Configuring Exchange 2010 Hybrid


This document assumes that you already have a tenant on Microsoft online services, synchronized to your on-premises Active Directory forest and Exchange autodiscover / Outlook Anywhere up and running.

In addition, you need to check the following concepts available:



Compatible Exchange organization

On-premises Exchange organization must be Exchange 2003 or higher and there must be at least one Exchange 2010 or superior installed.

All Exchange servers must be running the latest version. Including service pack, rollup update, cumulative update, etc.

Available here


Verify Exchange 2010 prerequisites

Custom domains

Every domain you intend to use with Exchange Online must be registered using the Office 365 Administrative portal, or by optionally configuring Active Directory Federation Services (AD FS) in your on-premises organization.


Learn more at: Add your domain to Office 365


Active Directory synchronization

Active Directory synchronization working correctly and regularly is pre-requisite for Exchange Hybrid. You must ensure no synchronization errors affect Exchange objects and the Hybrid checkbox is selected on your synchronization engine.


Client Access and Hub Transport servers

You need at least one Exchange 2010 SP3 Client Access and Hub Transport servers in your on-premises organization. If you're configuring a hybrid deployment for an Exchange 2003 on-premises organization, you must also install the Mailbox Server role on at least one Exchange 2010 SP3 server added for the hybrid deployment. Consider using additional server for high availability.



Verify Internal and external URLs

For more information, click here.

  1. Find the expected external URL, example:
  2. Check the current configuration by running these commands in your Exchange Management Shell:  
Get-ActiveSyncVirtualDirectory | FL InternalURL, ExternalURL

Get-EcpVirtualDirectory | FL InternalURL, ExternalURL

Get-OabVirtualDirectory | FL InternalURL, ExternalURL

Get-OwaVirtualDirectory | FL InternalURL, ExternalURL

Get-WebServicesVirtualDirectory | FL InternalURL, ExternalURL

Get-ClientAccessServer | FL AutoDiscoverServiceInternalUri

Get-OutlookAnywhere | FL Server, ExternalHostname

  1. If no External URLs exists or if they are incorrect, you need to fix it.  
Note: In this scenario we are using split DNS, so the external and internal URLs will be the same.
  1. You can change the internal and external URLs (Split Domain) by running these commands in your Exchange Management Shell (Check sample on the right):  







Note: In this scenario we are using split DNS, so the external and internal URLs will be the same.

You can run the steps 2 and 3 again to verify the changes.

Here a sample of the seven commands to change all internal and external URLs



Set-ActiveSyncVirtualDirectory "SRV306\Microsoft-Server-ActiveSync (Default Web Site)" -InternalUrl -ExternalUrl


Set-EcpVirtualDirectory "SRV306\ecp (Default Web Site)" -InternalUrl -ExternalUrl


Set-OabVirtualDirectory "SRV306\OAB (Default Web Site)" -InternalUrl -ExternalUrl


Set-OwaVirtualDirectory "SRV306\owa (Default Web Site)" -InternalUrl -ExternalUrl


Set-WebServicesVirtualDirectory "SRV306\EWS (Default Web Site)" -InternalUrl -ExternalUrl


Set-ClientAccessServer SRV306 -AutoDiscoverServiceInternalUri


Set-OutlookAnywhere -Identity "SRV306\Rpc (Default Web Site)" -ExternalHostname


Important: Restart your server after these changes


For more information, click here and here. The certificate requirements are listed here.

  1. After importing a valid certificate into your Exchange Server, open Exchange Management Console and click on Server Configuration
  2. Select the server you want to configure
  3. Select the certificate you want to use
  4. Click Assign Services to Certificate and a wizard will open
  5. Click Next
  6. Select SMTP and IIS, click Next
  7. Click Assign
  8. If you receive a message asking if you want to require SSL on root web site, click No
  9. If you receive a message asking if you want to overwrite the default SMTP certificate, click No
  10. Click Finish to close the wizard.



Autodiscover DNS records

For more information, click here.

  1. On your DNS Server, create the following record: Internal DNS
  • Host: autodiscover
  • IP address:      
Note: In this example, we are using split domain, so, this record needs to be created on your internal and external DNS Server.

Important: To validate the functionality, access this site Remote connectivity analyzer and test Outlook Autodiscover option. The test should complete successfully for the hybrid configuration to work.

Configure hybrid deployments with Exchange 2010

  1. Log on with a user account that has Organization Admin privileges on Exchange
  2. Open the Internet Explorer and access the url



  1. Wait for it to launch the application

  1. Click Install

  1. Click Run

  1. When the wizard starts, click next.

  1. After the wizard detects the best Exchange server, click next.

  1. Enter your Office 365 administrative credentials and click next.

  1. Click next after the wizard concludes the necessary validations.

  1. Click enable in order to allow calendar sharing tween users.

Note: the TXT record provided here will need to be added to your external DNS for each domain for ownership verification. If the DNS record is not created properly, the wizard will fail.


  1. Create a TXT record on your external DNS for each of the domains listed on the wizard with the exact text presented. Make sure you give it enough time to replicate across all of your DNS servers before moving to the next step.
  2. Check the box next to "I have created a TXT record for each token in DNS"
  3. Click verify domain ownership

  1. Click next.

  1. Select the Hub Transport servers that will handle the mail flow between Exchange Online e Exchange On-premises and click next.

  1. Enter the public IP addresses of the transport servers and click next. Use comma to separate the items if you have more than one public IP address.

    Important: These are the external/public IP address.

  1. Select the certificate that will be used to encrypt and authenticate the mail flow and click next.

  1. Enter the fully qualified domain name of the transport servers that will handle the mail flow from Exchange Online to Exchange on-premises end click next.

  1. Click update to start configuring the hybrid coexistence.

  1. If the configuration finishes correctly, click close

    Note: If the configuration fails, wait for five minutes and retry. This wizard performs a series of configurations both on-premises and online. Sometimes it takes some time for a specific configuration to become effective, casing the failure.

    After three consecutive failed attempts, consider asking for support.