Monday, April 11, 2016

Exchange Hybrid Free/Busy - Fails after running HCW to add more domains

So you have decided to run HCW again to include additional domains that you have skipped in the initial setup.

And immediately, you notice that free/busy query from Exchange Online to On Premises have started to fail again.

If you have already fixed it from my previous post, why is this happening again?

Firstly, run the following command from Exchange Online PowerShell:

Test-OrganizationRelationship -UserIdentity onPremiseMailbox@company.com -Identity “O365 to On-premises 6633cadc-0124-4111-2a22-e51f8853d1c5” -Verbose

Note that it will fail at STEP 4:

STEP 4: Getting organization relationship settings from remote partner...

RESULT: Unable to retrieve organization relationships from remote organization.
RESULT: Error.


But if you look back at STEP 3 - you will notice that the target URL is probably showing the new domain that you just added:

STEP 3: Requesting delegation token from the STS...

RESULT: Success.
Retrieved token for target https://autodiscover.newcompany.com/autodiscover/autodiscover.svc/WSSecurity for offer Name=MSExchange
.Autodiscover,Duration=28800(secs)

So what's the problem here? Most likely, this is used as a secondary email address and you haven't bothered to configure autodiscover for it.

To confirm this, run the following command from Exchange Online PowerShell:

Get-OrganizationRelationship | FL

Check out the "TargetAutodiscoverEpr" field, it is probably pointing to https://autodiscover.newcompany.com/autodiscover/autodiscover.svc/WSSecurity, instead of https://autodiscover.company.com/autodiscover/autodiscover.svc/WSSecurity

To solve the problem, either configure autodiscover for that domain (add it in public DNS, and update your TMG rules + add the SAN into your certificate), or just repoint it back to the correct autodiscover URL.

This can be done by executing the following command from Exchange Online PowerShell:

Get-OrganizationRelationship | Set-OrganizationRelationship -TargetAutodiscoverEpr https://autodiscover.company.com/autodiscover/autodiscover.svc/WSSecurity

No comments: