0

Exchange 2010 Hybrid Configuration Wizard

Update – The below HCW is no longer supported.  Please use the new HCW which has added multiple features as is required.

To download the Office 365 Hybrid Configuration wizard go to https://aka.ms/HybridWizard.

 

 

The below screenshots are to illustrate the Exchange 2010 HCW which was included in the Exchange install.  As noted above, this is no longer supported and should not be used.

This post is to be considered for legacy reference purposes only.

 

The initial starting configuration of the TailspinToys environment is show below.  Previously the Exchange HCW was executed to deploy the hybrid solution.  This can be seen on-premises by using this cmdlet:

Get-HybridConfiguration

 

There are some things worth pointing out.  Note that the ExternalIPAddresses is what used to be used to identify mail as coming from a particular environment.  That is now done by the certificate thumbprint.

Initial Exchange 2010 Hybrid Configuration

 

RunspaceId                      : 86c9bd14-27e5-45de-8e35-00ebe16f2e95
ClientAccessServers             : {TAIL-EXCH-1}
TransportServers                : {TAIL-EXCH-1}
SecureMailCertificateThumbprint : 2C54AE3BA219CCF3955F720578C6632DF0AB9066
OnPremisesSmartHost             : smtp.tailspintoys.ca
Domains                         : {tailspintoys.ca}
Features                        : {FreeBusy, MoveMailbox, Mailtips, MessageTracking, OwaRedirection, OnlineArchive, Sec
ureMail, CentralizedTransport}
ExternalIPAddresses             : {104.41.152.101}
AdminDisplayName                :
ExchangeVersion                 : 0.10 (14.0.100.0)
Name                            : Hybrid Configuration
DistinguishedName               : CN=Hybrid Configuration,CN=Hybrid Configuration,CN=TailspintoysCanada,CN=Microsoft Ex
change,CN=Services,CN=Configuration,DC=Tailspintoys,DC=ca
Identity                        : Hybrid Configuration
Guid                            : 413cf6cd-4fd7-4265-a090-6923743da83e
ObjectCategory                  : Tailspintoys.ca/Configuration/Schema/ms-Exch-Coexistence-Relationship
ObjectClass                     : {top, msExchCoexistenceRelationship}
WhenChanged                     : 4/15/2015 5:46:14 AM
WhenCreated                     : 11/17/2013 9:29:59 PM
WhenChangedUTC                  : 4/15/2015 5:46:14 AM
WhenCreatedUTC                  : 11/17/2013 9:29:59 PM
OrganizationId                  :
OriginatingServer               : Tail-Exch-DC-1.Tailspintoys.ca
IsValid                         : True

 

Exchange Hybrid Planning

Please note that the first step  is NOT to simply run the HCW.  In reality that should be final step as there are many other items to work through first.  This will include:

  • Chose tenant name
  • Select tenant region
  • Create tenant
  • Secure and lock down tenant
  • Implement data governance
  • Implement security controls
  • Add and validate custom domains
  • Remediate Active Directory using IDFix
  • Align UPN
  • Chose an authentication method (AF FS, Pass Through, Password Hash Sync)
  • Implement MFA
  • Review Office 365 Service Description
  • Capture business requirements
  • Select licences based on the Service Description and your captured business requirements
  • Review Exchange hybrid requirements
    • Certificates
    • Endpoints to be published
    • Cross-Premises mail flow
  • Review Exchange on-premises build and update as necessary
  • Review current Internet publishing stance
  • Update and remediation of Exchange publishing
  • Run HCW

The above is not a complete project plan.  The point though is that the HCW execution is at the end…..

 

Running The Exchange 2010 Hybrid Configuration Wizard

The below is the built in Exchange 2010 HCW in the Management console.  Note that we previously added the Exchange Online tenant to the MMC.  This is shown at the bottom of the left hand navigation tree and the chosen name was O365.

This was done by right clicking on the uppermost “Microsoft Exchange” in the top left hand corner, and selecting to Add Exchange Forest.  There is a pre-canned Exchange Online endpoint which is shown when you click the drop down, else it is hidden.

Exchange 2010 MMC Add Forest

Note that the above screen shot now instructs to add the Microsoft Online Services Sign-In Assistant.

The Microsoft Online Services Sign-In Assistant provides end user sign-in capabilities to Microsoft Online Services, such as Office 365. The MOS SIA installs client components that allow common applications, such as Microsoft Outlook and Lync, to authenticate to Microsoft Online Services. The MOS SIA can also provide an improved sign-in experience, such that end users can access Microsoft Online Services without having to re-enter their credentials (such as a user name or password). This download is intended for IT Professionals, for distribution to managed client systems as part of an Office 365 client deployment, via System Center Configuration Manager (SCCM) or similar software distribution systems. For users who are installing Office 365 by means of the Office 365 Desktop Setup application, this download is not necessary, because the MOS SIA is installed as part of the Desktop Setup process.

