Exchange Hybrid: Deployment, best practices, and whats new
4/27/2017 7:59 AM Cloud Roadshow Exchange Hybrid: Deployment, best
practices, and whats new 2014 Microsoft Corporation. All rights
reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR
STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION. Agenda Why
Hybrid Hybrid Prerequisites History of the HCW
4/27/2017 7:59 AM Agenda Why Hybrid Hybrid Prerequisites History of
the HCW Tour of the new HCW Improved error handling experience 2014
Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO
WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN
THIS PRESENTATION. Why Exchange Hybrid 4/27/2017 7:59 AM
2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO
WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN
THIS PRESENTATION. Calendaring & Free/Busy
Microsoft Exchange 4/27/2017 Why Exchange Hybrid? Address Book User
Experiences Calendaring & Free/Busy Messaging Mail Migrations
Exchange on-premises MRS Mailbox data Office 365 2012 Microsoft
Corporation. All rights reserved. Microsoft, Windows, and other
product names are or may be registered trademarks and/or trademarks
in the U.S. and/or other countries. The information herein is for
informational purposes only and represents the current view of
Microsoft Corporation as of the date of this presentation.Because
Microsoft must respond to changing market conditions, it should not
be interpreted to be a commitment on the part of Microsoft, and
Microsoft cannot guarantee the accuracy of any information provided
after the date of this presentation.MICROSOFT MAKES NO WARRANTIES,
EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS
PRESENTATION. Hybrid benefits vs. other migration options
Microsoft Ignite 2015 4/27/2017 7:59 AM Hybrid benefits vs. other
migration options Deployment Complexity EASY Really? Hybrid Cutover
Staged DirSync/Identity Management Hybrid Configuration
Wizard,oAuth,MRS, . Auto profile updates Batch Approach Offboarding
Rich Coexistence No Additional Servers Cloud IDs Only OST Sync All
at Once DirSync needed No 2010/2013 OST Sync Batch Approach Really?
End User Complexity EASY 2015 Microsoft Corporation. All rights
reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR
STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION. Hybrid
Prerequisites Have an Office 365 Tenant
4/27/2017 7:59 AM Hybrid Prerequisites Have an Office 365 Tenant
Add your domain to the Tenant (Contoso.com) Ensure you have a third
party Certificate on-premises Ensure Exchange is properly deployed
on-premises Have Directory Synchronization activate and deployed
Ensure that you are running in a supported configuration 2014
Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO
WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN
THIS PRESENTATION. Exchange Hybrid Wizard History
4/27/2017 Exchange Hybrid Wizard History 1 2 3 4 5 6 Exchange 2010
SP1 72 pages of documentation Exchange 2010 SP2 HCW introduced
Exchange 2013 HCW with web-based UI Exchange 2013 SP1 Exchange 2013
CU5 Exchange 2013 CU10 and 2016 Extremely complex and low adoption
Removed confusing requirements for additional domains:
exchangedelegation and service.contoso.com Greatly simplified
transport configuration Multiple exchange organizations now
supported Supports Exchange 2013 Edge Native OAUTH and Gallatin
Support Office 365 HCW 2012 Microsoft Corporation. All rights
reserved. Microsoft, Windows, and other product names are or may be
registered trademarks and/or trademarks in the U.S. and/or other
countries. The information herein is for informational purposes
only and represents the current view of Microsoft Corporation as of
the date of this presentation.Because Microsoft must respond to
changing market conditions, it should not be interpreted to be a
commitment on the part of Microsoft, and Microsoft cannot guarantee
the accuracy of any information provided after the date of this
presentation.MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR
STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION. Hybrid
Configuration Engine
Microsoft Exchange Hybrid Configuration Engine 4/27/2017 Latest HCW
Blob Exchange Online Step 1 Download the latest HybridConfiguration
Engine Organization LevelConfiguration Objects (Exchange Federation
Trust,Organization Reclationship,Forefront Inbound Connector,
&Forefront Outbound Connector) Step 2 The Hybrid Configuration
Enginereads the desired state storedon the
HybridConfigurationActive Directory object. Domain
LevelConfiguration Objects (Accepted Domains &Remote Domains) 1
4 Step 3 The Hybrid Configuration Engineconnects via Remote
PowerShellto both the on-premises andExchange Online organizations.
