I had a client call up about an issue with around 10 of their users, my client raised a support call but never got very far after a week. These user had been migrated from Exchange 2010 via Hybrid and were all working until they suddenly could not connect to OWA or Outlook. So I went through the following investigation steps,
- Tried to connect to Outlook and OWA from External to the accounts – Failed
- Tried to open the mailbox from another account – Failed
- Run the Microsoft Remote Connectivity Analyzer “Outlook RPC” – Failed with the error 403 unauthorised
- Run the Microsoft Remote Connectivity Analyzer “Single Sign On” – Success
- Run Get-Mailbox and Get-MSOLUser all was brought back fine and looked correct.
It seems to be a very strange issue, it seemed like the Windows Azure AD (WAAD) had lost authorisation to the correlating mailboxes.
To resolve this issue I did the following,
- Removed the Online License from the account.
- Removed the MSOL Account from WAAD.(Soft Delete)
- Remove MSOL Account from Recycle Bin (Hard Delete) Remove-MsolUser -ObjectId "1fc8558e-601b-498f-a1d6-7ef8888886fc" -RemoveFromRecycleBin –Force
- Force Directory Synchronisation
- Re-Assigned Online Licenses
- 7. Move the mailboxes back to Online New-MoveRequest -Identity "TestJ" –TargetDeliveryDomain "domain.mail.onmicrosoft.com" -BadItemLimit 100 -RemoteHostName "outlook.domain.com" -remoteCredential $Cred -remote -largeItemLimit 10 –AcceptLargeDataLoss
Once had all been migrated the mailboxes connected back up perfectly and all was working again.
This may seem like a solution for niche issue, however this should work for any individual mailbox issues which is on Microsoft side instead of your configuration. This solution totally provisions a new Azure AD account and a Mailbox in Exchange Online.