5

I've been successfully using PowerShell and Exchange Online Management module for a long time. First I used the original version and lately I've been using the EXO v2 module. I'm also using MFA and a Global Admin account. We do not use any hybrid environments.

Today suddenly when I tried to connect it just gives me this error (I replaced some ID parts with ####):

New-ExoPSSession : Processing data from remote server outlook.office365.com failed with the following error message: [AuthZRequestId=####][FailureCategory=AuthZ-CmdletAccessDeniedException] The user "EURPR02A005.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/####" isn't assigned to any management roles. For more information, see the about_Remote_Troubleshooting Help topic. At C:\Program Files\WindowsPowerShell\Modules\ExchangeOnlineManagement\2.0.5\netFramework\ExchangeOnlineManagement.psm1:475 char:30

  • ... PSSession = New-ExoPSSession -ExchangeEnvironmentName $ExchangeEnviro ... ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    • CategoryInfo : ResourceUnavailable: (:) [New-ExoPSSession], PSRemotingTransportException
    • FullyQualifiedErrorId : System.Management.Automation.Remoting.PSRemotingDataStructureException,Microsoft.Exchange.Management.ExoPowershellSnapin.NewExoPSSession

Also like I said, I'm using a global admin account that has worked like a dream until today and no changes made by me to any roles. The command I've been using to connect is Connect-ExchangeOnline -UserPrincipalName #### -ShowProgress $true, where #### is my global admin account. After that I type in the password and accept the MFA notification on my phone. Then it gives the error.

What might be wrong? I'm grateful for any help regarding this problem, thank you!

EDIT: It seems many have the same problem at the moment so it could be on Microsoft's end. Thank you all for your answers this far and let's see if Microsoft gets it fixed. I have also opened a ticket with Microsoft but haven't gotten any real solution or information on it yet.

EDIT 2: The problem was on Microsoft's end and it is being fixed (EX280152) or might already be fixed for some (like our organization). I also made this edit as an answer for people who might still come reading about this problem.

Kind regards, Tenttu

Tenttu
  • 225
  • 1
  • 2
  • 8
  • 1
    Seeing `Error on proxy command 'Get-MailboxRegionalConfiguration -Identity:'xx@yy.se'' to server AM7PR10MB3938.EURPRD10.PROD.OUTLOOK.COM: Server version 15.20.4436.0000, Proxy method PSWS: Cmdlet error with following error message: Microsoft.Exchange.Configuration.Authorization.CmdletAccessDeniedException: The user "EURPR10A003.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/yyAB.onmicrosoft.com/zzz" isn't assigned to any management roles.` when trying to manage some users, but ok on managing other users. – NiKiZe Aug 27 '21 at 09:19

7 Answers7

3

This workaround seems to be working fine in the meantime.

$SessionOption = New-PSSessionOption -Culture "en-US"
Connect-ExchangeOnline -Credential $Credential -PSSessionOption $SessionOption
Morten
  • 140
  • 3
  • Yep, that solved the issue, hopefully there will be fix soon for nordic region – Taavi Sep 01 '21 at 16:27
  • -Culture isn't a valid option $SessionOption = New-PSSessionOption -Culture "en-US" New-PSSessionOption: A parameter cannot be found that matches parameter name 'Culture'. – dbroggy Dec 05 '21 at 05:14
2

We have the same problem in our tenant. But we also have problems with using the Exchange Online Console (Classic), if we navigate to "mailboxes" (or in our language "postlåda") we get an blank site.

And problems with OWA, there are missing links and button for all kind of settings.

The problem seems to related to what language you are running. If we change the prefereed language to english instead of swedish, then OWA is running fine and the Exchange Online Console.

But for the powersshell issue, i havent found a work around for this yet.

There is a ticket for this problem at Microsoft support, i think its offical published in the Office 365 portal

Daniel Blomqvist
  • 31
  • 1
2

And we have exactly the same problem since yesterday, users who have been able to login via EXO ps module gets an error saying they don´t have any management roles.

