Hi Guys,

When I try to add a new mail user in O365 Exchange, one strange error is thrown.

Are any guys  kind enough to help me ?

Here is the script and the error.

PS C:\Users\o365-user>             $cred = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList
'smokeazurebeta5@smokeazurebeta5.onmicrosoft.com', $(ConvertTo-SecureString -String '*******' -AsPlainText -Force)
PS C:\Users\o365-user>             $session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri 'https:
//ps.outlook.com/powershell/' -Credential $cred -Authentication Basic -AllowRedirection
WARNING: Your connection has been redirected to the following URI:
"https://pod51053psh.outlook.com/powershell-liveid?PSVersion=4.0 "
PS C:\Users\o365-user>             Import-PSSession $session
WARNING: The names of some imported commands from the module 'tmp_zkc5sid4.gpq' include unapproved verbs that might
make them less discoverable. To find the commands with unapproved verbs, run the Import-Module command again with the
Verbose parameter. For a list of approved verbs, type Get-Verb.

ModuleType Version    Name                                ExportedCommands
---------- -------    ----                                ----------------
Script     1.0        tmp_zkc5sid4.gpq                    {Add-AvailabilityAddressSpace, Add-DistributionGroupMember...


PS C:\Users\o365-user>             $users=Get-MailUser
PS C:\Users\o365-user>             New-MailUser -Name 'test1_1@smokeazurebeta5.onmicrosoft.com' -DisplayName 'Test LIU'
-MicrosoftOnlineServicesID  'test1_1@smokeazurebeta5.onmicrosoft.com' -Password $(ConvertTo-SecureString -String '*****' -AsPlainText -Force)
Unknown Error while communicating with O365 BEC Web Service (Exception type
"Microsoft.Exchange.Management.BecWebService.CouldNotCreateBecSyncServiceException", message=
"Microsoft.Exchange.Management.BecWebService.CouldNotCreateBecSyncServiceException: Couldn't create BEC Web Service:
The matching certificate for certificateSubject CN=ExoProvToO365.outlook.com, OU=Microsoft Corporation, O=Microsoft
Corporation, L=Redmond, S=WA, C=US couldn't be found.
Parameter name: certificateSubject ---> System.ArgumentException: The matching certificate for certificateSubject
CN=ExoProvToO365.outlook.com, OU=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=WA, C=US couldn't be
found.
Parameter name: certificateSubject
   at Microsoft.Exchange.Security.Cryptography.X509Certificates.TlsCertificateInfo.FindFirstCertWithSubjectDistinguishe
dName(String certificateSubject, Boolean checkForValid)
   at Microsoft.Exchange.Management.BecWebService.BecWebServiceHelper.CreateService(Uri url)
   --- End of inner exception stack trace ---
   at Microsoft.Exchange.Management.BecWebService.BecWebServiceHelper.InvokeWithRetry[TResponse](Action operation)
   at Microsoft.Exchange.Management.BecWebService.BecWebServiceHelper.GetUserByUpn(GetUserByUpnRequest request)
   at Microsoft.Exchange.ProvisioningAgent.BecWebServiceLiveIdManager.GetMemberType(SmtpAddress memberName)", inner
message "System.ArgumentException: The matching certificate for certificateSubject CN=ExoProvToO365.outlook.com,
OU=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=WA, C=US couldn't be found.
Parameter name: certificateSubject
   at Microsoft.Exchange.Security.Cryptography.X509Certificates.TlsCertificateInfo.FindFirstCertWithSubjectDistinguishe
dName(String certificateSubject, Boolean checkForValid)
   at Microsoft.Exchange.Management.BecWebService.BecWebServiceHelper.CreateService(Uri url)")
    + CategoryInfo          : NotSpecified: (0:Int32) [New-MailUser], RecipientTaskException
    + FullyQualifiedErrorId : [Server=SG2PR01MB0540,RequestId=d97a193e-91a7-4430-ac64-6b7003f5b9b0,TimeStamp=4/23/2015
    9:37:58 AM] [FailureCategory=Cmdlet-RecipientTaskException] 3F9FDA25,Microsoft.Exchange.Management.RecipientTasks
  .NewMailUser
    + PSComputerName        : pod51053psh.outlook.com