On-Premises Exchange Organization Level Configuration Objects
(Exchange Federation Trust, OrganizationRelationship, Availability
Address Space, & SendConnector) Step 4 The Hybrid
ConfigurationEngine discovers topology dataand current
configuration fromthe on-premises Exchangeorganization and the
ExchangeOnline organization. 5 EAC 3 4 Domain Level Configuration
Objects (Accepted Domains, Remote Domains, &Address Policies)
Hybrid Configuration Engine Desired state Topology
¤tconfiguration state Executeconfigurationtasks Step 5
Based on the desired state,topology data, and currentconfiguration,
across both theon-premises Exchange andExchange Online
organizations,the Hybrid Configuration Engineestablishes the
difference andthen executes configuration tasksto establish the
desired state. 5 2 Exchange Server Level Configuration (Mailbox
Replication Service Proxy, CertificateValidation, Exchange Web
Service VirtualDirectory Validation, & Receive Connector) 2012
Microsoft Corporation. All rights reserved. Microsoft, Windows, and
other product names are or may be registered trademarks and/or
trademarks in the U.S. and/or other countries. The information
herein is for informational purposes only and represents the
current view of Microsoft Corporation as of the date of this
presentation.Because Microsoft must respond to changing market
conditions, it should not be interpreted to be a commitment on the
part of Microsoft, and Microsoft cannot guarantee the accuracy of
any information provided after the date of this
presentation.MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR
STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION. What have we
been doing Microsoft Office365 4/27/2017
Piloting of HCW changes is controlled The latest and same version
is used by all What have we been doing Supported on Exchange 2013
CU10 and 2016 Resolving the common upgrade issues (upgrade from
2010/2013) Agility with future releases HCW updates not tied to CUs
any longer Improvements to OAUTH and Multi Forest Better
Diagnostics built in (HCW and other Troubleshooters) Stand Alone
HCW (New Web Based HCW) HCW looks and feels familiar 2012 Microsoft
Corporation. All rights reserved. Microsoft, Windows, and other
product names are or may be registered trademarks and/or trademarks
in the U.S. and/or other countries. The information herein is for
informational purposes only and represents the current view of
Microsoft Corporation as of the date of this presentation.Because
Microsoft must respond to changing market conditions, it should not
be interpreted to be a commitment on the part of Microsoft, and
Microsoft cannot guarantee the accuracy of any information provided
after the date of this presentation.MICROSOFT MAKES NO WARRANTIES,
EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS
PRESENTATION. What does the new experience look like? Stand Alone
HCW Common Questions
Will I be able to run it on Exchange 2010? Will I be able to run in
on Exchange 2013? Can I upgrade from Exchange 2010 to newerversion?
Can I opt out of the new HCW experience? Will I need to add any
additional URL to myoutbound proxy device? Will running the Stand
Alone HCW changeany of my settings? Entry Point 4/27/2017 Welcome
page 2015 Microsoft Corporation. All rights reserved. Microsoft,
Windows, and other product names are or may be registered
trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and
represents the current view of Microsoft Corporation as of the date
of this presentation.Because Microsoft must respond to changing
market conditions, it should not be interpreted to be a commitment
on the part of Microsoft, and Microsoft cannot guarantee the
accuracy of any information provided after the date of this
presentation.MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR
STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION. Server
detection page The configuration will be done from this
server
4/27/2017 Server detection page The configuration will be done
fromthis server We check local AD for a list of allExchange servers
and version (this isnot a remote call) 1st see if the server we are
on isrunning the latest version 2nd we look to see if a server in
site isrunning the latest version 3rd we cross sight to connect to
arandom server running the latestversion You can manually override
this logic You can also specify 21v from thispage 2015 Microsoft
Corporation. All rights reserved. Microsoft, Windows, and other
product names are or may be registered trademarks and/or trademarks
in the U.S. and/or other countries. The information herein is for
informational purposes only and represents the current view of
Microsoft Corporation as of the date of this presentation.Because
Microsoft must respond to changing market conditions, it should not
be interpreted to be a commitment on the part of Microsoft, and
Microsoft cannot guarantee the accuracy of any information provided
after the date of this presentation.MICROSOFT MAKES NO WARRANTIES,
EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS
PRESENTATION. 4/27/2017 Credential page We do not force you to
enter youron-premises credentials Youthen just provide the
cloudcreds and we connect 2015 Microsoft Corporation. All rights
reserved. Microsoft, Windows, and other product names are or may be
registered trademarks and/or trademarks in the U.S. and/or other
countries. The information herein is for informational purposes
only and represents the current view of Microsoft Corporation as of
the date of this presentation.Because Microsoft must respond to
changing market conditions, it should not be interpreted to be a
commitment on the part of Microsoft, and Microsoft cannot guarantee
