HCW8064 The HCW has completed, but was not able to perform the OAuth portion of your Hybrid

Brass Contributor

Hello,
I have question.
I have to do a full hybrid setup.
My on premises infrastructure consists of two exchange servers 2016 cu17 in dag.
The various exchange services (owa, ews, smtp etc) are balanced through a load balancer.
The various exchange services are published on the LAN and on the internet pointing to the address of the load balancer and everything works correctly.
I created my domain on o365 and synchronized users with AAD connect.
To perform the full hybrid I used hcw version 17.0.4544.0.
During the hcw configuration I put both servers exchange in the receive connector configuration and I configured both servers exchange also in the send connector configuration.
As an organization FQDN I put the records mx pointing to the public address of the balancer.
HCW ends with the following message HCW8064 The HCW has completed, but was not able to perform the OAuth portion of your Hybrid configuration. If you need features that rely on OAuth, you can try running the HCW again or manually configure OAuth using these manual steps.
I tried to relaunch hcw again as suggested by microsoft article https://support.microsoft.com/en-us/help/3089172/hcw-has-completed-but-was-not-able-to-perform -the-oauth-portion-of-you but the problem persists.
From what I understand OAuth is for:
Message Records Management (MRM)
Exchange In-place eDiscovery
Exchange In-place Archiving
Integration between various services such as Teams
Is what I say correct?
Is OAuth authentication required to migrate the various exchange components to online exchanges (mailboxes, mail flow, frre busy etc) or can I ignore the message?

 

Thank you

 

Regards

6 Replies

@pazzoide76 

 

Yes you are correct in your assessment of what OAuth does in the context of Hybrid.  Whilst the lack of OAuth will not prevent you from migrating mailboxes to the cloud, I would urge you to try and get it working as per - https://docs.microsoft.com/en-us/exchange/configure-oauth-authentication-between-exchange-and-exchan...

 

Especially if you are using Teams and wish your users to have the full possible functionality whilst they still have an on-premises mailbox.

Thanks for the reply.

Since I have a two-node dag, should the procedure described in the microsoft article to enable OAth be done on both servers?

No mailboxes will remain on the servers on premises, it will be used only for management.

Also the dag will be deleted and only one server will remain.

 

thank you

 

Regards

@pazzoide76 

 

How many mailboxes do you have, and how quickly do you anticipate being able to complete your mailbox moves?  If it's a short time period, you could possibly skip this step.

 

If you did that, I'd encourage you to thoroughly test cross premise mail flow and free busy using a test migrated mailbox to ensure that things are going to work for you as required whilst you are migrating and have mailboxes both on-premises and in the cloud.

@PeterRising 

Thanks for the reply.
There are about 500 mailboxes to migrate and I think it will take about 2 weeks.
I wanted to understand if the procedure to enable OAth (article microsoft https://docs.microsoft.com/en-us/exchange/configure-oauth-authentication-between-exchange-and-exchan... ) must be performed on both nodes of the DAG.
Also from what I understand OAth is only for mailboxes that are on premises and not for those on o365, correct?

 

Thank you

 

Regards

@pazzoide76 

 

This is an organization based configuration and so running the commands on the Exchange Management Shell from a single on-prem Exchange Server should do the trick,  and yes this process relates only to on-prem mailboxes.

@PeterRising 

Thanks you are number one.
Now I try to enable OAuth.

 

Thanks again for the support