Exchange Hybrid Configuration Wizard step by step guide. What happens in background when you run HCW.
In this Exchange Hybrid Configuration Wizard step by step guide we learn how to deploy Exchange hybrid using Hybrid Configuration Wizard (HCW), we will analyze HCW logs and we will understand what happens in the background when you run Exchange Hybrid Configuration Wizard (HCW).
In previous article we talked about Exchange hybrid deployment. We discussed about components of Exchange hybrid deployment, what features and benefits are provided by Exchange hybrid, and we talked about Exchange hybrid deployment topologies.
Table of Contents
Watch the video
Watch this video on our YouTube channel and learn how to run Exchange Hybrid Configuration Wizard and deploy Exchange hybrid.
What is Microsoft Exchange Hybrid Configuration Wizard
The Microsoft Hybrid Configuration Wizard is a tool that helps connect your on-premises Exchange server with Microsoft 365 (formerly Office 365). It simplifies the process of setting up a hybrid environment, allowing seamless communication between your local email system and the cloud. In nutshell, it’s like a handy guide that ensures your on-premises and Microsoft 365 services work together smoothly, making email management easier and more efficient.
Download Hybrid Configuration Wizard
You should always download the updated version of Hybrid Configuration Wizard. Click this link to download the updated version of HCW.
Important: You need to run HCW application on the Exchange server that you want to use for Hybrid configuration. If you have only one Exchange server in your on-premises, then run Hybrid Configuration Wizard on that Exchange server.
Run Hybrid Configuration Wizard step by step
Hybrid configuration wizard or HCW is a tool that helps administrators to create and configure Exchange hybrid deployment. When 2 different organizations (on-premises Exchange server and Exchange online) want to feel a seamless look of a single organization, Hybrid Configuration Wizard helps to achieve this.
Before you run Hybrid Configuration Wizard, you need to meet certain pre-requisites. Please refer to this video to learn what are the prerequisites for Exchange hybrid deployment.
When you run HCW application, you see below welcome screen. Click Next.
On the On-premises Exchange Server Organization page of the Hybrid Configuration Wizard, the HCW application will try to find your on-premises Exchange server as shown below:
In below image you can see HCW application has detected on-premises Exchange server. You can see the domain name office365concepts.com which is added in accepted domains in Exchange server, you can see the Exchange server version, and other details.
If the HCW application is not able to detect your Exchange server, select Specify a server running Exchange 2010, 2013 or 2016 and manually type your Exchange server details.
Under Office 365 Online select Office 365 Worldwide and click Next.
On the On-premises Exchange Account page of Hybrid Configuration Wizard, the application will automatically detect on-premises Exchange administrator credentials. If the HCW application is not able to detect Exchange administrator credentials or you want to use different administrator credentials, click Change and type the credentials of an Exchange administrator.
Under Office 365 Exchange Online Account click sign in and type the credentials of the Global Administrator of Microsoft 365 tenant.
Click Next.
On the Gathering Configuration Information page, HCW will connect to your on-premises Exchange server and Microsoft 365 Exchange Online to collect the required information. Once HCW has successfully connected to both on-premises Exchange and Microsoft 365 as shown below, click Next.
On the Hybrid Features page of the Hybrid Configuration Wizard, you need to select if you want to configure minimal hybrid or full hybrid deployment. If you want to configure hybrid for only mailbox move, you can select minimal hybrid. And if you want all the features of Exchange hybrid, you can select full hybrid Configuration. Click Next to proceed.
On the Hybrid Topology page, select the Exchange hybrid topology and click Next.
On the On-premises Account for Migration page of HCW, click enter and type the credentials of the on-premises Exchange server administrator. HCW will use these credentials to connect to your on-premises Exchange server and will create a Migration endpoint in Exchange Online.
Click Next.
On the Hybrid Configuration page, Hybrid Configuration Wizard will ask you, how the mail flow routing between Exchange online and on-premises Exchange should be established. If you want to configure your Client Access Server and Mailbox Server for the mail transport, or it should be handled by the Edge Transport Server. You can also configure centralized and decentralized mail flow by clicking Advanced.
Click Next once you have made your selection.
On the Receive Connector Configuration page, click the drop down arrow and select your Exchange server that will be responsible to receive the emails from Exchange Online.
