I Have been doing as bit more research into this and manually ran the command that the HCW is running for the MRS Proxy:
Test-MigrationServerAvailability -ExchangeRemoteMove:$true -RemoteServer "mail.domain.com" -Credentials $credentials
The result is as follows:
RunspaceId : be68af2e-72f5-458a-b7e1-5d7b44b21b99
Result : Failed
Message : The connection to the server 'mail.domain.com' could not be completed.
ConnectionSettings :
SupportsCutover : False
ErrorDetail : Microsoft.Exchange.Migration.MigrationServerConnectionFailedException: The connection to the
server 'mail.domain.com' could not be completed. --->
Microsoft.Exchange.MailboxReplicationService.RemotePermanentException: The Mailbox Replication
Service was unable to connect to the remote server using the credentials provided. Please check
the credentials and try again. The call to 'https://mail.domain.com/EWS/mrsproxy.svc'
failed. Error details: The HTTP request is unauthorized with client authentication scheme
'Negotiate'. The authentication header received from the server was 'Negotiate,NTLM'. --> The
remote server returned an error: (401) Unauthorized.. --> The HTTP request is unauthorized with
client authentication scheme 'Negotiate'. The authentication header received from the server was
'Negotiate,NTLM'. --> The remote server returned an error: (401) Unauthorized. --->
Microsoft.Exchange.MailboxReplicationService.RemotePermanentException: The call to
'https://mail.domain.com/EWS/mrsproxy.svc' failed. Error details: The HTTP request is
unauthorized with client authentication scheme 'Negotiate'. The authentication header received
from the server was 'Negotiate,NTLM'. --> The remote server returned an error: (401)
Unauthorized.. ---> Microsoft.Exchange.MailboxReplicationService.RemotePermanentException: The
HTTP request is unauthorized with client authentication scheme 'Negotiate'. The authentication
header received from the server was 'Negotiate,NTLM'. --->
Microsoft.Exchange.MailboxReplicationService.RemotePermanentException: The remote server returned
an error: (401) Unauthorized.
--- End of inner exception stack trace ---
--- End of inner exception stack trace ---
--- End of inner exception stack trace ---
at Microsoft.Exchange.MailboxReplicationService.MailboxReplicationServiceFault.<>c__DisplayClas
s97_0.<ReconstructAndThrow>b__0()
at Microsoft.Exchange.MailboxReplicationService.ExecutionContext.Execute(Action operation)
at Microsoft.Exchange.MailboxReplicationService.MailboxReplicationServiceFault.ReconstructAndTh
row(String serverName, VersionInformation serverVersion)
at Microsoft.Exchange.MailboxReplicationService.WcfClientWithFaultHandling2.<>c__DisplayClass7 _0.<CallService>b__0() at Microsoft.Exchange.Net.WcfClientBase
1.CallService(Action serviceCall, String context)
at
Microsoft.Exchange.MailboxReplicationService.WcfClientWithFaultHandling`2.CallService(Action
serviceCall, String context)
at Microsoft.Exchange.Migration.MigrationExchangeProxyRpcClient.CanConnectToMrsProxy(Fqdn
serverName, Guid mbxGuid, NetworkCredential credentials, LocalizedException& error)
--- End of inner exception stack trace ---
at Microsoft.Exchange.Migration.DataAccessLayer.ExchangeRemoteMoveEndpoint.VerifyConnectivity()
at Microsoft.Exchange.Management.Migration.MigrationService.Endpoint.TestMigrationServerAvailab
ility.InternalProcessEndpoint(Boolean fromAutoDiscover)
IsValid : True
Identity :
ObjectState : New
I have run the following command:
Get-WebServicesVirtualDirectory | fl authentication, url
CertificateAuthentication :
InternalAuthenticationMethods : {Ntlm, WindowsIntegrated, WSSecurity, OAuth}
ExternalAuthenticationMethods : {Ntlm, WindowsIntegrated, WSSecurity, OAuth}
LiveIdNegotiateAuthentication :
WSSecurityAuthentication : True
LiveIdBasicAuthentication : False
BasicAuthentication : False
DigestAuthentication : False
WindowsAuthentication : True
OAuthAuthentication : True
AdfsAuthentication : False
InternalNLBBypassUrl :
InternalUrl : https://mail.domain.com/ews/exchange.asmx
ExternalUrl : https://mail.domain.com/ews/exchange.asmx
In IIS, EWS authentication is set to Anonymous and Windows Authentication Enabled.
The providers for Windows Authentication are Negotiate at the top and NTLM underneath.
Is it something to do the the AuthenticationMethods I have configured?