Installation & Configuration of Exchange Server 2019 Hybrid with Microsoft 365 (Modern Hybrid Agent) [Step by Step Guide] — Part 2
Office 365 Hybrid Configuration is a deployment model that enables coexistence and collaboration between an on-premises Microsoft Exchange Server environment and Exchange Online, which is the cloud-based email solution provided by Microsoft as part of the Office 365 suite.
Microsoft Hybrid Agent
Microsoft 365 Hybrid Agent removes some of the challenges you might face when you configure an Exchange Hybrid environment. The Agent, which is built on the same technology as the Azure Application Proxy, removes some of the configuration requirements for Hybrid. For example:
- External DNS entries.
- Certificate updates.
- Inbound network connections through your firewall to enable Exchange hybrid features.
The Hybrid Agent supports Free/Busy sharing and mailbox migrations, mail flow, directory synchronization, and other hybrid features.
The HCW can download and install the Agent MSI automatically, as long as the following requirements are met:
- The computer is a member of an Active Directory domain.
- The computer is capable of establishing remote PowerShell connections to the Exchange Server that’s chosen for hybrid configuration.
- The computer uses a browser that supports Click Once technology (for example, Microsoft Edge).
- The on-premises Active Directory account you’re using must meet the following requirements:
- Membership in the Organization Management role group in your on-premises Exchange organization.
- Membership in the local Administrators group on the computer where you’re installing the Hybrid Agent.
Port and protocol requirements
Outbound ports HTTPS (TCP) 443 and 80 must be open between the computer where the Hybrid Agent installed.
Ports TCP ports 443, 80, 5985, and 5986 must be open between the computer where the Hybrid Agent is installed and the CAS that’s selected in the Hybrid Configuration wizard.
Free/busy requests from on-premises users to Exchange Online users do not traverse the Hybrid Agent. All Exchange Mailbox Servers (including Exchange 2013 Mailbox Servers) must be able to communicate with the Microsoft 365 or Office 365 endpoints via HTTPS (TCP port 443).
Hybrid Deployment with Office 365 HCW (Hybrid Configuration Wizard)
Configuring a hybrid deployment with the Hybrid Configuration wizard requires several important prerequisites for the wizard to complete successfully and for the hybrid deployment features to function correctly.
First you need to download Microsoft.Online.CSE.Hybrid.Client application to launch the wizard.
- Open up Microsoft Edge or other browser and use this URL https://aka.ms/HybridWizard
Microsoft.Online.CSE.Hybrid.Client
2. Run Microsoft.Online.CSE.Hybrid.Client. Click Install to initiate the process.
Microsoft.Online.CSE.Hybrid.Client
Microsoft.Online.CSE.Hybrid.Client
3. Now you’re ready to configure HCW
Microsoft 365 — Hybrid Configuration Wizard
Microsoft 365 — Hybrid Configuration Wizard
Microsoft 365 — Hybrid Configuration Wizard
Microsoft 365 — Hybrid Configuration Wizard
Microsoft 365 — Hybrid Configuration Wizard
Microsoft 365 — Hybrid Configuration Wizard
Microsoft 365 — Hybrid Configuration Wizard
Microsoft 365 — Hybrid Configuration Wizard
Microsoft 365 — Hybrid Configuration Wizard
Microsoft 365 — Hybrid Configuration Wizard
Microsoft 365 — Hybrid Configuration Wizard
Microsoft 365 — Hybrid Configuration Wizard
Microsoft 365 — Hybrid Configuration Wizard
Microsoft 365 — Hybrid Configuration Wizard
Microsoft 365 — Hybrid Configuration Wizard
Microsoft 365 — Hybrid Configuration Wizard
Microsoft 365 — Hybrid Configuration Wizard
You might encounter the following error while setting up HCW
Office 365 HCW — Validate Hybrid Agent for Exchange usage — Error