When you will click the drop down arrow, HCW will list all your Exchange servers. Select the Exchange server that will be responsible for secure mail transport and click Next.
Important: The Exchange server you will be using for secure mail transport should have a SMTP certificate and port 25 should be open on the server.
On the Send Connector Configuration page of Exchange Hybrid Configuration Wizard, click the drop down arrow to select the Exchange server on which you want HCW to create a send connector that will be responsible to send emails to Exchange online.
Select the appropriate Exchange server and click Next.
On the Transport Certificate page of Exchange Hybrid Configuration Wizard, click the drop down arrow and select SSL certificate that will be used for the secure email flow between on-premises Exchange server and Exchange online.
Click Next.
On the Organization FQDN page of the Exchange Hybrid Configuration Wizard page, type the Fully Qualified Domain Name of the Exchange server. Click Next.
Important: The FQDN should match the hostname of the Exchange server that you have configured within the virtual directory’s internal and external URL and for which you have configured DNS records.
On the Ready for Update page of HCW click Update.
Now Exchange Hybrid Configuration Wizard will start configuring Exchange hybrid as shown below:
And once Exchange hybrid is configured successfully, you will see Congratulations page as shown below. If you want to check HCW logs, you can click the link as shown in the image. Click Close to close the wizard.
Verify Exchange hybrid configuration in Exchange server
To verify Exchange hybrid configuration, open Exchange Management Shell and run the below command:
Get-HybridConfiguration
This command will list all the properties of Exchange hybrid configuration as shown below:
Once Exchange hybrid is deployed, go to Exchange admin center in on-premises Exchange server. At the top left of the Exchange admin center page you can see 2 tabs as shown below from where you can manage both Exchange on-premises and Exchange online.
Exchange Hybrid Configuration Wizard logs
When you run the Exchange Hybrid Configuration Wizard, it generates logs that provide detailed information about the configuration process. These logs can be helpful for troubleshooting issues and ensuring that the hybrid deployment is set up correctly. The logs may include information about various stages of the configuration, such as connecting to on-premises Exchange servers, configuring connectors, and testing mail flow.
In Exchange Server 2016 or 2019, you can find Hybrid Configuration Wizard logs in below location:
C:\Users\%username%\AppData\Roaming\Microsoft\Exchange Hybrid Configuration
The log files are usually named with a timestamp and contain information about the steps taken during the configuration process.
Hybrid Configuration Wizard background process
When we run Exchange Hybrid Configuration Wizard, it runs a series of PowerShell commands in the background and it makes lots of changes in both on-premises Exchange organization and Exchange online.
Let’s dive deep into Exchange Hybrid Configuration Wizard background process and let’s understand what happens in the background or what changes are done in on-premises Exchange server and Exchange online when we run HCW.
1. Validating on-premises Exchange server and Exchange online (Microsoft 365) connection
When you start Exchange Hybrid Configuration Wizard, it checks the connection with your on-premises Exchange server and Exchange online. At this point HCW checks if it can connect to both on-premises Exchange server and Exchange online.
2022.04.28 17:24:20.872 10274 [Client=UX, Activity=OnPremises Connection Validation, Thread=14] START
2022.04.28 17:24:20.874 10274 [Client=UX, Activity=Tenant Connection Validation, Thread=13] START
2. Collecting data about Exchange server configuration
Then HCW runs Get-ExchangeServer to collect required information about the on-premises Exchange server.
2022.04.28 17:24:24.285 10276 [Client=UX, Activity=OnPremises Connection Validation, Session=OnPremises, Cmdlet=Get-ExchangeServer, Thread=14] START
By running Get-ExchangeServer command, HCW collects the information about the on-premises domain, Exchange server version, FQDN of the Exchange server, and so on.
Then HCW runs a series of other PowerShell commands to collect information of on-premises Exchange server like, Get-MailboxDatabase, Get-OrganizationConfig, it runs Get-HybridConfiguration to check if you already have existing Exchange Hybrid configuration, it collects information about the domains by running Get-AcceptedDomain, it runs Get-FederatedOrganizationIdentifier, Get-FederationTrust, Get-WebServicesVirtualDirectory and Get-RemoteDomain.
