Office 365: 403 Sorry! Access denied


User receiving following error when trying to access Options from OWA in his Office 365 mailbox:


 Sorry! Access denied :(

 You don't have permission to open this page. If you're a new user or were recently assigned credentials, please wait 15 minutes and try again.

 You're still signed in. If you want to sign out, use the link below.
 sign out
 more info  

 Email address:
 Correlation ID:

 Client Access server name:
 Client Access server version:
 Time (UTC):

Continue reading

Office 365: ‘Subtask ValidateConfiguration execution failed: Configure Mail Flow’


When executing Hybrid Configuration Wizard you may receive plenty of different error messages related to any part of the process. One of the errors I have seen quite often is “Configure Mail Flow” error which happening on ‘Get-HybridMailflow’ command. It looking like:

[1/11/2000 18:16:56] ERROR:Updating hybrid configuration failed with error 'Subtask ValidateConfiguration execution failed: Configure Mail Flow
  at Microsoft.Exchange.Management.Hybrid.Engine.ExecuteTask(ITask taskBase, ITaskContext taskContext)
Additional troubleshooting information is available in the Update-HybridConfiguration log file located at C:\Program Files\Microsoft\Exchange Server\V14\Logging\Update-HybridConfiguration\HybridConfiguration_date_logfile.log.

Continue reading

Office 365: Refresh Hybrid configuration procedure

There can be situation where you need completely remove an re-create your Hybrid configuration which can seem challenging from required actions point of view. Procedure below describe steps needed to be done in order if you want remove and create Hybrid Configuration for example if you receiving following error when running Hybrid Configuration Wizard:

Execution of the Set-FederatedOrganizationIdentifier cmdlet has thrown an exception. This may indicate invalid parameters in your hybrid configuration settings.
 Federation trust "yourfederateddomain/Configuration/Deleted Objects/Microsoft Federation Gateway DEL:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" wasn't found. Make sure you have typed it correctly.
 at Microsoft.Exchange.Management.Hybrid.RemotePowershellSession.RunCommand(String cmdlet, SessionParameters parameters, Boolean ignoreNotFoundErrors)

That particular procedure is written for Exchange 2013/Office 365 Wave 15 configuration, but it works pretty well for Exchange 2010/Wave 15 Hybrid.


  1. Execute following command on you on-premise Exchange 2013 server (that command is not available on Exchange 2010, if your Hybrid server is Exchange 2010, just skip that step):
  2. Remove existing organization relationships from both on-premise and O365 (you can use that command, if you have just single relationship on each side):
    Get-OrganizationRelationship | Remove-OrganizationRelationship
  3. Continue reading

Office 365 PowerShell connection script

If you working with Office 365 PowerShell on daily basis, you may find that it is taking too much time to connect your Office 365 console, especially if you working with multiple tenants. You have to note usernames, passwords for all of the tenants and copy/paste them every time you want to make connection. Below you will find description, how to make it “single command” task.

Because that script will give access to your tenant without typing any username/password, I would suggest that you should not implement that on any public machine. Make sure that you are only person who can execute connection script.

OK, let’s start.

First of all we need to create addition file where encrypted tenant’s password will be stored. As an example create directory “O365Connections” on your C: drive and then create folder “keys” in it.

Start PowerShell prompt and type following command:

Read-Host -Prompt "Enter your tenant password" -AsSecureString | ConvertFrom-SecureString | Out-File "C:\O365Connections\keys\tenant1.key"

Continue reading