PS C:\Users\o365-user>             New-ManagementRoleAssignment -Role 'ApplicationImpersonation' -User 'test1_1@smokeazu
rebeta5.onmicrosoft.com'
Couldn't find a user with the identity "test1_1@smokeazurebeta5.onmicrosoft.com".
    + CategoryInfo          : NotSpecified: (:) [New-ManagementRoleAssignment], ManagementObjectNotFoundException
    + FullyQualifiedErrorId : [Server=SG2PR01MB0540,RequestId=88777637-298d-4bb1-972f-b61161566a57,TimeStamp=4/23/2015
    9:37:59 AM] [FailureCategory=Cmdlet-ManagementObjectNotFoundException] 921A76AD,Microsoft.Exchange.Management.Rba
  cTasks.NewManagementRoleAssignment
    + PSComputerName        : pod51053psh.outlook.com

PS C:\Users\o365-user>             New-ManagementRoleAssignment -Role 'Mailbox Search' -User 'test1_1@smokeazurebeta5.on
microsoft.com'
Couldn't find a user with the identity "test1_1@smokeazurebeta5.onmicrosoft.com".
    + CategoryInfo          : NotSpecified: (:) [New-ManagementRoleAssignment], ManagementObjectNotFoundException
    + FullyQualifiedErrorId : [Server=SG2PR01MB0540,RequestId=2b64d3a2-97da-4de5-be8c-00ad73452456,TimeStamp=4/23/2015
    9:38:00 AM] [FailureCategory=Cmdlet-ManagementObjectNotFoundException] 921A76AD,Microsoft.Exchange.Management.Rba
  cTasks.NewManagementRoleAssignment
    + PSComputerName        : pod51053psh.outlook.com

PS C:\Users\o365-user>             Remove-PSSession $session
PS C:\Users\o365-user>

Thanks

Budlion LIU

• Moved by Jason Johnston [MSFT]Microsoft employee Friday, April 24, 2015 2:07 AM Not a development question.

That looks like a problem in the service.  I recommend you open a support incident with Office 365.

Hello,

did you solve your problem :

i am having the same problem while doing a cutover migration;

the support spend the weekend on but has no clues about the error message and just ask to check parameters again and again.

I you have a contact that has some clue about the problem please give us the contact.

thanks. i am using the chinese exchange online.

Error: ProvisioningFailedException: Unknown Error while communicating with O365 BEC Web Service (Exception type "Microsoft.Exchange.Management.BecWebService.CouldNotCreateBecSyncServiceException", message= "Microsoft.Exchange.Management.BecWebService.CouldNotCreateBecSyncServiceException: Couldn't create BEC Web Service: The matching certificate for certificateSubject CN=ExoProvToO365.partner.outlook.cn, OU=Office365, O=Shanghai Blue Cloud Technology Co. Ltd, L=Shanghai, S=Shanghai, C=CN couldn't be found. Parameter name: certificateSubject ---> System.ArgumentException: The matching certificate for certificateSubject CN=ExoProvToO365.partner.outlook.cn, OU=Office365, O=Shanghai Blue Cloud Technology Co. Ltd, L=Shanghai, S=Shanghai, C=CN couldn't be found. Parameter name: certificateSubject at Microsoft.Exchange.Security.Cryptography.X509Certificates.TlsCertificateInfo.FindFirstCertWithSubjectDistinguishedName(String certificateSubject, Boolean checkForValid) at Microsoft.Exchange.Management.BecWebService.BecWebServiceHelper.CreateService(Uri url) --- End of inner exception stack trace --- at Microsoft.Exchange.Management.BecWebService.BecWebServiceHelper.InvokeWithRetry[TResponse](Action operation) at Microsoft.Exchange.Management.BecWebService.BecWebServiceHelper.GetUserByUpn(GetUserByUpnRequest request) at Microsoft.Exchange.ProvisioningAgent.BecWebServiceLiveIdManager.GetMemberType(SmtpAddress memberName)", inner message "System.ArgumentException: The matching certificate for certificateSubject CN=ExoProvToO365.partner.outlook.cn, OU=Office365, O=Shanghai Blue Cloud Technology Co. Ltd, L=Shanghai, S=Shanghai, C=CN couldn't be found. Parameter name: certificateSubject at Microsoft.Exchange.Security.Cryptography.X509Certificates.TlsCertificateInfo.FindFirstCertWithSubjectDistinguishedName(String certificateSubject, Boolean checkForValid) at Microsoft.Exchange.Management.BecWebService.BecWebServiceHelper.CreateService(Uri url)")