Cloud Roadshow Exchange Hybrid: Deployment, best practices, and
34 Slides5.26 MB
Cloud Roadshow Exchange Hybrid: Deployment, best practices, and what’s new
Agenda Why Hybrid Hybrid Prerequisites History of the HCW Tour of the new HCW Improved error handling experience
Why Exchange Hybrid
Why Exchange Hybrid? User Experienc es Address Book Calendaring & Free/Busy Messagin g MR S Mail Migrations Exchange on-premises Mailbox data Office 365
Hybrid benefits vs. other migration options EAS Y Really ? Deployment Complexity Hybrid Cutover No Additional Servers Cloud ID’s Only OST Sync All at Once Really ? Staged DirSync needed No 2010/2013 OST Sync Batch Approach End User Complexity DirSync/Identity Management Hybrid Configuration Wizard, oAuth,MRS, . Auto profile updates Batch Approach Offboarding Rich Coexistence EAS Y
Hybrid Prerequisites Have an Office 365 Tenant Add your domain to the Tenant (Contoso.com) Ensure you have a third party Certificate on-premises Ensure Exchange is properly deployed on-premises Have Directory Synchronization activate and deployed Ensure that you are running in a supported configuration
Exchange Hybrid Wizard History 1 Exchange 2010 SP1 2 3 Exchange 2010 SP2 Exchange 2013 72 pages of HCW introduced documentation HCW with webbased UI 4 5 6 Exchange 2013 SP1 Exchange 2013 CU5 Exchange 2013 CU10 and 2016 Removed confusing Multiple exchange requirements for organizations now supported Extremely additional Greatly simplified Native OAUTH and complex and low domains: transport Gallatin Support exchangedelegati configuration Supports adoption on and Exchange service.contoso.co 2013 Edge m M I C R O S O F T C O N F I D E N T I A L – I N T E R N A L O N LY Office 365 HCW
Hybrid Configuration Engine Step 1 Download the latest Hybrid Configuration Engine Latest HCW Blob Exchange Online Step 2The Hybrid Configuration Engine reads the “desired state” stored on the HybridConfiguration Active Directory object. Step 3The Hybrid Configuration Engine connects via Remote PowerShell to both the onpremises and Exchange Online organizations. Step 4 The Hybrid Configuration Engine discovers topology data and current configuration from the onpremises Exchange organization and the Exchange Online Based on the desired state, Step 5 organization. topology data, and current configuration, across both the on-premises Exchange and Exchange Online organizations, the Hybrid Configuration Engine establishes the “difference” and then executes configuration tasks to Organization Level Configuration Objects Domain Level Configuration Objects 1 4 (Exchange Federation Trust, Organization Reclationship, Forefront Inbound Connector, & Forefront Outbound Connector) (Accepted Domains & Remote Domains) On-Premises Exchange 5 EA C 3 Organization Level Configuration Objects (Exchange Federation Trust, Organization Relationship, Availability Address Space, & Send Connector) 4 Domain Level Configuration Objects 2 Desired state Hybrid Engine Topology & current Execute configuratio configuratio n n tasks state Configuration (Accepted Domains, Remote Domains, & E-mail Address Policies) 5 Exchange Server Level Configuration (Mailbox Replication Service Proxy, Certificate Validation, Exchange Web Service Virtual Directory Validation, & Receive Connector)
What have we been doing Piloting of HCW changes is controlled The latest and same version is used by all Supported on Exchange 2013 CU10 and 2016 Resolving the common upgrade issues (upgrade from 2010/2013) Agility with future releases HCW updates not tied to CU’s any longer Improvements to OAUTH and Multi Forest Better Diagnostics built in (HCW and other Troubleshooters) Stand Alone HCW (New Web Based HCW) HCW looks and feels familiar
What does the new experience look like?
