This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Hi,
I am setting up a Hybrid Wizard config mail migration from on-prem to exchange online. I am using the Modern Hybrid Topology.
I get a Validating Hybrid Agent for Exchange usage error:
I have also added the log file for further details of this error.
Guidance to resolve this issue will be highly appreciated.
Regards
A robust email, calendaring, and collaboration platform developed by Microsoft, designed for enterprise-level communication and data management.Miscellaneous topics that do not fit into specific categories.
The administration and maintenance of Microsoft Exchange Server to ensure secure, reliable, and efficient email and collaboration services across an organization.
The administration of a hybrid deployment that connects on-premises Exchange Server with Exchange Online, enabling seamless integration and centralized control.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(284.8, 17%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EYS%3C/text%3E%3C/svg%3E)
Hi @Jabulani Motloung ,
I'm writing to check if your issue has been resolved. If the problem is successfully resolved, you can share your solution or accept post you find helpful as answer. This can be beneficial to others who reading this thread. If you need further assistance on this, please feel free to post back. Thanks!
Thanks issues was resolved, it was a Firewall change for us that resolved this issue.
Hello,
I had the same problem and it is related to Exchange Extended Protection.
To solve the problem, you need to get the Powershell script from
Then execute this command:
.\ExchangeExtendedProtectionManagement.ps1 -ExchangeServerNames MHServer1, MHServer2 -ExcludeVirtualDirectories "EWSFrontEnd"
Hello,
I had the same problem and it is related to Exchange Extended Protection.
To solve the problem, you need to get the Powershell script from
Then execute this command:
.\ExchangeExtendedProtectionManagement.ps1 -ExchangeServerNames MHServer1, MHServer2 -ExcludeVirtualDirectories "EWSFrontEnd"
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(108.80000000000001, 20%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETV%3C/text%3E%3C/svg%3E)
You can check bellow things
Since you've shared a log file (20240312_070138.log), look for these key details:
Remove-HybridAgent
Install-HybridAgent
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(70.4, 73%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMR%3C/text%3E%3C/svg%3E)
Hi there, I know this is an older post but I had a similar issue and wanted to give my solution.
I am using an Exchange Server 2019 with the latest CU. I installed the hybrid agent and got the point "validate hybrid agent for exchange usage" (as shown in the screenshot above).
My error message was along the lines of "the http request is unauthorized with client authentication scheme 'negotiate' exchange migration" (not the same as in the orignal post).
I checked my extended protection as shown here and it was configured wrong (enabled on all directories) https://learn.microsoft.com/en-us/exchange/plan-and-deploy/post-installation-tasks/security-best-practices/exchange-extended-protection?view=exchserver-2019#extended-protection-and-modern-hybrid-configuration
As a temporary fix I disabled extended protection and the setup worked flawlessly. A Test Migration also went without issues.
Tomorrow I will follow the advice of valentinBoch and configure EEP correctly (.\ExchangeExtendedProtectionManagement.ps1 -ExchangeServerNames MHServer1, MHServer2 -ExcludeVirtualDirectories "EWSFrontEnd" ). This is also explained in the learn article above.
PS: Thank you guys for your help!!
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(172.8, 84%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EV%3C/text%3E%3C/svg%3E)
Hi @Jabulani Motloung I got the exactly the same issue, would you be able to elaborate on how it was sorted please.
I ran the cmd as per your instructed above with mine'76101ba2-ccfb-4c99-972e-8de7fc7910d7.resource.mailboxmigration.his.msappproxy.net'
it failed with the same error in the log.
So you know it was fine before, all of a sudden it stopped working.
Any help/ advice would be appreciated
Cheers
@vdz
Hi,
On my side, it was the firewall that was causing the issue, as soon as the Firewall team made sure that all required ports were opened, then our issue was resolved.
thanks for the response, I checked my firewall on port 80 and 443 and ran this cmd
Test-HybridConnectivity -TestO365Endpoints
it was fine.
Cheers
@vdz,
Ok, then re-run the Hybrid Wizard.
Hi @Jabulani Motloung ,
Connect to Exchange Online PowerShell and run the command below after replacing "domain\admin" with the on-premises migration admin you are using:
Test-MigrationServerAvailability -ExchangeRemoteMove: $true -RemoteServer 'dd500728-4fec-405f-a706-a3b245576f1f.resource.mailboxmigration.his.msappproxy.net' -Credentials (Get-Credential -UserName domain\admin)
If you get the same error, check the Hybrid Agent Status (ACTIVE or INACTIVE) by re-running Modern HCW and check it in the GUI, reference here.
If the Hybrid Agent is ACTIVE, check and confirm with Performance Monitor that you see the requests. If the request counters (for #of requests) go up on the Agent machine when you do Test-MigrationServerAvailability to the Hybrid Agent, it's likely to be an issue with the on-premises infrastructure, especially proxy and firewall settings. Then please go through the links below and make sure all the requirements have been met:
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.