locked
remote migration to o365 RRS feed

  • Dotaz

  • dears, 

    i configured my 2013 exchange for hybrid. however i recieved this warning in the end

    the migration endpoint is not created. however mrs proxy is enabled tried to disable/enable more than once same issue

    webmail and autodiscover are externally published

    my certificate is valid and public

    test using remote analyzer is successful

    however, testing the remote migration move is failing with the call to ews.

    if i try https://webmail.domain.com/ews/proxy.svc this is not working. the issue is here somewhere and i tried all the fixes with no luck. changed the authentication from iis and tested, same issue

    your help is appreciated

    pátek 17. července 2020 18:25

Všechny reakce

  • Hi,

    Could you please provide more information. 

    1. Is it happening to all mailboxes or some of them?

    If it is for some mailboxes, try the solution provided in this KB: https://support.microsoft.com/en-us/help/3065754/the-remote-server-returned-an-error-404-or-http-request-has-exceeded-t

    2. Have you tested the exchange remote connectivity analyzer for EWS?

    EXRCA

    3. Check if WSSecurityAuthentication on the EWS Virtual directory is enabled or not. If not, set it to true and try the migration


    Thanks,
    Ashok M My blog
    ________________________________________________________________
    Please mark the reply as an answer if you find it is helpful :-)
    ________________________________________________________________

    neděle 19. července 2020 6:48
  • the endpoint is not created.

    it means it is happening to all the mailboxes

    even i tried to get-mailuser is is returning that the user is  a mailbox so i can't retrieve this setting

    2) yes and it is successful

    3)it is enabled.

    i have already tried everyting i run out of ideas

    im pretty sure if i can solve the ews issue the endpoint will be created

    neděle 19. července 2020 8:37
  • What happens if you try to create the migration end point from M365 Admin console? or using the powershell manually?

    https://www.checkyourlogs.net/step-by-step-migrate-exchange-from-on-premises-to-office-365-part-15-enable-mrsproxy-service-and-create-migration-endpoint-office365-mvphour-step-by-step/

    Also, make sure the firewall rule is allowed for inbound HTTPS/443 on the EWS public IP.


    Thanks,
    Ashok M My blog
    ________________________________________________________________
    Please mark the reply as an answer if you find it is helpful :-)
    ________________________________________________________________

    neděle 19. července 2020 10:55
  • i tried it many times

    it fails with we couldnt detect youur server settings.

    howerver mail..x.com is published, mrsproxy is enabled.

    443 is open one public ip

    any more ideas?

    neděle 19. července 2020 13:39
  • i tried it many times

    it fails with we couldnt detect youur server settings.

    howerver mail..x.com is published, mrsproxy is enabled.

    443 is open one public ip

    any more ideas?

    So you are using a reverse proxy?

    In that case, verify:

    There are a small number of requirements that must be in place for Hybrid functionality to function:

    · SSL offloading must not be used.

    · Autodiscover must be published to the Internet.

    · Exchange Web Services must be published to the Internet, or as a minimum the Office 365 IP address ranges.

    · The following URL paths (or /ews/* and /autodiscover/*) must be published without pre-authentication enabled:

    o /autodiscover/autodiscover.svc

    o /autodiscover/autodiscover.svc/wssecurity

    o /ews/mrsproxy.svc

    o /ews/exchange.asmx/wssecurity

    https://www.allabout365.com/2016/08/using-the-office-365-hybrid-configuration-wizard-part-2/

    neděle 19. července 2020 15:17
  • the thing is that the webmail and autodisover covering ews... are published to the internet on port 443

    the issue is when i try this webmail../ews/mrsproxy.svc internally and externally it is failing with the below:

    This webmail.x.com page can’t be found

    No webpage was found for the web address: https://webmail.x.com/ews/mrsproxy.svc

    neděle 19. července 2020 18:19
  • Hi eg1559,

    I would suggest you take steps below to narrow down this error:

    1. Check the EWS configuration with command below, make sure this URL could be accessed from external of your organization successfully:

    Get-WebServicesVirtualDirectory|fl ExternalAuthenticationMethods,Externalurl,MRSproxyEnabled,Server

    Please note: don't change authentication methods from IIS directly, you need to change from Exchange side then sync to IIS.

    2. Check whether the value of "TargetAutodiscoverEpr" is correct:

    Get-OrganizationRelationship | select TargetAutodiscoverEpr

    3. If all above steps are correct, I would suggest you disable "MRSproxyEnabled" one more time, then run IISReset in CMD(This step is important), wait for a while, then enable "MRSproxyEnabled" and run IISReset, then all service running and check again.