3. Collecting data about Exchange online (Microsoft 365) configuration
Then Hybrid Configuration Wizard collects the required information about the Exchange online or Microsoft 365 tenant by running Get-OrganizationConfig command.
2022.04.28 17:24:29.172 10277 [Client=UX, Activity=Tenant Connection Validation, Session=Tenant, Cmdlet=Get-OrganizationConfig, Thread=13]
HCW runs Get-OnPremisesOrganization command to verify if you already have Exchange hybrid object of on-premises Exchange server in your Microsoft 365 tenant.
2022.04.28 17:24:29.178 10276 [Client=UX, Activity=Tenant Connection Validation, Session=Tenant, Cmdlet=Get-OnPremisesOrganization, Thread=13] START
After this HCW runs a series of commands in Exchange online to collect required information about your Microsoft 365 tenant. It runs commands like, Get-AcceptedDomain, Get-MigrationEndpoint and so on.
4. Creating Hybrid configuration in on-premises
Then HCW creates new Exchange Hybrid configuration in on-premises by running New-HybridConfiguration PowerShell command in on-premises organization.
2022.04.28 17:30:04.625 10276 [Client=UX, Session=OnPremises, Cmdlet=New-HybridConfiguration, Thread=9] START
Then HCW runs Set-HybridConfiguration command in on-premises to update the below properties in Exchange Hybrid configuration:
- It updates the on-premises accepted domain
- It updates Exchange server smart host
- It uses the on-premises SSL certificate in Hybrid configuration
- It updates the Exchange server name responsible for receiving emails from Exchange online
- It updates Exchange hybrid features as per the topology selected.
2022.04.28 17:30:07.613 10276 [Client=UX, Session=OnPremises, Cmdlet=Set-HybridConfiguration, Thread=9] START Set-HybridConfiguration -ClientAccessServers $null -ExternalIPAddresses $null -Domains 'office365concepts.com' -OnPremisesSmartHost 'mail.office365concepts.com' -TLSCertificateName '<I>CN=R3, O=Let's Encrypt, C=US<S>CN=office365concepts.com' -SendingTransportServers EXCHANGE -ReceivingTransportServers EXCHANGE -EdgeTransportServers $null -Features FreeBusy,MoveMailbox,Mailtips,MessageTracking,OwaRedirection,OnlineArchive,SecureMail,Photos
5. Updating Remote Domains and Email Address Policy in on-premises Exchange server
Then HCW runs New-RemoteDomain PowerShell command and it adds Target Delivery Domain (initialdomain.onmicrosoft.com) within the remote domain in on-premises Exchange server.
2022.04.28 17:36:51.937 10276 [Client=UX, Session=OnPremises, Cmdlet=New-RemoteDomain, Thread=8] START New-RemoteDomain -Name 'Hybrid Domain - 365conceptlabs.onmicrosoft.com' -DomainName '365conceptlabs.onmicrosoft.com'
2022.04.28 17:36:52.333 10277 [Client=UX, Session=OnPremises, Cmdlet=New-RemoteDomain, Thread=8]
FINISH Time=396.3ms Results=1
Then Exchange Hybrid Configuration Wizard runs Set-EmailAddressPolicy command in on-premises and updates the Email Address Policy in on-premises Exchange server and it adds hybrid domain and routing domain in Email Address Policy.
2022.04.28 17:36:53.431 10276 [Client=UX, Session=OnPremises, Cmdlet=Set-EmailAddressPolicy, Thread=8] START Set-EmailAddressPolicy -Identity 'Default Policy' -ForceUpgrade: $true -EnabledEmailAddressTemplates 'SMTP:@office365concepts.com','smtp:%[email protected]'
6. Creating Organization Relationship in on-premises Exchange server and Exchange online
Then HCW runs New-OrganizationRelationship command in on-premises Exchange server and Exchange online, and it creates one organization relationship in on-premises Exchange server (On-premises to O365) and one organization relationship in Exchange online with name O365 to On-premises.
2022.04.28 17:36:58.242 10276 [Client=UX, Session=OnPremises, Cmdlet=New-OrganizationRelationship, Thread=8] START New-OrganizationRelationship -Name 'On-premises to O365 - 1ba6195d-010a-4f94-9439-348ff5253370' -TargetApplicationUri $null -TargetAutodiscoverEpr $null -Enabled: $true -DomainNames '365conceptlabs.mail.onmicrosoft.com'
2022.04.28 17:36:59.045 10276 [Client=UX, Session=Tenant, Cmdlet=New-OrganizationRelationship, Thread=8] START New-OrganizationRelationship -Name 'O365 to On-premises - b3c642eb-1491-47b1-85ce-8f9798bd3d08' -TargetApplicationUri $null -TargetAutodiscoverEpr $null -Enabled: $true -DomainNames 'office365concepts.com'
Then HCW runs Set-OrganizationRelationship command in on-premises and updates below properties in the organization relationship. Since we selected Full Exchange Hybrid topology, HCW will enable all the features.
MailboxMoveEnabled: $true
FreeBusyAccessEnabled: $true
FreeBusyAccessLevel LimitedDetails
ArchiveAccessEnabled: $true
MailTipsAccessEnabled: $true
TargetOwaURL ‘https://outlook.office.com/mail’
2022.04.28 17:37:01.088 10276 [Client=UX, Session=OnPremises, Cmdlet=Set-OrganizationRelationship, Thread=8] START Set-OrganizationRelationship -MailboxMoveEnabled: $true -FreeBusyAccessEnabled: $true -FreeBusyAccessLevel LimitedDetails -ArchiveAccessEnabled: $true -MailTipsAccessEnabled: $true -MailTipsAccessLevel All -DeliveryReportEnabled: $true -PhotosEnabled: $true -TargetOwaURL 'https://outlook.office.com/mail' -Identity 'On-premises to O365 - 1ba6195d-010a-4f94-9439-348ff5253370'
Then HCW runs Set-OrganizationRelationship command in Exchange Online and updates the properties and enables the features as per the Full Exchange Hybrid topology.
2022.04.28 17:37:01.515 10276 [Client=UX, Session=Tenant, Cmdlet=Set-OrganizationRelationship, Thread=8] START Set-OrganizationRelationship -FreeBusyAccessEnabled: $true -FreeBusyAccessLevel LimitedDetails -TargetSharingEpr $null -MailTipsAccessEnabled: $true -MailTipsAccessLevel All -DeliveryReportEnabled: $true -PhotosEnabled: $true -TargetOwaURL 'https://mail.office365concepts.com/owa' -Identity 'O365 to On-premises - b3c642eb-1491-47b1-85ce-8f9798bd3d08'
7. Updating Availability Address Space in on-premises Exchange server
Then HCW runs Add-AvailabilityAddressSpace command in on-premises and adds routing domain (initialdomain.mail.onmicrosoft.com) and EWS URL in Availability Address Space.
2022.04.28 17:37:02.415 10276 [Client=UX, Session=OnPremises, Cmdlet=Add-AvailabilityAddressSpace, Thread=8] START Add-AvailabilityAddressSpace -ForestName '365conceptlabs.mail.onmicrosoft.com' -AccessMethod InternalProxy -UseServiceAccount: $true -ProxyUrl 'https://mail.office365concepts.com/EWS/Exchange.asmx'
Important: Availability address space has a domain name set to domain.mail.onmicrosoft.com that is used for free/busy look ups when there is no organization relationship or Intra-Organization connector.
8. Configuring Mail Flow between on-premises Exchange server and Exchange online
When we run Exchange Hybrid Configuration Wizard, it creates 1 Send Connector in on-premises Exchange server and it updates the Default Frontend receive connector. When we install Exchange server, a receive connector is automatically created with name Default Frontend/Exchange. HCW uses this connector to receive the emails from Exchange online instead of creating a new receive connector.
HCW runs New-SendConnector command in on-premises to create a send connector that will be responsible to route emails from on-premises Exchange server to Exchange online.
