HCW8078 - Migration Endpoint could not be created

Christopher 41 Reputation points

Good Morning

Firstly, thank you for taking the time to read my post. Looking for some advice and help please with the following scenario.

A Windows Server 2008 physical box running Exchange 2010 SP3 (Latest Roll-up) - 14.03.0513.000

I am doing a test migration before moving our small user base (25-50) to O365 permanently.

I have setup Azure AD Connect and sync'd two test users. All works good, users can sign in on Azure with their current windows (UPN) creds.

When running the migration wizard i am doing so from a domain joined member (W7 - 64 bit) which I believe is okay to do-so.

All steps of the migration pass, i.e tenant e-mail addresses added to all mailboxes with the default policy applied.

However, at the last hurdle I am receiving the following message:-

The connection to the server 'mail.example.com' could not be completed.
The call to 'https://mail.example.com/EWS/mrsproxy.svc' failed. Error details: Could not establish secure channel for SSL/TLS with authority 'mail.example.com'. --> The request was aborted: Could not create SSL/TLS secure channel..
Could not establish secure channel for SSL/TLS with authority 'mail.example.com'.

The request was aborted: Could not create SSL/TLS secure channel."

*Please note I have replace our domain with example.

We have a 3rd party cert (digicert).

MRSProxy is enabled

Service responds with creds if i browse to the link.

I have enabled/disabled the proxy / reset IIS etc. and to no avail.

Hoping for anything else I can try in terms of troubleshooting.

Thanks for taking the time to read


Exchange Server Management
Exchange Server Management
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Management: The act or process of organizing, handling, directing or controlling something.
6,099 questions
No comments
{count} votes

Accepted answer
  1. Joyce Shen - MSFT 16,331 Reputation points Microsoft Employee

    Hi @Christopher

    According to the error information you provided above, "Could not establish secure channel for SSL/TLS with authority "

    Please make sure you have enabled TLS 1.2 or a later version and disabled TLS 1.0 and 1.1. And I mentioned that your windows server version is 2008, we can check the description here:


    For the step by step guide, check the link here: Preparing for TLS 1.2 in Office 365 and Office 365 GCC

    This official KB gives an introduction about Troubleshooting issues where the hybrid migration endpoint cannot be created for your reference as well.

    If an Answer is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

1 additional answer

Sort by: Most helpful
  1. Christopher 41 Reputation points

    Hi @JohnM Oxley

    I have yet to implement given we are fast approaching our busy period and don't want to risk upsetting anything until we are in a position to spend more time. I am pretty confident however that enabling TLS1.2 which will work side-by-side with the other TLS1.0 etc won't lead to major problems and once it's enabled, I can get the end point created, start the migration and then retire the old box. What you could do, if you have the ability, is to bring up a DR environment of your current setup, make the TLS change and make sure your Exchange box etc. still boots, etc. etc - that's what I did and all seemed good.

    It all depends I guess on your timescales and pressure from above!

    When I do make the change I will of course be coming back here to post the update and let you all know but at this time I'm afraid I'm unable to say when this will be.

    Good luck - I'm sure you will be fine.