    This Exchange Server 2013 - Setup, Deployment, Updates, and Migration Forum will be migrating to a new home on Microsoft Q&A, please refer to this sticky post for more details.

    Regards,

    Kyle Xu


    This Exchange Server 2013 - Setup, Deployment, Updates, and Migration Forum will be migrating to a new home on Microsoft Q&A! We invite you to post new questions in the new forum.

    For more information, please refer to the sticky post.

    pondělí 20. července 2020 3:14
  • hello

    point1: the external authentication is just basic and oauth ( do i have to change it)

    point2: it returned null, however if i run

    Get-ClientAccessService | fl AutoDiscoverServiceInternalUri

    it will return the autodiscover uri

    can you advise please

    pondělí 20. července 2020 7:19
  • moreover in point 1 there is no ntlm authentication parameter

    pondělí 20. července 2020 7:29
  • pondělí 20. července 2020 8:21
  • pondělí 20. července 2020 8:22
  • It an issue with the authentication on the EWS virtual directory. Please run the below commands,

    Get-WebServicesVirutalDirectory | Set-WebServicesVirtualDirectory -WindowsAuthentication:$true -WSSecurityAuthentication:$true -BasicAuthentication:$true -OAuthAuthentication:$true
    IISReset


    Once done, verify if both Negotiate and NTLM providers are set. IIS -> Default web site -> EWS -> Authentication -> Windows Authentication -> Providers (on the Action pane)

    Run the Test-MigrationServerAvailability and Check again

    Also, if "TargetAutodiscoverEpr" is null in OrganizationRelationship then there will be issues with Free/Busy.

    If the Hybrid has been run for the first time, then you can also try re-running the Hybrid configuration wizard but make sure to set the same configuration as before



    Thanks,
    Ashok M My blog
    ________________________________________________________________
    Please mark the reply as an answer if you find it is helpful :-)
    ________________________________________________________________



    • Upravený Ashokm_14 pondělí 20. července 2020 11:23 command
    pondělí 20. července 2020 11:15
  • i run get-webservice... this is the output: ExternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated, WSSecurity, OAuth}

    so i guess its already true but same issue

    pondělí 20. července 2020 11:21
  • and i have just checked iis it is true too (ntlm,negotiate)

    owa is published on webmail and autodiscover too but if i try webmail.x.com/owa it works

    but webmail.x.com/ews/mrsproxy.svc it returns the page is unavailable

    is this true externally? or it should return webpage not available like from the internal

    pondělí 20. července 2020 11:25
  • TargetAutodiscoverEpr" is null in OrganizationRelationship then there will be issues with Free/Busy.

    if the above isnt related to the enpoint issue then i dont mind to be null at the moment

    pondělí 20. července 2020 11:39
  • and i have just checked iis it is true too (ntlm,negotiate)

    owa is published on webmail and autodiscover too but if i try webmail.x.com/owa it works

    but webmail.x.com/ews/mrsproxy.svc it returns the page is unavailable

    is this true externally? or it should return webpage not available like from the internal

    https://webmail.domain.com/EWS/exchange.asmx is working internally and externally? 

    Can you share the EXRCA report for EWS?


    Thanks,
    Ashok M My blog
    ________________________________________________________________
    Please mark the reply as an answer if you find it is helpful :-)
    ________________________________________________________________

    pondělí 20. července 2020 11:50
  • hello,

    externally it returns that the page is unavailable

    internally,it asks 3 times for the windows credentials then it opens a blank page with no messages just a blank one

    internally, if use fqdnlocalhost/ews/mrsproxy.svc it returns webpage cannot be found error400 ( iguess this is right)

    authentication is on the ewsvirtual directory: 

    iis:

    any more ideas

    pondělí 20. července 2020 11:59
  • https://webmail.domain.com/EWS/exchange.asmx is working internally and externally? 

    Can you share the EXRCA report for EWS?


    Thanks,
    Ashok M My blog
    ________________________________________________________________
    Please mark the reply as an answer if you find it is helpful :-)
    ________________________________________________________________

    pondělí 20. července 2020 12:28
  • Can you share the EXRCA report for EWS

    what do u mean by that?

    where can i find it

    pondělí 20. července 2020 12:45
  • same thing with /asmx

    webpage not found externally

    internally 3 times asking for windows cred then blank page

    using fqdn it returned the below:

    pondělí 20. července 2020 12:48
  • same thing with /asmx

    webpage not found externally

    internally 3 times asking for windows cred then blank page

    using fqdn it returned the below:

    That's the expected page but it works only with the FQDN and not with the webmail.domain.com. I believe that the issue is with the virtual directory itself. Can you try re-creating the EWS virtual directory and check?

    Remove-WebServicesVirtualDirectory -Identity "Servername\EWS (Default Web Site)"
    
    Once done, run the below command and check if the webservices virtual directory is not listing,
    
    Get-WebServicesVirtualDirectory 
    
    Run the command to create it,
    
    New-WebServicesVirtualDirectory -WebsiteName "servername\EWS (Default Web Site)" -InternalURL "https://webmail.domainname.com/ews/exchange.asmx" -ExternalURL "https://webmail.domainname.com/ews/exchange.asmx" -WindowsAuthentication $True -WSSecurityAuthentication:$true -OAuthAuthentication:$true

    Also, check with your network team if there are any block for /ews/* on the firewall or reverse proxy


    Thanks,
    Ashok M My blog
    ________________________________________________________________
    Please mark the reply as an answer if you find it is helpful :-)
    ________________________________________________________________

    pondělí 20. července 2020 13:32
  • hello,

    i have just checked with the firewall team traffic is working nothing is blocked

    what is the drawback of removing the directory and re-creating it ?

    what will happen to the server? mailflow? corruption? any idea

    regards

    pondělí 20. července 2020 13:46
  • So, when you are trying https://webmail.domain.com/EWS/exchange.asmx and checked in the firewall, is it allowed with no restrictions?

    Impact on re-creating the EWS virtual directory would be an impact on out of office settings, fetching free bus information will not work once it is removed. So, recommended is to remove and create it immediately. It will not cause any impact on mail flow unless if there are any applications connecting to exchange over EWS.

    As i stated earlier, please remove the post with EXRCA results since it has the personal information.


    Thanks,
    Ashok M My blog
    ________________________________________________________________
    Please mark the reply as an answer if you find it is helpful :-)
    ________________________________________________________________

    pondělí 20. července 2020 14:13
  • i removed it

    can you remove your reply on it

    and yes no restictions

    pondělí 20. července 2020 15:17
  • Hi eg1559,

    Do you try to follow my suggestion to narrow down? Remember to restart IIS after making any change to IIS.

    This Exchange Server 2013 - Setup, Deployment, Updates, and Migration Forum will be migrating to a new home on Microsoft Q&A, please refer to this sticky post for more details.

    Regards,

    Kyle Xu


    Exchange Server 2013 - Setup, Deployment, Updates, and Migration forum will be migrating to a new home on Microsoft Q&A! We invite you to post new questions in the new forum.

    For more information, please refer to the sticky post.

    úterý 21. července 2020 1:32
  • hi kyle

    this is the output: ExternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated, WSSecurity, OAuth}

    i tried to disable/enable mrsproxy many times with iisreset but no luck

    still stuck since friday

    úterý 21. července 2020 5:29
  • Have you tried re-creating the EWS virtual directory?

    Thanks,
    Ashok M My blog
    ________________________________________________________________
    Please mark the reply as an answer if you find it is helpful :-)
    ________________________________________________________________

    úterý 21. července 2020 5:33
  • not yet ashok but you didnt mention enabling basic authentication while creating it

    shouldnt it be enabled?

    úterý 21. července 2020 5:55
  • Sure, please test that and let us know the outcome. Yes, I haven't mentioned it because by default its not enabled and I have checked in my environment as well.

    Default settings for Exchange virtual directories


    Thanks,
    Ashok M My blog
    ________________________________________________________________
    Please mark the reply as an answer if you find it is helpful :-)
    ________________________________________________________________

    úterý 21. července 2020 6:00
  • hi kyle

    this is the output: ExternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated, WSSecurity, OAuth}

    i tried to disable/enable mrsproxy many times with iisreset but no luck

    still stuck since friday

    Could you access your EWS URL from external of your organization successfully? You need to check step by step.

    This Exchange Server 2013 - Setup, Deployment, Updates, and Migration Forum will be migrating to a new home on Microsoft Q&A, please refer to this sticky post for more details.

    Regards,

    Kyle Xu


    Exchange Server 2013 - Setup, Deployment, Updates, and Migration forum will be migrating to a new home on Microsoft Q&A! We invite you to post new questions in the new forum.

    For more information, please refer to the sticky post.

    středa 22. července 2020 6:14
  • no i cant

    dunno why though authentication is correct

    středa 22. července 2020 8:38
  • Sure, please test that and let us know the outcome. Yes, I haven't mentioned it because by default its not enabled and I have checked in my environment as well

    hello

    i removed it but couldnt create it

    the default website doesnt exist error

    advise

    čtvrtek 23. července 2020 8:22
  • Hi,

    Please provide the complete error by removing the personal information.

