Troubleshooting application authentication
When configuring a connection to Office 365, the program attempts to authenticate itself with your Azure Active Directory. If it fails to do so, you will receive the following notification (Fig. 1.):
Click Details to learn more about the cause of the failure. The most common errors and possible solutions are listed below.
The SMTP address has no mailbox associated with it.
You will get this error if the email address provided in the Application details step of the server connection wizard is not mailbox-enabled (it is not assigned an Office 365 license). You will also get this message if the provided email address is from a different Office 365 tenant than the one determined by the Tenant ID.
CodeTwo Exchange Migration uses Exchange Web Services (EWS) to access Office 365, list users/mailboxes and perform migrations. The requirement that the admin account used by the program needs to have a mailbox is enforced by EWS itself.
ClientId is not a Guid.
The Client ID entered in the Application details step is not valid. A valid GUID has the following form: 12345678-1234-1234-1234-1234567890AB. Double-check the entered Client ID and try again.
The operation was canceled.
This is a timeout error message that you will receive if the provided Client ID is not identified with any application registered in your Azure AD. Provide the correct ID or check if the application under that ID still exists in the Azure AD.
Tenant '<Tenant ID'> not found.
Make sure you have entered a correct Tenant ID of your Office 365 tenant. The Tenant ID (or Directory ID) can be found in Azure Active Directory admin center – simply navigate to Azure Active Directory > Overview. The Tenant ID is visible under the name of your company.
The certificate used must have a key size of at least 2048 bits.
This error appears if you have registered CodeTwo Exchange Migration manually in your Azure AD and used a certificate that contains a key that is shorter than 2048 bits. Use a different certificate that uses the necessary key or generate a client secret instead.
The wrong application (public or confidential) is being used with this authentication flow.
You will get this error if you enter an incorrect Certificate thumbprint / Client secret (app password) in the Application details step, if that certificate / client secret no longer exists in your Azure AD, or if it has expired.
You can also try the following solutions:
- synchronize the time on the machine where CodeTwo Exchange Migration is installed with a time server,
- use the Client secret credential instead of Certificate thumbprint in the case you registered the CodeTwo migration application in Azure AD manually.