Thursday, 11 October 2012

Hybrid Deployment Process in Office 365 using Hybrid Configuration Wizard in Exchange 2010 SP2

Exchange 2010 SP2 introduces the Hybrid Configuration Wizard which provides you with a simple process to configure a hybrid deployment between Exchange 2010 Hybrid server on-premises and Office 365 Exchange organizations. Hybrid Configuration Wizard was introduced in SP2 in an attempt to automate and simplify the Hybrid setup between Exchange 2010 on-premises and Exchange Online which was a very difficult task with more than 50 manual steps in SP1 now reduced to 6 steps which are all GUI based.

Although Hybrid Configuration Wizard is an amazing feature added in SP2 and it is quite easy to run through, there are many factors that can stop the wizard from completing successfully. In order to be able to troubleshoot when things go wrong, you will need to understand how the Hybrid Configuration Wizard functions and how the Organization Relationship creation works in the background when running the wizard.

When you run the Configuration Wizard, it first starts with collecting all the required information from the user and records it using the Set-HybridConfiguration command. This recorded information is referred to as “desired state”. Once the “desired state” is defined, Configuration Wizard starts deploying the Hybrid Configuration by running the Update-HybridConfiguration command. This command tells Hybrid Configuration Engine to start the Hybrid Configuration process. Once the Hybrid Configuration Engine is started, it reads the “desired state” in the HybridConfiguration object in Active Directory.

This Active Directory object stores the hybrid configuration information for the hybrid deployment and is updated using the Manage Hybrid Configuration wizard.

Next, Hybrid Configuration Engine uses Remote PowerShell to connect to your Exchange 2010 On-premises server and Exchange Online. Once the connection is established successfully, Hybrid Configuration Engine checks the “current configuration” and topology of the On-premises Exchange Server and Exchange Online.

Knowing the “current state” and “desired state”, Hybrid Configuration Engine figures out what the “difference” between the states are, and configures the Hybrid Organization to get to the “desired state”.

As Hybrid Configuration Engine just applies the “difference” then it means if you don’t change any details and rerun the wizard, it checks the ”current state” and “desired state”, and if no change is made then the “difference” would be nothing and basically tool will not apply any changes.

When Hybrid Configuration Wizard is setting up the Organization Relationship, it first checks the Federation Information using connection to Exchange Online CAS using Remote PowerShell running Get-FederationInformation –DomainName adopt-cloud.com. This requests a delegation token from the Microsoft Federation Gateway. Once it receives the delegation token, it then checks the public DNS to figure out where the autodiscover endpoint is.

Once on-premises autodiscover endpoint is located, Exchange Online Client Access Server uses the delegation token that it had previously received from Microsoft Federation Gateway to connect o Exchange 2010 on-premises CAS. In response, Exchange 2010 on-premises CAS sends back the Federation Trust details. This information includes ApplicationUri, DomainNames, TargetAutodiscoverEpr and TokenIssuerUris.

One of the main issues that may cause the wizard to fail as per my experience is that if the autodiscover is not published correctly or the incoming traffic targeted to Exchange 2010 on-premises CAS server is not directed to the Hybrid server correctly. This is more likely to happen in cases that you have recently added an Exchange 2010 Hybrid server to the environment just for the purposes of setting up Hybrid mail with Exchange Online and you never made sure that the server functions correctly as an Exchange server.

So I would say the best practise is to setup Exchange 2010 Hybrid server, apply all the patches etc. and then ensure it is fully functional before setting up the organization relationship, and definitely as part of this, you ensure that autodiscover works correctly internally and externally.

No comments:

Post a Comment