locked
Exchange connector RRS feed

  • Question

  • Hi all. i have Service Manager 2012, and i need to configure Office 365 connector for notificacions.

    We have installed SM 2012, in another forest from our customer and office 365 points to another forest and users from both forest can access Office 365 as username.lastname@xxxx.com

    Forest is abc.local and zyx.local and for Office 365 is user@abc.com users in one AD are abc.local\user and in other AD are zxy.local\users

    When creating the connector y put the url  https://outlook.office365.com/EWS/Exchange.asmx and the user is the usermailbox created for notificacion as runas acount int the office365 format servicemanager@abc.com(this is only a mailbox user do not have active directory account), but the result for it is that can not be validated due no domain controller and then fail

    I tried exchange connector 3.0 and 3.1 with same results now is exchange connector 3.1

    IS this connector works for office 365 not in same domain?

    How can this be configured? i did follow the setps in the document for the connector but the steps arent clear on how and what to use.


    DR.M3rL4

    Wednesday, July 26, 2017 1:36 PM

Answers

  • Hi

    Having the accounts in two forests should be OK, that is the purpose of the Run As account in this case. 

    As you have no errors and the Exchange Connector was configured with no issues, I have no ideas on what could be wrong. My suggestions above were best guesses.

    At this stage my only suggestion is a support call to Microsoft. 

    Regards

    Glen


    Web: www.xapity.com  |   Twitter: @xapityapps  |   Facebook: xapityapps

    • Marked as answer by nachio Monday, August 7, 2017 8:02 PM
    Friday, August 4, 2017 9:35 PM

All replies

  • Hi

    The Exchange Connector can be difficult to get working. Using Office 365 has worked for others even with different domains between on-prem and Office 365.

    Have a look at this blog post I wrote on the Exchange Connector Errors: http://www.xapity.com/single-post/2015/11/12/Exchange-Connector 

    From the error, I would check the email address to make sure that it is the Primary email address of the mailbox - although this is probably correct.

    I would check which version of the Exchange API are you using 1.2 or 2.2. This can make a difference and usually 1.2 is preferred.

    Regards

    Glen


    Web: www.xapity.com  |   Twitter: @xapityapps  |   Facebook: xapityapps

    Wednesday, July 26, 2017 8:44 PM
  • Iam able to log in into the office365 webpage with that user as same as declared into connector, the issue it seems that the connector will not validate the user as run as due Office365 and service manager arent in same Forest or something like that cause the warning first is that there is no domain to validate account, then at next step it failes to validate.

    DR.M3rL4

    Wednesday, July 26, 2017 8:47 PM
  • is SM 2012, the api and connector where tested in api1.2 and 2.2 and connector 3.0 and 3.1 with same results

    DR.M3rL4

    Wednesday, July 26, 2017 8:50 PM
  • Hi

    Can you post the exact error or a screen shot? 

    And what version to the Exchange API are you using?

    Thanks

    Glen


    Web: www.xapity.com  |   Twitter: @xapityapps  |   Facebook: xapityapps

    Wednesday, July 26, 2017 8:50 PM
  • Question
    You cannot vote on your own post

    is SM 2012, the api and connector where tested in api1.2 and 2.2 and connector 3.0 and 3.1 with same results

    DR.M3rL4

    Wednesday, July 26, 2017 8:51 PM
  • Hi

    I think it is the RunAs account and the wizard that is causing the error, but I think you can just ignore it, or at least I was able to continue the wizard and successfully created a connector to Office 365.

    I set up a Exchange Connector in my lab. Used the URL you have, created a new run as account - put in the email address as the Username, the domain information at the bottom of the page was for the local domain (different form Office 365 domain) and I get the following error on the RunAs account:

    I went yes to the dialog box. Then used the Test Connection button and was prompted for a password, entered it and got a successful connection.

    I continued with the wizard and was able to successfully create the connector. It was able to create a new IR from an email sent to the Office 365 mailbox.

    Regards

    Glen.


