SOLVED
Home

Unable to create migration endpoint in 2007/2013 Hybrid

%3CLINGO-SUB%20id%3D%22lingo-sub-100149%22%20slang%3D%22en-US%22%3EUnable%20to%20create%20migration%20endpoint%20in%202007%2F2013%20Hybrid%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-100149%22%20slang%3D%22en-US%22%3E%3CP%3EExchange%202007%2F2013%20Hybrid%20setup%20with%20a%20single%20Exchange%202013%20CAS%20server.%20Hybrid%20Config%20Wizard%20completes%20without%20issue%20and%20mail%20is%20flowing%20-%20but%20I'm%20unable%20to%20move%20mailboxes%20to%20Exchange%20Online%20as%20end%20point%20creation%20fails%20with%20the%20following%20(appended)%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E1%20-%20Certificate%20is%20issued%20by%20third%20party%2C%20valid%20and%20contains%20the%20server%20name%20as%20a%20SAN%3C%2FP%3E%3CP%3E2%20-%20Internal%20mailbox%20moves%20work%20from%202007%20to%202013%20server%3C%2FP%3E%3CP%3E3%20-%20mrsproxy%20is%20enabled%20on%202013%20CAS%3C%2FP%3E%3CP%3E4%20-%20Connecting%20to%20%2Fews%2Fmrsproxy.svc%20on%202013%20CAS%20asks%20for%20auth%20-%20as%20expected%3C%2FP%3E%3CP%3E5%20-%20Account%20used%20is%20a%20member%20of%20Org%20Admins%20%26amp%3B%20Recipient%20Admins%20in%20Exchange%20on-premise%3C%2FP%3E%3CP%3E6%20-%20Basic%20auth%20enabled%20on%20the%20EWS%20virtual%20directory%20on%202013%20CAS%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI've%20worked%20through%20this%20excellent%20article%20but%20I'm%20still%20stumped%20..%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fblogs.technet.microsoft.com%2Fexovoice%2F2016%2F09%2F19%2Ftroubleshooting-issues-where-the-migration-endpoint-cannot-be-created-in-hybrid-scenarios%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fblogs.technet.microsoft.com%2Fexovoice%2F2016%2F09%2F19%2Ftroubleshooting-issues-where-the-migration-endpoint-cannot-be-created-in-hybrid-scenarios%2F%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EPS%20C%3A%5CWINDOWS%5Csystem32%26gt%3B%20Test-MigrationServerAvailability%20-RemoteServer%20srv1.domain.com%20-ExchangeRemoteMove%20-Credentials%20(Get-Credential)%3CBR%20%2F%3Ecmdlet%20Get-Credential%20at%20command%20pipeline%20position%201%3CBR%20%2F%3ESupply%20values%20for%20the%20following%20parameters%3A%3C%2FP%3E%3CP%3E%3CBR%20%2F%3ERunspaceId%20%3A%2087bd0333-22f5-423d-b176-15b90fede9c1%3CBR%20%2F%3EResult%20%3A%20Failed%3CBR%20%2F%3EMessage%20%3A%20The%20connection%20to%20the%20server%20'srv1.domain.com'%20could%20not%20be%20completed.%3CBR%20%2F%3EConnectionSettings%20%3A%3CBR%20%2F%3ESupportsCutover%20%3A%20False%3CBR%20%2F%3EErrorDetail%20%3A%20Microsoft.Exchange.Migration.MigrationServerConnectionFailedException%3A%20The%20connection%20to%20the%20server%3CBR%20%2F%3E'srv1.domain.com'%20could%20not%20be%20completed.%20---%26gt%3B%3CBR%20%2F%3EMicrosoft.Exchange.MailboxReplicationService.RemoteTransientException%3A%20The%20call%20to%3CBR%20%2F%3E'%3CA%20href%3D%22https%3A%2F%2Fsrv1.domain.com%2FEWS%2Fmrsproxy.svc%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fsrv1.domain.com%2FEWS%2Fmrsproxy.svc%3C%2FA%3E'%20failed.%20Error%20details%3A%20Access%20is%20denied..%20---%26gt%3B%3CBR%20%2F%3EMicrosoft.Exchange.MailboxReplicationService.RemotePermanentException%3A%20Access%20is%20denied.%3CBR%20%2F%3E---%20End%20of%20inner%20exception%20stack%20trace%20---%3CBR%20%2F%3Eat%3CBR%20%2F%3EMicrosoft.Exchange.MailboxReplicationService.MailboxReplicationServiceFault.%26lt%3B%26gt%3Bc__DisplayClass97_0.%3CRECONSTRUCTANDTHROW%3Eb__0()%3CBR%20%2F%3Eat%20Microsoft.Exchange.MailboxReplicationService.ExecutionContext.Execute(Action%20operation)%3CBR%20%2F%3Eat%20Microsoft.Exchange.MailboxReplicationService.MailboxReplicationServiceFault.ReconstructAndThrow(String%20serverName%2C%3CBR%20%2F%3EVersionInformation%20serverVersion)%3CBR%20%2F%3Eat%20Microsoft.Exchange.MailboxReplicationService.WcfClientWithFaultHandling%602.