{"id":16146,"date":"2023-03-29T03:30:13","date_gmt":"2023-03-29T03:30:13","guid":{"rendered":"https:\/\/www.insentragroup.com\/us\/insights\/uncategorized\/a-hybrid-discussion-part-1-comparing-hybrid-dauth-and-hybrid-oauth\/"},"modified":"2024-09-11T07:25:43","modified_gmt":"2024-09-11T07:25:43","slug":"a-hybrid-discussion-part-1-comparing-hybrid-dauth-and-hybrid-oauth","status":"publish","type":"post","link":"https:\/\/www.insentragroup.com\/us\/insights\/geek-speak\/modern-workplace\/a-hybrid-discussion-part-1-comparing-hybrid-dauth-and-hybrid-oauth\/","title":{"rendered":"A Hybrid Discussion: Part 1 &#8211; Comparing Hybrid DAuth and Hybrid OAuth"},"content":{"rendered":"\n<p>I recently had a customer contact me with an issue while running the hybrid configuration wizard (HCW) in their Exchange on-premises environment. When the HCW completed, it completed with the following error:&nbsp;<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img fetchpriority=\"high\" decoding=\"async\" width=\"990\" height=\"285\" src=\"https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2023\/03\/image-34.png\" alt=\"\" class=\"wp-image-16147\" srcset=\"https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2023\/03\/image-34.png 990w, https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2023\/03\/image-34-300x86.png 300w, https:\/\/www.insentragroup.com\/us\/wp-content\/uploads\/sites\/21\/2023\/03\/image-34-768x221.png 768w\" sizes=\"(max-width: 990px) 100vw, 990px\" \/><\/figure>\n\n\n\n<p>I don\u2019t know about you, but I don\u2019t enjoy it when something states that it has completed but with an error.<\/p>\n\n\n\n<p>The \u201clearn more\u201d link from above will send you to this link here:&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/learn.microsoft.com\/en-US\/exchange\/troubleshoot\/hybrid-configuration-wizard-errors\/hcw-has-completed-but-was-not-able-to-perform-oauth\" rel=\"nofollow noopener\" target=\"_blank\">https:\/\/learn.microsoft.com\/en-US\/exchange\/troubleshoot\/hybrid-configuration-wizard-errors\/hcw-has-completed-but-was-not-able-to-perform-oauth<\/a><\/p>\n\n\n\n<p>If you try the first step from the above article, rerunning HCW to see if that enables Oauth, and it does not work, you\u2019ll be directed to the next link to manually configure OAuth, which is found in the link below:&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/learn.microsoft.com\/en-us\/exchange\/configure-oauth-authentication-between-exchange-and-exchange-online-organizations-exchange-2013-help\" rel=\"nofollow noopener\" target=\"_blank\">https:\/\/learn.microsoft.com\/en-us\/exchange\/configure-oauth-authentication-between-exchange-and-exchange-online-organizations-exchange-2013-help<\/a><\/p>\n\n\n\n<p>If you do encounter the HCW8064 error, I would recommend reviewing the steps from the article to resolve it, as the article is pretty thorough in providing the steps for resolution.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">OAUTH vs DAUTH<\/h2>\n\n\n\n<p>Let\u2019s understand what OAuth is as well as the legacy DAuth mentioned in the title of this blog.&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>OAuth \u2013 <\/strong>Open Authorization \u2013 a protocol that enables delegation to a user\u2019s data. OAuth does not require shared user logins&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>DAuth \u2013<\/strong> Microsoft defines DAuth as follows:&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>\u201cDelegated authentication occurs when a network service accepts a request from a user and can obtain a token to act on behalf of that user to initiate a new connection to a second network service.\u201d<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">A Brief History&nbsp;<\/h2>\n\n\n\n<p>Starting with Exchange 2010, Microsoft equipped Exchange with the Azure Auth Service. Simply put, the Azure Auth Service is a service that allows your Exchange on-premises organization to establish a federation trust with Exchange Online. When running the HCW, it uses the Azure Auth Service to establish federation between Exchange Online and Exchange on-premises. Azure Auth Service uses token signing to verify each connection.&nbsp;<\/p>\n\n\n\n<p>When configuring your firewall to allow for the Exchange federation to work, you\u2019ll need to make sure that TCP443 is open and that the Autodiscover and EWS endpoints are accessible from Exchange Online to Exchange on-premises as this is how Microsoft communicates back to your Exchange on-premises environment, for example, when trying to complete a free\/busy request.&nbsp;<\/p>\n\n\n\n<p>However, Microsoft admits that the original method of establishing the connection via delegated authentication was highly customized and that because Windows Communication Foundation <a href=\"https:\/\/learn.microsoft.com\/en-us\/dotnet\/framework\/wcf\/whats-wcf\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">WCF<\/a> was losing favor, it was time for them to go to a more open standard. Enter OAuth.&nbsp;<\/p>\n\n\n\n<p>Microsoft decided to use OAuth for Exchange federation, but only when federating with Exchange Online. If you have Exchange-to-Exchange federation with another organization, that is actually using DAuth.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Up Next<\/h2>\n\n\n\n<p>In the <a href=\"https:\/\/www.insentragroup.com\/us\/insights\/uncategorized\/exchange-hybrid-part-2-oauth-and-ioc-learn-about-oauth-iocs-and-s2s-oauth-2-0-flow-chart\/\" target=\"_blank\" rel=\"noreferrer noopener\">next<\/a> installment of our Exchange hybrid series, we will delve into the IntraOrganization Connector and OAuth 2.0. Need help planning and deploying your hybrid environment? <a href=\"https:\/\/www.insentragroup.com\/nz\/contact\/\" target=\"_blank\" rel=\"noreferrer noopener\">Contact Insentra<\/a> today for expert assistance<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Learn about the differences between Hybrid DAuth and Hybrid OAuth for Exchange on-premises environment configuration in this two-part discussion. Part 1 covers the HCW8064 error and the basics of OAuth and DAuth, as well as their history in Exchange. <\/p>\n","protected":false},"author":71,"featured_media":16149,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"content-type":"","footnotes":""},"categories":[19],"tags":[],"class_list":["post-16146","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-modern-workplace","entry"],"_links":{"self":[{"href":"https:\/\/www.insentragroup.com\/us\/wp-json\/wp\/v2\/posts\/16146","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.insentragroup.com\/us\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.insentragroup.com\/us\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.insentragroup.com\/us\/wp-json\/wp\/v2\/users\/71"}],"replies":[{"embeddable":true,"href":"https:\/\/www.insentragroup.com\/us\/wp-json\/wp\/v2\/comments?post=16146"}],"version-history":[{"count":2,"href":"https:\/\/www.insentragroup.com\/us\/wp-json\/wp\/v2\/posts\/16146\/revisions"}],"predecessor-version":[{"id":16151,"href":"https:\/\/www.insentragroup.com\/us\/wp-json\/wp\/v2\/posts\/16146\/revisions\/16151"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.insentragroup.com\/us\/wp-json\/wp\/v2\/media\/16149"}],"wp:attachment":[{"href":"https:\/\/www.insentragroup.com\/us\/wp-json\/wp\/v2\/media?parent=16146"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.insentragroup.com\/us\/wp-json\/wp\/v2\/categories?post=16146"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.insentragroup.com\/us\/wp-json\/wp\/v2\/tags?post=16146"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}