    Web: www.xapity.com  |   Twitter: @xapityapps  |   Facebook: xapityapps


    • Edited by Glen.Xapity Wednesday, July 26, 2017 9:20 PM
    Wednesday, July 26, 2017 9:18 PM
  • I had that warning but it fail after that when i do next. here are the captures of the process

    DR.M3rL4

    Thursday, July 27, 2017 11:55 AM

  • DR.M3rL4

    Thursday, July 27, 2017 11:55 AM

  • DR.M3rL4

    Thursday, July 27, 2017 11:55 AM

  • DR.M3rL4

    Thursday, July 27, 2017 11:56 AM

  • DR.M3rL4

    Thursday, July 27, 2017 11:56 AM
  • The email user, hast to be an AD user also?, this user is only mailbox user not in AD due AD is another forest than the SM is located

    DR.M3rL4

    Thursday, July 27, 2017 8:08 PM
  • Hi

    Try running the console as administrator (right click run as administrator) or change the UAC settings. This has caught me out a number of times and it always results in the error Connection Unsuccessful and Inaccessible Logs: Security.

    But just to confirm the steps I used were:

    1. Office 365 full user mailbox - regular user, not shared mailbox (which will have a disabled user account)
    2. Different domains - no AD sync
    3. Active Directory Forrest = Office 365 domain
    4. Used the Exchange URL = https://outlook.office365.com/EWS/Exchange.asmx
    5. Used new Run As Account. Username = email address of Office 365 Mailbox
    6. Accepted the Error, Was able to Test the connection successfully
    7. Then completed the wizard and was able to successfully create an IR from an email to the mailbox

    Hope it works this time.

    Glen


    Web: www.xapity.com  |   Twitter: @xapityapps  |   Facebook: xapityapps

    Thursday, July 27, 2017 8:23 PM
  • I have done it but it fail with validate the user, since it ask for an active directory forest to search for user, then i put the user name as emailformat@domain.com and failed

    1. Office 365 full user mailbox -servicemanger@domain.com
    2. Different domains - iried both forest and even outlook.com
    3. Active Directory Forrest = Office 365 domain
    4. Used the Exchange URL = https://outlook.office365.com/EWS/Exchange.asmx
    5. Used new Run As Account. Username = email address of Office 365 Mailbox
    6. Accepted the Error, Was able to Test failed.


    DR.M3rL4

    Thursday, July 27, 2017 8:30 PM
  • Hi

    So lets go back a step. From the server using a web browser, can you log on to the Office 365 mailbox using the run as account email address and password.

    Next what error did you get when the test failed. Sometimes this gives a clue as to what is happening.

    Regards

    Glen


    Web: www.xapity.com  |   Twitter: @xapityapps  |   Facebook: xapityapps

    Thursday, July 27, 2017 8:49 PM
  • yes im able to log to office 365 url from the server

    DR.M3rL4

    Thursday, July 27, 2017 8:50 PM
  • Hi

    Can you post a screen shot of the error you are getting now.

    Thanks

    Glen


    Web: www.xapity.com  |   Twitter: @xapityapps  |   Facebook: xapityapps

    Thursday, July 27, 2017 9:52 PM
  • this is the error

    DR.M3rL4

    Friday, July 28, 2017 11:36 AM
  • and when i log with that user on outlook url i got:

    You have created a service.

    To test this service, you will need to create a client and use it to call the service. You can do this using the svcutil.exe tool from the command line with the following syntax:



    svcutil.exe https://bn1pr12mb0052.namprd12.prod.outlook.com:444/EWS/Services.wsdl

    This will generate a configuration file and a code file that contains the client class. Add the two files to your client application and use the generated client class to call the Service. For example:


    C#

    class Test
    {
        static void Main()
        {
            HelloClient client = new HelloClient();

            // Use the 'client' variable to call operations on the service.

            // Always close the client.
            client.Close();
        }
    }



    Visual Basic

    Class Test
        Shared Sub Main()
            Dim client As HelloClient = New HelloClient()
            ' Use the 'client' variable to call operations on the service.

