- \n
- This caused queues on inbound mail-flow destined for Exchange Online for via SMTP<\/li>\n
- Reference here<\/a>:<\/li>\n<\/ul>\n<\/li>\n
- Customer’s mail hygiene service not whitelisting the new hybrid endpoint IP\n
- \n
- This blocked outbound mail-flow to the hygiene service<\/li>\n
- Solution: Exclude hybrid server from the appropriate Send Connector to ensure correct NAT source addresses.<\/li>\n<\/ul>\n<\/li>\n
- AutoDiscover on-premises not resolving migrated mailboxes\n
- \n
- Cause: Mismatched UPNs<\/li>\n
- Solution: Ensure matching UPNs between AD and Office 365<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n
At this point, AutoDiscover was working as expected for both on-premises and migrated mailboxes but Free\/Busy and shared mailboxes were still not working, and Outlook calendar displayed an error saying “could not be updated”<\/p>\n
![\"\"](\"https:\/\/www.insentragroup.com\/wp-content\/uploads\/sites\/22\/2021\/02\/insentra_edmund-davis_3-30-2020-b3_img_1.jpg\" "\\"\\"")
<\/p>\nOn further investigation using Remove Connectivity Analyser<\/a>\u00a0the test showed AutoDiscover completing successfully but EWS returning authentication error relating to WS-Security.<\/p>\n
Next steps<\/h3>\n
During the Hybrid Configuration Wizard configuration process, Microsoft creates objects to represent organisation relationships between the on-premises Exchange environment and Exchange Online. This Organisation Relationship defines various addresses (URIs) which it will use to cross the hybrid boundary between Office 365 and on-premises Exchange.\u00a0 Some are explicitly populated but others are left to AutoDiscover by default.\u00a0<\/p>\n
Resolution<\/h3>\n
In the case of this specific environment, AutoDiscover returns the VIP associated with the Exchange 2010 CAS servers.\u00a0 However, as above, this was blocking WS-Security.\u00a0 Since the customer was not in a position to reconfigure the existing load-balancer, the decision was taken to populate the TargetSharingEpr<\/strong> with the EWS address of the Hybrid endpoint.<\/p>\n
To do this (in PowerShell)<\/p>\n
- \n
- Connect to Exchange Online PowerShell<\/li>\n
- Find the correct Identity of the correct Organisational Relationship – Get-OrganisationalRelationship<\/strong><\/li>\n
- Find the URI of the Hybrid EWS endpoint – typically “https:\/\/<hybrid<\/span> endpoint namespace>\/ews\/Exchange.asmx”<\/li>\n
- Run Set-OrganizationRelationship -Identity <Identity from #2> -TargetSharingEpr \u201c<Hybrid EWS URI from #3>\u201d<\/strong><\/li>\n<\/ol>\n
In my experience, this should take effect almost immediately and Outlook or OWA will show Free\/Busy and Shared Mailbox\/ Calendars for on-premises mailboxes as expected.<\/p>\n
This compromise does introduce a single point of failure for Free\/Busy integration during migration coexistence, but it is deemed to be a risk worth taking.\u00a0 An additional 2016 server could be introduced to the environment and configured in a new VIP to provide further resilience if required.<\/p>\n
I hope this helps someone – or just me when I forget.\u00a0<\/p>\n","protected":false},"excerpt":{"rendered":"
While supporting another amazing Insentron this week, I was called in to help troubleshoot hybrid connectivity issues prior to an Exchange 2010 hybrid migration to Office 365.\u00a0 The issues experienced included trouble with inbound and outbound mail-flow, Autodiscover and Free\/Busy availability.\u00a0 They also had limited access to shared mailboxes across the hybrid boundary. The customer… Continue reading Hybrid Free\/Busy Troubleshooting<\/span><\/a><\/p>\n","protected":false},"author":94,"featured_media":2091,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"content-type":"","footnotes":""},"categories":[25],"tags":[],"class_list":["post-2090","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-professional-services","entry"],"_links":{"self":[{"href":"https:\/\/www.insentragroup.com\/au\/wp-json\/wp\/v2\/posts\/2090","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.insentragroup.com\/au\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.insentragroup.com\/au\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.insentragroup.com\/au\/wp-json\/wp\/v2\/users\/94"}],"replies":[{"embeddable":true,"href":"https:\/\/www.insentragroup.com\/au\/wp-json\/wp\/v2\/comments?post=2090"}],"version-history":[{"count":0,"href":"https:\/\/www.insentragroup.com\/au\/wp-json\/wp\/v2\/posts\/2090\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.insentragroup.com\/au\/wp-json\/wp\/v2\/media\/2091"}],"wp:attachment":[{"href":"https:\/\/www.insentragroup.com\/au\/wp-json\/wp\/v2\/media?parent=2090"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.insentragroup.com\/au\/wp-json\/wp\/v2\/categories?post=2090"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.insentragroup.com\/au\/wp-json\/wp\/v2\/tags?post=2090"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
- Find the URI of the Hybrid EWS endpoint – typically “https:\/\/<hybrid<\/span> endpoint namespace>\/ews\/Exchange.asmx”<\/li>\n
- Customer’s mail hygiene service not whitelisting the new hybrid endpoint IP\n