%26lt%3B%26gt%3Bc__DisplayClass7_0.%3CCALLSERVICE%3Eb__0()%3CBR%20%2F%3Eat%20Microsoft.Exchange.Net.WcfClientBase%601.CallService(Action%20serviceCall%2C%20String%20context)%3CBR%20%2F%3Eat%20Microsoft.Exchange.MailboxReplicationService.WcfClientWithFaultHandling%602.CallService(Action%20serviceCall%2C%20String%3CBR%20%2F%3Econtext)%3CBR%20%2F%3Eat%20Microsoft.Exchange.Migration.MigrationExchangeProxyRpcClient.CanConnectToMrsProxy(Fqdn%20serverName%2C%20Guid%20mbxGuid%2C%3CBR%20%2F%3ENetworkCredential%20credentials%2C%20LocalizedException%26amp%3B%20error)%3CBR%20%2F%3E---%20End%20of%20inner%20exception%20stack%20trace%20---%3CBR%20%2F%3Eat%20Microsoft.Exchange.Migration.DataAccessLayer.ExchangeRemoteMoveEndpoint.VerifyConnectivity()%3CBR%20%2F%3Eat%20Microsoft.Exchange.Management.Migration.MigrationService.Endpoint.TestMigrationServerAvailability.InternalProcessEndpoin%3CBR%20%2F%3Et(Boolean%20fromAutoDiscover)%3CBR%20%2F%3EIsValid%20%3A%20True%3CBR%20%2F%3EIdentity%20%3A%3CBR%20%2F%3EObjectState%20%3A%20New%3C%2FCALLSERVICE%3E%3C%2FRECONSTRUCTANDTHROW%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-100149%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EExchange%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-100347%22%20slang%3D%22en-US%22%3ERe%3A%20Unable%20to%20create%20migration%20endpoint%20in%202007%2F2013%20Hybrid%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-100347%22%20slang%3D%22en-US%22%3E%3CP%3ESending%20you%20a%20virtual%20hug%20!%20That%20was%20the%20issue.%20Thanks%20Nuno.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-100298%22%20slang%3D%22en-US%22%3ERe%3A%20Unable%20to%20create%20migration%20endpoint%20in%202007%2F2013%20Hybrid%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-100298%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Ian%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMaybe%20the%20error%20is%20that%26nbsp%3BExchange%20Servers%20group%20could%20be%20a%20nested%20member%20of%20Organizational%20Management%20group.%20Once%20you%20removed%20it%20from%20Organization%20Management%20Group%20and%20set%20the%20admincount%20value%20to%200%20and%20then%20reboot%2C%20the%20issue%20could%20be%20resolved.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EYou%20can%20see%20this%20article%20that%20describe%20your%20error%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fsupport.microsoft.com%2Fen-us%2Fhelp%2F2975731%2F-access-is-denied-error-when-you-try-to-move-mailboxes-to-exchange-onl%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fsupport.microsoft.com%2Fen-us%2Fhelp%2F2975731%2F-access-is-denied-error-when-you-try-to-move-mailboxes-to-exchange-onl%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-100292%22%20slang%3D%22en-US%22%3ERe%3A%20Unable%20to%20create%20migration%20endpoint%20in%202007%2F2013%20Hybrid%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-100292%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Nuno%20-%20we%20actually%20bounced%20the%20server%20on%20several%20ocassions%20to%20no%20avail.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-100287%22%20slang%3D%22en-US%22%3ERe%3A%20Unable%20to%20create%20migration%20endpoint%20in%202007%2F2013%20Hybrid%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-100287%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Ian%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECan%20you%20try%20to%20do%20a%20IISReset%20%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Ian Moran
Regular Contributor