            ' Always close the client.
            client.Close()
        End Sub
    End Class


    DR.M3rL4

    Friday, July 28, 2017 11:58 AM
  • and also the connector show same error using mi email account failed to verify

    DR.M3rL4

    Friday, July 28, 2017 12:05 PM
  • HI

    When you create the Connector, you first have to run the console in Admin mode - right-click the console icon and choose "Run As Administrator" or you have to change your UAC settings. Otherwise you can get the error Inaccessible Logs: Security.

    Have you tried doing this?

    Regards

    Glen


    Web: www.xapity.com  |   Twitter: @xapityapps  |   Facebook: xapityapps

    Friday, July 28, 2017 9:00 PM
  • When i use the run as administrator of console and create the connector the error is another.


    DR.M3rL4

    Monday, July 31, 2017 12:37 PM
  • i was able to do it, it was an error with api, using the run as worked, but now the error is that email incidents arent created.

    DR.M3rL4

    Monday, July 31, 2017 7:58 PM
  • Hi

    It is good that you have been able to create the connector.

    Where are the emails coming from - in the screen shot above you have "Only Process from users in the CMDB". This will stop the Exchange Connector from processing any email from an outside domain and any user that is not registered in the Service Manager CMDB (ie has been entered manually or from the AD Connector).

    Other than that, look at increasing the logging level to see what is happening.

    Regards

    Glen

     


    Web: www.xapity.com  |   Twitter: @xapityapps  |   Facebook: xapityapps

    Monday, July 31, 2017 9:17 PM
  • i did a try from mi email user, AD domain is different than O365 and i filled the email to mi user from CMDB. so are coming from inside. what it worked was to put the MX address of Of365 to do a direct email send, according to KB of how to send emails from aplications if it where an smtp relay. and that is what points to the channel email.

    As for subscription and for incidents its only selected the default ones. ill try if is a port closed error.


    DR.M3rL4

    Tuesday, August 1, 2017 12:06 PM
  • also connector status is never run. could be that workflow account exist on second domain that has not comunicacion like ADFS to Office365? it means that is an AD account in another forest than the one connected to Office365

    DR.M3rL4

    Tuesday, August 1, 2017 6:09 PM
  • Hi 

    I would open the Exchange Connector settings and try the "Test Connection" button. This will tell you if it can connect to the Office 365 mailbox.

    Check that the connector is Enabled. It is possible to create it in a disabled state.

    Then check how often you have it set to run. For testing you could have it below 2 mins ie 60 secs, but usually in production it is set to 5 mins.

    You could also look at increasing the logging level. To troubleshoot further we need to get an error that gives us some idea of what is happening.

    I am confused about the MX record and the SMTP relay. The Exchange Connector is only for reading email in a mailbox. It has not related to sending email. 

    The notification channel and notification subscriptions will need to have the correct Office 365 servers to be able to send email. I would follow this advice: How to set up a multifunction device or application to send email using Office 365

    Regards

    Glen



    Web: www.xapity.com  |   Twitter: @xapityapps  |   Facebook: xapityapps

    Tuesday, August 1, 2017 8:29 PM
  • im testing every option.

    The connection was succesfull. but it never run. now as per other kb this could be that the workflow account permisions.

    SMTP relay direct to Of365 didnt work.

    Office 365 connector doe not pull emails, and has not selected to process emails from only people inside the cmdb.

    i tested using mi email account that is added on the workflow and does not process.


    DR.M3rL4

    Tuesday, August 1, 2017 8:33 PM
  • i used http://windowsitpro.com/service-manager/faq-connect-service-manager-office-365

    and http://blog.scsmsolutions.com/2012/02/setup-notification-from-scsm-to-exchange-online-office365-mailboxes/


    DR.M3rL4

    Tuesday, August 1, 2017 8:37 PM
  • Hi

    The connection was successful - that is good. Then the workflow account is not relevant. The connection tested the ability to read email from the Office 365 mailbox and this is all we usually need.

    Which Exchange API have you got installed - 1.2 or 2.1?

