Forum Discussion
Hybrid Configuration Wizard
Hi all,
Desperately hoping someone can help as I'm tearing my hear out with this! We have a seemingly very odd issue when trying to run the Office 365 Hybrid Configuration Wizard...
It fires up fine, finds the appropriate Exchange server and then gets to the credential page for the Exchange box and Office 365, and this is where the fun starts. Office 365 credentials work and connect fine, no problem. But regardless of what we put in for the "on-premises Exchange administrator" account, it throws an "Invalid Username or Password" error. This is regardless of using the current Windows identity checkbox, or typing the credentials in manually.
What's interesting, is that no errors are logged in the log file, and check of the security log on the Exchange box shows a successful logon from the .exe:
An account was successfully logged on.
Subject:
Security ID: <snip>
Account Name: <snip>
Account Domain: <snip>
Logon ID: 0x4C41A02
Logon Information:
Logon Type: 2
Restricted Admin Mode: -
Virtual Account: No
Elevated Token: Yes
Impersonation Level: Impersonation
New Logon:
Security ID: <snip>
Account Name: <snip>
Account Domain: <snip>
Logon ID: 0x4E548FB
Linked Logon ID: 0x4E549B7
Network Account Name: -
Network Account Domain: -
Process Information:
Process ID: 0x3190
Process Name: C:\Users\<snip>\AppData\Local\Apps\2.0\P740GNBT.DPA\JK4MHM40.9KB\micr..tion_5329ec537c0b4b5c_0011.0000_72ec5a2eed6c5911\Microsoft.Online.CSE.Hybrid.App.exe
If I then *purposefully* put a wrong username/password combo in then I get the expected audit failure in the security log AND also an expected entry in the HCW log file:
10393 [Client=UX, Page=Credentials, Thread=1] Windows Auth Failure: [ErrorCode=0x80004005] [NativeErrorCode=0x52E]
So this indicates it's not a credential error, but I have absolutely no idea what it could be!!!
The account we're using is a member of Domain Admins, Enterprise Admins and Exchange Organization Management.
We're running Exchange 2016 Standard, CU 15.
Any assistance would be unimaginably appreciated as this is now driving me mad!
Cheers
Further edit:
Just to follow further on from this, I've ran TCPView to see what the HCW is doing when I hit OK at the credential prompt, and it's (unsurprisingly) opening an LDAP connection to one of our DCs. So I checked the security log on said DC, and it's showing a successful logon - so what the is the HCW complaining about?!
Hi, as per https://docs.microsoft.com/en-us/exchange/hybrid-deployment/deploy-hybrid, your on-premises account needs to have Enterprise Admin permissions assigned,
- Sorry, yes the account is also a member of the Enterprise Admins - I'll edit the OP accordingly.
BellaBeck73 - yes, after trawling through a .dmp file with Microsoft, for us the issue was caused by we think two things:
1) Redirecting the default Computers container to a different OU for new devices
and
2) That redirected OU having a "/" in it's name (other characters could potentially also cause it).
Not sure if that helps or not - but we are able to verify by running the following from a PowerShell prompt on the machine with the HCW installed:
[System.DirectoryServices.AccountManagement.UserPrincipal]::Current
This gave an "Unknown error (0x80005000) - the same as the HCW was throwing" - but when we then defaulted the Computers container redirection to an OU with no forward slash in the name (redircmp "OU=Test OU,OU=Company,DC=ad,DC=domain,=DC=com") then rerunning the command it returned the correct user info - and in turn the HCW then worked.
- JonahIF,
Thank you so much for the information. I was able to fix my Hybrid configuration on premise login because of your good advice. My AD Computers container was also misconfigured. I brought up a new OU named NEWComputers and redirected to it using REDIRCMP – see for example https://activedirectoryfaq.com/2014/01/redirecting-the-containers-users-and-computers-in-windows-active-directory-domains/
The hybrid configuration wizard is now allowing be to login with my on premise credentials. Cheers!
