hi,
i'm trying to setup an hybrid migration for a customer.
their environment contain an Exchange 2010 with SP2 which is located behind a checkpoint firewall.
there is a mail relay between the firewall to the exchange for smtp transport.
the domain of this server is domain.com (example of course - i replaced the domain with the real domain name)
the web access of this server is owa.x-domain.com (they have an old 2nd domain which used as the web access domain)
the internal name of the server is SERVER-EXCH01.domain.local
steps i did was setup an AD FS 2.0 app on the AD server (currently i configured that with farm but only 1 server which will act for now as the primary server in the farm) the ADFS is configured under an SSL and can be access externaly with port 443 the name of the dns host is adfs.domain.com
i setup an DirSync server and completed successfully while seeing that all of my users are now synced to the office 365 E1 account which i've opened (currently in E3 trial but the plan is to be with E1)
then things moves into more complicated stuff.
i've created on the current exchange 2010 a remote domain called hosted cloud domain and the domain name is hosted.domain.com and configured to use this domain for my office 365 tenant
i've created a new accepted domain called exchange federation delegation and named the domain as exchangedelegation.domain.com
than i've created a federation trust - got the TXT keys for the domain.com and the exchangedelegation.domain.com and putted them with my DNS control panel in godaddy.
after few hours i've managed the federation added the 2 domains (domain.com and exchangefederation.domain.com) and putted inside the email of organization contact postmaster@domain.com
i've clicked enable federation
this completed successfully
than i made a new organization relationship and named it as Exchange Online
i've enabled free/busy information access and choosed the maximum level with subject and location
than i put on the next screen the domain i created with office 365 - blabla.onmicrosoft.com (the blabla is a replacement of my real account which i've created)
this also completed successfully
i've than added the forest of my office 365 into the exchange management console
after that i was able to see my office 365 domain in the exchange management console
i've enabled organization customization in the power shell according to the documents
in the office 365 domain under the EMC i've made the same organization relationship and putted two domains domain.com and hosted.domain.com
added the URI as exchangedelegation.domain.com and the autodiscover endpoint as
https://owa.x-domain.com/autodiscover/autodiscover.svc/wssecurity
now again - did everything according to the manuals but i've missing here something - should i made a real DNS in the godaddy setting for exchangedelegation.domain.com????
should i also create in godaddy the hosted.domain.com??????
than i set 2 command in the exchange console according to the manual - 1 is set-organtizationrelationship -identity "Exchange Online" -targersharingepr https://sn1prd0302.outlook.com/ews/exchange.asmx/wssecurity (should i really use the SN1prd0302 like the manual described or something else?)
and the 2nd command as set-organizationrelationship -identity "Exchange Online" -targerautodiscoveryepr https://sn1prd0302.outlook.com/autodiscover/autodiscover.svc/wssecurity
than i've configured an accepted domain for internal relay domain which called as hosted.domain.com
i've configured also a new send connected which called hosted domain and added hosted.domain.com in the address space i clicked route mail through the following smart host and choosed hosted-domain-com.mail.eo.outlook.com
i didn't modify according to the manual the default email-address policy but on a test user i did put also the 2nd email which is like this username@hosted.domain.com right next to the username@domain.com
at this point the document said i can already make a remote move.
tried - not sure i putted a correct server name in the source but i got this error
Exception has been thrown by the target of an invocation.
than i seen i have an extra tab in compare to the manual which called hybrid configuration - tried to set this up - also i wasn't sure what ip to put in the inbound (since i'm using a mail relay) and wasn't sure what name to put in the outbound connector - this process ended with an error
Updating hybrid configuration failed with error 'System.Management.Automation.Remoting.PSRemotingTransportException: Connecting to remote server failed with the following error message : The WinRM client cannot process the request. The WinRM client tried to use Negotiate authentication mechanism, but the destination computer (SERVER-EXCH01:80) returned an 'access denied' error. Change the configuration to allow Negotiate authentication mechanism to be used or specify one of the authentication mechanisms supported by the server. To use Kerberos, specify the local computer name as the remote destination. Also verify that the client computer and the destination computer are joined to a domain. To use Basic, specify the local computer name as the remote destination, specify Basic authentication and provide user name and password. Possible authentication mechanisms reported by server
than i raised my hand and said i need help....
anyone please?