Skip to main content
commvault.com commvault.com
Solved

Unable to Auto Discover O365 Exchange Mailboxes

  • January 30, 2022
  • 6 replies
  • 3707 views
S
Bit
Forum|alt.badge.img+1

Hi all

We’re just in the process of starting a migration of user mailboxes from Domino to O365 Exchange and I’m working on setting up our Commcell 11 SP16 HPK136 instance to backup the new exchange mailboxes. So far  I think I’ve followed these destructions correctly :

Prerequisites for the Exchange Mailbox Agent User Mailbox Office 365 with Exchange Using an On-Premises Active Directory Environment (commvault.com)

But if I go to the “User Mailbox” in the agent tree,

 and go to Mailboxes → New Association → User, click the Configure button and try to Discover, I get the error :

Failed to begin discovery. Could not connect to any of the given proxies.

 

As best as I can remember, I’ve added no “Proxies”. Can someone point me to where to look in the logfiles to get more information about what might be causing this, or the bit in the documentation I need to recheck  ?

TIA

 

Simon

Best answer by Scott Reynolds

@Simon Delicata Are you able to test the following from the access node?

1.    On the proxy machine. Open Windows PowerShell and run the following command.

2.    $UserCredential = Get-Credential

In the Windows PowerShell Credential Request dialog box, type your Exchange Online service account user name and password, and then click OK.

3.    Run the following command.

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell -Credential $UserCredential -Authentication Basic -AllowRedirection

4.    Run the following commands

Import-PSSession $Session

get-mailbox

This should return all Exchange online mailboxes and confirm that the proxy and service account have everything required to connect to Exchange online and get a list of mailboxes.

If this complete successfully then I suggest opening a case, we would have to investigate.

Scott 

View original
Did this answer your question?
If you have a question or comment, please create a topic

6 replies

L
Vaulter
Forum|alt.badge.img

Hi Simon,

This error might mean that you haven't setup access node in your configuration.

Can you confirm if you have added access node(s) to the configuration? Each access nodes needs Exchange package be installed. Please refer to this documents

https://documentation.commvault.com/commvault/v11_sp16/article?p=28823.htm

https://documentation.commvault.com/commvault/v11_sp16/article?p=92971.htm

 

Chris Hollis
1 person likes this
  • Chris Hollis
    Chris Hollis
S
Vaulter
Forum|alt.badge.img+14

@Simon Delicata 

The properties of the Mailbox agent will have a section for mailbox access nodes. These clients should have Exchange package installed on them. Make sure one or more are selected.

S
Bit
Forum|alt.badge.img+1

HI @Scott Reynolds & @Leila Mehrabi 

 

Thanks both for your feedback. I reread the instructions, stopped on step 1, and installed the Exchange Agent on the commcell :face_palm_tone1: .

Having done that, the error has now gone. I’ve now got a powershell problem, from the CvRTTagCreator.log (I’ve removed the service user USN):


0000 0001 02/02 09:42:23 ### BEGIN CvRTagCreator
0000 0001 02/02 09:42:23 ### Executing CvRTagCreatorDotNet40.exe
0000 0001 02/02 09:42:23 ### Starting process C:\Program Files\CommVault\Simpana\Base\\CvRTagCreatorDotNet40.exe...
0000 0001 02/02 09:42:23 ### BEGIN CvRTagCreatorDotNet
0000 0001 02/02 09:42:24 ### SetExecutionPolicyForPS - START
0000 0001 02/02 09:42:24 ### Running script for updating Execution policy ..
0000 0001 02/02 09:42:25 ### Current effective execution policy[RemoteSigned]
0000 0001 02/02 09:42:25 ### SetExecutionPolicyForPS - END
0000 0001 02/02 09:42:25 ### Executing Remote Exchange PowerShell script: 'Get-Mailbox -ResultSize unlimited -Filter {CustomAttribute15 -ne 'IsACommvaultServiceAccount'} | Where-Object {($_.IsMailboxEnabled -eq 1) -and ($_.IsValid -eq 1) -and  ($_.OriginatingServer -like "*.outlook.*") -and (-not ($_.Alias -like "DiscoverySearchMailbox*")) } | fl DisplayName, UserPrincipalName, PrimarySmtpAddress, Name, Alias, OriginatingServer, ExchangeGuid, ExternalDirectoryObjectId, ServerLegacyDN, LegacyExchangeDN, OriginatingServer, ArchiveGuid, ArchiveName, ArchiveDatabase, IssueWarningQuota, ProhibitSendQuota, ProhibitSendReceiveQuota, ArchiveQuota, ArchiveWarningQuota, RecipientTypeDetails | Out-File "C:\Program Files\CommVault\Simpana\Base\Temp\psexport1643794943.txt" -width 1023' as servicegroupuser@ourtenent
0000 0001 02/02 09:42:25 ### Connect Uri Set To = https://outlook.office365.com/powershell-liveid/
0000 0001 02/02 09:42:25 ### $Session = New-PSSession -ConfigurationName "Microsoft.Exchange" -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $Cred -Authentication Basic -AllowRedirection
0000 0001 02/02 09:42:25 ### Import-PSSession $Session
0000 0001 02/02 09:42:25 ### if (Get-Command 'Enable-OrganizationCustomization' -errorAction SilentlyContinue) { $currentErrorAction = $ErrorActionPreference; $ErrorActionPreference = 'silentlyContinue'; Enable-OrganizationCustomization; $ErrorActionPreference = $currentErrorAction }
0000 0001 02/02 09:42:26 ### Exception in PowerShell script: 'System.Management.Automation.ParameterBindingValidationException: Cannot validate argument on parameter 'Session'. The argument is null. Provide a valid value for the argument, and then try running the command again. ---> System.Management.Automation.ValidationMetadataException: The argument is null. Provide a valid value for the argument, and then try running the command again.
   at System.Management.Automation.ValidateNotNullAttribute.Validate(Object arguments, EngineIntrinsics engineIntrinsics)
   at System.Management.Automation.ParameterBinderBase.BindParameter(CommandParameterInternal parameter, CompiledCommandParameter parameterMetadata, ParameterBindingFlags flags)
   --- End of inner exception stack trace ---
   at System.Management.Automation.Runspaces.PipelineBase.Invoke(IEnumerable input)
   at CvRTagCreator.PSCaller.RunRemoteExchangeScript(String script, ICollection`1& results, String& errMsg, String user, String pswd, MSCloudRegion cloudRegion)'
0000 0001 02/02 09:42:26 ### END CvRTagCreatorDotNet
0000 0001 02/02 09:42:26 ### END CvRTagCreator

