Office 365 issues that torment email admins

Tricky Office 365 problems are no treat to the IT admin. Fix the nuisances that corrupt your email with these troubleshooting treats.

Sorry, something went wrong.

Have you ever tried to sign in to the Admin App or connect to Exchange Online and been told you cannot? Do you ever see there's supposed to be an email attachment, but it's undetectable? Do you ever start thinking there are goblins denying you access to SharePoint from Edge? Do Microsoft cloud services seem unreachable?

The dreaded error message is daunting to any IT admin. But you don't need to use a wooden stake to eradicate your Office 365 issues. Sometimes, applications don't play well together.

Scare away your Office 365 problems with these troubleshooting techniques. Some problems listed below have multiple potential resolutions, so if the first thing you try fails, don't give up hope.

Don't see your problem with Office products listed below? Share it in the comments, or post the question to our email administration user forum on ITKnowledgeExchange.

The Admin App sign-in failure

The Office 365 Admin App connects to Office 365 for IT admins to view the service health dashboard and verify maintenance statuses from a mobile device. But what happens when you try to sign in to the Admin App and receive an error message about your role and permissions level?

Microsoft says if you receive an error message that says, "Administrator role required. Your username and password are correct, but you do not have administrator role access," or "User does not have sufficient permissions. Please contact your administrator," then you probably aren't assigned an admin role.

Users must be assigned to one of the five Office 365 admin roles to sign in to the Office 365 Admin App. Only users assigned to an admin role can see service health information.

If you receive an error message stating, "That username and password didn't work. Try again," then check that you entered the correct username and password in the Office 365 portal. Verify that the service health dashboard isn't experiencing a service incident by searching If you still receive this error message after confirming you have the correct username and password, and your service health dashboard is healthy, uninstall and then reinstall the Admin App on your mobile device.

The Edge and SharePoint feud

Sometimes, Edge, Microsoft's browser, doesn't work with the SharePoint Open with Explorer command or drag-and-drop list features. It's another one of the Office 365 issues that turn admins into monsters.

The Open with Explorer command opens Windows Explorer, but displays the folder on the server computer that hosts the site, not on your computer. You can then use the files in the folder to drag documents into libraries, create folders, move or copy documents in one library to another, and delete multiple documents simultaneously.

Beware: The Open with Explorer command and the Microsoft Edge browser don't work together.

If you search to a SharePoint Online library and encounter intermittent connectivity troubles, you may receive one of three error messages:

  1. Your client does not support opening this list with Windows Explorer.
  2. We're having a problem opening this location in File Explorer. Add this website to your Trusted Sites list and try again.
  3. We're having a problem opening this location in File Explorer.

To open with File Explorer, you'll need to add this site to your Trusted Sites list and select the "Keep me signed in" checkbox when you sign in to the SharePoint Online site." First, troubleshoot this error by authenticating to Office 365. Next, add your SharePoint Online sites to reliable sites. Check the status of the WebClient service and ensure all Windows updates are applied.

If the drag-and-drop functionality won't upload files to SharePoint Online, it's because this function isn't supported by Edge yet.

Access denied when connecting to Exchange Online

Windows PowerShell runs administrative commands and automates system tasks. But if you enter an incorrect username or password, or sign in with an account that doesn't have access to Exchange Online, you're doomed -- and will be shut out.

When you try to connect to Microsoft Exchange Online by using remote PowerShell, you receive the following error message:

[] Connecting to remote server failed with the following error message: Access is
denied. For more information, see the about_Remote_Troubleshooting Help topic.

+ CategoryInfo : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [].

+ FullyQualifiedErrorId : PSSessionOpenedFailed

Import-PSSession : Cannot validate argument on parameter 'Session'. The argument is null.
Supply a non-null argument and try the command again.

At D:\Users\Connect.ps1:7 char:21

+ Import-PSSession < < < < $Session

+ CategoryInfo : Invalid Data: (:) [Import-PSSession], ParameterBindingValidationException

+ FullyQualifiedErrorId :

To connect to Exchange Online, you must at least have Windows PowerShell 2.0, Windows Remote Management 2.0 (WinRM) and Background Intelligent Transfer Service 4.0.

To fix this vexatious Office 365 issue, add the user as a member of the admin role group via the Exchange admin center -- only global admins can connect to Exchange Online with PowerShell.

Invisible attachments in OWA

Additions to Outlook Web App (OWA) make it easier for end users to systematize their inboxes, but nothing is easy when you can't open or view attachments.

When end users can't access or see email attachments in OWA, a standard placeholder -- for example, "1 Attachment" -- appears, but cannot be opened. You may receive this error message:  "Access to attachments has been blocked. Blocked attachments: <FileName>."

The reason for this inconvenience is that the attachment is blocked by Outlook Web App.

Fix this problem by changing the OWA mailbox policy to include desired file types and exclude undesirables, such as unknown attachments.

Beware: Changing the OWA mailbox policy to include blocked file types may make your system vulnerable to security threats.

AD FS disconnection

Trying to sign into Office 365, Intune, Azure or other Microsoft cloud services, but failing to connect to the other side?

If users sign into a cloud service with a federated user account, the connection to Active Directory Federation Services (AD FS) will fail if you try to connect remotely or use email connections to sign in.

The failure isn't because the ghost that lives in the server room is messing with your Internet connection. The AD FS service might not be exposed correctly to the Internet and your AD FS server proxy is affected, causing expired SSL certificates, incorrect IIS authentication endpoint configurations, or distrust between the AD FS proxy server and the AD FS Federation Service.

There are three possible fixes to these Office 365 issues. First, troubleshoot AD FS SSL certificate issues on the AD FS server by updating the SSL certificate on the AD FS proxy server. Second, retune the AD FS proxy server IIS authentication settings to default. And third, rerun the AD FS Proxy Configuration wizard from the Administrative Tools interface.

Sharon Zaharoff is an associate site editor for Contact her at [email protected].

Next Steps

How to avoid Office 365 migration woes

Scare away goblins and safely manage accounts in Office 365

Peer into the crystal ball to understand future of Office 365 updates

Dig Deeper on Microsoft identity and access management

Cloud Computing
Enterprise Desktop
Virtual Desktop