Exchange 2013 Hybrid Deployment, on-premise to multiple Office 365 tenants

Similar Messages

• Migration From Exchange 2010 Hybrid to Exchange 2013 Hybrid Deployment

  hi,
  I have existing Exchange Server 2010 Hybrid Deployment. Planning to migrate to Exchange 2013. However, while schema update, i am facing some errors/warnings as can be seen in attached screenshot. 
  I have already checked and current functional level in DC is Windows Server 2003. What could be the best steps to troubleshoot the problems and proceed further with Exchange 2013 installation?
  Thanks

  Hi Muhammad
  Can you please give few more information about your environment  so that people around here can help you out
  I have existing Exchange Server 2010 Hybrid Deployment - Do you have Exchange 2010 and Office 365 in a
  hybrid setup now ?
  Are you trying to upgrade your on premise Exchange 2010 servers to Exchange 2013 ?
  Or Are you trying to migrate your on premise Exchange 2010 to a different forest to Exchange 2013 ?
  You can try the below suggestions-
  I would better suggest you to follow Microsoft Exchange Server Deployment Assistant - http://technet.microsoft.com/en-us/office/dn756393.aspx
  Also i would recommend you to check the prerequisites for hybrid deployment with office 365 
  http://technet.microsoft.com/en-us/library/hh534377(v=exchg.150).aspx
  Cheers !!!
  Remember to mark as helpful if you find my contribution useful or as an answer if it does answer your question.That will encourage me - and others - to take time out to help you Check out my latest blog posts on http://exchangequery.com Thanks Sathish
  (MVP)

• Exchange 2013 Hybrid Deployment issues.

  Hello.
  i have an issue when configuring Exchange hybrid deployment in my environment.
  when i complete the Exchange hybrid wizard and OAuth is finished our exchange environment will not receive emails from the "internet" as in senders outside the company.
  mail will can be sent out and will flow between internal users.
  when i check the message trace on 365 the emails were failing with the following error.
  Users were also getting a bounce back saying 
  Diagnostic-Code: smtp;550 5.4.1 [[email protected]]: Recipient address rejected: Access denied
  i wondered if it had anything to do with the MX record on our public DNS, i changed this to the one recommended by O365 domain DNS assistant, but this made no odds,
  it looks like it could be a receive connector issue however i am new to exchange so i am still learning.
  the only way to fix the issue was to run Remove-Hybridconfiguration on the Exchange 2013 server, when this finished and few moments had passed mail began being received from the internal again.
  Any Suggestions on what could be caused 
  many thanks

  Hello.
  i have an issue when configuring Exchange hybrid deployment in my environment.
  when i complete the Exchange hybrid wizard and OAuth is finished our exchange environment will not receive emails from the "internet" as in senders outside the company.
  mail will can be sent out and will flow between internal users.
  when i check the message trace on 365 the emails were failing with the following error.
  Users were also getting a bounce back saying 
  Diagnostic-Code: smtp;550 5.4.1 [[email protected]]: Recipient address rejected: Access denied
  i wondered if it had anything to do with the MX record on our public DNS, i changed this to the one recommended by O365 domain DNS assistant, but this made no odds,
  it looks like it could be a receive connector issue however i am new to exchange so i am still learning.
  the only way to fix the issue was to run Remove-Hybridconfiguration on the Exchange 2013 server, when this finished and few moments had passed mail began being received from the internal again.
  Any Suggestions on what could be caused 
  many thanks
  Make sure the accepted SMTP domains in the Office 365 EAC are set to Internal Relay rather then Authoritative.
  Twitter!:
  Please Note: My Posts are provided “AS IS” without warranty of any kind, either expressed or implied.

• Exchange 2010 Free/Busy Federation with vendor's Office 365 tenant

  Here the situation,
  ORG A
  ====
  Exchange 2010 SP3 On-premise. No externally accessible CAS available/published (we are very secure and require VPN for Outlook/OWA from home/outside network)
  ORG B
  ====
  Office 365
  ASK
  ===
  ORG B is a vendor for ORG A and we would like to have federated free/busy sharing between the two organizations. I have read the steps about setting up a federation trust, configuring org relationships both ways, configuring autodiscover on our end.
  My specific questions are,
  1. Currently we don't have any externally published CAS servers. My assumption is we need atleast one (and probably more for fault tolerance) for federated free/busy sharing correct? We obviously don't want to place this in the DMZ/externally...so what are
  the recommended configuration? Publish the CAS externally? Any other more secure recommendations? We don't have TMG or any other Microsoft solution for that purpose...are there any other options? We use Cisco IronPorts for inbound/outbound email.
  2. Does this coexistence server have to be Exchange 2013 or will Exchange 2010 sp3 suffice?
  3. Are there any other methods of accomplishing this ask? We don't want users to have to individually share calendars...so internet calendar sharing is out of the question.

