Microsoft Teams meeting delegation issue in exchange 2016 hybrid mode. Troubleshooting and Fix

 Hello All

Hope everyone is doing good and  today we are going to see one of the unique issue and the fixes in Microsoft teams environment  in exchange 2016 hybrid mode.

Issue Reported 

Teams meeting delegation is not working under hybrid mode [Exchange on-premise + Exchange Online]

 

Onprem users are unable to create a MS Teams meeting from the delegation mailbox.

Scenario

Onprem user 1 gave a mailbox calendar  delegation access Onprem user 2

Onprem user 2 can able to access the calendar of Onprem user 1

however when onprem user 2 create a MS Teams meeting from the onprem user1 calendar , He/she got the below “ MICROSOFT TEAMS , Sorry but we can’t connect to the server right now. Please Try again later”.

Microsoft has given a beautiful link  to perform the some straight forward commands in onprem exchange server 2016 to fix the issue

i have gone  through the below link and fixed the issue 

https://docs.microsoft.com/en-us/skypeforbusiness/deploy/integrate-with-exchange-server/oauth-with-online-and-on-premises

Step1

$user = New-MailUser -Name SfBOnline-ApplicationAccount -ExternalEmailAddress SfBOnline-ApplicationAccount@cloudmonkeys.xyz -DomainController "cmdc01.cloudmonkeys.xyz"

Step2

Set-MailUser -Identity $user.Identity -HiddenFromAddressListsEnabled $True -DomainController "cmdc01.cloudmonkeys.xyz"

Step3

New-ManagementRoleAssignment -Role UserApplication -User $user.Identity -DomainController "cmdc01.cloudmonkeys.xyz"

Step4

New-ManagementRoleAssignment -Role ArchiveApplication -User $user.Identity -DomainController "cmdc01.cloudmonkeys.xyz"

Step5

New-PartnerApplication -Name SfBOnline -ApplicationIdentifier 00000004-0000-0ff1-ce00-000000000000 -Enabled $True -LinkedAccount $user.Identity

Step6

C:\RamkiScripts>.\ExportAuthCert.ps1

   Directory: C:\

 Mode                LastWriteTime         Length Name

----                -------------         ------ ----

d-----        2/22/2024  12:14 PM                OAuthConfig

Step7 

Connect-MsolService;

$CertFile = "$env:SYSTEMDRIVE\OAuthConfig\OAuthCert.cer"

$objFSO = New-Object -ComObject Scripting.FileSystemObject;

$CertFile = $objFSO.GetAbsolutePathName($CertFile);

$cer = New-Object System.Security.Cryptography.X509Certificates.X509Certificate

$cer.Import($CertFile);

$binCert = $cer.GetRawCertData();

$credValue = [System.Convert]::ToBase64String($binCert);

$ServiceName = "00000004-0000-0ff1-ce00-000000000000";

$p = Get-MsolServicePrincipal -ServicePrincipalName $ServiceName

New-MsolServicePrincipalCredential -AppPrincipalId $p.AppPrincipalId -Type asymmetric -Usage Verify -Value $credValue

Please note : In the above link ,it mentioned to perform the upload certificate  using  Microsoft graph, however i used msonline to upload the certificate 

Microsoft Graph Shell

Connect-MgGraph Import-Module Microsoft.Graph $CertFile = "$env:SYSTEMDRIVE\OAuthConfig\OAuthCert.cer" $objFSO = New-Object -ComObject Scripting.FileSystemObject $CertFile = $objFSO.GetAbsolutePathName($CertFile); $cer = New-Object System.Security.Cryptography.X509Certificates.X509Certificate $cer.Import($CertFile) $binCert = $cer.GetRawCertData(); $credValue = [System.Convert]::ToBase64String($binCert) $ServiceName = "00000004-0000-0ff1-ce00-000000000000" $p = Get-MgServicePrincipal -ServicePrincipalId $ServicePrincipalNames Add-MgServicePrincipalKey -ServicePrincipalId $servicePrincipalId -Type asymmetric -Usage Verify -Value $credValue

Used case

Onprem user : David.hans

Onprem user : ramki

David.hans has given the mailbox delegation access to ramki

Ramki added the david.hans calendar in his outlook and able to create a microsoft teams schedule from david.hans calendar and sent

I hope this blog is useful and Happy Learning to all 😃