Tag Archives: HCW

The version of the Client Access server selected is not supported

When running the Hybrid Configuration Wizard in an Exchange 2010 environment (I reproduced this with Exchange 2010, but didn’t try this with Exchange 2013 or Exchange 2016) the following error message is generated:

unsupported version

The version of the Client Access server selected, <ServerName>, is not supported. Please go back and select a server that is supported or upgrade the server to a supported version. If Exchange Server 2010, please install the wizard on the same machine.

Note. The HCW is not run on the Exchange 2010 since it requires .NET Framework 4.6.2 and this version of .NET Framework is not supported on Exchange 2010. Even worse, I’ve seen issues with Exchange 2010 after installing .NET Framework 4.6.2 so it’s a bad idea after all.

Running Exchange 2010 on a server with .NET Framework 4.5.x installed is fully supported, but the HCW won’t install on such an Exchange 2010 server since HCW depends on .NET Framework 4.6.2 and the following error message is generated:

unable to install or run this application

So, we are in a deadlock situation. HCW requires .NET Framework 4.6.2 which is not supported on the Exchange server, and when running the HCW on a non-Exchange 2010 server with the correct version of .NET Framework it fails with an error message.

We have been working with Microsoft CSS (product support) on this case. While it should be fixed in the HCW in the first place, under supervision of CSS the following workaround is available.

If you have HCW open and face this error, press F12 and a few other options appear as can be seen in the following screenshot:

HCW Error

If you click Open Logging Folder you get to the folder where the HCW Logs are stored. If you open the correct logfile and search for *ERROR* you can find something similar to:

server error

Obviously the HCW does an incorrect version check (at least when not running on the Exchange 2010 server itself) so it stops. Version checking is something that was built recently into the HCW so Microsoft can check for N-2 version of the implemented Exchange version.

Back to the error message, if you click Open Process Folder a new HCW command prompt is opened on the correct location:

HCW Prompt

Now when you start the Hybrid Configuration Wizard from the Command Prompt you can use the /dv switch (Microsoft.Online.CSE.Hybrid.App.exe /dv) and now the HCW will not do a version check and continue running and finish successfully.

Important note. This was done under the supervision of Microsoft CSS and should not be done by customers directly. If you are running into this issue, please contact Microsoft support to get the right support. Before you know things break beyond repair (and beyond support).

More information

Updated: December 6, 2018

 

Hybrid Configuration Wizard diagnostics

Life can be so simple sometimes… learned this nice feature at Microsoft Ignite last week… when running the Hybrid Configuration Wizard (HCW) and you press F12, the diagnostics tools becomes available:

hybrid-diagnostics

You can open the individual directories, open the log file itself or create a support package when you have to contact Microsoft support in case of issues. Very nice and useful!

support-package

 

Hybrid Configuration Wizard won’t start on Windows 2016

This morning I tried to install and run the Hybrid Configuration Wizard on a new Windows 2016 server. Using the regular link https://aka.ms/TAPHCW I saw a message appear at the bottom of the screen, but it disappeared in a blink of the eye.

Most likely you can fiddle around with (security) settings in Internet Explorer, but you can also use a direct link to the Hybrid Configuration Wizard:

https://mshrcstorageprod.blob.core.windows.net/o365exchangehybrid/HybridSetup.exe

 

Exchange Resource Forest and Exchange Hybrid – Part III

In my previous two blogposts (part I and part II) I’ve explained more about the Exchange Resource Forest model and how to implement Azure AD Connect into such an environment. In this blogpost I’ll show you more about creating a hybrid environment with an Exchange Resource Forest model.

Exchange 2010 Hybrid

If you have been following my blog, or maybe my work as a consultant you most likely know I’m not a big fan of installing Exchange 2016 into an existing Exchange 2010 environment when creating a hybrid environment. It adds a lot of additional complexity since you are halfway a migration to Exchange 2016, you need network and client access changes and most likely hit users multiple times. Better is to create an Exchange 2010 hybrid scenario and when the migration to Exchange Online is done, upgrade the Exchange 2010 remains to Exchange 2016.

My Resource Forest environment is built on Exchange 2010 (that’s what most of my customers are still running) and I will create another Exchange 2010 hybrid environment, but this time built on the Exchange Resource Forest. The solution will look something like this:

image

The only more challenging part is the use of an Edge Transport server for inbound and outbound SMTP, but if your SSL certificates are ok, you’re good to go. In our example, the Edge Transport server is used for inbound and outbound SMTP, but the hybrid SMTP will be sent directly from Exchange Online to the Exchange 2010 multi-role server. Centralized Mail Transport will be used, so all mail will always go via the Edge Transport server, even outbound mail from Exchange Online.

Note. Before you continue, you have to make sure that your certificates are ok, that a valid 3rd party certificate is used and bound to IIS and SMTP, and that your load balancer is configured correctly. A common pitfall is that address translation occurs, and that all inbound connections originate from the IP address of the load balancer. In this case inbound SMTP ends up on the wrong connector, causing secure traffic between Exchange 2010 and Exchange Online to fail.

Logon to the Exchange 2010 server and download the Hybrid Configuration Wizard at https://aka.ms/TAPHCW and start the wizard by clicking the Install button.

