Office 365 Hybrid Connection Wizard error hangs?

Question

Attempting to configure a Full Hybrid connection between our on-prem Exchange and Exchange 365 in preparation for full migration. After painfully troubleshooting all of the errors trying to get the "Office 365 Hybrid Configuration" applet to run, it is now getting stuck at "Adding Federated Domain"

After investigating the error log here: %appdata%\Roaming\Microsoft\Exchange Hybrid Configuration I can see the errors below appearing in the log.

---

2022.03.14 21:41:49.823 ERROR 10277 [Client=UX, Activity=Domain Ownership, Session=OnPremises, Cmdlet=Set-FederatedOrganizationIdentifier, Thread=6] FINISH Time=1075.1ms Results=PowerShell failed to invoke 'Set-FederatedOrganizationIdentifier': An error occurred while attempting to provision Exchange to the Partner STS. Detailed Information "An error occurred accessing Windows Live. Detailed information: "The underlying connection was closed: An unexpected error occurred on a send.".". {CategoryInfo={Activity=[System.String] Set-FederatedOrganizationIdentifier,Category=[System.Management.Automation.ErrorCategory] InvalidResult,Reason=[System.String] ProvisioningFederatedExchangeException,TargetName=[System.String] ,TargetType=[System.String] },ErrorDetails=,Exception=[System.Management.Automation.RemoteException] An error occurred while attempting to provision Exchange to the Partner STS. Detailed Information "An error occurred accessing Windows Live. Detailed information: "The underlying connection was c losed: An unexpected error occurred on a send.".".,FullyQualifiedErrorId=[System.String] [Server=CFD-EX02,RequestId=d395096b-a1b0-4b59-b186-67b118264444,TimeStamp=3/14/2022 9:41:49 PM] [FailureCategory=Cmdlet-ProvisioningFederatedExchangeException] 584F1A5C,Microsoft.Exchange.Management.SystemConfigurationTasks.SetFederatedOrganizationIdentifier} 2022.03.14 21:41:49.837 ERROR 10224 [Client=UX, Page=DomainProof, Thread=6] Microsoft.Online.CSE.Hybrid.PowerShell.PowerShellInvokeException: PowerShell failed to invoke 'Set-FederatedOrganizationIdentifier': An error occurred while attempting to provision Exchange to the Partner STS. Detailed Information "An error occurred accessing Windows Live. Detailed information: "The underlying connection was closed: An unexpected error occurred on a send.".". {CategoryInfo={Activity=[System.String] Set-FederatedOrganizationIdentifier,Category=[System.Management.Automation.ErrorCategory] InvalidResult,Reason=[System.String] ProvisioningFederatedExchangeException,TargetName=[System.String] ,TargetType=[System.String] },ErrorDetails=,Exception=[System.Management.Automation.RemoteException] An error occurred while attempting to provision Exchange to the Partner STS. Detailed Information "An error occurred accessing Windows Live. Detailed information: "The underlying connection was closed: An unexpected error occurred on a send.".".,FullyQualifiedErrorId=[System.String] [Server=CFD-EX02,RequestId=d395096b-a1b0-4b59-b186-67b118264444,TimeStamp=3/14/2022 9:41:49 PM] [FailureCategory=Cmdlet-ProvisioningFederatedExchangeException] 584F1A5C,Microsoft.Exchange.Management.SystemConfigurationTasks.SetFederatedOrganizationIdentifier} ---> System.Management.Automation.RemoteException: An error occurred while attempting to provision Exchange to the Partner STS. Detailed Information "An error occurred accessing Windows Live. Detailed information: "The underlying connection was closed: An unexpected error occurred on a send.".". --- End of inner exception stack trace --- at Microsoft.Online.CSE.Hybrid.PowerShell.PowerShellInvokeResult.CreateOrThrowMapped(String cmdlet, IReadOnlyDictionary2 parameters, DateTimeOffset start, IPowerShellDataStreams dataStreams, ILogger logger, IPowerShellObject[] objects) at Microsoft.Online.CSE.Hybrid.Provider.PowerShell.PowerShellProvider.PowerShellInstance.Invoke(String cmdlet, IReadOnlyDictionary2 parameters, Int32 millisecondsTimeout) at Microsoft.Online.CSE.Hybrid.PowerShell.RemotePowershellSession.Invoke(IPowerShell powershell, String cmdlet, IReadOnlyDictionary2 parameters, Int32 millisecondsTimeout) at Microsoft.Online.CSE.Hybrid.PowerShell.RemotePowershellSession.RunCommandInternal2(String cmdlet, SessionParameters parameters, Int32 millisecondsTimeout, Boolean skipCmdletLogging) at Microsoft.Online.CSE.Hybrid.PowerShell.RemotePowershellSession.RunCommandInternal(String cmdlet, SessionParameters parameters, Int32 millisecondsTimeout, PowerShellRetrySettings retrySettings, Boolean skipCmdletLogging) at Microsoft.Online.CSE.Hybrid.Session.PowerShellOnPremisesSession.SetFederatedOrganizationIdentifier(SmtpDomain accountNamespace, String delegationTrustLink, SmtpDomain defaultDomain) at Microsoft.Online.CSE.Hybrid.App.ViewModel.Pages.DomainProof.DomainInfo.AddFederatedDomain(IOnPremisesSession session, AppData appData) at System.Collections.Generic.List1.ForEach(Action`1 action) at Microsoft.Online.CSE.Hybrid.App.ViewModel.Pages.DomainProof.VerifyActivity(IOnPremisesSession session, EnvironmentBase environment)

