Office 365 Solutions

If you receive the following error when trying to connect to Exchange Online via PowerShell, then you will need to upgrade the Connect-ExchangeOnline PowerShell module.

AADSTS50011: The reply URL specified in the request does not match the reply URLs configured for the application

Resolving AADSTS50011 for Connect-ExchangeOnline

To resolve, launch PowerShell and run the following command. If you do not trust the PowerShell gallery you may also be prompted to confirm the installation from an untrusted gallery. Press “Y” to confirm.

 C:\> Update-Module ExchangeOnlineManagement

You are installing the module from an untrusted repository. If you trust 
this repository, change its InstallationPolicy value by running the 
Set-PSRepository cmdlet. Are you sure you want to install the module 
from 'PSGallery'?
[Y] Yes  [A] Yes to All  [N] No to All  [S] Suspend  [?] Help: Y

At this point, it is best to close and reopen any PowerShell windows you had open and reissue the command Connect-ExchangeOnline. The issue should now be resolved.

When running the Hybrid Configuration Wizard, you may receive the following error on the credential page.

Hybrid Configuration Service may be limited

This error is the result of an out of date hybrid configuration wizard. In the screenshot above, we are using version 16.0.3149.4. At the time of writing, the current version is 17.0.4554.0.

Despite the historically self-updating nature of the hybrid configuration wizard, users on older versions will need to uninstall and then reinstall version 17 from the portal. However, once installed, version 17 will check for updates on launch.

The new wizard contains several significant changes, including smaller bug fixes and enhancements.

The first is that the wizard will no longer create or require a federation trust in some Exchange environments. If the wizard detects the presence of Exchange 2010, the federation trust will be created. However, if the on-premises environment only includes Exchange 2013 or newer, the federation trust is skipped. This means that domain proof is not required, which skips the need to create DNS TXT records as part of the wizard.

Second, the wizard also vastly improves how it reports OAuth errors if enablement fails during the execution of the wizard. Detailed OAuth failure messages are now reported in the HCW logs, which will help significantly with troubleshooting.

Ran into the following error when running the Hybrid Configuration Wizard. The error occurred during the gathering configuration information screen, immediately after authenticating to Office 365.

Connecting to remote server failed with the following error message: Connecting to remote server outlook.office365.com failed with the following error message:  The WinRM client cannot process the request. Basic authentication is currently disabled in the client configuration . Change the client configuration and try the request again.

From the error message we can see the issue lies with basic authentication being disabled in the WinRM client. Basic authentication is enabled by default, so the fact it is disabled is likely due to security being hardened in the operating system.

I have had a few instances where customers have blocked OneDrive in their Office 365 tenant. This is often the result of a looming Exchange 2010 support deadline and a lack of time to establish governance, security, compliance, and training around both Exchange and every other service in Office 365. Unfortunately, the methods used to block some of these services may have unexpected consequences.

In each of these instances, OneDrive was blocked by removing the user’s ability to create OneDrive storage in the tenant. SharePoint Online was also in its default out-of-the-box state with default permissions. In each case we ran into the following symptoms:

• Despite the OneDrive block, an Outlook Web App user could successfully select the option Save to OneDrive for their attachments
• The attachment would not save to OneDrive, but instead, the default SharePoint document library inside a folder named Attachments

In the next sections, we show how the OneDrive block was put in place and how SharePoint was configured to cause this perfect storm of incorrect attachment saving. We will then identify a workaround for the issue.

How OneDrive was blocked

The method described in this section is commonly found on the internet to block OneDrive access for users. In all cases, OneDrive was configured using this method.

The block is configured by navigating to the SharePoint Admin Center and selecting More Features. From the More Features window, click the Open button under the User Profiles section.

From the User Profiles screen, select Manage User Permissions. On the Permissions for User Profile dialog, select Everyone except external users. In the Permissions box, Create Personal Site was unchecked. When unchecked this removes the user’s ability to create a personal OneDrive site.

Note: This method does not affect users with existing OneDrive storage. To revoke access to existing storage, the site collection admin for each OneDrive personal store would need to be replaced.