[GH-ISSUE #131] Error connecting to Outlook Web: Integrated Windows Authentication failed #59

New issue

Closed

opened 2026-02-27 20:31:03 +03:00 by kerem · 17 comments

kerem commented 2026-02-27 20:31:03 +03:00

Owner

Copy link

Originally created by @LSET2014 on GitHub (Nov 28, 2024).
Original GitHub issue: https://github.com/Set-OutlookSignatures/Set-OutlookSignatures/issues/131

Originally assigned to: @LSET2014 on GitHub.

Issue happens in the latest release

• I confirm that the issue happens in the latest release of Set-OutlookSignatures

Previously solved issues and documentation

• I have searched through issues, discussions and documentation, but have not found an answer to my issue

Code of Conduct

• I agree to follow this project's Code of Conduct

What happened?

Hello, I am running the script mostly with default parameters, but adding the following command:

powershell.exe -ExecutionPolicy Bypass -File .\Set-OutlookSignatures_v4.15.0\Set-OutlookSignatures.ps1 -Mailbox name@domain.com.ar -GraphOnly $true

and after logging in and authenticating, I get an error.

If I do not add -GraphOnly $true, I get the following:

Get email addresses @2024-11-28T12:11:33-03:00@
Get email addresses from Outlook Web
mail@domain.com.ar
Set up environment for connection to Outlook Web
Connect to Outlook Web
Creating new connection
Error connecting to Outlook Web: Integrated Windows Authentication failed, and there is no EXO OAuth access token available.
Check verbose output for details and solution hints.
The 'SignaturesForAutomappedAndAdditionalMailboxes' feature is reserved for Benefactor Circle members.
Find out details in '.\docs\Benefactor Circle'.

I do not use Benefactor Circle.
I use EXO and all emails are in Azure.
What might be missing or need to be checked?
Thanks.
Lucas

Originally created by @LSET2014 on GitHub (Nov 28, 2024). Original GitHub issue: https://github.com/Set-OutlookSignatures/Set-OutlookSignatures/issues/131 Originally assigned to: @LSET2014 on GitHub. ### Issue happens in the latest release - [X] I confirm that the issue happens in the latest release of Set-OutlookSignatures ### Previously solved issues and documentation - [X] I have searched through issues, discussions and documentation, but have not found an answer to my issue ### Code of Conduct - [X] I agree to follow this project's Code of Conduct ### What happened? Hello, I am running the script mostly with default parameters, but adding the following command: powershell.exe -ExecutionPolicy Bypass -File .\Set-OutlookSignatures_v4.15.0\Set-OutlookSignatures.ps1 -Mailbox name@domain.com.ar -GraphOnly $true and after logging in and authenticating, I get an error. If I do not add -GraphOnly $true, I get the following: Get email addresses @2024-11-28T12:11:33-03:00@ Get email addresses from Outlook Web mail@domain.com.ar Set up environment for connection to Outlook Web Connect to Outlook Web **Creating new connection Error connecting to Outlook Web: Integrated Windows Authentication failed, and there is no EXO OAuth access token available.** Check verbose output for details and solution hints. The 'SignaturesForAutomappedAndAdditionalMailboxes' feature is reserved for Benefactor Circle members. Find out details in '.\docs\Benefactor Circle'. I do not use Benefactor Circle. I use EXO and all emails are in Azure. What might be missing or need to be checked? Thanks. Lucas

kerem closed this issue 2026-02-27 20:31:03 +03:00

kerem commented 2026-02-27 20:31:03 +03:00

Author

Owner

Copy link

@GruberMarkus commented on GitHub (Nov 28, 2024):

Hi @LSET2014,

please run Set-OutlookSignatures with the "-verbose" parameter, save the full output to a file (this might help: https://github.com/Set-OutlookSignatures/Set-OutlookSignatures/?tab=readme-ov-file#148-how-can-i-log-the-software-output) and post it here.

Do not modify the script output before posting the file here, as this may lead to a wrong analysis.

<!-- gh-comment-id:2506402076 --> @GruberMarkus commented on GitHub (Nov 28, 2024): Hi @LSET2014, please run Set-OutlookSignatures with the "-verbose" parameter, save the full output to a file (this might help: https://github.com/Set-OutlookSignatures/Set-OutlookSignatures/?tab=readme-ov-file#148-how-can-i-log-the-software-output) and post it here. Do not modify the script output before posting the file here, as this may lead to a wrong analysis.

kerem commented 2026-02-27 20:31:03 +03:00

Author

Owner

Copy link

@LSET2014 commented on GitHub (Nov 28, 2024):

logfile.txt

I ran the collector like this.

