Friday, April 15, 2016

Exchange Online users cannot see on-premises Exchange Server Free/Busy information

Scenario:

Came almost each time after Exchange Hybrid Configuration Wizard (HCW) finished its job successfully:
  • Customer's Exchange Hybrid configuration based on Exchange Server 2010 (you have all chances to have newer 2013/2016 versions affected).
  • Customer's on-premises users can see Free/Busy status of Exchange Online users in Office 365. 
  • However Exchange Online users can't see status of on-premises Exchange Server users.
  • Hybrid Deployment has passed Free/Busy and Autodiscover tests of Remote Connectivity Analyzer.
  • Hybrid Deployment has passed through "The Hybrid Free Busy Troubleshooter" with no errors until it suggested to open ticket with Microsoft Support team.
  • Following PowerShell command showed no errors:

    Test-FederationTrust -UserIdentity <OnPremisesMailbox> -verbose
  • Following PowerShell command is showing WSSecurity enabled:

    Get-WebServicesVirtualDirectory -Identity "HybridServer\EWS (default web site)" | fl *auth*

    InternalAuthenticationMethods   : {Basic, Ntlm, WindowsIntegrated, WSSecurity}
    ExternalAuthenticationMethods   : {Basic, Ntlm, WindowsIntegrated, WSSecurity}
    LiveIdSpNegoAuthentication      : False
    WSSecurityAuthentication        : True
    LiveIdBasicAuthentication       : False
    BasicAuthentication             : True
    DigestAuthentication            : False
    WindowsAuthentication           : True

  • However we noticed error "500" in W3SVC IIS logs of Hybrid Exchange Server very similar to:
POST /autodiscover/autodiscover.svc/WSSecurity - 443 - ASAutoDiscover/CrossForest/EmailDomain//15.01.0225.018 – 500 0 0 124

Solution:

You'll be surprised... Even though "Get-WebServicesVirtualDirectory | fl" showed WSSecurity enabled, the following command fixed issue:

Set-WebServicesVirtualDirectory -Identity "<HybridServer>\EWS (default web site)" -WSSecurityAuthentication $true

Other guys reported they had exactly the same resolution for Autodiscover IIS virtual directory even though "Get-AutodiscoverVirtualDirectory | fl" showed WSSecurity enabled:

Set-AutodiscoverVirtualDirectory -Identity "<HybridServer>\Autodiscover (Default Web Site)" -WSSecurityAuthentication $true

Another guy solved this issue simply with iisreset after initial Hybrid configuration.

I like my solution since it has no services restart and downtime for Exchange Server. Cause is unknown.

References: