Hi,
We have a hybrid configuration in place: Exchange 2016 CU18, no other Exchange Server versions present.
I created this post because I cannot access the migrated one (http 404): migrated-from-msdn-exchange-devoutlook-mobile-auto.html (Thanks to @KyleXu-MSFT for pointing me to the right forum and migrating my post, anyway).
After running the HCW in version 17.0.5494, we had issues with free/busy from on premise to Exchange Online. To narrow down the issue I removed the AuthServers (ACS, EvoSTS) from our configuration and created them manually as stated in the manual configuration of Hybrid Modern Authentication. Since this did the trick for free/busy I wanted to run the HCW to be supported again. Unfortunately, the HCW couldn't configure/create/edit the AuthServers I had created (well known HCW8064 error, in this case the EvoSTS couldn't be created because it already existed. Creating ACS was successful because ist was removed by the HCW prior to creation). Anyway, after removing the AuthServers and let them created by the HCW from scratch, the HCW finished without any errors. After that free/busy wasn't functional again and in addition we had issues with AutoDetect in Outlook mobile (automatic configuation based on email address). The AutoDetect issues went more and more worse until no configuration was possible at all, verified with Test-HMAEAS.ps1. It seems it takes some time until the configuration is recognized by the AutoDetect servers. Because of that issues we checked the AuthServer configuration. OAuth is working but there was no DefaultAuthorizationEndpoint configured by the HCW. We configured the EvoSTS AuthServer to be the default one. Even though it took some time until the Outlook App configuration worked again it's ok now. Now there was still the problem with the free/busy if the AuthServers are configured/created by the HCW. I digged in the HCW logs and found the new (undocumented as time of writing) parameter named DomainName. This parameter was used ith a value of our AutoDiscover domain and therefore the AuthServer wasn't responsible for our mail domains. After setting the AuthServer with -DomainName $null free/busy worked again (tested with test-oauthconnectivity).
The HCW in version 17.0.5494 has in my opinion two bugs:
- When no AuthServers are configured, then the HCW creates them but does not enable the EvoSTS one as Default Authorization Endpoint. -> Outlook Mobile AutoDetect will not work! (Test-HMAEAS.ps1 or Remote Connectitivity Analyzer)
- The ACS AuthServer is configured by the HCW with a parameter named -DomainName. This resulted in an issue where Free/Busy only worked for the domain set in the DomainName parameter. In our case that was only our Autodiscover domain for all our other email domains. Anyway, "Set-AuthServer -Identity <ACS server entry> -DomainName $null" did the trick. Maybe the parameter must contain all accepted domains configured in the HCW?
Maybe one of the HCW guys may have a look.
Thanks, Daniel.