    Can you run Get-WebServicesVirtualDirectory and check if its still showing?

    Is the MSExchangeServicesAppPool showing up in IIS? If so, try to delete and run the new-webservicesvirtualdirectory command

    https://social.technet.microsoft.com/Forums/exchange/en-US/032007df-6c73-43df-b125-1a371c0f6562/cant-recreate-webservicesvirtualdirectory?forum=exchangesvrclientslegacy

    https://social.technet.microsoft.com/Forums/exchange/en-US/214932bf-e5ae-4196-8bb8-79a456bc1d10/rebuild-the-ews-virt-directory?forum=exchangesvrclientslegacy


    Thanks,
    Ashok M My blog
    ________________________________________________________________
    Please mark the reply as an answer if you find it is helpful :-)
    ________________________________________________________________

    čtvrtek 23. července 2020 8:56
  • one second
    čtvrtek 23. července 2020 8:58
  • running Get-WebServicesVirtualDirectory  returns nothing

    deleted ews default from adsiedit http and delete ews from iis but same error

    Is the MSExchangeServicesAppPool showing up in IIS? If so, try to delete and run the new-webservicesvirtualdirectory command?

    but this is the pool for all virtual directoruies not just ews how can i deleted it??

    čtvrtek 23. července 2020 8:59
  • čtvrtek 23. července 2020 9:00
  • Please note deleting from ADSIEdit is not a recommended approach. 

    You should not delete the website, instead there are application pools running for each virtual directories. If EWS is present then that can be deleted and create a new one.

    Are you able to get the other virtual directories, like Get-OWavirtualdirectory, Get-ECPVirtualdirectory and are ou able to browse them?


    Thanks,
    Ashok M My blog
    ________________________________________________________________
    Please mark the reply as an answer if you find it is helpful :-)
    ________________________________________________________________

    čtvrtek 23. července 2020 9:11
  • i found it but icant delete it because it contains ews backend too

    not just default web site so im stuck now

    ews cant be created

    any suggestions

    čtvrtek 23. července 2020 9:15
  • owa and ecp yes

    just ews cannot be created after the deletion process

    čtvrtek 23. července 2020 9:16
  • Can you try the below command,

    New-WebServicesVirtualDirectory -WebsiteName "Default Web Site" -Server "ServerName" -InternalURL "https://webmail.domainname.com/ews/exchange.asmx" -ExternalURL "https://webmail.domainname.com/ews/exchange.asmx" -WindowsAuthentication $True -WSSecurityAuthentication:$true -OAuthAuthentication:$true


    Thanks,
    Ashok M My blog
    ________________________________________________________________
    Please mark the reply as an answer if you find it is helpful :-)
    ________________________________________________________________


    • Upravený Ashokm_14 čtvrtek 23. července 2020 11:45 command
    čtvrtek 23. července 2020 11:42
  • this is the error after trying the last command you sent

    thank you

    čtvrtek 23. července 2020 12:44
  • running Get-WebServicesVirtualDirectory  returns nothing

    deleted ews default from adsiedit http and delete ews from iis but same error

    Is the MSExchangeServicesAppPool showing up in IIS? If so, try to delete and run the new-webservicesvirtualdirectory command?

    but this is the pool for all virtual directoruies not just ews how can i deleted it??

    Did you delete the EWS virtual directory from ADSI? I think the current situation is caused by data out of sync between Exchange server and AD.

    If you still cannot create new EWS virtual directory, I think you may need to add a new Exchange server to all organitrion to replace the damaged server, then migrate mailbox to the new one.

    This Exchange Server 2013 - Setup, Deployment, Updates, and Migration Forum will be migrating to a new home on Microsoft Q&A, please refer to this sticky post for more details.

    Regards,

    Kyle Xu


    Exchange Server 2013 - Setup, Deployment, Updates, and Migration forum will be migrating to a new home on Microsoft Q&A! We invite you to post new questions in the new forum.