  Hi,
  If the organization receives or sends Internet e-mail for the domain, we need to
  configure an
  internet facing CAS server.
  For your reference, here are some articles that may be helpful to you:
  Exchange 2010 SP1 and Exchange Online (Office 365) Calendaring:
  http://blogs.technet.com/b/exchange/archive/2011/02/16/3412010.aspx
  Federation in Office 365 and Exchange
  http://community.office365.com/en-us/wikis/exchange/federation-in-office-365-and-exchange.aspx
  Create a Federation Trust
  http://technet.microsoft.com/en-us/library/dd335198.aspx
  Thanks,
  Winnie Liang
  TechNet Community Support

• Exchange 2013 Hybrid setup & DNS

  Greetings!  We currently have an Exchange 2010 on prem environment and I have been tasked with getting us into a hybrid state with O365.  We already have the tenet portions set up, AD Sync working, etc.  My initial thought was to just use
  our existing Exchange 2010 servers for the hybrid role, however, upon research it appears that standing up new Exchange 2013 servers specifically as hybrid servers is the suggested route.
  My main goal is to do this hybrid deployment with as little impact and change to our environment (and thus user impact) as possible.  From what I have read, I will have to change the autodiscover and ews records to point to the new Exchange 2013 servers. 
  Is it also the case that I will have to redirect OWA to the Exchange 2013 servers?  Is there any way to deploy Exchange 2013 hybrid servers in a way that I do not have to change owa, autodiscover, etc? 
  Thanks in advance!

  Hi Joe,
  Based on my knowledge, we didn't need to install Exchange 2013 to perform routing.
  We can just deploy an Exchange 2010-based Hybrid Deployments.
  Please make sure the Exchange 2010 upgrade to SP3.
  More details to see:
  Hybrid Deployments
  https://technet.microsoft.com/en-us/library/gg577584(v=exchg.141).aspx
  Thanks
  If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Mavis Huang
  TechNet Community Support

• Default frontend receive connector settings exchange 2013 hybrid edition?

  Hi,
  I am busy setting up a hybrid environment with exchange 2007 , exchange 2013 hybrid edition and office 365.
  When installing exchange 2013 it creates a default frontend receive connector, on the security tab anonymous user is also selected.
  Should i leave it this way?
  At the moment the mx record is pointing to the exchange 2007, in the future i will change the mx record to the exchange cloud.
  I can telnet and mail to the exchange 2013 server, but there is no spam protection, do i need the anonymous user if i am not intended to use this for the mx record, i suppose office 365 is going to use this connector.
  (ps: still have to run the hybrid configuration wizard, waiting for dns ownership txt record)

  Hi Steven,
  Just as Ed said, the connector restrict access via IP address. We can also create another ones.
  If you worry about the spam, I suggest enabling the Anti-Spam function on MBX server.
  More details in the following articles:
  Spam Protection 
  http://technet.microsoft.com/en-us/library/jj218660(v=exchg.150).aspx
  Enable Anti-Spam Functionality on Mailbox Servers
  http://technet.microsoft.com/en-us/library/bb201691(v=exchg.150).aspx
  Hope it is helpful
  Thanks
  Mavis
  If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Mavis Huang
  TechNet Community Support

• Managing multiple Office 365 accounts

  Hi
  Does anyone have a good solution to managing multiple Office 365/Exchange 365 accounts? I provide IT services to a number of small businesses, all unrelated and I am responsible for over 6 separate instances of Office 365 (mostly Exchange, a couple also
  have sharepoint) for clients. I also use it myself (Exchange and Sharepoint).
  My issue is that as soon as I log into a client admin portal, it removes my authentication to my own or other accounts and I cannot use my own sharepoint or Exchange online services. I can only be logged in to one. As all my business runs in Sharepoint and
  Exchange, this is very annoying. Outlook is OK, its authentication doesn't change when I log in as someone else (Outlook Web Access does obviously). I never had this issue with BPOS, the SSO application kept my business systems online even when I logged into
  a client portal but now that there is no SSO, I dont have this luxury. My IE homepages are all my Office 365 portal pages and if I log in as another client, they all log into the client next time.
  I need an intermediate portal interface that allows me to store credentials for each client separately and allow me to log into multiple online services accounts without affecting other accounts. I often find myself needing to access 2-3 accounts at the
  same time and have to use different browsers for each one (it is close but not quite 100% in Firefox or Chrome). Does such a system exist? Surely I am not alone in managing many accounts at the same time. I can run multiple powershell sessions independently
  but I dont want to do everything through powershell all the time and cannot log in as the client to check things this way.
  Regards
  Ben

  If you want to work on your computer with different office 365 accounts, you don't need to run different browsers!
  Since IE8 there is a hidden function called "New Session". It works great for SharePoint Online and it works if you want to login with different credentials to you SharePoint OnPremise during testing. I love it!
  More information and screenshots:
  https://www.facebook.com/media/set/?set=a.544497252247574.130281.203330989697537&type=1
  Marek Czarzbon, Made In Point

• How to delete duplicate attribute in on premise server for office 365 dir sync tool

  Hi,
  Please anyone help to how to remove duplicate attribute in on premise server for office 365 dir sync tool .
  While running the dirsync tool iam getting the below error : 
  "Unable to update this object because the following attributes associated with this object have values that may already be associated with another object in your local directory services: [ProxyAddresses smtp:[email protected],SMTP:[email protected];].
   Correct or remove the duplicate values in your local directory.  Please refer to http://support.microsoft.com/kb/2647098 for more information on identifying objects with duplicate attribute value"
  Still i am troubleshooting to reslove this problem . I have run the ID Fix tool there i could see some 10 duplicate errors . Next what should i do , please anyone help me to find it
  Thanks.....

  Hi,
  Please anyone help to how to remove duplicate attribute in on premise server for office 365 dir sync tool .
  While running the dirsync tool iam getting the below error : 
  "Unable to update this object because the following attributes associated with this object have values that may already be associated with another object in your local directory services: [ProxyAddresses smtp:[email protected],SMTP:[email protected];].
   Correct or remove the duplicate values in your local directory.  Please refer to http://support.microsoft.com/kb/2647098 for more information on identifying objects with duplicate attribute value"
  Still i am troubleshooting to reslove this problem . I have run the ID Fix tool there i could see some 10 duplicate errors . Next what should i do , please anyone help me to find it
  Thanks.....

• Exchange 2013 Hybrid with O365 - migrated user causes admin restart prompt for multiple other users

  Greetings!  We are in the process of doing some testing and migration in a hybrid deployment with Office365 and Exchange on premise.
  I just completed a migration for an on-premise user.  We have, so far, migrated 3 users in the IT department as initial testing.  The first two migrations were very cut and dry.  The third migration; as soon as I finalized the batch, multiple
  people on our team received messages about having to restart Outlook.  These were users that had not been migrated and were not part of any migration batch, but were members of the same department.  I am trying to understand, under what circumstance
  could a migration of a user cause other users who are still on premise to receive the "admin made changes" prompt in Outlook.
  Thanks in advance.

  Hi Joe,
  Could you share the migration batch? Note, please hide if there are any sensitive information like domain name and server name.
  Thanks,
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Simon Wu
  TechNet Community Support

• Lync 2013 Hybrid deployment with resource forest scenario on-premise

  Hi there,
  Im starting to deploy this scenario of Lync on-premise in resource forest with Lync Online:
  I´am not finding any documentation about this specific scenario. I wish to know how the flow between forests will be to have users in lync online and users on premise.
  Thank you very much in advance for your help.
  Joaquin Gonzalez

  Hi Joaquin,
  You need to deploy Microsoft Forefront Identity Manager (FIM) 2010 to manage the life cycle of user accounts.
  In a resource forest topology, one forest is dedicated to running server applications, such as Microsoft Exchange Server and Lync Server. The resource forest hosts the server applications and a synchronized representation of the active user object, but it
  does not contain logon-enabled user accounts. The resource forest acts as a shared services environment for the other forests where user objects reside. The user forests have a forest-level trust relationship with the resource forest. When you deploy Lync
  Server in this type of topology, you create one disabled user object in the resource forest for every user account in the user forests. If Microsoft Exchange is already deployed in the resource forest, the disabled user accounts might already exist. A directory
  synchronization product, such as MIIS, Microsoft Forefront Identity Manager (FIM) 2010, or Microsoft Identity Lifecycle Manager (ILM) 2007 Feature Pack 1 (FP1), manages the life cycle of user accounts. When a new user account is created in one of the user
  forests or a user account is deleted from a forest, the directory synchronization product synchronizes the corresponding user representation in the resource forest.
  Click the links below for more information.
  Supported Active Directory topologies in Lync Server 2013
  http://technet.microsoft.com/en-us/library/gg398173.aspx
  Windows Azure Active Directory Connector for FIM 2010 R2 Quick Start Guide
  http://technet.microsoft.com/en-us/library/dn511002(v=ws.10).aspx
  Hope it can be helpful.
  Best regards,
  Eric

• Exchange 2013 Hybrid and Rightfax

  We are in the process of planning our migration to Office 365, and one of the things we currently use in our Exchange 2010 on prem solution is Rightfax for direct faxing inbound/outbound.   The plan is to roll out exchange 2013 in hybrid mode, and I
  am wondering what i need to do so that faxing continues to work?
  Since we will be running a hybrid, is it as simple as installing the rightfax service on the exchange server, or do I need to plan for some kind of cloud access, similar to how they borked up exchange UM integration (requires a session border controller,
  rather than routing through exchange on premises box).

  Hi,
  According to the description, following is my understanding:
  1. You want to migrate to Office 365 from Exchange server 2010.
  2. Exchange server 2010 host the Rightfax, now.
  3. You want to install a new Exchange server 2013 on-premise. Let the Exchange server 2013 on-premise host the Rightfax.
  4. Exchange server 2013 on-premise and Office 365 Hybrid Deployment.
  Please correct me if there is any misunderstanding.
  If all of above is right, I find some resource relate on Hybrid Deployment with Exchange 2013 on-premises and Office 365.
  Exchange Server 2013 Hybrid Deployments
  http://technet.microsoft.com/en-us/library/jj200581(v=exchg.150).aspx
  Note: If you want to move mailboxes from your on-premises organization to the Exchange Online organization, and those mailboxes are configured for UM, you should configure UM in your hybrid deployment prior to moving those mailboxes.
  If you move mailboxes before you configure UM in your hybrid deployment, those mailboxes will no longer have access to UM functionality.
  About the Rightfax, I find this from Microsoft resource:
  OpenText RightFax version 10
  http://pinpoint.microsoft.com/en-us/applications/opentext-rightfax-version-10-12884918124
  However it works with
  Hyper-V, Microsoft Exchange Server 2010, Microsoft Office 365, Microsoft SharePoint Server 2010, Windows Server 2008 R2.
  I'm not quite familiar with it. We can also contact to Rightfax Support to double confirm this.
  Thanks
  Mavis
  If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Mavis Huang
  TechNet Community Support

• Exchange 2013 Hybrid Configuration Wizard OAuth error

  Hi,
  We are facing following error when we run OAuth configuration after complete the Hybrid Configuration Wizard.
  Error:
  ScenarioFailureException
  Message:
  Exchange OAuth authentication couldn‎'t find any accepted domains in your on-premises organization.
  Verify you‎'ve configured at least one on-premises accepted domain.
  Location:
     at Microsoft.Online.CSE.HRC.Activities.OAuthActivities.GetCertificateActivity.Run‎()‎
     at Microsoft.Online.CSE.HRC.Workflow.Activity.WorkflowBaseActivity.Launch‎()‎
     at Microsoft.Online.CSE.HRC.Workflow.Runtime.WorkflowActivityHelper.Execute‎(ActivityContext context, Boolean launch)‎
     at System.Activities.NativeActivity.InternalExecute‎(ActivityInstance instance, ActivityExecutor executor, BookmarkManager bookmarkManager)‎
     at System.Activities.Runtime.ActivityExecutor.ExecuteActivityWorkItem.ExecuteBody‎(ActivityExecutor executor, BookmarkManager bookmarkManager,
  Location resultLocation)‎
  Environment:
  2x Exchange 2013 CU6 (DAG+one ClientAccess)
  Directory Sync Server
  No ADFS server since we don't need single sign on
  Office 365 E3 Tenant
  We have tried manually setup the OAuth configuration according to the below TechNet article but failed when running the ExportAuthCert.ps1
  script file. It couldn't match the certificate thumbprint with the location "Cert:\LocalMachine\My"
  http://technet.microsoft.com/en-us/library/dn594521%28v=exchg.150%29.aspx
  Please help!
  Thanks in Advance
  Roshan

