Forum Discussion
Exchange Hybrid Migration Endpoint cannot be created
We cannot create an Exchange hybrid migration endpoint using remote server and the error when we create bypass verification is
Error: CommunicationErrorTransientException: The call to 'https://mail.foxvalleyfire.com/EWS/mrsproxy.svc' failed. Error details: The HTTP request was forbidden with client authentication scheme 'Negotiate'.. --> The HTTP request was forbidden with client authentication scheme 'Negotiate'.
We have check on Exchange on prem server and found that the MRSproxy has turned on. What do we need to check from on premise? Please refer to below for the error
3 Replies
where is your Hybrid FQDN pointing from internet (e.g. on the firewall)? it can be an issue if you are doing certain SSL checks for HTTPS, which might alter your requests header
are you using the same certificate on that entry point, that you are using on the exchange server and is your Hybrid FQDN in the subject names?
sometimes, MRSProxy can be buggy... so in rare cases re-enabling MRSProxy after disabling can help.
you might also want to verify, whether ExtendedProtection is enabled, especially on EWS
Hi,
Where you able to resolve the issue ?
We are also facing the same error moving from EX2019 CU15 to O365.
jonmovaci
Verify that MRS Proxy is enabled:Get-WebServicesVirtualDirectory | FL Identity,MRSProxyEnabled
If the output is false, then run:Set-WebServicesVirtualDirectory -Identity "EWS (Default Web Site)" -MRSProxyEnabled $true
iisreset
Also check authentication settings on your EWS virtual directory. Enable Basic auth and disable Windows auth and do another iisreset.
Then, re-run the HCW and try again.If none of this helps, please share the output of the following:
Get-WebServicesVirtualDirectory | FL Identity,MRSProxyEnabled,BasicAuthentication,WindowsAuthentication