We also had problems with blank pages in ECP. As Daniel wrote, just change the language or login to "https://admin.exchange.microsoft.com/" and click on "Use old ECP" (if you don´t want to use the new ECP)

EDIT: Both problems mentioned above seems to have been solved by MS. We can access the old ECP and login via EXO ps module

Robert
  • 21
  • 2
2

I found a work-around. I suspected it was some regional bug due to all the nordic sounding names in this thread. So I tried changing the regional format in windows to "English (Europe)". Then i needed to logout and in again. After this I can successfully connect to exchangeonline.

enter image description here

Øyvind
  • 103
  • 5
  • Thanks for this information! It will help in a pinch but let's hope MS quickly resolves the issue. I got another reply from MS support saying they still need a bit more time to diagnose the problem. – Tenttu Aug 26 '21 at 10:38
  • So it is English formatting that you change and it works? That would break a whole bunch of our apps, so not even going to try. – NiKiZe Aug 27 '21 at 09:17
  • 2
    I changed the regional settings and it works yes. So basically it will change how dates and times are displayed. It is a user setting, so it will only affect your user. @NiKiZe I talked to Microsoft support and they said that it is a known bug that they are working on. They have registered the bug to affect Norway, Finland, Sweden and Lithauania. They say it should be fixed within a week. (I have my doubts) – Øyvind Aug 27 '21 at 09:21
1

We started seeing the same yesterday. It works for some of our customers having exactly the same configuration of our software as those that have the problem. We have opened a ticket with Microsoft.

Edit There is an advisory available in the M365 health portal:

August 27, 2021 2:46 PM Title: Some admins are unable to access Exchange Online PowerShell while using Norwegian or Swedish OS regional formats

User Impact: Admins are unable to access Exchange Online PowerShell while using Norwegian or Swedish OS regional formats.

More info: Admins may set their OS regional format to English (Europe) as a workaround.

Current status: We've identified an update that is part of our regularly scheduled maintenance, contains a code regression, resulting in the infrastructure responsible for Role Based Access Control (RBAC) to unexpectedly interpret string data incorrectly. We've determined impact is specific to admins who have their OS regional format set to Norwegian or Swedish. We're in the process of developing and deploying a fix to remediate impact.

Scope of impact: Impact is specific to admins with their OS regional format set to Norwegian or Swedish.

Root cause: An update that is part of our regularly scheduled maintenance, contains a code regression, resulting in the infrastructure responsible for Role Based Access Control (RBAC) to unexpectedly interpret string data incorrectly.

Next update by: Friday, September 3, 2021, 9:00 PM (7:00 PM UTC)

Tore Olav Kristiansen
  • 185
  • 1
  • 13
1

I did some more research.

If I connect to Exchange Online thru Connect-ExchangeOnline or other EXOP-variants and then login in with an account that is directly created in Azure (not a dirsynced one) for example: username@contso.onmicrosoft.com, then the Powershell connection go thru even tough the language/location of the account itself is Swedish. I dont know if this is just a coincidence..

The problem with running the old ECP doenst seems to be fixed yet, this could be because its soon depcrated and microsoft dont want to troubleshoot it.

I think there is a patch that has been pushed out the to exchange enivorment (not at the same time), to each server. And depending where your mailbox is located and the server gets patched with this "language bug". If i understand it correcly, the mailboxes is scattered around the enivorment even tough you may think your mailboxes in your tentant belongs to one server...

Daniel Blomqvist
  • 31
  • 1
0

So in the end the problem was indeed on Microsoft's end. I just now managed to successfully make the connection again even though the official ticket/incident (EX281207) is still open.

Thank you all who contributed to the question, the information helped us conclude that the problem is no on our end and there was also a good workaround for us to use if needed at the time.

Tenttu
  • 225
  • 1
  • 2
  • 8