Start-Transcript -Path 'c:\logfile.txt'; & powershell.exe -ExecutionPolicy Bypass -File .\Set-OutlookSignatures_v4.15.0\Set-OutlookSignatures.ps1 --verbose; Stop-Transcript

Ok?
Tanks
Lucas

<!-- gh-comment-id:2506458364 --> @LSET2014 commented on GitHub (Nov 28, 2024): [logfile.txt](https://github.com/user-attachments/files/17950437/logfile.txt) I ran the collector like this. Start-Transcript -Path 'c:\logfile.txt'; & powershell.exe -ExecutionPolicy Bypass -File .\Set-OutlookSignatures_v4.15.0\Set-OutlookSignatures.ps1 --verbose; Stop-Transcript Ok? Tanks Lucas

kerem commented 2026-02-27 20:31:03 +03:00

Author

Owner

Copy link

@GruberMarkus commented on GitHub (Nov 28, 2024):

Use -verbose instead of --verbose (only one -).

As you start the command from PowerShell, you can make it easier: Start-Transcript -Path 'c:\logfile.txt'; & .\Set-OutlookSignatures_v4.15.0\Set-OutlookSignatures.ps1 -verbose; Stop-Transcript

Please upload a new log file. The one you uploaded starts somewhere in the middle, the important parts are missing.

<!-- gh-comment-id:2506466310 --> @GruberMarkus commented on GitHub (Nov 28, 2024): Use `-verbose` instead of `--verbose` (only one `-`). As you start the command from PowerShell, you can make it easier: `Start-Transcript -Path 'c:\logfile.txt'; & .\Set-OutlookSignatures_v4.15.0\Set-OutlookSignatures.ps1 -verbose; Stop-Transcript` Please upload a new log file. The one you uploaded starts somewhere in the middle, the important parts are missing.

kerem commented 2026-02-27 20:31:03 +03:00

Author

Owner

Copy link

@LSET2014 commented on GitHub (Nov 28, 2024):

Again
logfile.txt

<!-- gh-comment-id:2506492166 --> @LSET2014 commented on GitHub (Nov 28, 2024): Again [logfile.txt](https://github.com/user-attachments/files/17950642/logfile.txt)

kerem commented 2026-02-27 20:31:03 +03:00

Author

Owner

Copy link

@GruberMarkus commented on GitHub (Nov 28, 2024):

I kindly asked to not modify the output of the script. Is dominio.com.ar you real mail domain, or is it citycenter-rosario.com.ar?

<!-- gh-comment-id:2506507710 --> @GruberMarkus commented on GitHub (Nov 28, 2024): I kindly asked to not modify the output of the script. Is dominio.com.ar you real mail domain, or is it citycenter-rosario.com.ar?

kerem commented 2026-02-27 20:31:03 +03:00

Author

Owner

Copy link

@LSET2014 commented on GitHub (Nov 28, 2024):

please, apologies
logfile2.txt

This is final log file

<!-- gh-comment-id:2506517025 --> @LSET2014 commented on GitHub (Nov 28, 2024): please, apologies [logfile2.txt](https://github.com/user-attachments/files/17950762/logfile2.txt) This is final log file

kerem commented 2026-02-27 20:31:03 +03:00

Author

Owner

Copy link

@GruberMarkus commented on GitHub (Nov 28, 2024):

You have not defined any profile in Outlook, so Set-OutlookSignatures needs to connect to Outlook Web to get information.

It tries to do this via Autodiscover with Integrated Windows Authentication, which fails. It fails because not even an Autodiscover endpoint an be found. Maybe you never had Exchange on premises and only use mailboxes in the cloud?

Then, Set-OutlookSignatures does not continue to connect with Exchange Online, as no Graph token can be found. This part is a bug in Set-OutlookSignatures, and it will take me some time to solve it (v4.16.0 will contain a fix for this).

Your on-prem setup does not seem quite right, too:

