Forum Discussion

Enzo Faranda's avatar
Enzo Faranda
Copper Contributor
Nov 01, 2020

Exchange Hybrid Issues

Hello,

 

I'm hoping that you'd be able to help me on an issue that I've found myself working on. 

 

I'm working on an Exchange Hybrid (Exchange 2010 with Microsoft 365). The Hybrid has been running fine since setup. However over the past few days we've seen a few issues which are a little confusing. 

 

I hadn't setup the environment or sync so its hard trying to piece together how everything should be setup. 

 

Reported issues:

  • MacOS users are unable to sign into or configure mailbox on Outlook -  Does not work internally or externally. Windows is fine

  • Users are unable to set OOO/AutoReply status - Works via OWA or Admin centre 

  • Users are unable to view calendars of other employees - (Works via OWA and in Desktop app, if i raise permissions  from limited details to reviewer)

I believe that all issues are related to the same issue, which I feel is around the "AutoDiscover". 

From the tests I've ran, the AutoDiscovery CNAME is missing for M365. but is being pointed to the WAN IP for the site. 

 

Exchange on-prem shows: 

 
 
 

(mail.<Domain>/)

 

I've been trying to find some setup guides on the best practice of how hybrid Autodisvoer should be set. 

 

The exchange server was not running TLS 1.2, I've now fixed this by running Nartac ISSCrypto, which has resolved that issue, but the main issues reported are still outstanding. 


 

Any ideas? 

2010
Exchange Server
hybrid
office 365

3 Replies

Sort By
  • paulrail's avatar
    paulrail
    Copper Contributor
    Nov 01, 2020

    Enzo Farandaonly a guess -  check the targetsharingepr in Exchange Online.  We had to set that to the hybrid namespace every time we ran the hybrid wizard as it would sometimes clear it, else free busy would not work.

  • JeremyTBradshaw's avatar
    JeremyTBradshaw
    Steel Contributor
    Nov 01, 2020
    Hi Enzo Faranda,

    Sounds like it could be a cert issue. You mentioned the TLS 1.2 thing, maybe that fix was the catalyst for this new issue?

    I would browse to the autodiscover URL you found from Get-ClientAccessServer and login using valid user/password. It should let you in and show you some XML. The browser should see the certificate as valid. If both of those checks pass, it is likely something else like DNS or maybe load balancer.

    If you updated/replaced the certificate that Exchange had been using (for your TLS1.2 fix), it might not have been gracefully enabled for the Exchange services (e.g. IIS).

    Let us know.
    • Enzo Faranda's avatar
      Enzo Faranda
      Copper Contributor
      Nov 01, 2020

      JeremyTBradshawThanks Jeremy, 

       

      I had only looked into the TLS 1.2 upgrade as a potential fix, the issues I had mentioned were present before the TLS upgrade. 

       

      I did also check the cert and this is still valid, nothing cert wise has changed since the issues had been reported. 

       

       

Resources