2022.04.28 17:37:09.495 10276 [Client=UX, Session=OnPremises, Cmdlet=New-SendConnector, Thread=8] START New-SendConnector -Name 'Outbound to Office 365 - 1ba6195d-010a-4f94-9439-348ff5253370' -AddressSpaces 'smtp:365conceptlabs.mail.onmicrosoft.com;1' -DNSRoutingEnabled: $true -ErrorPolicies Default -Fqdn 'office365concepts.com' -RequireTLS: $true -IgnoreSTARTTLS: $false -SourceTransportServers EXCHANGE -SmartHosts $null -TLSAuthLevel DomainValidation -DomainSecureEnabled: $false -TLSDomain 'mail.protection.outlook.com' -CloudServicesMailEnabled: $true -TLSCertificateName '<I>CN=R3, O=Let's Encrypt, C=US<S>CN=office365concepts.com'
Then HCW runs Set-ReceiveConnector command in on-premises Exchange server and it updates the properties of the Default Frontend receive connector. HCW stamps the on-premises SSL certificate on the receive connector so that emails sent from Exchange online to Exchange server are received through this connector over a secured channel.
2022.04.28 17:37:10.472 10276 [Client=UX, Session=OnPremises, Cmdlet=Set-ReceiveConnector, Thread=8] START Set-ReceiveConnector -AuthMechanism 'Tls, Integrated, BasicAuth, BasicAuthRequireTLS, ExchangeServer' -Bindings '[::]:25','0.0.0.0:25' -Fqdn 'exchange.office365concepts.com' -PermissionGroups 'AnonymousUsers, ExchangeServers, ExchangeLegacyServers' -RemoteIPRanges '::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff','0.0.0.0-255.255.255.255' -RequireTLS: $false -TLSDomainCapabilities 'mail.protection.outlook.com:AcceptCloudServicesMail' -TLSCertificateName '<I>CN=R3, O=Let's Encrypt, C=US<S>CN=office365concepts.com' -TransportRole FrontendTransport -Identity 'EXCHANGE\Default Frontend EXCHANGE'
Then HCW creates 2 mail flow connectors in Exchange online (Inbound and Outbound). HCW runs New-InboundConnector and creates an inbound connector in Exchange online that will be responsible to receive emails sent from on-premises Exchange server to Exchange online.
2022.04.28 17:37:11.001 10276 [Client=UX, Session=Tenant, Cmdlet=New-InboundConnector, Thread=8] START New-InboundConnector -Name 'Inbound from b3c642eb-1491-47b1-85ce-8f9798bd3d08' -CloudServicesMailEnabled: $true -ConnectorSource HybridWizard -ConnectorType OnPremises -RequireTLS: $true -SenderDomains '*' -SenderIPAddresses $null -RestrictDomainsToIPAddresses: $false -TLSSenderCertificateName 'office365concepts.com' -AssociatedAcceptedDomains $null
And it creates an outbound connector in Exchange online that will be responsible to route emails from Exchange online to on-premises Exchange server.
2022.04.28 17:37:17.314 10276 [Client=UX, Session=Tenant, Cmdlet=New-OutboundConnector, Thread=8] START New-OutboundConnector -Name 'Outbound to b3c642eb-1491-47b1-85ce-8f9798bd3d08' -RecipientDomains 'office365concepts.com' -SmartHosts 'mail.office365concepts.com' -ConnectorSource HybridWizard -ConnectorType OnPremises -TLSSettings DomainValidation -TLSDomain 'office365concepts.com' -CloudServicesMailEnabled: $true -RouteAllMessagesViaOnPremises: $false -UseMxRecord: $false -IsTransportRuleScoped: $false
9. Creating OnPremisesOrganization object in Exchange online
Then HCW runs New-OnPremisesOrganization command in Exchange online and it creates OnPremisesOrganization object in Exchange online. The OnPremisesOrganization object signifies the configuration of an on-premises Microsoft Exchange organization that is set up for a hybrid deployment in conjunction with a Microsoft 365 organization.
2022.04.28 17:37:17.879 10276 [Client=UX, Session=Tenant, Cmdlet=New-OnPremisesOrganization, Thread=8] START New-OnPremisesOrganization -HybridDomains 'office365concepts.com' -InboundConnector 'Inbound from b3c642eb-1491-47b1-85ce-8f9798bd3d08' -OutboundConnector 'Outbound to b3c642eb-1491-47b1-85ce-8f9798bd3d08' -OrganizationRelationship 'O365 to On-premises - b3c642eb-1491-47b1-85ce-8f9798bd3d08' -OrganizationName Office365Concepts -Name 'b3c642eb-1491-47b1-85ce-8f9798bd3d08' -OrganizationGuid 'b3c642eb-1491-47b1-85ce-8f9798bd3d08'
10. Creating IntraOrganizationConnector in Exchange server and Exchange online
Then HCW runs New-IntraOrganizationConnector command in on-premises Exchange server and Exchange online to create an IntraOrganizationConnector. IntraOrganizationConnector enables feature availability and service connectivity across the organizations using a common connector and connection endpoints.
