Configuring Exchange 2010 Hybrid

Assumptions

This document assumes that you already have a tenant on Microsoft online services, synchronized to your on-premises Active Directory forest and Exchange autodiscover / Outlook Anywhere up and running.

In addition, you need to check the following concepts available:

Assumption

Description

Compatible Exchange organization

On-premises Exchange organization must be Exchange 2003 or higher and there must be at least one Exchange 2010 or superior installed.

All Exchange servers must be running the latest version. Including service pack, rollup update, cumulative update, etc.

Available here

 

Verify Exchange 2010 prerequisites

Custom domains

Every domain you intend to use with Exchange Online must be registered using the Office 365 Administrative portal, or by optionally configuring Active Directory Federation Services (AD FS) in your on-premises organization.

 

Learn more at: Add your domain to Office 365

 

Active Directory synchronization

Active Directory synchronization working correctly and regularly is pre-requisite for Exchange Hybrid. You must ensure no synchronization errors affect Exchange objects and the Hybrid checkbox is selected on your synchronization engine.

 

Client Access and Hub Transport servers

You need at least one Exchange 2010 SP3 Client Access and Hub Transport servers in your on-premises organization. If you're configuring a hybrid deployment for an Exchange 2003 on-premises organization, you must also install the Mailbox Server role on at least one Exchange 2010 SP3 server added for the hybrid deployment. Consider using additional server for high availability.

 

 

Verify Internal and external URLs

For more information, click here.

  1. Find the expected external URL, example: mail.contoso.com.
  2. Check the current configuration by running these commands in your Exchange Management Shell:  
Get-ActiveSyncVirtualDirectory | FL InternalURL, ExternalURL

Get-EcpVirtualDirectory | FL InternalURL, ExternalURL

Get-OabVirtualDirectory | FL InternalURL, ExternalURL

Get-OwaVirtualDirectory | FL InternalURL, ExternalURL

Get-WebServicesVirtualDirectory | FL InternalURL, ExternalURL

Get-ClientAccessServer | FL AutoDiscoverServiceInternalUri

Get-OutlookAnywhere | FL Server, ExternalHostname

  1. If no External URLs exists or if they are incorrect, you need to fix it.  
Note: In this scenario we are using split DNS, so the external and internal URLs will be the same.
  1. You can change the internal and external URLs (Split Domain) by running these commands in your Exchange Management Shell (Check sample on the right):  
Set-ActiveSyncVirtualDirectory

Set-EcpVirtualDirectory

Set-OabVirtualDirectory

Set-OwaVirtualDirectory

Set-WebServicesVirtualDirectory

Set-ClientAccessServer

Set-OutlookAnywhere

Note: In this scenario we are using split DNS, so the external and internal URLs will be the same.

You can run the steps 2 and 3 again to verify the changes.

Here a sample of the seven commands to change all internal and external URLs

 

 

Set-ActiveSyncVirtualDirectory "SRV306\Microsoft-Server-ActiveSync (Default Web Site)" -InternalUrl https://mail.contoso.net/Microsoft-Server-ActiveSync -ExternalUrl https://mail.contoso.net/Microsoft-Server-ActiveSync

 

Set-EcpVirtualDirectory "SRV306\ecp (Default Web Site)" -InternalUrl https://mail.contoso.net/ecp -ExternalUrl https://mail.contoso.net/ecp

 

Set-OabVirtualDirectory "SRV306\OAB (Default Web Site)" -InternalUrl https://mail.contoso.net/OAB -ExternalUrl https://mail.contoso.net/OAB

 

Set-OwaVirtualDirectory "SRV306\owa (Default Web Site)" -InternalUrl https://mail.contoso.net/owa -ExternalUrl https://mail.contoso.net/owa

 

Set-WebServicesVirtualDirectory "SRV306\EWS (Default Web Site)" -InternalUrl https://mail.contoso.net/EWS/Exchange.asmx -ExternalUrl https://mail.contoso.net/EWS/Exchange.asmx

 

Set-ClientAccessServer SRV306 -AutoDiscoverServiceInternalUri https://mail.contoso.net/Autodiscover/Autodiscover.xml

 

Set-OutlookAnywhere -Identity "SRV306\Rpc (Default Web Site)" -ExternalHostname mail.contoso.net

 

Important: Restart your server after these changes

Certificates

For more information, click here and here. The certificate requirements are listed here.

  1. After importing a valid certificate into your Exchange Server, open Exchange Management Console and click on Server Configuration
  2. Select the server you want to configure
  3. Select the certificate you want to use
  4. Click Assign Services to Certificate and a wizard will open
  5. Click Next
  6. Select SMTP and IIS, click Next
  7. Click Assign
  8. If you receive a message asking if you want to require SSL on root web site, click No
  9. If you receive a message asking if you want to overwrite the default SMTP certificate, click No
  10. Click Finish to close the wizard.

 

 

Autodiscover DNS records

For more information, click here.

  1. On your DNS Server, create the following record: Internal DNS
  • Host: autodiscover
  • IP address: xxx.xxx.xxx.xxx      
Note: In this example, we are using split domain, so, this record needs to be created on your internal and external DNS Server.

Important: To validate the functionality, access this site Remote connectivity analyzer and test Outlook Autodiscover option. The test should complete successfully for the hybrid configuration to work.

Configure hybrid deployments with Exchange 2010

  1. Log on with a user account that has Organization Admin privileges on Exchange
  2. Open the Internet Explorer and access the url https://aka.ms/HybridWizard

 

 

  1. Wait for it to launch the application

  1. Click Install

  1. Click Run

  1. When the wizard starts, click next.

  1. After the wizard detects the best Exchange server, click next.

  1. Enter your Office 365 administrative credentials and click next.

  1. Click next after the wizard concludes the necessary validations.

  1. Click enable in order to allow calendar sharing tween users.

Note: the TXT record provided here will need to be added to your external DNS for each domain for ownership verification. If the DNS record is not created properly, the wizard will fail.

 

  1. Create a TXT record on your external DNS for each of the domains listed on the wizard with the exact text presented. Make sure you give it enough time to replicate across all of your DNS servers before moving to the next step.
  2. Check the box next to "I have created a TXT record for each token in DNS"
  3. Click verify domain ownership

  1. Click next.

  1. Select the Hub Transport servers that will handle the mail flow between Exchange Online e Exchange On-premises and click next.

  1. Enter the public IP addresses of the transport servers and click next. Use comma to separate the items if you have more than one public IP address.

    Important: These are the external/public IP address.

  1. Select the certificate that will be used to encrypt and authenticate the mail flow and click next.

  1. Enter the fully qualified domain name of the transport servers that will handle the mail flow from Exchange Online to Exchange on-premises end click next.

  1. Click update to start configuring the hybrid coexistence.

  1. If the configuration finishes correctly, click close

    Note: If the configuration fails, wait for five minutes and retry. This wizard performs a series of configurations both on-premises and online. Sometimes it takes some time for a specific configuration to become effective, casing the failure.

    After three consecutive failed attempts, consider asking for support.