    Regards

    Glen


    Web: www.xapity.com  |   Twitter: @xapityapps  |   Facebook: xapityapps

    Tuesday, August 1, 2017 8:43 PM
  • api version is 1.2

    DR.M3rL4

    Tuesday, August 1, 2017 8:44 PM
  • Hi

    Have you increased the logging level on the Exchange Connector?

    Are there any errors in the Event Viewer?

    Without any errors I am not sure what is happening. It appears you have it set up correctly and it should work. Obviously this is not the case, but I am out of ideas on what is wrong.

    Regards

    Glen


    Web: www.xapity.com  |   Twitter: @xapityapps  |   Facebook: xapityapps

    Tuesday, August 1, 2017 8:56 PM
  • no events, only status Never Run. i made the sync over 5 minutes but still same status.

    DR.M3rL4

    Wednesday, August 2, 2017 12:59 PM
  • Do i need to connector create a rule in office 365 to accept messases?

    DR.M3rL4

    Wednesday, August 2, 2017 2:34 PM
  • does this needs to be configured in orchestrator as workflow?

    DR.M3rL4

    Wednesday, August 2, 2017 2:56 PM
  • one thing i see is that loging trough IE to the url creates a service is not passing to mailbox.

    I think that the connector will work with exchange. most of kbs talks about workflow accounts, permissions, adfs, and smtp.

    i re made the connector, i elevated the loging level to near 1 hour but yet the status of connector against Office365 is never run.

    Do you know if this can be work?


    DR.M3rL4

    Wednesday, August 2, 2017 8:33 PM
  • Hi

    Yes, the Exchange connector can work against Office 365 when Local AD and Office 365 are in different domains. I have tested this configuration in my lab and seen others do it.

    I am not sure what you mean about the URL creates a service. 

    The connector is not sending messages, it is reading messages - a rule in Office 365 is not needed.

    I am not sure if the MX record pointing to the local server would confuse the connector - but this should still allow the connector to at least run. It concerns me that the connector is not running. This is not normal.

    There is no need to do an Orchestrator workflow, the Exchange Connector can work with Office 365. 

    Which SCSM server are you creating this on - the SCSM workflow server (usually the first SCSM server installed)?

    If possible, I think you need to start again - try and remove all changes that you have made relating to the Exchange connector and send email settings. But if this a production environment, this may not be possible.

    Or create a new lab environment - it can basically be on one computer and test a completely new setup from there. 

    If you have Microsoft Premier Support, it might be worth logging a call with them. It is very strange that the connector will not run and has no errors. 

    I am not sure what else to try. 

    Regards

    Glen


    Web: www.xapity.com  |   Twitter: @xapityapps  |   Facebook: xapityapps

    Wednesday, August 2, 2017 8:39 PM
  • if you put the url in a browser https://outlook.office365/exchange/ews.amxl it shows welcome and you have created it a service, use svscutil or visuall studio to create the answerfile

    since there are no logs of error what could be the trigger for that the connector will not be running?


    DR.M3rL4

    Wednesday, August 2, 2017 8:43 PM
  • one of the notes from technet https://social.technet.microsoft.com/Forums/systemcenter/en-US/025138c6-df97-4d14-9872-187e5e9e7dbd/exchange-connector-to-office-365?forum=administration

    DR.M3rL4

    Wednesday, August 2, 2017 8:44 PM
  • Hi

    The URL  https://outlook.office365/exchange/ews.amxl points to the autodiscover record for Office 365 and is used to redirect you to your mailbox. The fact you can connect to it is good as it proves network connectivity via firewalls, gateway etc. The content does not matter, just the fact you can get there.

    The second post link seems to be more about sending email. The Exchange Connector has nothjing to do with sending email, it is only for reading email.