• Attributes are missing

  Get properties of each mailbox @2024-11-28T13:32:49-03:00@
    lucas.avalos@citycenter-rosario.com.ar
      Search for mailbox user object in domain/forest 'casinoderosario.lan': Not found
      No matching mailbox object found in any Active Directory. Use parameter '-verbose' to see details.
      This message can be ignored if the mailbox in question is not part of your environment.
  DETALLADO:       You may have restricted the accessible environment with the 'TrustsToCheckForGroups' parameter.
  DETALLADO:     Else, check why the following Active Directory query did not return a result:
  DETALLADO: (&(ObjectCategory=person)(objectclass=user)(|(msexchrecipienttypedetails<=32)(msexchrecipienttypedetails>=2147483648))(msExchMailboxGuid=*)(legacyExchangeDN=*)(proxyaddresses=smtp:lucas.avalos@citycenter-rosario.com.ar))
  DETALLADO:       Usual root causes: Not following the documentation, Exchange data in Active Directory, firewall rules, DNS.
  DETALLADO:     In hybrid environments, check if all required attributes documented in the 'README' file are available on-prem and have values.
  DETALLADO:       Look for 'msExchMailboxGuid' in the 'README' file for details about the required attributes.
  DETALLADO:       This Microsoft article might be interesting for you: https://learn.microsoft.com/en-US/exchange/troubleshoot/move-mailboxes/migrationpermanentexception-when-moving-mailboxes.
  DETALLADO:       Consider using the '-GraphOnly true' parameter to not query on-prem Active Directory at all.
  

• Autodiscover does not work as not even an endpoint can be found.

My proposal: Either fix your on-prem sync with Entra ID, your internal DNS, etc. --- or use '-GraphOnly true' to not use on-prem Active Directory at all but Entra ID. In the latter case, don't forget to create the required EntraID app, as described in the Quick Start Guide.

Please let me know which route you want to go.

<!-- gh-comment-id:2506540168 --> @GruberMarkus commented on GitHub (Nov 28, 2024): You have not defined any profile in Outlook, so Set-OutlookSignatures needs to connect to Outlook Web to get information. It tries to do this via Autodiscover with Integrated Windows Authentication, which fails. It fails because not even an Autodiscover endpoint an be found. Maybe you never had Exchange on premises and only use mailboxes in the cloud? Then, Set-OutlookSignatures does not continue to connect with Exchange Online, as no Graph token can be found. This part is a bug in Set-OutlookSignatures, and it will take me some time to solve it (v4.16.0 will contain a fix for this). Your on-prem setup does not seem quite right, too: - Attributes are missing ``` Get properties of each mailbox @2024-11-28T13:32:49-03:00@ lucas.avalos@citycenter-rosario.com.ar Search for mailbox user object in domain/forest 'casinoderosario.lan': Not found No matching mailbox object found in any Active Directory. Use parameter '-verbose' to see details. This message can be ignored if the mailbox in question is not part of your environment. DETALLADO: You may have restricted the accessible environment with the 'TrustsToCheckForGroups' parameter. DETALLADO: Else, check why the following Active Directory query did not return a result: DETALLADO: (&(ObjectCategory=person)(objectclass=user)(|(msexchrecipienttypedetails<=32)(msexchrecipienttypedetails>=2147483648))(msExchMailboxGuid=*)(legacyExchangeDN=*)(proxyaddresses=smtp:lucas.avalos@citycenter-rosario.com.ar)) DETALLADO: Usual root causes: Not following the documentation, Exchange data in Active Directory, firewall rules, DNS. DETALLADO: In hybrid environments, check if all required attributes documented in the 'README' file are available on-prem and have values. DETALLADO: Look for 'msExchMailboxGuid' in the 'README' file for details about the required attributes. DETALLADO: This Microsoft article might be interesting for you: https://learn.microsoft.com/en-US/exchange/troubleshoot/move-mailboxes/migrationpermanentexception-when-moving-mailboxes. DETALLADO: Consider using the '-GraphOnly true' parameter to not query on-prem Active Directory at all. ``` - Autodiscover does not work as not even an endpoint can be found. My proposal: Either fix your on-prem sync with Entra ID, your internal DNS, etc. --- or use '`-GraphOnly true`' to not use on-prem Active Directory at all but Entra ID. In the latter case, don't forget to create the required EntraID app, as described in the Quick Start Guide. Please let me know which route you want to go.

kerem commented 2026-02-27 20:31:03 +03:00

Author

Owner

Copy link

@GruberMarkus commented on GitHub (Nov 28, 2024):

Maybe it's not a bug in Set-OutlookSignatures, but a follow-up effect of (missing) attributes in your environment.

Which value does the attribute 'msexchrecipienttypedetails' of the Active Directory object 'CN=Lucas Avalos,OU=Tecnologia,OU=SISTEMAS,OU=01_CASINO,DC=casinoderosario,DC=lan' have?
I guess it's empty.

