none
Hybrid Configuration Wizard stuck at Domain Ownership RRS feed

  • Question

  • Hi


    I am running the Hybrid configuration wizard and it is getting stuck at the Domain Ownership part.


    I have added the txt record to my domain dns as instructed.


    Still I cannot get past this part is constantly tells me that it fails to find txt record in public dns


    Using a script downloaded from the microsoft site I get the following 


     


    VERBOSE: Connecting to EXCH.dan.com.

    VERBOSE: Connected to EXCH.dan.com.

    Get federated domain proof for domain dantech.xyz

    Proof: H2doj5obTY1+qO6JxhZlwpp2uywZuvjI65+5RSxDK2fLvou7f0sKLAqoj3e2BxP9yb3M5oI8ibTAc4NVhCX4PA==

    Lookup TXT records for domain dantech.xyz

    TXT records:

    v=spf1 include:spf.protection.outlook.com -all

    MS=ms94239809

    Compare proof to TXT records

    Proof not found in txt records



    I added these records 5 days ago so it's not a replication thing.


    Errors from the HCW logs are below. Can anyone assist?

    I have successfully added my domain as an accepted domain to my o365 and that worked without issue 



    2019.08.27 21:32:58.108 *ERROR* 10277 [Client=UX, Activity=Domain Ownership, Session=OnPremises, Cmdlet=Set-FederatedOrganizationIdentifier, Thread=19] 

                                          FINISH Time=5825.2ms Results=PowerShell failed to invoke 'Set-FederatedOrganizationIdentifier': Proof of domain ownership has failed. Make sure that the TXT record for the specified domain is available in DNS. The format of the TXT record should be "example.com IN TXT hash-value" where "example.com" is the domain you want to configure for Federation and "hash-value" is the proof value generated with "Get-FederatedDomainProof -DomainName example.com". {CategoryInfo={Activity=[System.String] Set-FederatedOrganizationIdentifier,Category=[System.Management.Automation.ErrorCategory] InvalidResult,Reason=[System.String] DomainProofOwnershipException,TargetName=[System.String] ,TargetType=[System.String] },ErrorDetails=,Exception=[System.Management.Automation.RemoteException] Proof of domain ownership has failed. Make sure that the TXT record for the specified domain

                                           is available in DNS. The format of the TXT record should be "example.com IN TXT hash-value" where "example.com" is the domain you want to configure for Federation and "hash-value" is the proof value generated with "Get-FederatedDomainProof -DomainName example.com".,FullyQualifiedErrorId=[System.String] [Server=EXCH,RequestId=ba5364a6-7448-41b4-9f84-0ccbac701e28,TimeStamp=8/27/2019 9:32:57 PM] [FailureCategory=Cmdlet-DomainProofOwnershipException] 5DEF9986,Microsoft.Exchange.Management.SystemConfigurationTasks.SetFederatedOrganizationIdentifier}

    2019.08.27 21:32:58.122 *ERROR* 10224 [Client=UX, Page=DomainProof, Thread=19] 

                                          Microsoft.Online.CSE.Hybrid.PowerShell.PowerShellInvokeException: PowerShell failed to invoke 'Set-FederatedOrganizationIdentifier': Proof of domain ownership has failed. Make sure that the TXT record for the specified domain is available in DNS. The format of the TXT record should be "example.com IN TXT hash-value" where "example.com" is the domain you want to configure for Federation and "hash-value" is the proof value generated with "Get-FederatedDomainProof -DomainName example.com". {CategoryInfo={Activity=[System.String] Set-FederatedOrganizationIdentifier,Category=[System.Management.Automation.ErrorCategory] InvalidResult,Reason=[System.String] DomainProofOwnershipException,TargetName=[System.String] ,TargetType=[System.String] },ErrorDetails=,Exception=[System.Management.Automation.RemoteException] Proof of domain ownership has failed. Make sure that the TXT record for the specified domain is available in DNS. The format of 

                                          the TXT record should be "example.com IN TXT hash-value" where "example.com" is the domain you want to configure for Federation and "hash-value" is the proof value generated with "Get-FederatedDomainProof -DomainName example.com".,FullyQualifiedErrorId=[System.String] [Server=EXCH,RequestId=ba5364a6-7448-41b4-9f84-0ccbac701e28,TimeStamp=8/27/2019 9:32:57 PM] [FailureCategory=Cmdlet-DomainProofOwnershipException] 5DEF9986,Microsoft.Exchange.Management.SystemConfigurationTasks.SetFederatedOrganizationIdentifier} ---> System.Management.Automation.RemoteException: Proof of domain ownership has failed. Make sure that the TXT record for the specified domain is available in DNS. The format of the TXT record should be "example.com IN TXT hash-value" where "example.com" is the domain you want to configure for Federation and "hash-value" is the proof value generated with "Get-FederatedDomainProof -DomainName example.com".

              






    Wednesday, August 28, 2019 9:30 PM

All replies

  • Hi,

     

    Make sure that your external DNS server has the correct TXT records for "Proof" and that you can successfully query the server. Based on the TXT records of your domain, I noticed the none of the values that're returned by the Nslookup command match the "Proof of Domain Ownership" value that's returned by the Get-FederatedDomainProof command. Please use the result that's returned by the Get-FederatedDomainProof command to update your external DNS server. For more information, see the link below:

     

    "Proof of domain ownership has failed" error when you run the Hybrid Configuration wizard

     

    Regards,

    Kelvin Deng


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com


    Thursday, August 29, 2019 3:07 AM
  • Hi

    I have used the results from the Get-FederatedDomainProof  and added a txt record to my domains dns page the issue is it still doesn't work.

    See below the record has been added to my dns 5 days ago

    Thursday, August 29, 2019 1:47 PM
  • It is important that it includes everything, also the == at the end

    The one you have in your picture is not the same as the one you posted earlier?

    H2doj5obTY1+qO6JxhZlwpp2uywZuvjI65+5RSxDK2fLvou7f0sKLAqoj3e2BxP9yb3M5oI8ibTAc4NVhCX4PA==

    Please re-run HCW and see if record is the same. 


    Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you. Thank you! Off2work


    • Edited by Off2work Thursday, August 29, 2019 6:01 PM Edit
    Thursday, August 29, 2019 5:58 PM
  • The image doesn't show the full text.  On the site you have a to click the edit button to see full text. The image isn't to show the code it's to show that the record is in my dns. The text is correct.

    Does anyone have a solution or an idea?

    Thursday, August 29, 2019 7:10 PM
  • Hi,

     

    Since the issue is that you adding the TXT record in your domain, while Office 365 can't verify it, about this kind of issue, I suggest you ask a service request on the Office 365 Admin portal.

     


     

    Regards,

    Kelvin Deng


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com


    Monday, September 2, 2019 9:34 AM
  • Hi,

     

    I am writing here to confirm with you how the thing going now?

     

    If you need further help, please provide more detailed information, so that we can give more appropriate suggestions.

     

    Regards,

    Kelvin Deng


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com


    Thursday, September 5, 2019 1:13 PM