    I do not know why the Exchange Connector is not running. Can you post a screen shot, just to confirm. In my lab testing to Office 365 I got this:

    Regards

    Glen


    Web: www.xapity.com  |   Twitter: @xapityapps  |   Facebook: xapityapps


    • Edited by Glen.Xapity Thursday, August 3, 2017 8:41 PM
    Wednesday, August 2, 2017 8:57 PM
  • here is the capture

    DR.M3rL4

    Thursday, August 3, 2017 12:16 PM

  • DR.M3rL4

    Thursday, August 3, 2017 12:18 PM

  • DR.M3rL4

    Thursday, August 3, 2017 12:19 PM
  • the Exchange connector events after eleveated the logging trough REgs show only that credentials were acceted.

    No other error. hope that can reproduce it in your lab.


    DR.M3rL4

    Thursday, August 3, 2017 5:41 PM
  • Hi

    Thanks for the screen shots. That is very strange. Everything looks good. I can not replicate this in my lab, mine works as expected.

    but this has happened to others before, no solution was posted:  https://social.technet.microsoft.com/Forums/office/en-US/f38c7330-d7b6-42b0-a482-5051807e8fbc/exchange-connector-in-never-run-status-in-service-manager-2012-sp1?forum=connectors

    And another one with no resolution:  https://social.technet.microsoft.com/Forums/office/en-US/2beed003-2222-490a-b36b-9d2015b47113/exchange-connector-30-never-run-no-logs?forum=connectors

    This blog post:  http://scug.be/valerie/2013/02/09/scsmexchange-connector-never-run/ has the same issue, but was using a workflow account that did not have SCSM admins permissions. Does your SCSM workflow account (and I know we are using a Run As account to connect, so not this account but the normal SCSM workflow account) have SCSM admin permission.

    Maybe follow the steps in this blog:  https://justanitguy.com/2016/04/19/scsm-exchange-connector-wont-re-sync/ It talks of having an outage to SQL and then the Exchange Connector would not run after. 

    My only suggestion is to start again or test in a different environment.

    Regards

    Glen


    Web: www.xapity.com  |   Twitter: @xapityapps  |   Facebook: xapityapps

    Thursday, August 3, 2017 8:56 PM
  • Hi Glen. as i explained before. there are 2 forest. Forest A and Forest B. Office365 is on Forest A and SM is on Forest B where there is no Sync with office 365. so the email account is only an account of Office365 and not included in the workflows. i can try to create an account on Forest A and see if i can included in SM.

    DR.M3rL4

    Friday, August 4, 2017 11:38 AM
  • In forest A where is synced to OF365 i created an AD with OF365 email account. i added that account as workflow and admin of SCSM. i recreated the connector, but again is in never run status and not processing emails.

    DR.M3rL4

    Friday, August 4, 2017 2:43 PM
  • I dont have another enviroment. does Connector needs to be in same AD where the sync to OF365 domain is?

    DR.M3rL4

    Friday, August 4, 2017 3:02 PM
  • as part of mi readings due the issu i found one technet post that indicates that the connector and smtp works with windows authentication. so if you have the workflow account in another forest, and office domain is different will not work

    DR.M3rL4

    Friday, August 4, 2017 3:08 PM
  • i tried https://justanitguy.com/2016/04/19/scsm-exchange-connector-wont-re-sync/ but no luck still never run status

    DR.M3rL4

    Friday, August 4, 2017 3:35 PM
  • Hi

    Having the accounts in two forests should be OK, that is the purpose of the Run As account in this case. 

    As you have no errors and the Exchange Connector was configured with no issues, I have no ideas on what could be wrong. My suggestions above were best guesses.

    At this stage my only suggestion is a support call to Microsoft. 

    Regards

    Glen


    Web: www.xapity.com  |   Twitter: @xapityapps  |   Facebook: xapityapps

    • Marked as answer by nachio Monday, August 7, 2017 8:02 PM
    Friday, August 4, 2017 9:35 PM
  • we dont have support. so can not call MS.
    But i strongly thinks that this is due forest, as part of the reading from technet and SM architecture that indicates one forest connection, not connector. so i believe that email will not work with office 365.

    Thanks.


    DR.M3rL4

    Monday, August 7, 2017 8:02 PM