Category: Office365

Working as a Happy Cloud Company

One of the first projects I took on when I started with my current employer a year ago was to “get our stuff to the Cloud”. Inova Solutions is a Microsoft Gold Partner “Licensing Solution Provider” and my CEO aimed to have 50% of our resources in the Microsoft Cloud within a year. It all went a bit faster than that so we’ve been working with Office365, Intune, CRM Online and Azure for over half a year now. We are used to it, we don’t even wonder about it anymore, it is business as usual. And, there is a bunch of features available we still have to discover and implement, which will take us some time. Business as usual. Happy CEO.

But every now and then we become aware again that it is extraordinary that our entire organization runs all of its business completely in the Cloud.

We have seen this huge decline in IT Costs, be it investments or maintenance. Things don’t break anymore. Our offices on Aruba, Curacao, Jamaica and Trinidad do not rely on site-to-site VPNs anymore. We are always on at a constant low cost. Happy CFO.

When we meet with customers, with partners and even with Microsoft, people are astonished that we actually work like that! All of it, all the time. We do not only Walk-the-Talk, we are actually “Being what is Next” for a lot of organizations. Customers like that and they want that. Most of the time it’s not the IT Manager that makes the decision, it’s higher Management that asks how long it will take us to build them that. It is becoming strategic instead of tactical, increasing productivity while decreasing costs. Doing events and showing off our own dog food makes the audience dribble (have to make sure we have tissues). Happy Customers, Happy Sales People.

And in the meantime we can work anywhere, from hotel rooms, lounges, airports, airplanes, home, and we can work anytime. I tend to wake up very early, like 4 AM, every now and then I meet my colleague who tends to be a night worker on Lync: “Morning Jasper”. “Go to bed Shawn”. We get our stuff done. Without any servers. If the Internet connection breaks we go to Starbucks and work on. If lightning strikes and we lose power for a couple of hours we do the same. We still get our stuff done. Coffee gets cold because we are getting stuff done all the time. Happy Mobile Workers.

Isn’t it amazing? We are a Happy Cloud Only Company, that is what we preach, that is what we practice. Mobile First – Cloud First: Happy CTO!

Are you next to be Happy?

Windows 8.1 Hyper-V Networking and Enhanced Session Mode

As a good Administrator should, I have two user accounts. One as an ordinary user and one Admin Account. We have all our Services running in the Microsoft Cloud and of course I do not want to fill out my credentials every time I open my browser or do stuff in Private Browser sessions. Although tearing it down, we still have some servers Onprem and to access those I need a VPN Connection to our Cisco ASA appliance (I live on Aruba and our office sits on Curacao). It took me some trial and error to get things going…… with my Virtual Admin Machine.

@Home I have a simple Wi-Fi set up and as we all know by now, running a Virtual Admin Machine just over a Wireless Network Adapter is no great success. The proper way to set that up is as follows:

In Hyper-V Manager, create a new Internal Switch:

Assign the Network Adapter of the VM to that Internal Switch:

Go to Network and Sharing center on the Host, click properties on the Wireless Adapter and hit the Sharing Tab and share it with the Internal Switch:

 

At this point the Cisco AnyConnect Secure Mobility Client (3.1) on the Host refuses to connect over the Wi-Fi connection because the adapter is being shared. Bummer. There is probably a workaround for that but I want my Admin stuff not on the Host but on the VM. So this is just a note.

I installed the Cisco AnyConnect Secure Mobility client in the VM and tried to connect. Bummer……. The client refuses to connect out of a RDP Session. I used my favorite Search Engine:

  • There is a client config file on the local machine -> not so
  • In the ASDM Console connected to the Cisco ASA Appliance there is Node called “Client Profile Settings -> not so
  • Both the ASDM Console and the ASA OS are outdated, downloading the latest version -> (Cisco) accountname + pw -> not documented…..

So, I tried starting at the other end, the VM. How come “RDP”? Am I not connected to the Console in the “Virtual Machine Connection”? My favorite Search Engine again: A “cool” feature of Windows 8.1 Hyper-V is “Enhanced Session Mode”. By default this is set to “Enabled”. It allows for RDP-like experience in the Virtual Machine, redirection of drives etc. There are three places where you should look:

And in the Virtual Machine Connection Window:

Unchecking the “Enhanced Session” in the Virtual Machine Connection did the trick. The Cisco AnyConnect Secure Mobility Client now connects through my Shared Wi-Fi Connection!

All in a days work………

 

 

 

 

 

 

Office 365 Exams – Again

Some two years ago I took the then brand new Microsoft Exams on Office 365. Passing both Exam 70- 321 Deploying Office 365 and Exam 70-323 Administering Office 365 made me MCITP Office 365. Back then I wrote about those exams, how hard I thought they were (I still now only a few people who passed them both), although I held MCTS Exchange and MCITP SharePoint and already did a great deal of work on Office 365.

Now Microsoft has made available two new exams, 70-346 Managing Office 365 Identities and Requirements and 70-347 Enabling Office 365 Services, passed them both and my call myself MCSA Office 365. It’s rather interesting to see how these exams then and now compare. The main feature added in the 2 years between them is of course Office ProPlus and the ways it can be deployed. All other features are more of the same, expanded features but not real new features. The experience was a bit like the Windows Server and Active Directory exams, you come from NT3.51 or NT4.0 and do Windows 2000 Server, Windows Server 2003, Windows Server 2008 and now Windows Server 2012. Some new features and more of the same for the existing features. The exams evolve with Scenario’s, drag and drop items and complete PowerShell scripts questions but still they test you on what Microsoft thinks is important to know.

