4

According to these videos, it looks like it is possible to reach on-prem Exchange mailboxes in a hybrid setup just like Exchange online mailboxes using the Microsoft Graph API.

So, we have a hybrid setup in which some of the mailboxes are only on-prem. OAuth works for them and I can get an access token. Using that token, when I hit the https://graph.microsoft.com/v1.0/me/, I get the basic profile of the user.

But when I try to read the mailbox content by hitting either of these endpoints:

https://graph.microsoft.com/v1.0/users/(email-address-here)/messages/

https://graph.microsoft.com/v1.0/me/messages/

I get the following error response:

{
    "error": {
        "code": "ResourceNotFound",
        "message": "Resource could not be discovered.",
        "innerError": {
            "request-id": "5d92ef93-e4d5-4610-acd0-a8d2d491d5ab",
            "date": "2018-09-07T09:31:06"
        }
    }
}

I am sure we have messed up some step of our Hybrid setup but don't know which one. Can someone please point out some configs that we should double check? What could be the cause of this?

The scopes used to generate the access token include Mail.Read and our on-prem Exchange server version is 15.1.1531.3 which, according to the table on this page is Exchange Server 2016 CU10.

Also, if I directly hit the following URL of our on-prem installation in a browser, it asks me for email and password:

https://(myonprem.exchange.com)/api/v2.0/me/messages

When I provide that, it returns the mailbox contents in JSON format, so it means API is available on on-prem server too. It is just that Microsoft Graph is unable to locate it somehow.

This Exchange Server is installed on Azure. So if I can access its /api virtual directory from my home internet connection, then Microsoft Graph should be able to access it too. So, it couldn't be a firewall issue either.

One thing that I want to point out though is that outbound email from this server is not working. Our sysadmin who did the hybrid setup told me that the SMTP port needed for outbound email is blocked on Azure. Could it be the reason of my problem by any chance?

Marc LaFleur
  • 31,987
  • 4
  • 37
  • 63
Muhammad Anas
  • 398
  • 1
  • 4
  • 14
  • 1
    Does the On-Premises Active Directory synchronize with Azure Active Directory? We can get more detail in this [document](https://developer.microsoft.com/en-us/graph/docs/concepts/hybrid_rest_support) – Keen Jin Sep 10 '18 at 09:06
  • 1
    Please refer to [Use REST APIs to access mailboxes in Exchange hybrid deployments](https://developer.microsoft.com/en-us/graph/docs/concepts/hybrid_rest_support) to check if all requirements are met for the REST API to work in Hybrid environments. – SaurabhSharma Sep 13 '18 at 21:57
  • Thanks for the comments guys. We finally got it working. Following are some of the issues that our sysadmins identified and fixed: 1. Timezones of our office 365 account and the exchange on-prem server were not same. We made them same. This helped with active directory sync. 2. Autodiscovery was not configured properly. There were problems with both the DNS records and SSL certificates. – Muhammad Anas Sep 19 '18 at 17:13
  • 1
    Muhammad I would request you to post above comment as answer so that this thread is considered answered and other members also could refer to it as solution. – Mohit_Garg Sep 28 '18 at 01:08
  • @Mohit_Garg Done :-) – Muhammad Anas Sep 28 '18 at 12:48

1 Answers1

0

Thanks for the comments guys. We finally got it working. Following are some of the issues that our sysadmins identified and fixed:

  1. Timezones of our office 365 account and the exchange on-prem server were not same. We made them same. This helped with active directory sync.
  2. Autodiscovery was not configured properly. There were problems with both the DNS records and SSL certificates.
Muhammad Anas
  • 398
  • 1
  • 4
  • 14