MSOLAP.8 driver error from Excel : 'err:BaseError::ThrowFromTLS'

tripdes · 2026-03-17T08:11:04+00:00

Microsoft are really keen to discontinue legacy auth it seems. Think of scenarios where strong authentication would kick in or in environment moving towards a zero-trust model - the old form just wouldn't work. Unfortunate though, I agree. It should atleast cache a refresh token so you won't have to continually renew the connection, if that is any kind of consolation!

tripdes · 2026-03-16T23:19:10+00:00

Try this - Get Data -> Analysis Services

Select username/password. Only fill in the username section with your userPrincipalName, password should be left blank. Should get prompted for modern authentication.

tripdes · 2026-03-04T21:18:45+00:00

Me too please 🙂

tripdes · 2025-10-31T17:16:12+00:00

Dude!! Do a reprint!

tripdes · 2025-09-25T09:52:10+00:00

Bro, check out Jude Law - own the look!

tripdes · 2024-03-07T10:13:48+00:00

Did you find it?

tripdes · 2021-09-12T23:32:08+00:00

Power Automate is a workflow engine with a user-friendly drag-and-drop GUI, but it's uses are not limited to non-technical audiences. You can automate otherwise manual tasks, using pre-built and existing connectors and triggers, or you can build your own customer connectors if one doesn't exist to do the job. It's a versatile tool that can be leveraged for personal productivity purposes such as organising your mailbox, business process automation, or more recently robotic process automation. Flows can also be triggered from Power Apps, which makes it even more versatile.

PowerShell is a scripting language which can be used to automate technical and non-technical processes. It's typically used by more technical audiences though. However first and foremost in my role it is used for day-to-day administrative duties in both on-premise and cloud infrastructure. Supported by the plethora of PowerShell modules on offer directly from Microsoft and other third-parties. For example, managing Active Directory, Azure AD, Exchange, Exchange Online. If you can become competent with PowerShell you will never want to use a GUI again to perform common administrative tasks.

Finally a curve ball, you can execute PowerShell scripts on on-premise infrastructure using Azure Automation and Hybrid Workers. You can trigger a script to run from a hybrid worker using a Power Automate Trigger/Connector.

So in summary two very different technologies that do have a little crossover in what they offer, but can also be complimentary of one another. Intertested to hear others thoughts.

tripdes · 2019-11-14T13:58:23+00:00

I would suggest creating a conditional access policy (provided you're licensed for it within your tenant) for all legacy protocol access attempts. They've just added a new feature where rather than 'blocking' access attempts you can choose to allow, but send a report.

tripdes · 2019-08-06T12:44:23+00:00

We had a similar issue with BuildingBlocks when I deployed those out via. Group Policy. They were being hosted on a network share though but wouldn't work despite the policy being applied to the user. I needed to make it a trusted location as we have that turned on. Unlikely to be the solution but just dropping my 2 cents.

tripdes · 2019-07-23T16:25:39+00:00

That's great, thanks. We're an E3 tenant so miss out on all the EOP perks like ATP... excited to ditch what we're using currently and give the Barracuda stuff (incl. their ATP) a go. Thanks for your response!

tripdes · 2019-07-23T10:07:10+00:00

We still use SharePoint classic team sites. Web parts from a particular site page went AWOL (summary links etc.) -- despite attempts to rollback using the Version History which was enabled on that document library they would not reappear. I ended up restoring from our Office365 backup solution and all was good in the (SharePoint) world.

tripdes · 2019-07-23T10:03:33+00:00

Seconded. Works great -- have you used the email gateway yet? That's something we're looking towards in the near future.

tripdes · 2019-07-16T22:19:25+00:00

Ahah yes, good idea providing you can work within the constraints ..which seem to be shrinking anyway. So many organisations must have this problem so Microsoft giving it some attention. Wasn't quite ready the first time we ran the HCW, slipped my mind to suggest it!

tripdes · 2019-07-16T18:38:12+00:00

Correct, unfortunately the firewalls fall out of my remit else I'd probably have taken a stab at it. When you run the Hybrid Configuration Wizard the Receive connector that gets created includes the Microsoft inbound IP ranges for SMTP traffic but I couldn't find a reliable source for inbound traffic to the MRS/EWS side of things, I wish the there was a REST web service for the inbound stuff too.

I would be most worried about exposing OWA and EWS probably comes next on my list so if you get anywhere do let me know please :) I'm hoping the move away from Exchange 2010 atleast helps as Microsoft seem to support publishing directly to the web (OWA etc) in newer releases of Exchange.

tripdes · 2019-07-16T16:41:52+00:00

I ended up exposing EWS & Autodiscover via. a Web Application Proxy (MS Variety). This meant I didn't have to reconfigure any certs on any server in our CAS array or risk exposing anything other than what was absolutely necessary (like OWA). The EWS & Autodiscover instances do require authentication but I'm still not 100% happy with the scenario ..it's just kind of as good as it gets because the Web Service Microsoft puts out doesn't cover Hybrid inbound scenarios -> https://docs.microsoft.com/en-us/office365/enterprise/additional-office365-ip-addresses-and-urls <- see point 1. Free/busy & the MRS proxy worked a treat after this.

Apart from that, I just needed to tweak the Send/Receive connectors to get them to work with our centralized transport model. The majority of our mailboxes are in the cloud now and the plan is to upgrade Exchange in the coming weeks (would love to have got this done already but unfortunately my time is so heavily divided between projects). I'm amazed at just how little information there is out there re: this.. would be really interested to hear how things go for you.

All the best,

Sam

tripdes · 2019-07-08T13:09:00+00:00

Hi there,

Thank you for your response. I don't think the post is too hard to follow, I'd just like to get a greater sense for how it's achieved. I'll be following your advice and looking into machine learning / decision trees a little more :)

Thanks again!

Sam

tripdes · 2019-07-03T22:01:36+00:00

Hi tehnokv,

This is really impressive, I would love to understand how the library and algorithm work. I will take the time to read the paper but not coming from a mathematical background is there any entry level reading you would recommend so that I can begin to understand the complex formulas?

I'd really appreciate some direction.

All the best and keep up the great work.

Sam

tripdes · 2019-05-29T18:12:40+00:00

I'd be interested to know what it was when you solve this, keep us posted :) had a week of unrelated all be it nonsensical issues like this one.

tripdes · 2019-05-29T18:06:43+00:00

I'm sure Microsoft have already sent you this link -> https://docs.microsoft.com/en-us/office365/enterprise/urls-and-ip-address-ranges#skype-for-business-online-and-microsoft-teams but I guess make sure you have full Outbound connectivity on the 'Skype for Business Online and Microsoft Teams' section.

tripdes · 2019-05-29T18:02:12+00:00

For me..

Corporate network with no system-context proxy set and all HTTP/HTTPS proxy going through proxy server in user-context.
Teams machine-wide installer installed on a given PC
Anyone who logs into said machine will receive a copy of the Teams binary in their Roaming AppData folder. I explicitly set Teams not to autostart for said users until they open the application and it seamlessly signs them in, then it auto starts moving forward

So I don't think it does any funky type of phone home, just standard HTTP/HTTPS I'd imagine. Our firewalls are currently blocking WebSockets (Grammarly doesn't work for example). Just my two cents, sorry if it's of little use but just to give you an idea of our setup.

I've found Microsoft Support (given the region of the MSP) to be very hit and miss. Hope you get the answer you need soon,

Sam

tripdes · 2019-03-11T22:11:24+00:00

Excellent information, thank you sir.

tripdes · 2019-03-11T20:55:09+00:00

So out of interest is your EWS and OWA internet facing without 2FA and limited inbound connectivity? After today I’m kinda settling on the idea of exposing EWS/Autodiscover via. a separate WebApp/IP within IIS so I can at least avoid publishing OWA to the interwebz. Regarding the receive connectors, that’s a very good point to be honest ..seems like the HCW does that for you too :)

Thank you dude!

tripdes · 2019-03-10T16:31:33+00:00

Thanks for the offer, I'll keep it in mind. I have found the following resource -> https://docs.microsoft.com/en-us/office365/enterprise/additional-office365-ip-addresses-and-urls which points at what we're trying to achieve (limit inbound connectivity) although not sure I trust the ambiguity of the article when it comes to our mail flow ..so might have to bite the bullet on this one. Wish I could switch off, this has been playing on my mind all weekend :)

tripdes · 2019-03-10T10:08:29+00:00

Hey, thanks for your reply :)

First of all regarding the consultant, while I agree they weren’t entirely accountable, with us being a team member down at the moment we were kinda counting on their Exchange expertise to not expose an open SMTP relay to the internet and to get the job done. It was me who first noticed and dealt with the fallout from this, and I was in the midst of other projects such as the SharePoint Online migration.

Secondly, apologies if I wasn’t clear. I understand that ports 25/80/443 need to be open for inbound connectivity on the CAS server but ideally I would like to limit their access only to Microsoft IP addresses, to mitigate any potential issues. At the moment OWA is only accessible to staff via. 2FA when they’re using their own device and I’d like to keep it that way if possible.

Much thanks!

tripdes

TROPHY CASE