Exchange 2010 MMC Add Exchange Online As A Forest

Installing Sign-In Assistant

 

Sign-In Assistant Installed

Once done, you should see the below.

Exchange 2010 MMC

From a separate lab, note that since the Tenant was newer than Wave14 no organisation settings are show.

No Tenant Organisation Settings Shown In Exchange 2010 MMC

 

The Hybrid Configuration allows us to launch the HCW.  The screen shots below illustrate the flow:

Exchange 2010 Starting HCW

 

Creating the hybrid configuration must be done using the wizard.  Manually configuring the on-premises and Office 365 components to create the configuration is not supported.  That was sooo  Exchange 2010 SP1.

Thankfully we how have the Hybrid Configuration Wizard!

Exchange 2010 HCW

 

Exchange 2010 HCW Launch Screen

The HCW requires on-premises and Office 365 credentials.  It uses these credentials to automate the configuration of Office 365 and the on-premises environment.

Tip – specify the on-premises credentials as NT style domain\user.   Specify the Office 365 credentials in UPN format.  This saves some confusion between which is which in some cases.

 

Exchange 2010 HCW Provide Credentials

The domains that we need to add are the ones which are used for email purposes.

Exchange 2010 HCW Adding Domains

The below is an additional domain validation and us required over and above adding and verifying the domain in Office 365. This is required for the Exchange Federation component.

This is an additional TXT record in external DNS which needs to be published.

TIP – You can check the TXT using this post.

Exchange 2010 HCW Create Proof Of Ownership

In the Servers screen, select which Exchange 2010 servers will be used for mailbox moves and as the Hub for the cross-premises SMTP receive connector.

Note that these are NOT the only Exchange servers that require Internet access.  For details see the Office 365 IP and URL documentation.

Exchange 2010 HCW Add Hub and CAS Servers

The outbound mail for a particular customer is identified by the sending IP address.  (Note that this is no longer used)

Exchange 2010 HCW Sender IP

One of the Exchange hybrid requirements is a trusted 3rd party certificate.  This certificate needs to be bound to the transport service.

The second radio button enables Centralized Mail Transport.

Exchange 2010 HCW Select SMTP Certificate and Mail Routing

Then we click next to complete the data gathering process.  You will note that the actual implementation of the chosen options is split into two sections:

  • Set-HybridConfiguraiton
  • Update-HybridConfigurattion

 

The first saves the answers to the hybrid object in on-premises Exchange.  This is what you saw in the first image in this post, and was retrieved by running:

Get-HybridConfiguration

Then the necessary settings are applied to on-premises and Exchange Online.  In the below example there was an issue.  If that happens, don’t panic.  Read the error, correct it and simply run the HCW again.

Consider the HCW as cumulatitive.  We can run it again, it will verify that each section was set as per the selection.  It may require that we run the HCW multiple times to resolve different issues, or multiple attempts to fix a single issue.

Exchange 2010 HCW Complete Wizard

 

 

Exchange 2010 HCW Sample Error

The below is the text from the above iteration.   This is included just for reference.

This version logs to the following folder

%EXINSTALL%\Logging\Update-HybridConfiguration

In my lab this is:

C:\Program Files\Microsoft\Exchange Server\V14\Logging\Update-HybridConfiguration

 

 

Summary: 2 item(s). 1 succeeded, 1 failed.
Elapsed time: 00:00:07

Set-HybridConfiguration
Completed

Exchange Management Shell command completed:
Set-HybridConfiguration -Features ‘MoveMailbox’,’OnlineArchive’,’FreeBusy’,’Mailtips’,’MessageTracking’,’OwaRedirection’,’SecureMail’,’CentralizedTransport’ -Domains ‘tailspintoys.ca’ -ClientAccessServers ‘TAIL-EXCH-1’ -TransportServers ‘TAIL-EXCH-1’ -ExternalIPAddresses ‘168.62.176.162’ -OnPremisesSmartHost ‘smtp.tailspintoys.ca’ -SecureMailCertificateThumbprint ‘7333A67030AFCAA584758DC79812111299E5848E’

