Category Archives: Office365

DKIM in Office 365

Microsoft has implemented DKIM, DMARC and SPF in Exchange Online, the only thing you have to do is enable it. The only thing for DKIM you have to do is create two CNAME records in DNS and enable DKIM in the Exchange Admin Center.

DKIM CNAME records

The CNAME records you have to create for DKIM look like this:

Selector1 and selector 2 are the 2 selector tags (in Office 365 these will always be selector1 and selector2), the _domainkey is a default tag that will be added. Of course you have to replace the with your own domain.

The CNAME records have to point to the following locations:

Continue reading DKIM in Office 365

412 Cookies are disabled

This blogpost is more a note to self, but sigh, I hate it when it does this…. show the 412 Cookies are Disabled error message when trying to open the Exchange Admin Center (EAC) in Exchange Online:


I’m not sure if this issue shows up every time, but at least it shows up when you want to configure an Exchange Hybrid Configuration and you select Hybrid in the On-Premises EAC and select Sign In to Office 365.

To solve this, select the Tools menu in Internet Explorer, select Internet Options and click the Privacy tab.

Lower the slider just one click to Low and click Apply or OK.


Now when you refresh the page in Internet Explorer it should continue with the Hybrid Configuration page:


SuspendWhenReadyToComplete when using a migration batch in Office 365

Currently I’m working with a customer in a hybrid Exchange 2010 environment. There are multiple offices around the US, and one office in California will close soon. Therefore, all Mailboxes need to be moved to Office 365. The customer created multiple migration batches, and all batches are set using the -SuspendWhenReadyToComplete option. So, when a Mailbox migration in this batch reaches 95% the move will stop, and both Mailboxes will be kept in sync.

So, I started a Remote PowerShell session to Exchange Online (completing an individual move request as part of a batch is not possible in the Exchange Admin Console) and executed the following command:

Get-MoveRequest -Identity | Resume-MoveRequest -Confirm:$false

While no error message was generated, the move requests were not finished. After some head scratching I realized that the -SuspendWhenReadyToComplete option is set on the migration batch, and that the move requests ‘inherit’ this setting. So, when resuming the move request it will automatically suspend again when hitting 95% (which is a matter of seconds).

So, I executed the following commands:

Get-MoveRequest -Identity | Set-MoveRequest -SuspendWhenReadyToComplete:$false
Get-MoveRequest -Identity | Resume-MoveRequest -Confirm:$false

Unfortunately, nothing happened and the move request stayed in the ‘synced’ state and was not willing to finalize. And of course no errors were logged.

At one point I realized I read something in the New-MoveRequest page on TechNet, where it says at the SuspendWhenReadyToComplete option:

“The SuspendWhenReadyToComplete switch specifies whether to suspend the move request before it reaches the status of CompletionInProgress. Instead of this switch, we recommend that you use the CompleteAfter parameter.”

This time I executed the following commands:

$Date = Get-Date
Get-MoveRequest -Identity | Set-MoveRequest -CompleteAfter $Date
Get-MoveRequest -Identity | Resume-MoveRequest -Confirm:$false

And this time the individual move requests in the migration batch were successfully finalized.

Your OneDrive has not been setup

Since mid June 2016 I’m experiencing issues with my OneDrive for Business account and my next generation OneDrive app, where an error message is raised “Your OneDrive has not been setup”, like this:


This happens on my laptop (Windows 10) and on my Desktop PC (Windows 8.1). The strange thing is that it’s not consistent. Sometimes it works on one machine, sometimes on the other machine.

Tried resetting the OneDrive for business client using the following command:

%localappdata%\microsoft\onedrive\onedrive.exe /reset


But this didn’t work. When starting the OneDrive for Business client without the /reset option, it starts and wants to know which library do you want to sync:


Still no luck.

Reinstalled my laptop with Windows 10 Enterprise (April 2016 update, had to do this anyway) and joined it to Azure Active Directory. OneDrive for business worked for 24 hours, and then started again raising the error as shown in the first screenshot.

The best option however is to check the Microsoft portal ( with your tenant administrator account and check the Service Health page.


Where it states:

Service restored – Jun 29, 2016 12:38 PM

Final Status: Redirecting requests to an alternate infrastructure remediated impact. We’ve added more capacity and have rebalanced the service to avoid recurrence of this issue.

User Impact: Users may have been unable to sign in to OneDrive for Business when using the Next Generation Sync Client, and they may receive an error which states, “Your OneDrive has not been setup”. While we were focused on remediation, users may have been able to access the service using the OneDrive for Business website as an alternative method.

Scope of Impact: A few customers reported this issue, and our analysis indicated that impact was specific to a subset of your users.

Start Time: Tuesday, June 28, 2016, at 7:05 AM UTC

End Time: Tuesday, June 28, 2016, at 11:00 PM UTC

Preliminary Root Cause: The Next Generation Sync Client was encountering intermittent errors from a dependent component that handles user and service provisioning.

So, after a couple of days it turns out that this is a capacity planning issue at Microsoft, and the only thing I can do is wait until it’s working again.

The good news is that I can access the data online via the portal (logon using your normal user account) and continue working. The bad news is however that this is not something you can expect from a serious provider like Microsoft L

Azure AD Connect Unable to update this object

In earlier blog post I explained how to create user account on-premises and accompanying Mailboxes in Office 365. This is possible with or without an Exchange server on-premises. The latter works, but it’s not supported.

There are also scenarios where you have cloud identities in Office 365 that you want to connect to user accounts in an on-premises Active Directory, so basically converting the cloud identity to a synced identity. This is a common scenario for example when moving from one tenant in Office 365 to another tenant, of maybe when moving from Groupwise or Notes to Office 365.

Suppose we have a cloud identity in Office 365 for a user named Chong Kim, he has an E3 license, a username and this is also his primary SMTP address.

clip_image002 Continue reading Azure AD Connect Unable to update this object