Office 365 Hybrid Connection Wizard error hangs?

Luke Hogan 1 Reputation point
2022-03-14T21:51:37.06+00:00

Attempting to configure a Full Hybrid connection between our on-prem Exchange and Exchange 365 in preparation for full migration. After painfully troubleshooting all of the errors trying to get the "Office 365 Hybrid Configuration" applet to run, it is now getting stuck at "Adding Federated Domain"

183024-image.png

After investigating the error log here: %appdata%\Roaming\Microsoft\Exchange Hybrid Configuration I can see the errors below appearing in the log.


2022.03.14 21:41:49.823 ERROR 10277 [Client=UX, Activity=Domain Ownership, Session=OnPremises, Cmdlet=Set-FederatedOrganizationIdentifier, Thread=6] FINISH Time=1075.1ms Results=PowerShell failed to invoke 'Set-FederatedOrganizationIdentifier': An error occurred while attempting to provision Exchange to the Partner STS. Detailed Information "An error occurred accessing Windows Live. Detailed information: "The underlying connection was closed: An unexpected error occurred on a send.".". {CategoryInfo={Activity=[System.String] Set-FederatedOrganizationIdentifier,Category=[System.Management.Automation.ErrorCategory] InvalidResult,Reason=[System.String] ProvisioningFederatedExchangeException,TargetName=[System.String] ,TargetType=[System.String] },ErrorDetails=,Exception=[System.Management.Automation.RemoteException] An error occurred while attempting to provision Exchange to the Partner STS. Detailed Information "An error occurred accessing Windows Live. Detailed information: "The underlying connection was c losed: An unexpected error occurred on a send.".".,FullyQualifiedErrorId=[System.String] [Server=CFD-EX02,RequestId=d395096b-a1b0-4b59-b186-67b118264444,TimeStamp=3/14/2022 9:41:49 PM] [FailureCategory=Cmdlet-ProvisioningFederatedExchangeException] 584F1A5C,Microsoft.Exchange.Management.SystemConfigurationTasks.SetFederatedOrganizationIdentifier} 2022.03.14 21:41:49.837 ERROR 10224 [Client=UX, Page=DomainProof, Thread=6] Microsoft.Online.CSE.Hybrid.PowerShell.PowerShellInvokeException: PowerShell failed to invoke 'Set-FederatedOrganizationIdentifier': An error occurred while attempting to provision Exchange to the Partner STS. Detailed Information "An error occurred accessing Windows Live. Detailed information: "The underlying connection was closed: An unexpected error occurred on a send.".". {CategoryInfo={Activity=[System.String] Set-FederatedOrganizationIdentifier,Category=[System.Management.Automation.ErrorCategory] InvalidResult,Reason=[System.String] ProvisioningFederatedExchangeException,TargetName=[System.String] ,TargetType=[System.String] },ErrorDetails=,Exception=[System.Management.Automation.RemoteException] An error occurred while attempting to provision Exchange to the Partner STS. Detailed Information "An error occurred accessing Windows Live. Detailed information: "The underlying connection was closed: An unexpected error occurred on a send.".".,FullyQualifiedErrorId=[System.String] [Server=CFD-EX02,RequestId=d395096b-a1b0-4b59-b186-67b118264444,TimeStamp=3/14/2022 9:41:49 PM] [FailureCategory=Cmdlet-ProvisioningFederatedExchangeException] 584F1A5C,Microsoft.Exchange.Management.SystemConfigurationTasks.SetFederatedOrganizationIdentifier} ---> System.Management.Automation.RemoteException: An error occurred while attempting to provision Exchange to the Partner STS. Detailed Information "An error occurred accessing Windows Live. Detailed information: "The underlying connection was closed: An unexpected error occurred on a send.".". --- End of inner exception stack trace --- at Microsoft.Online.CSE.Hybrid.PowerShell.PowerShellInvokeResult.CreateOrThrowMapped(String cmdlet, IReadOnlyDictionary2 parameters, DateTimeOffset start, IPowerShellDataStreams dataStreams, ILogger logger, IPowerShellObject[] objects) at Microsoft.Online.CSE.Hybrid.Provider.PowerShell.PowerShellProvider.PowerShellInstance.Invoke(String cmdlet, IReadOnlyDictionary2 parameters, Int32 millisecondsTimeout) at Microsoft.Online.CSE.Hybrid.PowerShell.RemotePowershellSession.Invoke(IPowerShell powershell, String cmdlet, IReadOnlyDictionary2 parameters, Int32 millisecondsTimeout) at Microsoft.Online.CSE.Hybrid.PowerShell.RemotePowershellSession.RunCommandInternal2(String cmdlet, SessionParameters parameters, Int32 millisecondsTimeout, Boolean skipCmdletLogging) at Microsoft.Online.CSE.Hybrid.PowerShell.RemotePowershellSession.RunCommandInternal(String cmdlet, SessionParameters parameters, Int32 millisecondsTimeout, PowerShellRetrySettings retrySettings, Boolean skipCmdletLogging) at Microsoft.Online.CSE.Hybrid.Session.PowerShellOnPremisesSession.SetFederatedOrganizationIdentifier(SmtpDomain accountNamespace, String delegationTrustLink, SmtpDomain defaultDomain) at Microsoft.Online.CSE.Hybrid.App.ViewModel.Pages.DomainProof.DomainInfo.AddFederatedDomain(IOnPremisesSession session, AppData appData) at System.Collections.Generic.List1.ForEach(Action`1 action) at Microsoft.Online.CSE.Hybrid.App.ViewModel.Pages.DomainProof.VerifyActivity(IOnPremisesSession session, EnvironmentBase environment)


Any tips to get the wizard to progress?

I have ruled out:

  • TLS (TLS is set to 1.2 only)
  • Proxy (there is no proxy server, and I've run this wizard from desktops on prem and in Azure)
  • Timezone (I changed to UTC and tested after finding an article online)

Thanks!

Microsoft Exchange Hybrid Management
Microsoft Exchange Hybrid Management
Microsoft Exchange: Microsoft messaging and collaboration software.Hybrid Management: Organizing, handling, directing or controlling hybrid deployments.
1,910 questions
0 comments No comments
{count} votes

5 answers

Sort by: Most helpful
  1. Luka Dobrović (Span) 16 Reputation points
    2022-04-01T14:42:19.303+00:00

    Hello everyone,

    I had the same issue with one customer. Exchange environment consists of 2 Exchange 2010 (SP3 RU 32) servers and one Exchange 2016 server (CU22). Hybrid configuration Wizard is running on Exchange 2016 from which I will migrate mailboxes to Office 365.

    So firstly, in my test environment I had the same issue which was resolved by enabling Federation Trust from Exchange Control Panel.

    In the production, when I wanted to enable Federation Trust through Exchange management shell , I got an error:

    "Error:
    An error occurred while attempting to provision Exchange to the Partner STS. Detailed Information "An error occurred accessing Windows Live. Detailed information: "The underlying connection was closed: An unexpected error occurred on a send.".".
    An error occurred accessing Windows Live. Detailed information: "The underlying connection was closed: An unexpected error occurred on a send.".
    The underlying connection was closed: An unexpected error occurred on a send.
    Authentication failed because the remote party has closed the transport stream.
    Click here for help... http://technet.microsoft.com/en-US/library/ms.exch.err.default(EXCHG.141).aspx?v=14.3.498.0&t=exchgf1&e=ms.exch.err.ExB5F48C

    After a lot of troubleshooting I found that TLS wasn't enabled as it should be for this purpose, so I Downloaded IISCrypto and used best practices preset (https://www.nartac.com/Products/IISCrypto) and restarted server.
    After boot up, I got the same issue so I ended up diving a bit deeper and the issue was resolved by enabling TLS 1.2 for .NET 3.5 and 4.x using the following registry:

    Windows Registry Editor Version 5.00
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft.NETFramework\v2.0.50727]
    "SystemDefaultTlsVersions"=dword:00000001
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft.NETFramework\v2.0.50727]
    "SystemDefaultTlsVersions"=dword:00000001

    Windows Registry Editor Version 5.00
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft.NETFramework\v4.0.30319]
    "SystemDefaultTlsVersions"=dword:00000001
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft.NETFramework\v4.0.30319]
    "SystemDefaultTlsVersions"=dword:00000001

    I did another reboot of a server and Hybrid Connection Wizard ran successfully without a problem.

    hope this helps!

    3 people found this answer helpful.

  2. KyleXu-MSFT 26,211 Reputation points
    2022-03-15T02:51:31.793+00:00

    @Luke Hogan

    Did you verify your Exchange on-premises domain name on Office 365 before running HCW?

    I would suggest you try to download the latest version of HCW (Mark sure download it with IE browser): Hybrid Configuration wizard FAQs
    183101-qa-kyle-10-50-15.png


    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.



  3. Luke Hogan 1 Reputation point
    2022-04-02T00:11:45.083+00:00

    Thanks for the suggestion Luka ... I was very excited to try something new ... I didnt consider the .NET TLS version.

    However unfortunately after ensuring that all TLS versions are enabled in the OS, and the registry entries for .NET have been set as above, after the reboot I'm still getting the same error! So frustrating ... the same error occurs via the Exchange Admin Console while attempting to add Federated Domains.

    We're almost at the point where we will just have to live with this free/busy sharing issue and try to migrate the whole organisation asap.


  4. Santiago Carbonell Forment 1 Reputation point
    2022-04-11T09:53:56.07+00:00

    Hi,

    I've the same problem but it doesn't work.... I have Exchange 2010 SP3 with 32 rollup, with .NET Framework 3.5 and 4.51...

    I've configured TLS 1.2 in Exchange (you view TLS 1.2 in logs) and TLS with SystemDefaultTlsVersions in all net frameworks branches in regedit...

    but the command

    Set-FederatedOrganizationIdentifier -AccountNamespace 'mydomain.com' -DelegationFederationTrust 'Microsoft Federation Gateway' -Enabled:$true -VERBOSE

    it doesn't work

    I have tried everything...

    Any help?

    Thanks


  5. Hasan Reza 161 Reputation points
    2023-06-30T11:21:20.0733333+00:00

    U are real super Hero , one week i was looking for a solution , even MS had raised hand,

    0 comments No comments