[Migrated from MSDN Exchange Dev] Having issues adding server to hybrid mode

Question

Note: This case is migrated from MSDN Exchange Server Development forum. Since Exchange Server Development forum mainly discuss issues about Exchange development, and non-developer Exchange has transitioned to Microsoft Q&A for support, we migrated this non-developer question manually to continue the discussion.

Original Post: https://social.msdn.microsoft.com/Forums/office/en-US/9ff03b6b-3646-4798-9fbe-c07ef0ffb3da/having-issues-adding-server-to-hybrid-mode?forum=exchangesvrdevelopment

Hello,

Currently running into an issue when attempting to place my Exchange server in hybrid mode.

Connecting to remote server failed with the following error message: Connecting to remote server failed with the following error message : The SSL connection cannot be established. Verify that the service on the remote host is properly configured to listen for HTTPS requests. Consult the logs and documentation for the WS-Management service running on the destination, most commonly IIS or WinRM. If the destination is the WinRM service, run the following command on the destination to analyze and configure the WinRM service: "winrm quickconfig -transport:https". For more information, see the about_Remote_Troubleshooting Help topic.

I have tried the winrm command but still getting the same issue. I also tried connecting via powershell and receive the same error.

Am I missing a step?

I was running this on Windows Server 2008 R2 SP1 running Exchange 2013 CU23.

On a side note, I tried upgrading WMF from 3.0 to 5.1 Now i get an issue where opening Powershell crashes with the error message

Application: powershell.exe
Framework Version: v4.0.30319
Description: The application requested process termination through System.Environment.FailFast(string message).
Message: Access to the path 'C:\Users(username)\AppData\Local\Temp\2\sagbztm4.xiu.ps1' is denied.

Any help would definitely be appreciated.

Answer 1

Microsoft .NET Framework 4.6.2 or later is required to install HCW, and Microsoft .NET Framework 4.7.2 is required for Exchange 2013 CU23. Please make sure .NET Framework 4.7.2 is installed successfully.

Did you disable TLS 1.0 for your Exchange server? If so, please try to enable TLS 1.0 and 1.1 again. Then re-run HCW. For your reference: Exchange Server TLS guidance Part 3: Turning Off TLS 1.0/1.1.

Please also check this for more information about Hybrid deployment prerequisites.

---

If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Answer 2

Enabling TLS 1.0 and 1.1 did help fix this issue. While putting this in hybrid is temporary while we migrate over to 365, is there a way to have this done over TLS 1.2 or should i just use TLS 1.0/1.1 for the short period of time?

I did try running this command:

[System.Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]::Tls12;

but it didn't seem to work. Either way, it seems I am good to go. Thanks again for your guys help. Truly appreciate it.

Answer 3

Hi,

For the HCW error, could you please check the below,

1. Are you using the valid public certificate for Hybrid?
2. Are you able to browse portal.office365.com
3. Please allow the required network communication between the Exchange server and Office365
4. Check the TLS protocols in Windows server using registry - this require installation of patch and enable it using registry. Reboot is required after enabling TLS

https://learn.microsoft.com/en-us/microsoft-365/enterprise/urls-and-ip-address-ranges?view=o365-worldwide
https://support.microsoft.com/en-us/help/4019276/update-to-add-support-for-tls-1-1-and-tls-1-2-in-windows

If the above suggestion helps, please click on Accept Answer and upvote it.