Troubleshooting connection problems with the BPOS cmdlets

Posted on by Carol

This one drove me crazy for a good while: I had been running the BPOS cmdlets just fine using my own account (and here I mean my local domain account, not the BPOS account) but when I switched to using a different account the BPOS cmdlets would not work.

Essentially I was running a bunch of scripts and scheduled tasks using my own account, and I wanted to move them to use a proper service account. Note in both cases I was using the same BPOS account as the credential for the cmdlets.

The first error I got was this:

Get-MSOnlineUser : Object reference not set to an instance of an object.

After getting no help whatsoever from the BPOS service desk I found part of the solution here. As I had created a new service account to run these scripts it certainly hadn’t occurred to me to login to the server with the new account and run IE, just so it would have an IE profile. I never would have thought of this myself, so thanks Joseph!

However I wasn’t there yet as I now had a new error:

Get-MSOnlineUser : Credentials are not valid. Check the user name and password and try again.

Predictably the BPOS service desk took the obvious route on this:

SD: Your BPOS credentials are wrong.
Me: No they’re not – I use exactly the same BPOS credentials with my own account and it works.
SD: Can you check the BPOS account is not locked out.
Me: It’s not locked out – it works perfectly from my other local account!!
SD: …. Your BPOS credentials are wrong.

However, despite my irritation with the BPOS service desk, it was a friendly local Microsoft consultant who eventually steered me right. The problem was that, after creating the IE profile for the service account, I had not also gone into the IE settings and set the proxy correctly. So in fact this was a failure to connect and not a credential problem at all!

His great advice was to try and access these URLs while logged in as the problem account:

https://locationservice.microsoftonline.com

https://provisioning.emea.microsoftonline.com (note this is an EMEA address so will differ for other regions)

Using my own account the first URL showed a page, and the second popped up a login box. With the problem account I failed to access either address, until I got those proxy settings right.

The BPOS cmdlets are now working for the new user account.

In summary

To run the BPOS cmdlets you need an IE profile and you need to be able to access your regional version of the two msonline addresses linked above.

I've been doing IT for 30 years, and IdM for 15. I live in Australia and build IdM solutions based on Microsoft Identity Manager. I also play the violin, but that doesn't help much with the IdM solutions.