During a migration from Exchange onPrem to Microsoft 365, the error occurred that users synchronized via AADConnect could not log in to some services (such as Exchange Online and Office Portal) (HTTP 500 error). However, it was possible to log in to Teams and OneDrive without any problems. It was also possible to log in to all services via Edge and Internet Explorer, but not from smartphones and other browsers such as Chrome, Firefox or Safari. Signing in with Outlook was also possible without any problems.
When I tried to log on to the Office Portal (https://portal.office.com), only the following error message was displayed (unfortunately not very helpful):
Sorry, that didn't work.The HTTP 500 error message when trying to log in to Outlook Web (https://outlook.office.com) was a little more helpful here:
The following section from the details of the error message is of interest here:
X-Auth-Error OpenIdConnect Microsoft.Exchange.Security.OpenIdConnect.OpenIdConnecIdpExceptionDer Text „OpenIdConnectIdpException“ deutet darauf hin, dass es Probleme mit AADConnect und der Art der Benutzeranmeldung gibt. In diesem konkreten Fall, war AADConnect auf die Anmeldemethode „Passthrough-Authentifizierung“ konfiguriert (Standard). Im Azure Active Directory war jedoch die Passthrough-Authentifizierung deaktiviert und kein Agent in der onPrem Umgebung installiert:
Da in diesem Fall alle die Hybrid Konfiguration nur bis zum Abschluss der Migration bestand hat, wurde kurz um die Anmeldemethode „Kennwort-Hashsynchronisierung“ in AADConnect aktiviert:
After synchronization, it was possible to log in with all devices and browsers without any problems. Alternatively, the corresponding agent can also be installed so that pass-through authentication can be used accordingly. Further information on pass-through authentication and password hash synchronization can be found here: