locked
Hybrid config wizard fails with configure MRS Proxy settings RRS feed

  • Question

  • two 2013 exchange servers in dag group, doing hybrid migration to 365.

    Hybrid Migration Wizard fails with Configure MRS Proxy Settings - HCW8078 Migration Endpoint could not be reached

    took following steps to test.

    1.     (Get-WebServicesVirtualDirectory|fl ExternalAuthenticationMethods,Externalurl,MRSproxyEnabled,Server

    both servers true

    2.      Test-mrshealth - both servers true

    3.      https://mail.exampledomain/ews/mrsproxy.svc does pop up an authentication prompt, so that works

    4.      test-migrationserveravailability worked on both commands below:

    Test-MigrationServerAvailability -ExchangeRemoteMove -Autodiscover -EmailAddress user@contoso.com -Credentials $Cred

    Test-MigrationServerAvailability -ExchangeRemoteMove -RemoteServer mail.contoso.com -Credentials(Get-Credential)

    5.     Checked the IIS logs only thing I found was below, and not sure where to go next:

    Ews,mail.exampledomain.com,/ews/mrsproxy.svc,,Negotiate,true,mydomain\simpsonj,,OrganizationId~OrganizationAnchor@,Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML  like Gecko) Chrome/72.0.3626.121 Safari/537.36,xxx.xxx.xxx.xxx,myexchangeP,400,400,,GET,Proxy,myexchangep.mydomain.com,15.00.1395.000,IntraForest,ForestWideOrganization,Database~47f4d717-19bb-44fd-8207-6e33bda03022~~2019-04-15T18:04:29,,,0,0,1,,0,0,,0,,0,,0,0,,0,4,0,,,,1,0,,,0,0,4,0,3,3,3,3,4,,,,BeginRequest=2019-03-16T18:04:58.408Z;CorrelationID=<empty>;ProxyState-Run=None;ServerLocatorRefresh=47f4d717-19bb-44fd-8207-6e33bda03022;RefreshingCacheEntry=CacheEntry(BackEndServer myexchangep.mydomain.com~1941996915|ResourceForest |LastRefreshTime 2019-03-16T17:34:55.9671984Z|IsSourceCachedData True);FEAuth=BEVersion-1941996915;BeginGetResponse=2019-03-16T18:04:58.408Z;OnResponseReady=2019-03-16T18:04:58.408Z;EndGetResponse=2019-03-16T18:04:58.408Z;ProxyState-Complete=ProxyResponseData;EndRequest=2019-03-16T18:04:58.408Z;,WebExceptionStatus=ProtocolError;ResponseStatusCode=400;WebException=System.Net.WebException: The remote server returned an error: (400) Bad Request.    at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)    at Microsoft.Exchange.HttpProxy.ProxyRequestHandler.<>c__DisplayClass2c.<OnResponseReady>b__2b()

    Saturday, March 16, 2019 7:29 PM

Answers

  • found it!

    when I logged into ECP, went to servers, virtual directories, and then selected EWS (default website), I found that internal url was Https://mail.exampledomain.com/EWS/Exchange.asmx

    while EXTERNAL was  Https://exampledomain.com/EWS/Exchange.asmx

    changed external to match internal, and hybrid wizard finished!

    • Proposed as answer by Niko.Cheng Thursday, March 21, 2019 1:06 AM
    • Marked as answer by captainjamestkirk Thursday, March 21, 2019 11:34 AM
    Wednesday, March 20, 2019 8:49 PM

All replies

  • found part of the problem, did network trace while running hybrid wizard, and then viewed it using wireshark, and the hybrid wizard is connecting to the wrong domain.

    not sure how that happens, as I am logging in with correct credentials for 365 during the wizard process.

    reaching out to 365 support now

    Sunday, March 17, 2019 2:52 PM
  • Hi captainjamestkirk,

    Could you show us the detailed error when run HCW failed? that would give more clues to help troubleshoot the issue.

    Moreover, per my experience, sometimes even though the MRS proxy has been enabled, you will still get the MRS proxy issue, as a workaround, you can disable it and re-enabled it again, then perform IIS restart, this will help resolve the issue, please have a try also.

    Similar thread for your reference:

    https://social.technet.microsoft.com/Forums/azure/en-US/797e3e33-ad51-45b4-b7c6-1a17df88b394/ran-hybrid-configuration-wizard-successfully-and-got-the-warnings?forum=exchange2010


    Best Regards,
    Niko Cheng


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.


    • Edited by Niko.Cheng Monday, March 18, 2019 9:22 AM
    Monday, March 18, 2019 9:21 AM
  • I have done the disable, renable, restart IIS and so far no change.

     I can run test-migrationserveravailability, and it fails with 

    The call to
                        'https://mail.exampledomain.com/EWS/mrsproxy.svc' failed. Error details: The HTTP request was
                        forbidden with client authentication scheme 'Negotiate'. --> The remote server returned an error:
                        (403) Forbidden.. ---> Microsoft.Exchange.MailboxReplicationService.RemotePermanentException: The
                        HTTP request was forbidden with client authentication scheme 'Negotiate'. --->

    Exchange ECP shows proxy is enabled, but if I do  Set-WebServicesVirtualDirectory "<ServerName>\EWS (Default Web Site)" -MRSProxyEnabled $true

    I do get the reply that it is disabled.

    but - if I click on the ink https://mail.exampledomain.com/EWS/mrsproxy.svc, I do get the login prompt, which means it is working right?

    one more question though, what should I see when I sign on to that link, cause I get this error below:


    Server Error in '/EWS' Application.

    This type of page is not served. 
      Description: The type of page you have requested is not served because it has been explicitly forbidden.  The extension '.svc' may be incorrect.   Please review the URL below and make sure that it is spelled correctly. 

     Requested URL: /EWS/mrsproxy.svc


    Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.7.2558.0 

    Monday, March 18, 2019 9:21 PM
  • so digging through logs, I found that at one point during hybrid migration wizard it is calling out to https://exampledomain.com/ews/mrsproxy.svc  and failing.

    if I browse to  https://mail.exampledomain.com/ews/mrsproxy.svc I do get sign in prompt.

    so what did I do wrong here to make it not call out to mail.exampledomain.com?


    019.03.19 12:18:30.912         10277 [Client=UX, Session=Tenant, Cmdlet=Set-OnPremisesOrganization, Thread=24] FINISH Time=390.0ms Results=0

    2019.03.19 12:18:30.912         10271 [Client=UX, Page=Configuring, fn=RunWorkflow, Workflow=Hybrid, Task=Final, Phase=Configure, Thread=24] FINISH Time=717.6ms Results=PASSED (Configuration Complete)

    2019.03.19 12:18:30.912         10270 [Client=UX, Page=Configuring, fn=RunWorkflow, Workflow=Hybrid, Task=Final, Phase=ValidateConfiguration, Thread=24] START

    2019.03.19 12:18:30.912         10271 [Client=UX, Page=Configuring, fn=RunWorkflow, Workflow=Hybrid, Task=Final, Phase=ValidateConfiguration, Thread=24] FINISH Time=0.0ms Results=PASSED - (Validation Passed)

    2019.03.19 12:18:30.912         10273 [Client=UX, Page=Configuring, fn=RunWorkflow, Workflow=Hybrid, Task=Final, Thread=24] FINISH Time=717.6ms Results=PASSED

    2019.03.19 12:18:30.912         10269 [Client=UX, Page=Configuring, fn=RunWorkflow, Workflow=Hybrid, Thread=24] FINISH Time=149.5s Results=PASSED

    2019.03.19 12:18:30.912 WARNING 10026 [Client=UX, Page=Configuring, fn=RunWorkflow, Thread=24]

                                          HCW8078 Migration Endpoint could not be created. 

                                          Microsoft.Exchange.Migration.MigrationServerConnectionFailedException

                                          The connection to the server 'exampledomain.com' could not be completed.

                                          Microsoft.Exchange.MailboxReplicationService.RemoteTransientException

                                          The call to 'https://exampledomain.com/EWS/mrsproxy.svc' timed out. Error details: The request channel timed out while waiting for a reply after 00:00:00.0038244. Increase the timeout value passed to the call to Request or increase the SendTimeout value on the Binding. The time allotted to this operation may have been a portion of a longer timeout. --> The HTTP request to 'https://exampledomain.com/EWS/mrsproxy.svc' has exceeded the allotted timeout of 00:00:00.0030000. The time allotted to this operation may have been a portion of a longer timeout. --> The operation has timed out

                                          Microsoft.Exchange.MailboxReplicationService.RemotePermanentException

                                          The request channel timed out while waiting for a reply after 00:00:00.0038244. Increase the timeout value passed to the call to Request or increase the SendTimeout value on the Binding. The time allotted to this operation may have been a portion of a longer timeout.

                                          Microsoft.Exchange.MailboxReplicationService.RemotePermanentException

                                          The HTTP request to 'https://exampledomain.com/EWS/mrsproxy.svc' has exceeded the allotted timeout of 00:00:00.0030000. The time allotted to this operation may have been a portion of a longer timeout.

                                          Microsoft.Exchange.MailboxReplicationService.RemotePermanentException

                                          The operation has timed out


    Wednesday, March 20, 2019 8:33 PM
  • found it!

    when I logged into ECP, went to servers, virtual directories, and then selected EWS (default website), I found that internal url was Https://mail.exampledomain.com/EWS/Exchange.asmx

    while EXTERNAL was  Https://exampledomain.com/EWS/Exchange.asmx

    changed external to match internal, and hybrid wizard finished!

    • Proposed as answer by Niko.Cheng Thursday, March 21, 2019 1:06 AM
    • Marked as answer by captainjamestkirk Thursday, March 21, 2019 11:34 AM
    Wednesday, March 20, 2019 8:49 PM
  • Hi captainjamestkirk,

    Glad you solved the issue and thanks for your sharing, do you mind marking it as an answer? this will make answer searching in the forum easier and be beneficial to other community members as well. 

    Thanks for your understanding.



    Best Regards,
    Niko Cheng


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Thursday, March 21, 2019 1:07 AM