Elapsed Time: 00:00:01

Update-HybridConfiguration
Failed

Error:
Updating hybrid configuration failed with error ‘System.Management.Automation.Remoting.PSRemotingTransportException: Processing data from remote server failed with the following error message: [ClientAccessServer=BN3PR0601CA0019,BackEndServer=by1pr0501mb1269.namprd05.prod.outlook.com,RequestId=921daca7-2c23-4592-97ec-1085d0d1a04d,TimeStamp=4/6/2016 4:59:27 PM] [FailureCategory=WSMan-InvalidShellID] The request for the Windows Remote Shell with ShellId EAD6945B-4C6C-44BE-AB15-C1352A4BE6AD failed because the shell was not found on the server. Possible causes are: the specified ShellId is incorrect or the shell no longer exists on the server. Provide the correct ShellId or create a new shell and retry the operation. For more information, see the about_Remote_Troubleshooting Help topic.
at System.Management.Automation.Runspaces.AsyncResult.EndInvoke()
at System.Management.Automation.Runspaces.Internal.RunspacePoolInternal.EndOpen(IAsyncResult asyncResult)
at System.Management.Automation.Runspaces.RunspacePool.Open()
at System.Management.Automation.RemoteRunspace.Open()
at Microsoft.Exchange.Management.Hybrid.RemotePowershellSession.Connect(PSCredential credentials, CultureInfo sessionUiCulture)
at Microsoft.Exchange.Management.Hybrid.Engine.Execute(ILogger logger, String onPremPowershellHost, PSCredential onPremCredentials, PSCredential tenantCredentials, HybridConfiguration hybridConfiguration)
at Microsoft.Exchange.Management.SystemConfigurationTasks.UpdateHybridConfiguration.InternalProcessRecord()’.

Additional troubleshooting information is available in the Update-HybridConfiguration log file located at C:Program FilesMicrosoftExchange ServerV14LoggingUpdate-HybridConfigurationHybridConfiguration_4_6_2016_16_59_22_635955587623690837.log.

Exchange Management Shell command attempted:
Update-HybridConfiguration -OnPremisesCredentials ‘System.Management.Automation.PSCredential’ -TenantCredentials ‘System.Management.Automation.PSCredential’

Elapsed Time: 00:00:06

 

 

 

C:\Program Files\Microsoft\Exchange Server\V14\Logging\Update-HybridConfiguration\HybridConfiguration_4_6_2016_16_59_22_635955587623690837.log

 

 

[4/6/2016 16:59:22] INFO:Opening runspace to http://tail-exch-1/powershell?serializationLevel=Full
[4/6/2016 16:59:23] INFO:Successfully connected to On-Premises
[4/6/2016 16:59:23] INFO:Opening runspace to https://ps.outlook.com/powershell-liveid/powershell.htm?serializationLevel=Full;clientApplication=EMC;ExchClientVer=14.3.123.4
[4/6/2016 16:59:28] INFO:Disconnected from On-Premises session
[4/6/2016 16:59:28] INFO:Disconnected from Tenant session
[4/6/2016 16:59:28] ERROR:Updating hybrid configuration failed with error ‘System.Management.Automation.Remoting.PSRemotingTransportException: Processing data from remote server failed with the following error message: [ClientAccessServer=BN3PR0601CA0019,BackEndServer=by1pr0501mb1269.namprd05.prod.outlook.com,RequestId=921daca7-2c23-4592-97ec-1085d0d1a04d,TimeStamp=4/6/2016 4:59:27 PM] [FailureCategory=WSMan-InvalidShellID] The request for the Windows Remote Shell with ShellId EAD6945B-4C6C-44BE-AB15-C1352A4BE6AD failed because the shell was not found on the server. Possible causes are: the specified ShellId is incorrect or the shell no longer exists on the server. Provide the correct ShellId or create a new shell and retry the operation. For more information, see the about_Remote_Troubleshooting Help topic.
at System.Management.Automation.Runspaces.AsyncResult.EndInvoke()
at System.Management.Automation.Runspaces.Internal.RunspacePoolInternal.EndOpen(IAsyncResult asyncResult)
at System.Management.Automation.Runspaces.RunspacePool.Open()
at System.Management.Automation.RemoteRunspace.Open()
at Microsoft.Exchange.Management.Hybrid.RemotePowershellSession.Connect(PSCredential credentials, CultureInfo sessionUiCulture)
at Microsoft.Exchange.Management.Hybrid.Engine.Execute(ILogger logger, String onPremPowershellHost, PSCredential onPremCredentials, PSCredential tenantCredentials, HybridConfiguration hybridConfiguration)
at Microsoft.Exchange.Management.SystemConfigurationTasks.UpdateHybridConfiguration.InternalProcessRecord()’.

Additional troubleshooting information is available in the Update-HybridConfiguration log file located at C:Program FilesMicrosoftExchange ServerV14LoggingUpdate-HybridConfigurationHybridConfiguration_4_6_2016_16_59_22_635955587623690837.log.

Rhoderick Milne [MSFT]

Leave a Reply

Your email address will not be published. Required fields are marked *