the accuracy of any information provided after the date of this
presentation.MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR
STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION. Enable
Federation Trust page Shared namespace page We then show you a list
of domainsthat are accepted in both on- premises and EXO This is
were you choose your shareddomain Domain Proof We now copy just the
stringneeded, no extra garbage Mail Flow options Then you choose
your familiar mail flow options
4/27/2017 Mail Flow options Then you choose your familiar mailflow
options 2015 Microsoft Corporation. All rights reserved. Microsoft,
Windows, and other product names are or may be registered
trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and
represents the current view of Microsoft Corporation as of the date
of this presentation.Because Microsoft must respond to changing
market conditions, it should not be interpreted to be a commitment
on the part of Microsoft, and Microsoft cannot guarantee the
accuracy of any information provided after the date of this
presentation.MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR
STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION. Send and
receive server selection
4/27/2017 Send and receive server selection 2015 Microsoft
Corporation. All rights reserved. Microsoft, Windows, and other
product names are or may be registered trademarks and/or trademarks
in the U.S. and/or other countries. The information herein is for
informational purposes only and represents the current view of
Microsoft Corporation as of the date of this presentation.Because
Microsoft must respond to changing market conditions, it should not
be interpreted to be a commitment on the part of Microsoft, and
Microsoft cannot guarantee the accuracy of any information provided
after the date of this presentation.MICROSOFT MAKES NO WARRANTIES,
EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS
PRESENTATION. Transport Certificate
We then show a list of valid certs.. Third Party Cert SMTP Service
Assigned Installed properly on Exchange Not Self Signed Certificate
field is empty
Certificate field is empty when running the HCW Certificate not
correctly installed Required on selected CAS & MBX CAS are used
for Receive Connectors MBX are used for send Connectors Both need
same cert installed, else HCW wont show. Third Party Proper SAN
Assigned to SMTP Service Private Key Certificate requirements not
met Need access to CRL url over 80 from all servers CRL Blocked
Namespace for on-premises Ready to update Scenario / Action
Items
On the last page Feedback On Every Page Scenario / Action Items
Error: Time Offset check on the on-premises server to get
Federation to succeed Usability: Scroll bar needed when on accepted
domain page Error: Improve the invalid TXT error experience Error:
Improve Error experience for Hybrid Domains Error: Add information
on certificates to show why it failed Error: Improve error
reporting around Autodiscover issues Usability: remove server that
are considered deleted objects from view in HCW Improved Logging (1
of 2) Application version information
Log File location: %Appdata%\Microsoft\Exchange Hybrid
Configuration Improved Logging (1 of 2) Application version
information Exchange versions and other information found that will
be used by the wizard SMTP certificate information from each
server
Improved Logging (2 of 2) SMTP certificate information from each
server Exchange versions and other information found that will be
used by the wizard Better error Handling Link to a Solution Link to
log files
Link to openShell withcurrentcredentials Active Monitoring for
HCW
2000+ HCW runs every day Validation against multipleRegions and
Datacenters Detected 2 Incidents over the lastyear before ANY
customersreported the problems Detected a transient issue
withRemote Powershell that arebeing fixed 4/27/2017 7:59 AM 2014
Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO
WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN
THIS PRESENTATION. MRS Enablement delays The last portion of the
legacy HCW enabled MRS Proxy ERROR:Updating hybrid configuration
failed with error 'Subtask Configure execution failed: Configuring
organization relationshipsettings.Execution of the
Set-WebServicesVirtualDirectory cmdlet had thrown an exception.
This may indicate invalid parameters in yourHybrid Configuration
settings. Unable to access the configuration system on the remote
server. Make sure that the remote server allowsremote configuration
This process ran a cmdlet Get-WebServicesVirtualDirectory This
added hours to the HCW often killing the HCW This is the longest
part of the Hybrid process We have resolved this issue in the
Office 365 HCW using the - ADPropertiesOnly switch with
Get-WebServicesVirtualDirectory Hybrid Upgrade issues We had issues
upgrading Hybrid from 2010 to 2013
The solutions were to perform action like: - rename Org
Relationships - rename Connectors for Mail flow - Remove Hybrid
configuration objects from ADSIEDIT None of this was graceful and
this is all addressed in the Office 365 HCW Why are the logs so
important?
Exchange Online We use the logs to find ourtop problems 30% of our
failures come fromexecution failed: CreatingOrganization
Relationships. The point is that we often seecustomer with
Autodiscoverconfigured properly but still fail tocomplete the HCW 1
Get-FedInfo does a call to on-prem DNS for Autodiscover.contoso.com
2 If there is no DNS record internally we could fail to complete
HCW 3 What if we used External DNS as well? 3 execution failed:
Creating Organization Relationships. On-premises 1 Exchange
On-Premises