---

Any tips to get the wizard to progress?

I have ruled out:

• TLS (TLS is set to 1.2 only)
• Proxy (there is no proxy server, and I've run this wizard from desktops on prem and in Azure)
• Timezone (I changed to UTC and tested after finding an article online)

Thanks!

Answer 1

Hello everyone,

I had the same issue with one customer. Exchange environment consists of 2 Exchange 2010 (SP3 RU 32) servers and one Exchange 2016 server (CU22). Hybrid configuration Wizard is running on Exchange 2016 from which I will migrate mailboxes to Office 365.

So firstly, in my test environment I had the same issue which was resolved by enabling Federation Trust from Exchange Control Panel.

In the production, when I wanted to enable Federation Trust through Exchange management shell , I got an error:

"Error:
An error occurred while attempting to provision Exchange to the Partner STS. Detailed Information "An error occurred accessing Windows Live. Detailed information: "The underlying connection was closed: An unexpected error occurred on a send.".".
An error occurred accessing Windows Live. Detailed information: "The underlying connection was closed: An unexpected error occurred on a send.".
The underlying connection was closed: An unexpected error occurred on a send.
Authentication failed because the remote party has closed the transport stream.
Click here for help... http://technet.microsoft.com/en-US/library/ms.exch.err.default(EXCHG.141).aspx?v=14.3.498.0&t=exchgf1&e=ms.exch.err.ExB5F48C

After a lot of troubleshooting I found that TLS wasn't enabled as it should be for this purpose, so I Downloaded IISCrypto and used best practices preset (https://www.nartac.com/Products/IISCrypto) and restarted server.
After boot up, I got the same issue so I ended up diving a bit deeper and the issue was resolved by enabling TLS 1.2 for .NET 3.5 and 4.x using the following registry:

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft.NETFramework\v2.0.50727]
"SystemDefaultTlsVersions"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft.NETFramework\v2.0.50727]
"SystemDefaultTlsVersions"=dword:00000001

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft.NETFramework\v4.0.30319]
"SystemDefaultTlsVersions"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft.NETFramework\v4.0.30319]
"SystemDefaultTlsVersions"=dword:00000001

I did another reboot of a server and Hybrid Connection Wizard ran successfully without a problem.

hope this helps!

Answer 2

@Luke Hogan

Did you verify your Exchange on-premises domain name on Office 365 before running HCW?

I would suggest you try to download the latest version of HCW (Mark sure download it with IE browser): Hybrid Configuration wizard FAQs

---

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

---

Answer 3

Thanks for the suggestion Luka ... I was very excited to try something new ... I didnt consider the .NET TLS version.

However unfortunately after ensuring that all TLS versions are enabled in the OS, and the registry entries for .NET have been set as above, after the reboot I'm still getting the same error! So frustrating ... the same error occurs via the Exchange Admin Console while attempting to add Federated Domains.

We're almost at the point where we will just have to live with this free/busy sharing issue and try to migrate the whole organisation asap.

Answer 4

Hi,

I've the same problem but it doesn't work.... I have Exchange 2010 SP3 with 32 rollup, with .NET Framework 3.5 and 4.51...

I've configured TLS 1.2 in Exchange (you view TLS 1.2 in logs) and TLS with SystemDefaultTlsVersions in all net frameworks branches in regedit...

but the command

Set-FederatedOrganizationIdentifier -AccountNamespace 'mydomain.com' -DelegationFederationTrust 'Microsoft Federation Gateway' -Enabled:$true -VERBOSE

it doesn't work

I have tried everything...

Any help?

Thanks

Answer 5

U are real super Hero , one week i was looking for a solution , even MS had raised hand,