  We have the exact same Issue, tried the exact same setup and NO JOY!! - any resolution yet?
  Also found this article:
  http://consulting.risualblogs.com/blog/2014/09/10/exchange-2013-cu6-hybrid-users-with-o365-unable-to-query-freebusy-for-on-premises-users/comment-page-1/#comment-5192  
  ..... but did not fix the free/busy
  Best Regards,
  Francois

• Powershell Azuze Exchange 2013 Hybrid Enviroment

  I am having issues running Azure Powershell commands from my workstation.
  We currently have a hybrid enviroment with some users on premise and others in Office 365 cloud. When ever I try to use the Get-mailbox command to list a user that is in the office 365 cloud I get this response:
  The operation couldn't be performed because object <Office 365 User> couldn't be found on '<MyOnsiteDomianController>'.
  I have listed the script I use to conect to Azure below:
  $Cred = Get-Credential
  $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $Cred -Authentication Basic –AllowRedirection
  Import-PSSession $Session
  Import-Module MSOnline
  Connect-MsolService –Credential $Cred

  Hello,
  Come back and mark the replies as answers if they help and unmark them if they provide no help.
  I'm marking the reply as answer as there has been no update for a couple of days.
  If you come back to find it doesn't work for you, please reply to us and unmark the answer.
  Cara Chen
  TechNet Community Support

• Office 365 / Exchange Online - Hybrid Setup - On Premise User cannot see calendar of an Exchange Online User.

  Hi All, 
  The below will help if:
  You have a hybrid setup and cannot see Free/Busy info from an On Premise user for anyone on Office 365 / Exchange Online.
  You have your network firewall configured to allow your Exchange servers out through the proxy for O365/EXO url's
  - Get hold of SysInternals PSEXEC from Microsoft. 
  Run PSEXEC -i -s C"\Program Files (x86)\Internet Explorer\iexplore.exe"  (This opens Internet Explorer as the SYSTEM account)
  Goto Internet Options > Connections > LAN Settings and untick the "Automatically Detect Settings"
  Had this bouncing around at Microsoft for a few days until one of the guys tried this and it worked immediately.

  Forgot to mention, the PSEXEC command needs to be run as an Administrator
  Run PSEXEC -i -s C"\Program Files (x86)\Internet Explorer\iexplore.exe"  (This opens Internet Explorer as the SYSTEM account)
  Goto Internet Options > Connections > LAN Settings and untick the "Automatically Detect Settings"

• Is ADFS mandatory for Lync 2013 Hybrid Deployment?

  We alreadys have Lync 2013 Onpremise.
  We now wish to do a Lync Hybrid setup with O365 Lync Online but wish to know the following.
  While doing a Lync Hybrid setup, is deploying ADFS mandatory? We ask this because the new DirSync tool has the ability to Sync users password and thus we can avoid deploying ADFS/ADFs proxy/ADFS farm etc, thus reducing Onpremise
  complextities. We dont care about SSO as far as users can Logon Onpremise or Online using their same AD password.
  If we can do a Lync2013 hybrid setup without ADFS, then can we later have our Lync 2013 Hybrid setup to federate with our partners domain?

  yes, read it too quick. it happens.
  check these two resources:
  http://immencloud.wordpress.com/2013/06/03/office-365-dirsync-with-password-sync/
  http://blogs.technet.com/b/educloud/archive/2013/06/03/new-azure-active-directory-sync-tool-with-password-sync-is-now-available.aspx
  in short, if you are happy without a true SSO experience and other limitations described in the blogs, then you should need no AD federation.