    For more information, please refer to the sticky post.

    pátek 24. července 2020 1:45
  • hi guys,

    ews fixed, i can access it internally and externally. authentication methods: windows,basic,ntlm

    however, issue is the same i still cant create the endpoint

    test-migrationserveravailability still fails with autodiscover and remote move

    went to the remote conn analyzer outlook autodiscover is successful with this warning: The Microsoft Connectivity Analyzer can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the "Update Root Certificates" feature isn't enabled.

    i don't know if it is related

    because i can configure profile using autodiscover internally and externally

    in addition, using https://autodiscover.x.com/autodiscover/autodiscover.xml is returning internally: the website decline to show the page 403 forbidden

    and externally: 600 code ( i guess this is right)

    but could it be internally?

    regards,


    • Upravený eg1559 pátek 24. července 2020 6:19
    pátek 24. července 2020 6:11
  • test-outlookwebservices result

    pátek 24. července 2020 6:35
  • Apologize for the delay.

    Yes, autodiscover page expected page is 600 Invalid request
    If you are able to browse externally https://webmail.domain.com/EWS/exchange.asmx then check the WSSecurity and MRSProxyEnabled in EWS Virtual directory

    Get-WebServicesVirutalDirectory | Set-WebServicesVirtualDirectory -WindowsAuthentication:$true -WSSecurityAuthentication:$true -BasicAuthentication:$true -OAuthAuthentication:$true

    Get-WebServicesVirtualDirectory | Set-WebServicesVirtualDirectory -MRSproxyEnabled:$true

    IISreset

    Test-MigrationServerAvailability -ExchangeRemoteMove –RemoteServer mail.contoso.com -Credentials(get-credential contoso\administrator)

    If the Hybrid has been run for the first time, then you can also try re-running the Hybrid configuration wizard but make sure to set the same configuration as before


    Thanks,
    Ashok M My blog
    ________________________________________________________________
    Please mark the reply as an answer if you find it is helpful :-)
    ________________________________________________________________


    • Upravený Ashokm_14 pátek 24. července 2020 7:30 content
    pátek 24. července 2020 7:28
  • i realized another thing, testing uri autodiscover internally from exchange server returns 403

    bit if from any other joined server it is 600.

    but test-outlookwebservices is failing on autodiscover.

    i started thinking that the issue is from autodiscover

    Test-MigrationServerAvailability -ExchangeRemoteMove –RemoteServer mail.contoso.com -Credentials(get-credential contoso\administrator) still failing like the error posted earlier

    pátek 24. července 2020 7:34
  • For Autodiscover, expected page is 600 Invalid request from both internally and externally

    If its not working, then that's a different issue which needs to checked

    For the hybrid, autodiscover and EWS should be published working externally

    Check the authentication (also Providers) and MRSProxyEnabled on the EWS virtual directory again

    Re-Run the Hybrid wizard but make sure to set the same configuration as before


    Thanks,
    Ashok M My blog
    ________________________________________________________________
    Please mark the reply as an answer if you find it is helpful :-)
    ________________________________________________________________

    pátek 24. července 2020 7:46
  • autodiscover is working internally and externally but test is failing

    pátek 24. července 2020 8:23
  • just so u know it is fixed and migrated a pilot user

    im facing a new issue is that im not able to configure an outlook profile for this mgrated user on office2013 however it is working on office2016.

    can you advise why?

    is there any build compatibiliy between office2013 and exchange online

    thank you

    pondělí 27. července 2020 14:15
  • just so u know it is fixed and migrated a pilot user

    im facing a new issue is that im not able to configure an outlook profile for this mgrated user on office2013 however it is working on office2016.

    can you advise why?

    is there any build compatibiliy between office2013 and exchange online

    thank you

    Do you mean that you could create migration point and migrate mailbox now?

    If you still cannot create migration point, I would suggest you use "MRCA" tool to check whether there exist issue with your EWS.

    About your question, you may need to open a new thread ask discuss it. This action will be good for other users search and get help from it.

    This Exchange Server 2013 - Setup, Deployment, Updates, and Migration Forum will be migrating to a new home on Microsoft Q&A, please refer to this sticky post for more details.

    Regards,

    Kyle Xu


    Exchange Server 2013 - Setup, Deployment, Updates, and Migration forum will be migrating to a new home on Microsoft Q&A! We invite you to post new questions in the new forum.

    For more information, please refer to the sticky post.

    úterý 28. července 2020 1:48
  • Hi eg1559,

    I am writing here to confirm with you how thing going now?

    If the above suggestion helps, please be free to mark it as an answer for helping more people.

    This Exchange Server 2013 - Setup, Deployment, Updates, and Migration Forum will be migrating to a new home on Microsoft Q&A, please refer to this sticky post for more details.

    Regards,

    Kyle Xu


    Exchange Server 2013 - Setup, Deployment, Updates, and Migration forum will be migrating to a new home on Microsoft Q&A! We invite you to post new questions in the new forum.

    For more information, please refer to the sticky post.

    pondělí 3. srpna 2020 2:44