2022.04.28 17:37:23.569 10276 [Client=UX, Session=OnPremises, Cmdlet=New-IntraOrganizationConnector, Thread=8] START New-IntraOrganizationConnector -Name 'HybridIOC - 1ba6195d-010a-4f94-9439-348ff5253370' -DiscoveryEndpoint 'https://autodiscover-s.outlook.com/autodiscover/autodiscover.svc' -TargetAddressDomains '365conceptlabs.mail.onmicrosoft.com' -Enabled: $true
2022.04.28 17:37:24.026 10276 [Client=UX, Session=Tenant, Cmdlet=New-IntraOrganizationConnector, Thread=8] START New-IntraOrganizationConnector -Name 'HybridIOC - b3c642eb-1491-47b1-85ce-8f9798bd3d08' -DiscoveryEndpoint 'https://mail.office365concepts.com/autodiscover/autodiscover.svc' -TargetAddressDomains 'office365concepts.com' -Enabled: $true
11. Testing on-premises Exchange server availability for mailbox migration
Then HCW runs Test-MigrationServerAvailability in Exchange online to test the on-premises Exchange server’s availability for the mailbox migration. HCW tests the Exchange server availability on the ExchangeRemoteMove (Exchange hybrid) parameter.
2022.04.28 17:37:36.218 10276 [Client=UX, Session=Tenant, Cmdlet=Test-MigrationServerAvailability, Thread=8] START Test-MigrationServerAvailability -ExchangeRemoteMove: $true -RemoteServer 'mail.office365concepts.com' -Credentials (Get-Credential -UserName OFFICE365CONCEP\Administrator)
12. Creating migration endpoint in Exchange online
Then HCW runs New-MigrationEndpoint command in Exchange online and creates a migration endpoint in Exchange online with name Hybrid Migration Endpoint – EWS (Default Web Site).
2022.04.28 17:37:41.587 10276 [Client=UX, Session=Tenant, Cmdlet=New-MigrationEndpoint, Thread=8] START New-MigrationEndpoint -Name 'Hybrid Migration Endpoint - EWS (Default Web Site)' -ExchangeRemoteMove: $true -RemoteServer 'mail.office365concepts.com' -Credentials (Get-Credential -UserName OFFICE365CONCEP\Administrator)
13. Finalizing the Exchange hybrid configuration
And once everything is configured in on-premises Exchange server and Exchange online, HCW finalizes the Exchange hybrid configuration and you see Congratulations page on HCW.
2022.04.28 17:37:54.590 10270 [Client=UX, Page=Configuring, fn=RunWorkflow, Workflow=Hybrid, Task=Final, Phase=ValidateConfiguration, Thread=8] START
2022.04.28 17:37:54.592 10271 [Client=UX, Page=Configuring, fn=RunWorkflow, Workflow=Hybrid, Task=Final, Phase=ValidateConfiguration, Thread=8] FINISH Time=1.3ms Results=PASSED - (Validation Passed)
2022.04.28 17:37:54.592 10273 [Client=UX, Page=Configuring, fn=RunWorkflow, Workflow=Hybrid, Task=Final, Thread=8] FINISH Time=1298.0ms Results=PASSED
So this is how Exchange Hybrid Configuration Wizard (HCW) deploys Exchange hybrid between on-premises Exchange server and Exchange online.
Conclusion
In this blog we learnt how to run Exchange Hybrid Configuration Wizard step by step, how to verify Exchange Hybrid configuration in Exchange server, we learnt how to analyze Hybrid Configuration Wizard logs, and we learnt Hybrid Configuration Wizard background process.
Found this article helpful and informative? You might like What is Exchange Hybrid. Please share this article within your community and do not forget to share your feedback in the comments below. Please join us on our YouTube channel for the latest videos on Cloud technology and join our Newsletter for the early access of the blogs and updates.
Happy Learning!!