Exchange 2007/2013 Hybrid setup with a single Exchange 2013 CAS server. Hybrid Config Wizard completes without issue and mail is flowing - but I'm unable to move mailboxes to Exchange Online as end point creation fails with the following (appended)

 

1 - Certificate is issued by third party, valid and contains the server name as a SAN

2 - Internal mailbox moves work from 2007 to 2013 server

3 - mrsproxy is enabled on 2013 CAS

4 - Connecting to /ews/mrsproxy.svc on 2013 CAS asks for auth - as expected

5 - Account used is a member of Org Admins & Recipient Admins in Exchange on-premise

6 - Basic auth enabled on the EWS virtual directory on 2013 CAS

 

I've worked through this excellent article but I'm still stumped ..

 

https://blogs.technet.microsoft.com/exovoice/2016/09/19/troubleshooting-issues-where-the-migration-e...

 

 

PS C:\WINDOWS\system32> Test-MigrationServerAvailability -RemoteServer srv1.domain.com -ExchangeRemoteMove -Credentials (Get-Credential)
cmdlet Get-Credential at command pipeline position 1
Supply values for the following parameters:


RunspaceId : 87bd0333-22f5-423d-b176-15b90fede9c1
Result : Failed
Message : The connection to the server 'srv1.domain.com' could not be completed.
ConnectionSettings :
SupportsCutover : False
ErrorDetail : Microsoft.Exchange.Migration.MigrationServerConnectionFailedException: The connection to the server
'srv1.domain.com' could not be completed. --->
Microsoft.Exchange.MailboxReplicationService.RemoteTransientException: The call to
'https://srv1.domain.com/EWS/mrsproxy.svc' failed. Error details: Access is denied.. --->
Microsoft.Exchange.MailboxReplicationService.RemotePermanentException: Access is denied.
--- End of inner exception stack trace ---
at
Microsoft.Exchange.MailboxReplicationService.MailboxReplicationServiceFault.<>c__DisplayClass97_0.<ReconstructAndThrow>b__0()
at Microsoft.Exchange.MailboxReplicationService.ExecutionContext.Execute(Action operation)
at Microsoft.Exchange.MailboxReplicationService.MailboxReplicationServiceFault.ReconstructAndThrow(String serverName,
VersionInformation serverVersion)
at Microsoft.Exchange.MailboxReplicationService.WcfClientWithFaultHandling`2.<>c__DisplayClass7_0.<CallService>b__0()
at Microsoft.Exchange.Net.WcfClientBase`1.CallService(Action serviceCall, String context)
at Microsoft.Exchange.MailboxReplicationService.WcfClientWithFaultHandling`2.CallService(Action serviceCall, String
context)
at Microsoft.Exchange.Migration.MigrationExchangeProxyRpcClient.CanConnectToMrsProxy(Fqdn serverName, Guid mbxGuid,
NetworkCredential credentials, LocalizedException& error)
--- End of inner exception stack trace ---
at Microsoft.Exchange.Migration.DataAccessLayer.ExchangeRemoteMoveEndpoint.VerifyConnectivity()
at Microsoft.Exchange.Management.Migration.MigrationService.Endpoint.TestMigrationServerAvailability.InternalProcessEndpoin
t(Boolean fromAutoDiscover)
IsValid : True
Identity :
ObjectState : New

 

 

4 Replies

Hi Ian,

 

Can you try to do a IISReset ?

 

Hi Nuno - we actually bounced the server on several ocassions to no avail. 

Solution

Hi Ian,

 

Maybe the error is that Exchange Servers group could be a nested member of Organizational Management group. Once you removed it from Organization Management Group and set the admincount value to 0 and then reboot, the issue could be resolved.

 

You can see this article that describe your error https://support.microsoft.com/en-us/help/2975731/-access-is-denied-error-when-you-try-to-move-mailbo...

Sending you a virtual hug ! That was the issue. Thanks Nuno.

Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
46 Replies
Extentions Synchronization
Deleted in Discussions on
3 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
13 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
29 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies