Hybrid Configuration Troubleshooting
In this article I will mention of some troubleshooting methods against common issues that cause the Hybrid Configuration to fail. At this stage I assume that you have completed the prerequisites and prepared your tenant for the integration. These steps include registering the UPNs (User Principal Names), domains that are planned to be used with the service, as well as the configuration of the ADFS (Active Directory Federation Services), Directory Synchronisation, Exchange Hybrid Server. I will mention about these configuration steps in another article. However if you have any questions with regards to these feel free to approach me.
Anyway, let’s go back to our topic Hybrid Configuration Troubleshooting. As highlighted above there are some common issues which cause your Hybrid Configuration to fail.
1- The first common and important known problem is the Autodiscover service misconfiguration. Testing the configuration of the autodiscover service is very easy. Microsoft has provided a great web-based troubleshooting tool (Remote Connectivity Analyzer) which helps to identify the external client based connectivity issues. The tool can be accessed here: Microsoft Remote Connectivity Analyzer
The most important points of this step are the following:
- Autodisover test to be completed as successful.
- The certification validation to PASS.
2- The second common issue I would like to mention which may cause the Hybrid Configuration to fail is the Virtual Directory settings. You might encounter this error during updating the hybrid configuration. You may get an error message something like below:
When you get the error above, follow the following steps to see whether the virtual directory settings are creating the issue or not.
- Start the Exchange Management Shell (EMS) and run the command:
1Get-FederationInformation <domain_name> -Verbose
- The proper configuration should look like below:
- If Get-FederationInformation is unable to retrieve information about the configuration, Update-HybridConfiguration would most likely encounter issues as well. Get-FederationInformation may not be able to retrieve the information due to errors 401 and 403. See below:
- To resolve the 401 & 403 errors, you need to make sure that the security settings for the Autodiscover virtual directory has been configured properly. Run the following command:
1Set-AutodiscoverVirtualDirectory -Identity 'autodiscover (Default Web Site)' -WSSecurityAuthentication $true
- Run the Get-FederationInformation command again and now 401 & 403 errors should be resolved and you should see a result as shown above.
- You can now go back and finalise your configuration. (Update-HybridConfigration)
3- Sometimes the error could be due to a corruption on the Autodiscover virtual directory or could be due to an incorrect configuration. In this case you would need to reset the Autodiscover virtual directory. Resetting will delete the existing directory and create a new one with the default settings. To reset the directory follow the following steps:
- Start EMC and connect to the CAS.
- Expand Microsoft Exchange On-Premises, select the Server Configuration node and then select the Client Access Server.
- Click Reset Virtual Directory in the Actions pane.
- Accept the default log file location.
- After the directory is reset, you need to reset the IIS server as well. Open an elevated command prompt window and run:
- Also do not forget to set the -WSSecurityAuthentication $true value.
After completing the above you can start testing moving mailboxes between on-premise Exchange and Exchange Online. Keep an eye on this webpage if you want to find out more about the mailbox moves.
Hope above helps.