Click the Next button a couple of times, the wizard will detect the optimal Exchange server to be used to create the hybrid configuration (this is the server where the hybrid configuration wizard is running, and is known as the ‘hybrid server’) and logon to the Office 365 tenant using a tenant administrator account as shown in the following figure:

image

Continue with the wizard, select Full Hybrid (or minimal hybrid if you need to), and create a federation trust (and enter this crazy TXT record in public DNS). When you reach the radio button for Configure my Client Access and Mailbox server window, you can select the enable centralized mail transport checkbox if you want to.

image

Select the Hub Transport server (or Mailbox server when running Exchange 2013 or Exchange 2016) that should be used for secure communication with Exchange Online. This server is configured in an Office 365 Send Connector and a Receive Connector from Office 365 is created on this server.

image

Select a proper certificate (which should already be present on the Exchange server of course), enter the Organization FQDN that’s used to access your on-premises environment (i.e. webmail.exchangefun.nl) and you’re ready to finalize the hybrid configuration wizard. The options you’ve selected in the wizard are now pushed to the Exchange server and Active Directory when you click the update button.

image

And after a minute or two the Hybrid Configuration Wizard should be finished, and of course no warning message should be shown:

image

We’ve now configured a hybrid configuration with an on-premises Exchange 2010 server that’s in a Resource Forest.

Move Mailbox

An easy way to test the new hybrid configuration is to test a mailbox move from Exchange 2010 on-premises to Exchange Online. To do so, logon to the Exchange (Online) Admin Center, go to Recipients | Migration and start a new migration batch. Select move to Exchange Online and select a user to move to Exchange Online as shown in the following figure:

image

Enter the on-premises administrator account to find a proper migration endpoint (through Autodiscover):

image

It will automatically detect and show the migration endpoint on the Exchange 2010 server:

image

Click Next to continue, enter a migration batch name, increase the bad item and large item limit if needed and follow the wizard. The migration batch is automatically started, but manually completed. I typically complete migration batches off business hours, but for a test or lab environment you can safely select to complete the batch automatically. When you click the new button a new migration batch is created, and the mailbox move is automatically initiated. When the mailbox is moved to Exchange Online you can logon to Office 365 and start testing.

image

The first test is to see if mail flows between Exchange 2010 on-premises to Exchange Online. In the previous figure the mailbox ‘Jaap Wesselius [Linked]’ is a mailbox that was not migrated, so this works fine. Checking the header of this message reveals the same:

image

The figure might be a bit blurry, but in the last column we can see that TLS 1.2 is used for communications between Exchange Online and Exchange 2010.

Sending from Gmail to the mailbox in Exchange Online reveals that Gmail sends the message to the Edge Transport server, which sends in to the Exchange 2010 server and to Exchange Online:

image

Inbound messaging is working as well. When mail is sent from Exchange Online to Gmail, we can see in the headers that mail goes from Exchange Online to the Exchange 2010 server, to the Edge Transport server and to Gmail.

image

Another important topic to test is free/busy information between Exchange 2010 and Exchange Online. When an on-premises mailbox wants to schedule a meeting with two migrated mailboxes in Exchange Online the following should be visible:

image

The Exchange 2010 server will contact Exchange Online using Exchange Web Services (EWS) to check the availability for the users Don and Duw.

Vice versa, when user Don wants to schedule a meeting the following should be visible:

image

The server in Exchange Online now contacts the Exchange 2010 server (via the load balancer) using EWS to check the availability of the on-premises mailboxes.

It happens a lot that availability information or free/busy information in the on-premises environment is not available. This can be an Autodiscover issue, a certificate issue or a pre-authentication issue in the load balancer. Enough stuff to troubleshoot in this case.

If free/busy is working properly, cross-premises Mail Tips are most likely working as well since this is also using EWS:

image

So, it looks like everything is working as expected.

Summary

In this blog post and the previous two blog posts I’ve explained more about the Exchange Resource Forest model, how linked mailboxes are related to their corresponding accounts, how to implement Azure AD Connect in a Resource Forest environment and how to setup a hybrid environment in this model.

This was built on top of Exchange 2010 but is very similar for Exchange 2013 or Exchange 2016. If all prerequisites are met it doesn’t make any difference if you’re running a single forest environment with Exchange installed or a Resource Forest model.

Since the Resource Forest is a fully supported scenario by Microsoft, the hybrid environment in a Resource Forest is fully supported as well.

In the next blog and final (part IV) of this series I’ll dive deeper into the provisioning part of linked mailboxes and Office 365.

Your browser is currently set to block JavaScript

I hate this…. And most likely you too otherwise you didn’t end up here

When logged on to an Exchange server, ready for starting the Hybrid Configuration Wizard, you try to logon to Exchange Online you end up with a warning (or ‘error’) message:

We can’t sign you in

Your browser is currently set to block JavaScript. You need to allow JavaScript to use this service.

To learn how to allow JavaScript or to find out whether your browser supports JavaScript, check the online help in your web browser.

Like the screenshot below:

image

To enable JavaScript on your computer you have to enable Active Scripting. To do so, go to Internet Options, select the Security tab and choose Custom Level.

image

image

Now scroll all the way down (or press page down 12 times ) and enable Active Scripting:

image

You will get a warning message “Are you sure you want to change the settings for this zone”, click Yes and click OK.

image

Restart your Internet Explorer browser and you can login on Exchange Online and continue with the Hybrid Configuration Wizard (or whatever you were trying to achieve).