ISSUE: The authentication header received from the server was 'Negotiate,NTLM'

Last modified:

Overview

During a Mailbox Move, the Step Message shows the following:

20 % complete. Status is Failed and Status Detail is FailedOther. Failure message is MrsHttpUnauthorizedException

Image 169


The Step could also result in an error as seen below:


Image 146


Upon review of the logs, the following can be found in the Endpointhost.log:

Error during ProcessResult method for step HybridMoveMailboxToO365. Details: Execute_HYBRID_MoveMailboxToO365: An error occurred during Exchange Online Powershell | |Microsoft.Exchange.MailboxReplicationService.MRSRemotePermanentException|The Mailbox Replication Service was unable to connect to the remote server using the credentials provided. Please check the credentials and try again. The call to 'https://12345678-965a-4d51-0000-27fedfc12c61.resource.mailboxmigration.his.msappproxy.net/EWS/mrsproxy.svc' failed. Error details: The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The authentication header received from the server was 'Negotiate,NTLM,Basic realm="12345678-965a-4d51-0000-27fedfc12c61.resource.mailboxmigration.his.msappproxy.net"'. --> The remote server returned an error: (401) Unauthorized.. --> The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The authentication header received from the server was 'Negotiate,NTLM,Basic realm="12345678-965a-4d51-0000-27fedfc12c61.resource.mailboxmigration.his.msappproxy.net"'. --> The remote server returned an error: (401) Unauthorized. | Result: Not received

And

HybridMoveMailboxToO365 | |BH.MYDOMAIN.com_EXC|613 |86ebd95d-0000-4f24-a798-c82c0d67cc9d| |b26cd37f-556a-431d-8380-cad81f8e64da|HybridMoveMailboxToO365 received partial result for move request. 20 % complete. Status is Failed and Status Detail is FailedOther. Failure message is MrsHttpUnauthorizedException

Cause

This occurs when there is an issue with the Exchange on-prem Admin account used for migration.

Solution

Below are items to verify when this issue occurs:

1. The simplest solution to try is re-entering the password for the Exchange On prem account that is configured within the Credential editor.  The following article provides steps on how to do this:  https://support.cloudficient.com/knowledge-bases/2/articles/114-how-to-use-the-credential-editor-to-update-service-account-passwords

Once the password is re-entered and the Remad.Exchange Service is restarted, restart the step if it hasn't already made any progress.  If it is in progress (X percentage complete), follow the resume-move request instructions at the bottom of this article. 

If this does not correct the error, proceed with the next solutions.  

2. Check if the Exchange Admin account is not Locked

3. Check if the Exchange Admin account has a valid password

4. Check if the Exchange Admin account has the necessary permissions for migration ("View-Only Organization management" and "Recipient Management")

Once the credential issue has been sorted, it is necessary to Resume the mailbox moves by using the following command: 


Resume-MoveRequest -Identity “email address”


The migrations will then continue once our software checks in with Exchange to verify the move has resumed. This should occur within 5-10 minutes of running the resume command. 

Is this article helpful for you?
HOW TO: Deal with BadItemLimits
INFO: Unread Enterprise Vault messages show as Read after migrating the EV archive
Customer support portal powered by UserEcho