O365 Exchange Hybrid Configuration and ShellId error.

If you get one of these errors:

Error:
Updating hybrid configuration failed with error ‘System.Management.Automation.Remoting.PSRemotingTransportException: Processing data from remote server failed with the following error message: [ClientAccessServer=xxxxxxxx,BackEndServer=xxxxxxx,RequestId=xxxxxx, TimeStamp=xxxxx] [FailureCategory=WSMan-InvalidShellID] The request for the Windows Remote Shell with ShellId xxxxxxxxxxxxxxxxxxx failed because the shell was not found on the server. Possible causes are: the specified ShellId is incorrect or the shell no longer exists on the server. Provide the correct ShellId or create a new shell and retry the operation. For more information, see the about_Remote_Troubleshooting Help topic.

when trying to run hybrid wizzard configuration:

https://aka.ms/HybridWizard

You might want to try turning off MFA for admin accounts – you give second factor code/consent whilst logging to the configurator, but obviously it later tries to run some commands in the background and these also enforces MFA.

Advertisements

DMARK, DKIM and SPF – deep dive useful links (with focus on O365)

ReadAllAboutIT.jpg

Sometimes it is good enought to have a place where you got a reliable links where are all the information needed – as this blog purpose it to be my notepad also to let me remember thigs for a longer time, will place them here. Especially DKIM – it is broadly presented on the Internet, but I was not able to find a place where everything will be described from A to Z. So here is a portion of usefull links about mentioned mechanisms.

Continue reading “DMARK, DKIM and SPF – deep dive useful links (with focus on O365)”

Does “New-ComplianceSearchAction -Purge” really purge the mailbox like it should?

New-ComplianceSearchAction -SearchName "GDPR Fuckups" -Purge

Are you sure you want to perform this action?
This operation will make message items meeting the criteria of the compliance search “Remove Vetting messages” completely inaccessible to users. There is no automatic method to undo the removal of these message items.
[Y] Yes [A] Yes to All [N] No [L] No to All [?] Help (default is “Y”): A

soundsgood

Continue reading “Does “New-ComplianceSearchAction -Purge” really purge the mailbox like it should?”

New-ComplianceSearch not visible in Exchange Online despite being in “Discovery Management”

So just today I learned new thing, I was missing New-ComplianceSearch cmdlet, I was a bit frustrated because I was in all the relevant groups:

Technet was not mentioning a WORD about one thing, I was able to use compliance cmdlets only after I connected diffrently, so if this is your connection string:

$Session = New-PSSession -ConfigurationName Microsoft.Exchange –ConnectionUri https://ps.outlook.com/powershell/ -Credential $Credential -Authentication Basic –AllowRedirection

Change it to:

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.compliance.protection.outlook.com/powershell-liveid/ -Credential $Credential -Authentication Basic –AllowRedirection

This should do the trick.

o365kicksadminasses

Exchange Online and Microsoft.Exchange.Data.SharingPolicyAction is invalid error on Get-MailboxFolderPermission

Hello,

Recently we got an issue on Exchagne Online, for one mailbox (yes 1! :)) we were not able to properly read permissions, the error was:

•	WARNING: An unexpected error has occurred and a Watson dump is being generated: Value specified for a parameter of type <span id="mce_SELREST_start" style="overflow:hidden;line-height:0;"></span>Microsoft.Exchange.Data.SharingPolicyAction is invalid<span id="mce_SELREST_end" style="overflow:hidden;line-height:0;"></span>: 0.
•	Parameter name: allowedActions
•	Value specified for a parameter of type Microsoft.Exchange.Data.SharingPolicyAction is invalid: 0.
•	Parameter name: allowedActions
•	    + CategoryInfo          : NotSpecified: (:) [Get-MailboxFolderPermission], EnumOutOfRangeException
•	    + FullyQualifiedErrorId : Microsoft.Exchange.ExchangeSystem.EnumOutOfRangeException,Microsoft.Exchange.Management.StoreTasks.GetMailboxFolderPermission
•	    + PSComputerName        : ps.outlook.com

1mvd95.jpg

After contacting Microsoft they suggested running following command:

Get-SharingPolicy | Set-SharingPolicy -Domains Anonymous:CalendarSharingFreeBusySimple,*:CalendarSharingFreeBusyDetail

After running the above command we were able to properly rad permissions. More details about sharing policies can be found here.

 

Messages send to a distribution group visible in Exchange Online’s Get-MessageTrace as failed – not really failed.

So I noticed today that some messages are getting failed status, I was particulary interested in one message that for sure was a legit one – same as the distribution group it supposed to be delivered to.

FailedMessage

Well..ok, so what happened to it then, I used Get-MessageTraceDetails to check it.

Continue reading “Messages send to a distribution group visible in Exchange Online’s Get-MessageTrace as failed – not really failed.”

Exhange Online and “Cannot process argument transformation on parameter…” RBAC error.

So today I was trying to create some RBAC roles for our IT support. All I wanted to do is to create a new RBAC role and then add some cmdlets that were missing there – it was about message tracking.

Apart from that thing I find seriously messed up is a fact that role group “Message Tracking” does not contain “Get-MessageTrace” cmdlet.

WTFMS

Whole story happens in Exchange Online so I tried to create am empty roleand add two needed cmdlets to it – I was not able to do it, as Exchange Online prevents from creating such empty roles – you need to specify a parent.

However, if a parent role does not contain a cmdlet you are interested in you are not able to add it.

Well, sweet… so I created a role based on a parent which contained a lot of others cmdlet and tried to remove entries using “where”, like this:

Get-ManagementRoleEntry “SupportTeam” | ? {$_.name -notmatch “get-messaget”}| Remove-ManagementRoleEntry

Simply – I wanted to leave only cmdlets responsible for message trace.

Here is the place I got error from the subject:

errorrbac.jpg

So I started to read about it, and apparently Remove-ManagementRoleEntry is not accepting pipeline in o365…

https://blogs.technet.microsoft.com/rmilne/2015/02/05/remove-multiple-management-role-entries-in-office-365/

So you either need to prepare lines for each role entry in excel (for isntance using “concatenate”), or create a script, or use ready solution presented in the above blog.