<!-- gh-comment-id:2506565396 --> @GruberMarkus commented on GitHub (Nov 28, 2024): Maybe it's not a bug in Set-OutlookSignatures, but a follow-up effect of (missing) attributes in your environment. Which value does the attribute '`msexchrecipienttypedetails`' of the Active Directory object '`CN=Lucas Avalos,OU=Tecnologia,OU=SISTEMAS,OU=01_CASINO,DC=casinoderosario,DC=lan`' have?<br>I guess it's empty.

kerem commented 2026-02-27 20:31:03 +03:00

Author

Owner

Copy link

@LSET2014 commented on GitHub (Nov 28, 2024):

I'm not sure about "You have not defined any profile in Outlook, so Set-OutlookSignatures needs to connect to Outlook Web to get information," but I do have a profile added in Outlook New (client).

I use the client daily, and the email account is in Azure with Entra ID.
I tried using -GraphOnly true, and it prompts:

"Opening new browser window and waiting for you to authenticate. Stopping script execution after five minutes."

BUT login:

Sign-in Error:
We’re sorry, but we’re having trouble signing you in.

AADSTS500113: No reply address is registered for the application.

Troubleshooting Details:
When contacting the administrator, provide them with this information.

Copy to Clipboard:

Request Id: 994b2d0c-dcda-4176-bf3b-9bfb526e3000
Correlation Id: 2ec5e22c-fba6-4fe2-bbd8-23b85e007fcd
Timestamp: 2024-11-28T18:03:07Z
Message: AADSTS500113: No reply address is registered for the application.
Mark sign-in errors for review: Enable marking
If you plan to request help with this issue, enable marking and try to reproduce the error within 20 minutes. Marked events make diagnostics available to the administrator.

<!-- gh-comment-id:2506605294 --> @LSET2014 commented on GitHub (Nov 28, 2024): I'm not sure about "You have not defined any profile in Outlook, so Set-OutlookSignatures needs to connect to Outlook Web to get information," but I do have a profile added in Outlook New (client). I use the client daily, and the email account is in Azure with Entra ID. I tried using -GraphOnly true, and it prompts: "Opening new browser window and waiting for you to authenticate. Stopping script execution after five minutes." BUT login: Sign-in Error: We’re sorry, but we’re having trouble signing you in. AADSTS500113: No reply address is registered for the application. Troubleshooting Details: When contacting the administrator, provide them with this information. Copy to Clipboard: Request Id: 994b2d0c-dcda-4176-bf3b-9bfb526e3000 Correlation Id: 2ec5e22c-fba6-4fe2-bbd8-23b85e007fcd Timestamp: 2024-11-28T18:03:07Z Message: AADSTS500113: No reply address is registered for the application. Mark sign-in errors for review: Enable marking If you plan to request help with this issue, enable marking and try to reproduce the error within 20 minutes. Marked events make diagnostics available to the administrator.

kerem commented 2026-02-27 20:31:03 +03:00

Author

Owner

Copy link

@GruberMarkus commented on GitHub (Nov 28, 2024):

New Outlook is not Outlook. New Outlook is Outlook Web.

'AADSTS500113: No reply address is registered for the application.' means that you have not configured the Entra ID app according to the documentation, it at least misses the correct redirect URI.

<!-- gh-comment-id:2506609463 --> @GruberMarkus commented on GitHub (Nov 28, 2024): New Outlook is not Outlook. New Outlook is Outlook Web. '`AADSTS500113: No reply address is registered for the application.`' means that you have not configured the Entra ID app according to the documentation, it at least misses the correct redirect URI.

kerem commented 2026-02-27 20:31:03 +03:00

Author

Owner

Copy link

@GruberMarkus commented on GitHub (Nov 28, 2024):

Also, (Classic) Outlook is configured as default Outlook client, not New Outlook.

<!-- gh-comment-id:2506611942 --> @GruberMarkus commented on GitHub (Nov 28, 2024): Also, (Classic) Outlook is configured as default Outlook client, not New Outlook.

kerem commented 2026-02-27 20:31:03 +03:00

Author

Owner

Copy link

@LSET2014 commented on GitHub (Nov 28, 2024):

Ok, I'll look for the documentation where it talks about:
"configured the Entra ID app according."

<!-- gh-comment-id:2506623855 --> @LSET2014 commented on GitHub (Nov 28, 2024): Ok, I'll look for the documentation where it talks about: "configured the Entra ID app according."

kerem commented 2026-02-27 20:31:03 +03:00

Author

Owner

Copy link

@GruberMarkus commented on GitHub (Nov 28, 2024):

What about the following?

Which value does the attribute 'msexchrecipienttypedetails' of the Active Directory object 'CN=Lucas Avalos,OU=Tecnologia,OU=SISTEMAS,OU=01_CASINO,DC=casinoderosario,DC=lan' have?
I guess it's empty.