 

If I use the following two commands on a powershell command-line, the if( Get-Command… and Get-Mailbox -ResultS commands that are trying to be run execute correctly :

import-module ExchangeOnlineManagement

Connect-Exchangeonline

 

Also, FWIW, the following two commands have been successfully executed :

New-AuthenticationPolicy BasicAllowedOnlyForServiceAccountEWSandPS -AllowBasicAuthPowershell -AllowBasicAuthWebServices

Set-user -Identity CVServiceAccount -AuthenticationPolicy "BasicAllowedOnlyForServiceAccountEWSandPS”

 

If it matters, this is running on a Windows 2012 non R2 server. Shall I go and raise a ticket ?

 

Thanks again

Simon

 

 

S
Vaulter
Forum|alt.badge.img+14

@Simon Delicata Are you able to test the following from the access node?

1.    On the proxy machine. Open Windows PowerShell and run the following command.

2.    $UserCredential = Get-Credential

In the Windows PowerShell Credential Request dialog box, type your Exchange Online service account user name and password, and then click OK.

3.    Run the following command.

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell -Credential $UserCredential -Authentication Basic -AllowRedirection

4.    Run the following commands

Import-PSSession $Session

get-mailbox

This should return all Exchange online mailboxes and confirm that the proxy and service account have everything required to connect to Exchange online and get a list of mailboxes.

If this complete successfully then I suggest opening a case, we would have to investigate.

Scott 

S
Bit
Forum|alt.badge.img+1

Hi @Scott Reynolds , 

I ran this on our commcell which is also the access node, and supplied the service credentials to the first line, and on running the second got :

PS C:\temp> $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powersh
ell -Credential $UserCredential -Authentication Basic -AllowRedirection
WARNING: Your connection has been redirected to the following URI:
"https://ps.outlook.com/PowerShell-LiveID?PSVersion=5.1.14409.1018 "
New-PSSession : [ps.outlook.com] Connecting to remote server ps.outlook.com failed with the following error message :
Access is denied. For more information, see the about_Remote_Troubleshooting Help topic.
At line:1 char:12
+ $Session = New-PSSession -ConfigurationName Microsoft.Exchange -Conne ...
+            ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [New-PSSession], PSRemotin
   gTransportException
    + FullyQualifiedErrorId : AccessDenied,PSSessionOpenFailed
PS C:\temp>

 

many thanks

Simon

 

S
Vaulter
Forum|alt.badge.img+14

@Simon Delicata Appears there is an issue with the service account being used to connect to Exchange online. 

Access is denied. For more information, see the about_Remote_Troubleshooting Help topic.”

 

Are you sure the account meets the requirements? Is MFA enabled on the account?
 

An Exchange Online service account, which must meet the following requirements:

  • Must be an online mailbox or a shared mailbox.

  • Must be created in Microsoft Azure AD only.

  • Must have either the Exchange administrator role or the global administrator role assigned so that the administrator can discover and back up Office 365 group mailboxes. For more information, see Assign admin roles in Office 365 on the Microsoft website.

Most helpful members this week

Terms & ConditionsCookie settings

Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings