- The service principal name (SPN) that's required for OAuth authentication is missing.
- You're testing an account that's not synchronized between the on-premises environment and Microsoft Exchange Online.
Scenario: The SPN is missing
- Open the Exchange Management Shell.
- Run the following command:Notice the values that are returned for OnPremisesDiscoveryEndPoint and OnPremisesWebServiceEndPoint.
- Run the following command:Check whether the domain names that are listed for the endpoints are returned.
Get-MsolServicePrincipal -ServicePrincipalName "00000002-0000-0ff1-ce00-000000000000").ServicePrincipalNames
- If the domains names aren't returned, use the Set-MsolServicePrincipal cmdlet to add them.
For example, the following command adds the Mail.contoso.com domain.
Set-MsolServicePrincipal -ServicePrincipalName "00000002-0000-0ff1-ce00-000000000000").Mail.contoso.com
Scenario: You're using an account that isn't synchronized between the on-premises environment and Exchange OnlineWhen you run the Test-OAuthConnectivity cmdlet, make sure that you use an account that's synchronized between the on-premises environment and Exchange Online. For example, you'll encounter this issue if you use an on-premises administrator account.
In the following example, "Fred" is a user account that's synchronized between the on-premises environment and Exchange Online.
Test-OAuthConnectivity -Service EWS -TargetUri https://cas.contoso.com/ews/ -Mailbox "Fred”
Article ID: 3090197 - Last Review: Oct 28, 2016 - Revision: 1