Troubleshooting Office 365 connectivity

When you verify connection settings in the last step of the Exchange Server connection wizard, the program performs three actions: checks your server connection, attempts to grant impersonation rights on user mailboxes, and tries to enumerate target mailboxes by using PowerShell. If the program fails to perform any of these actions, it will display failure notifications (Fig. 1.).

Backup Office 365 connection wizard failures
Fig. 1. Failure notifications shown when configuring a connection to Office 365.

Click on the links below to learn about possible causes and solutions for each of these errors.

Failed to connect to Exchange Server

First, the program checks if it can establish a connection to the target Office 365. The program tries to access the administrator's mailbox with EWS (Exchange Web Services) API. Next, it attempts to enumerate the Inbox folder of this mailbox.

Any failure will result in the following notification: Failed to connect to Exchange Server (see Fig. 1.). Click the Failure link on the right side of the notification to view details on the error. The examples below show the most common error messages:

The request failed. The remote server returned an error: (401) Unauthorized.

The error above indicates that the administrator's credentials entered in the Admin's credentials step of the Exchange Server connection wizard are incorrect or belong to a non-administrative user. To fix the problem, make sure to enter the proper administrator's credentials.

This error may also appear when configuring a connection to Office 365 by using an account that has multi-factor authentication (MFA) enabled. Enter the app password instead of your regular Office 365 password when providing the administrator’s credentials. You can also disable MFA for that account or use another account that is not MFA-enabled. Read more about managing MFA for Office 365 users

The request failed. The underlying connection was closed: An unexpected error occurred on a receive.

The reason you experience this problem is that you might be using the software version that you have does not support TLS 1.2 and is therefore not able to connect to Office 365 services. Make sure you have the latest version of CodeTwo Backup installed (click the Check for updates link on the Dashboard tab to check that). Read more about problems related to the old TLS protocols and how to troubleshoot them

The request failed. Unable to connect to the remote server.

This error occurs if the domain name in the administrator's email address is misspelled or the password is wrong. To fix the problem, go to the Admin's credentials step of the Exchange Server connection wizard and make sure to enter correct credentials.

The Autodiscover service couldn't be located.

There may be a few reasons for this error to occur. If you recently added/migrated a domain the simplest solution would be changing the email address of admin account you are using (in Exchange options on Office 365) back to <yourdomain>.onmicrosoft.com. The other reason may be that your domain is not yet registered/verified with Microsoft's DNS or there is a problem with the Global Administrator account on Office 365 that is being used with our program. We recommend either checking the domain registration status, contacting the Microsoft Office 365 Support or trying the universal solution below:

  1. Choose a different existing account or create a new account on Office 365.
  2. Make sure the account is fully mailbox-enabled, i.e.:
    • Log in to OWA 365 with this account’s credentials.
    • Set the regional settings if prompted to do so.
    • Send an email to yourself or to another account and confirm it was delivered.
  3. Assign the Global administrator role in Office 365 to this account.
  4. Add Impersonation Rights for this account. If you have problems doing that from within our software please do it manually following steps for Exchange Online from this article.
  5. Use this new account in our program.

If the above does not help consider:

  • running the software on a different machine – this way you will rule out problems caused by security settings on the original machine, e.g. firewall;
  • installing the software outside of your environment (forest), e.g. on a virtual machine with trial Exchange Server, at home – this way you will rule out problems caused by customized or even improper DNS, proxy or routing configuration.

Failed to grant the impersonation rights

The second action performed by the program checks if the administrator whose email address was entered in the previous step of the Exchange Server connection wizard can impersonate users to perform actions on their behalf. The program does so by running the PowerShell command: Get-ManagementRoleAssignment. If the result is negative, the program tries to assign the administrator account to the application impersonation role.

Any failure will result in the following notification: Failed to grant the impersonation rights (see Fig. 1.). Click the Failure link on the right side of the notification to view details on the error. The examples below show the most common error messages:

The server could not be contacted. The LDAP server is unavailable.

This error might be caused by missing impersonation rights. The wizard tries to grant them automatically, but when it fails, the above message is shown.

Follow our Knowledge Base article to grant application impersonation rights manually and fix this issue.

Cannot bind parameter 'Name' to the target.

The error message is produced when the UPN of the user is too long and, therefore, software is not able to check/add impersonation rights properly. Either use a different server domain's admin account with a shorter name (Global administrator account in the case of Office 365) or add impersonation rights manually using PowerShell.

Failed to connect to target PowerShell

The last action checks whether PowerShell can connect to the target Office 365. After connecting to the target, the program tries to execute the Get-Mailbox PowerShell cmdlet to enumerate all mailboxes.

Any failure will result in the following notification: Failed to connect to target PowerShell (see Fig. 1.). Click the Failure link on the right side of the notification to view details on the error. The examples below show the most common error messages:

Connecting to remote server failed with the following error message: The WinRM client cannot process the request.

This error occurs if the domain name in the administrator's email address is misspelled or the password is wrong. To fix the problem, go to the previous step of the connection wizard and make sure to enter correct credentials.

The error above can also indicate that the credentials entered in the Admin's credentials step of the wizard belong to a non-administrative user. To fix the problem, make sure to enter the proper administrator's credentials.

Was this information useful?