndpoint(Boolean fromAutoDiscover)
IsValid            : True
Identity           :
ObjectState        : New

Looking at the TechNet article for both New-MoveRequest and Test-MigrationServer the Credentials/RemoteCredential parameter should accept UPN usernames.

Is this a limit with Exchange 2013? I can Remote-PSSession to the on premise Exchange server with the UPN username, and import the CMDlet, so I’m at a lost why it doesn’t work with New-MoveRequest and Test-MigrationServer loaded from Office 365?


Get this bounty!!!