<!-- gh-comment-id:2506624792 --> @GruberMarkus commented on GitHub (Nov 28, 2024): What about the following? Which value does the attribute 'msexchrecipienttypedetails' of the Active Directory object 'CN=Lucas Avalos,OU=Tecnologia,OU=SISTEMAS,OU=01_CASINO,DC=casinoderosario,DC=lan' have? I guess it's empty.

kerem commented 2026-02-27 20:31:03 +03:00

Author

Owner

Copy link

@LSET2014 commented on GitHub (Nov 28, 2024):

yes empty

<!-- gh-comment-id:2506636077 --> @LSET2014 commented on GitHub (Nov 28, 2024): yes empty

kerem commented 2026-02-27 20:31:03 +03:00

Author

Owner

Copy link

@GruberMarkus commented on GitHub (Nov 28, 2024):

Than it's not a bug in Set-OutlookSignatures, but either in your on-prem Active Directory or your Set-OutlookSignatures (the Quick Start Guide, chapter 2 in the README file, covers this scenario).

I think this issue can be closed as the initial problem has been solved, and hints to several others have been given.

Do you agree?

<!-- gh-comment-id:2506640930 --> @GruberMarkus commented on GitHub (Nov 28, 2024): Than it's not a bug in Set-OutlookSignatures, but either in your on-prem Active Directory or your Set-OutlookSignatures (the Quick Start Guide, chapter 2 in the README file, covers this scenario). I think this issue can be closed as the initial problem has been solved, and hints to several others have been given. Do you agree?

kerem commented 2026-02-27 20:31:03 +03:00

Author

Owner

Copy link

@LSET2014 commented on GitHub (Nov 28, 2024):

yes.
Thanks.
Lucas

<!-- gh-comment-id:2506645195 --> @LSET2014 commented on GitHub (Nov 28, 2024): yes. Thanks. Lucas

kerem commented 2026-02-27 20:31:03 +03:00

Author

Owner

Copy link

@GruberMarkus commented on GitHub (Nov 28, 2024):

My pleasure!

<!-- gh-comment-id:2506645527 --> @GruberMarkus commented on GitHub (Nov 28, 2024): My pleasure!

kerem referenced this issue 2026-02-27 20:31:16 +03:00

[PR #60] [MERGED] v3.4.1 #103

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

v4.26.1

v4.26.0

v4.25.0

v4.24.0

v4.23.0

v4.22.0

v4.21.0

v4.20.4

v4.20.3

v4.20.2

v4.20.1

v4.20.0

v4.19.0

v4,18.3

v4.18.3

v4.18.2

v4.18.1

v4.18.0

v4.17.0

v4.16.1

v4.16.0

v4.15.0

v4.14.2

v4.14.1

v4.14.0

v4.13.0

v4.12.2

v4.12.1

v4.12.0

v4.11.0

v4.10.1

v4.10.0

v4.9.0

v4.8.1

v4.8.0

v4.8.0-beta.2

v1.3.0

v1.4.0

v1.5.0

v1.5.1

v1.5.2

v1.5.3

v1.5.4

v1.6.0

v1.6.1

v2.0.0

v1.2.1

v1.2.0

v2.0.2

v2.1.0

v2.1.1

v2.1.2

v2.2.0

v2.2.1

v2.3.0

v2.3.0-beta1

v2.3.0-beta2

v2.3.0-beta3

v2.3.0-beta5

v2.5.2

v2.4.0

v2.4.0-beta1

v2.5.0

v2.5.0-beta1

v2.5.0-beta2

v2.5.0-beta3

v1.1.0

v1.0.0

v2.5.1

v3.6.1

v3.6.0

v3.5.1

v3.5.0

v3.4.1

v3.4.0

v3.3.0-alpha3

v3.3.0-alpha2

v3.3.0-alpha1

v3.3.0

v3.2.2

v3.2.1-beta3

v3.2.1-beta2

v3.2.1-beta1

v3.2.1

v3.2.0-beta1

v3.2.0

v3.1.0-alpha.54

v3.1.0-alpha.52

v3.1.0-alpha.51

v3.1.0-alpha.42

v3.1.0

v3.0.0-beta1

v3.0.0

v2.3.1

v2.3.0-beta4

v4.7.0

v4.6.1

v4.6.0

v4.5.0

v4.4.0

v4.3.0

v4.2.1

v4.2.0

v4.1.0

v4.0.0

Labels

Clear labels   

bug

  

dependencies

  

documentation

  

enhancement

  

invalid

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

wontfix

No labels

bug

dependencies

documentation

enhancement

invalid

pull-request

question

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/Set-OutlookSignatures-Set-OutlookSignatures#59

No description provided.