{“@odata.context”:”https://outlook.office365.com/adminapi/beta/b26cc56c-ffad-4555-81cf-80bd45c2c3fe/$metadata#Collection(Exchange.GenericHashTable)","adminapi.warnings@odata.type":"#Collection(String)","@adminapi.warnings":[],"value":[{"Result":"Failed","Message":"The connection to the server ‘5f66b10c-a3bf-4da5-b3c5–36b6690116ba.resource.mailboxmigration.his.msappproxy.net’ could not be completed.”,”SupportsCutover”:false,”ErrorDetail”:”Microsoft.Exchange.Migration.MigrationServerConnectionFailedException: The connection to the server ‘5f66b10c-a3bf-4da5-b3c5–36b6690116ba.resource.mailboxmigration.his.msappproxy.net’ could not be completed. — -> Microsoft.Exchange.MailboxReplicationService.MRSRemoteTransientException: The call to ‘https://5f66b10c-a3bf-4da5-b3c5-36b6690116ba.resource.mailboxmigration.his.msappproxy.net/EWS/mrsproxy.svc' timed out. Error details: The open operation did not complete within the allotted timeout of 00:00:50. The time allotted to this operation may have been a portion of a longer timeout. — -> Microsoft.Exchange.MailboxReplicationService.MRSRemotePermanentException: The open operation did not complete within the allotted timeout of 00:00:50. The time allotted to this operation may have been a portion of a longer timeout.\r\n — — End of inner exception stack trace — -\r\n at Microsoft.Exchange.MailboxReplicationService.MailboxReplicationServiceFault.ReconstructAndThrow(String serverName, VersionInformation serverVersion)\r\n at Microsoft.Exchange.Connections.Common.WcfClientWithFaultHandling`2.<>c__DisplayClass4_0.<CallService>b__0()\r\n at Microsoft.Exchange.Net.WcfClientBase`1.CallService(Action serviceCall, String context)\r\n at Microsoft.Exchange.Connections.Common.WcfClientWithFaultHandling`2.CallService(Action serviceCall, String context)\r\n at Microsoft.Exchange.MailboxReplicationService.WcfClientWithVersion`2.CallService(Action serviceCall, String context)\r\n at Microsoft.Exchange.Migration.MigrationExchangeProxyRpcClient.CanConnectToMrsProxy(Fqdn serverName, Guid mbxGuid, NetworkCredential credentials, LocalizedException& error)\r\n — — End of inner exception stack trace — -\r\n at Microsoft.Exchange.Migration.MigrationEndpointVerifier.VerifyConnectivity(MigrationEndpointBase endpoint)\r\n at Microsoft.Exchange.Management.Migration.MigrationService.Endpoint.TestMigrationServerAvailability.InternalProcessEndpoint(Boolean fromAutoDiscover)”,”TestedEndpoint”:null,”IsValid”:true}]}
Solution
Find logs here for troubleshooting %AppData%\Microsoft\Exchange Hybrid Configuration
First verify the EWS virtual directory is correctly configured
Get-WebServicesVirtualDirectory | fl InternalUrl, ExternalURLto mitigate this error add the following permissions.
Get-ClientAccessServer | Add-AdPermission -AccessRights ExtendedRight -ExtendedRights "ms-exch-epi-token-serialization" -User "<domain>\Exchange Servers"Get-ClientAccessServer | Add-ADPermission -AccessRights ExtendedRight -ExtendedRights "ms-Exch-EPI-Impersonation" -User "<domain>\Exchange Servers"Get-MailboxServer | Add-AdPermission -AccessRights ExtendedRight -ExtendedRights "ms-exch-epi-token-serialization" -User "<domain>\Exchange Servers"Get-MailboxServer | Add-AdPermission -AccessRights ExtendedRight -ExtendedRights "ms-Exch-EPI-Impersonation" -User "<domain>\Exchange Servers"
Uninstall existing HCW and Microsoft Hybrid Service and reboot Exchange Server, reinstall HCW.
Office 365 HCW — Validate Hybrid Agent for Exchange usage — Error Resolved
Autodiscover Recommendation in Exchange Server Hybrid Environment
Autodiscover provides Outlook configuration in format of XML file in order to reduce configuration steps. Inside the organization where clients are domain joined they find Autodiscover using SCP (Service Connection Point) which is created in Active Directory when deploying Exchange Server in the organization.
It depends on the current scenario that if all users are migrated to Exchange Online and no one left behind or some mailboxes exist on Exchange On-premise and others on Exchange Online.
Autodiscover will be pointing to on-premise Exchange Server.
For migrated mailbox, autodiscover service will redirect On-premise autodiscover record to Office 365 (autodiscover-s.outlook.com), and access to Office 365.
In hybrid environment, on-premise Autodiscover can redirect to Office 365 but Autodiscover pointing to Exchange Online can’t redirect to on-premise Exchange Server.
Setting upon-premises Exchange Server Hybrid with Office 365 can be tedious sometimes if you don’t follow proper guidelines.