Stand Alone HCW Common Questions Will I be able to run it on Exchange 2010? Will I be able to run in on Exchange 2013? Can I upgrade from Exchange 2010 to newer version? Can I opt out of the new HCW experience? Will I need to add any additional URL to my outbound proxy device? Will running the Stand Alone HCW
Entry Point
Welcome page
Server detection page The configuration will be done from this server We check local AD for a list of all Exchange servers and version (this is not a remote call) 1st see if the server we are on is running the latest version 2nd we look to see if a server in site is running the latest version 3rd we cross sight to connect to a random server running the latest version You can manually override this logic
Credential page We do not force you to enter your on-premises credentials You then just provide the cloud creds and we connect
“Enable” Federation Trust page
Shared namespace page We then show you a list of domains that are accepted in both on-premises and EXO This is were you choose your shared domain
Domain Proof We now copy just the string needed, no extra garbage
Mail Flow options Then you choose your familiar mail flow options
Send and receive server selection
Transport Certificate We then show a list of valid certs. Third Party Cert SMTP Service Assigned Installed properly on Exchange Not Self Signed
Certificate field is empty Certificate field is empty when running the HCW Certificate not correctly Certificate requirements installed Required on selected CAS & MBX CAS are used for Receive Connectors MBX are used for send Connectors Both need same cert installed, else HCW won’t show. not met Third Party Proper SAN Assigned to SMTP Service Private Key CRL Blocked Need access to CRL url over 80 from all servers
Namespace for on-premises
Ready to update
Feedback On the last page On Every Page Scenario / Action Items Error: Time Offset check on the on-premises server to get Federation to succeed Usability: Scroll bar needed when on accepted domain page Error: Improve the invalid TXT error experience Error: Improve Error experience for Hybrid Domains Error: Add information on certificates to show why it failed Error: Improve error reporting around Autodiscover issues Usability: remove server that are considered deleted objects from view in HCW
Log File location: %Appdata%\Microsoft\Exchange Hybrid Configuration Improved Logging (1 of 2) Application version information Exchange versions and other information found that will be used by the wizard
Improved Logging (2 of 2) SMTP certificate information from each server Exchange versions and other information found that will be used by the wizard
Better error Handling Link to a Solution Link to log files Link to open Shell with current credentials
Active Monitoring for HCW 2000 HCW runs every day Validation against multiple Regions and Datacenters Detected 2 Incidents over the last year before ANY customers reported the problems Detected a transient issue with Remote Powershell
2014 Microsoft Corporation. All rights reserved.
MRS Enablement delays The last portion of the legacy HCW enabled MRS Proxy ERROR:Updating hybrid configuration failed with error 'Subtask Configure execution failed: Configuring organization relationship settings.Execution of the Set-WebServicesVirtualDirectory cmdlet had thrown an exception. This may indicate invalid parameters in your Hybrid Configuration settings. Unable to access the configuration system on the remote server. Make sure that the remote server allows remote configuration This process ran a cmdlet GetWebServicesVirtualDirectory This added hours to the HCW often killing the HCW This is the longest part of the Hybrid process We have resolved this issue in the Office 365 HCW using the “-ADPropertiesOnly” switch with GetWebServicesVirtualDirectory
Hybrid Upgrade issues We had issues upgrading Hybrid from 2010 to 2013 The solutions were to perform action like: - rename Org Relationships - rename Connectors for Mail flow - Remove Hybrid configuration objects from ADSIEDIT None of this was graceful and this is all addressed in the Office 365 HCW
Why are the logs so important? We use the logs to find our top problems 30% of our failures come from “execution failed: Creating Organization Relationships.” 1 Get-FedInfo does a call to on-prem DNS for Autodiscover.contoso.co m 2 If there is no DNS record internally we could fail to complete HCW 3 3 What if we used External DNS as well? “execution failed: Creating Organization Relationship s.” On-premises 1 The point is that we often see customer with Autodiscover configured Exchange Online Exchange OnPremises
