Saturday, 25 January 2014

Office365: New-MoveRequest causes MRSProxy.svc or "the connection to the server could not be completed" error in hybrid organization

Update for this issue is available here:


This is one of nagging problems which could be caused by many things.

It's not easy to track this.

When you try to move mailboxes between on-premises and the cloud, you see errors.
In the powershell you see something like this:

The call to '' failed. Error

details: The HTTP request is unauthorized with client authentication scheme

'Negotiate'. The authentication header received from the server was

'Negotiate,NTLM,Basic realm=""'. --> The remote server

returned an error: (401) Unauthorized..

    + CategoryInfo          : NotSpecified: (:) [New-MoveRequest], RemoteTrans


    + FullyQualifiedErrorId : [Server=DBXPR99MB999,RequestId=something,TimeStamp=1/20/2014 1:13:53 PM] [FailureCategory=Cmdle

  t-RemoteTransientException] B92B1723,Microsoft.Exchange.Management.Recipie


    + PSComputerName        :

Instead of giving you full description to track this issue, I propose you to try use the PowerShell to move mailboxes to the Office365.

What causing the problems?
In hybrid configuration you have configured different default domain from the one that is set in  Office365. Instead of logging to Office365 as a new domain, let's say,, you should use AD domain credentials, let's use for example and with format of DOMAIN\username, and NOT in username@domain.

Let's do it:

Connect to Office365 with Windows Azure Module for Active Directory.
(detailed description here:

In Azure add-in, you should go with it:

$cred = Get-Credential – in the format of

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri -Credential $cred -Authentication Basic -AllowRedirection

Import-PSSession $Session

Then  after connect to Office365 enter the followings:

$cred=get-credential – Credentials should be in format\username

New-MoveRequest -identity USERTOMOVE -Remote -RemoteHostName -TargetDeliveryDomain -RemoteCredential $cred -BadItemLimit 50 -LargeItemLimit 50

RemoteHostName parameter is a CAS server with MRSProxy enabled http address (probably the same as the local OWA or ActiveSync for on-premises users).
BadItemLimit and LareItemLimit are optional parameters

For me it works, so some of you should be happy too:)

Office365: How to connect to from Powershell

How to connect to the blue, M$ cloud?
I suppose you may know how, but this could be little tricky so...

What you'll need?
I start with that what do you NOT need :)
If you manage hybrid environment you may ask yourself and me if you need domain added computer to connect to Office365. No, you don't. You can use any computer you have that will be able to run this:

Windows Azure Module for Active Directory

You can download it as a part of big package - Web Platform Installer
You can download it's parts:
1. Beuatiful named MOS SIA (Microsoft Online Services Sign-In Assistant) package to work with in Office 365:
2. Windows Azure Module

For x64:
For x86:

Then install - first MOS SIA, then Windows Azure module.
After that you should end up with blue window like this:

You then could use below commands to connect to your Office365 server:


After that you get window prompt for credential
Use credential in format user@domain

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri -Credential $cred -Authentication Basic -AllowRedirection

You should have info about redirection:
WARNING: Your connection has been redirected to the following URI:
" "

This is OK.

Import-PSSession $Session 
and wait...

You should see loading banner:


Don't go mad, this could take some time,  even few minutes, despite of network and service condition.
OK, sometimes it's good not to wait until death, and press Enter (once is enough, really :).

After you see all the supported and imported commands, you are ready to manage Office365 from the Powershell.


After you end your work with Office365 use the:
Remove-PSSession $Session

If you won't use it, session will expire automatically after 15 minutes or so.

Below the link for technet article: