PS - Exchange Hybrid Free Busy Calendar Issues

Recently when working on a project, following the completion of the Exchange Hybrid Configuration Wizard (HCW). After we had migrated some test mailboxes to Exchange Online, there were problems with Cloud users accessing On-Prem free busy calendar information when scheduling meetings.

The following Microsoft troubleshooting guide can be followed - https://support.microsoft.com/en-us/help/10092/troubleshooting-free-busy-issues-in-exchange-hybrid-environment but this may not resolve your issue.

The issue in this instance was that the client had a TMG in front of the CAS servers with FBA authentication enabled. We had previously had to split the autodiscover.domain.com from mail.domain.com to use a separate TMG rule with no authentication remembering to limit the source IP's to the office 365 addresses.

First of all Connect to Exchange Online using remote PowerShell.

Execute Get-OrganizationRelationship -Identity * | FL and check the TargetSharingEpr value. If this is blank (default if you have used the HCW) then you will need to populate this value with the host name of the unauthenticated URL in our case https://autodiscover.domain.com/EWS/Exchange.asmx/WSSecurity

Set-OrganizationRelationship "O365 to On-premises - xxxxxxxxx" -TargetSharingEpr https://autodiscover.domain.com/EWS/Exchange.asmx/WSSecurity

Once this has been completed, allow time for replication and try this again and hopefully this will resolve your error.



Also had another issue where the linked account was not set, so check the partner relationship has a linked account



Reviewing the Outlook logs I can see the following error:

 

“Proxy web request failed. , inner exception: The application is missing a linked account for RBAC roles, or the linked account has no RBAC role assignments, or the calling users account is logon disabled. LID: 59916

 

This error suggests that the LinkedAccount for the PartnerApplication configuration has incorrect permissions or is missing in the on-premises configuration.

Reviewing the Get-PartnerApplication output that we collected from On-Premises I see the following:

 

Enabled                             : True

ApplicationIdentifier               : 0000000x-0000-xxxx-xxxx-000000000000

UseAuthServer                       : True

AcceptSecurityIdentifierInformation : False

LinkedAccount                       :

Name                                : Exchange Online

 

Effectively, the LinkedAccount is missing from the configuration.

This account should exist in the on-premises AD and we can search for it using the following commands:

 

            Set-ADServerSettings -ViewEntireForest $true

Get-User "Exchange Online-ApplicationAccount"

 

After finding the account in the AD through the above commands, we should update the configuration in the Hybrid server:

 

            Set-PartnerApplication "Exchange Online" –LinkedAccount “<rootdomainFQDN>/users/Exchange Online-ApplicationAccount”

 

After this change, it will be necessary to do an iisreset or even restart the Exchange 2013/2016 mailbox servers.

Once all these steps have been completed we can check if the Free/Busy is working or if there’s any other error still preventing it from working (by collecting new Outlook logs).

 

Please let me know in case any assistance is required to apply these steps and I can send you a Teams meeting invitation to apply them.

In case you do not find the ExchangeOnline-ApplicationAccount we will need additional steps to recover it, or eventually recreate it.



Other articles that may help are 

Comments