Back to MCSA Office 365, breaking the content up in a part called “Identities ad Requirements” and a part called “Enabling Services” seems pretty logical, the first is more about the current onprem environment and the latter more about the Office 365 platform. Also a very logical order for organizations who want to leverage Office 365 without the assistance of external parties. The Exam requirements at http://www.microsoft.com/learning/en-us/exam-70-346.aspx and http://www.microsoft.com/learning/en-us/exam-70-347.aspx correspond very well with the content of the exams, no surprises there.

I do believe that these two exams are less difficult than the MCITP ones but on the other hand, they deserve more being part of a MCSE Track instead of a MCSA Track. They really come on top of MCSA Server 2012 or even on top of MCSE Exchange/SharePoint. Like two years ago and probably also like two years from now, Office 365 is a very broad set of Microsoft Technologies on which you have to be very comfortable if you want to pass these exams. So, yes, the MCSA Office 365 exams are tough cookies meaning that this certification will certainly have value.

Wish you all Happy Learning!

Office 365 Hybrid with Exchange 2007 & Exchange 2013: Trouble!

Currently I’m working on an Office365 Migration. Although the end goal is to have all resources Online, I always prefer to do the Hybrid Deployment. The best and only reason for that is that this has the least impact on end users. And that is what it’s all about: keep the customer satisfied.

First I cleaned up the 5 year old mail environment. Old mailboxes from long gone users, weird aliases, shared mailboxes and distribution lists. Exchange 2007 ran SP1 CU8 and that was not enough to introduce Exchange 2013 in the Exchange Organization. Moved it up to Exchange 2007 SP3 CU11. Cool.

Secondly I installed AD FS and DirSync, which are both required for Hybrid Exchange deployments. As I plan to have the whole migration done over the weekend, I did not do a fully redundant AD FS installation; just one server. Oh, I updated the SAN Certificate with “sts” and “legacy”, so I’m done with only the one certificate that was already on the Exchange 2007 box. Added my mail namespace to Office365 and ran ALL the tests with the Remote Connectivity Analyzer https://testconnectivity.microsoft.com/ (never leave home without it).

Thirdly I did all the prerequisites for installing Exchange 2013 CU3, also, cool. Things were looking real good, services kept running and no user impact whatsoever. OWA, ActiveSync, Outlook, OAB, everything smiles here on Aruba (the servers are actually located on Curacao). And I ran ALL the tests with the Remote Connectivity Analyzer. I decided to do the mailbox moves prior to the switch of the MX Record and the autodiscover record.

Finally home, I launched the Hybrid Configuration Wizard in the Exchange Admin Center. All looks well, next, next, finish, no errors. Cool stuff, that Wizard. I’m from the old school, when Office 365 just launched, some years ago, I did the whole configuration of Federated Exchange manually. I am sure glad I did that a couple of times and as a Trainer I have seen participant make all the possible mistakes. So I know about mailflow, certificates, TLS, smarthosts, accepted and authoritative domains. Because it is getting ugly, real ugly now.

I created a test account Onprem and moved it to Online, which went okay. But no mailflow….. no mailflow from Onprem to Online ……. no mailflow from Online to Onprem….. no mailflow from External through Onprem to Online…… yeah, mailflow from Online to External. That is a 25% score; NOT GOOD. Big Trouble, a NO-GO for migrating users at this stage.

Troubleshooting. Message Tracking, Delivery Reports. After some hours of configuring and reconfiguring, rerunning the Hybrid Exchange Wizard, NDR’s showed up that servers would keep trying to send the messages: “451 5.7.3 STARTTLS is required to send mail”. That one I brought to my favorite Search Engine (But It’s Not Google) and a big list of articles appeared. Let’s have a read. The outcome is that I disabled the created Send Connector on my Onprem Exchange 2007 Server (apparently that server did not even recognize the connector cause on editing the config it sputtered “cannot find object on DC01). And I created a new one and set it to use TLS for my online namespace. Ah, some mailflow! From Onprem to Online is working! So the Online Inbound Connector is okay! So, we’re up to a 75% score! Getting better. The Online Outbound Connector is faulty (at least with an Exchange 2007 Onprem Server). I disabled it, created a new one going to “Partner” instead of “Onprem”, Opportunistic TLS and the namespace of my Internet Domain. And we’re up to 100% Mailflow!!!!

Maybe I should have set all the incoming and outgoing mailflows to the Hybrid Exchange 2013 server to avoid all this, but I didn’t. Therefore my conclusion is that the Hybrid Configuration Wizard does NOT work with an Onprem Exchange 2007 Server because Exchange 2007 Server does not know what the difference is between “Partner” and “Onprem” and it also does not recognize the Send Connector created by the Wizard.

So now I can sit on my porch on One Happy Island Aruba and be satisfied with the results. Next weekend I migrate mailboxes, now I start studying for my SharePoint 2013 Exam.

 

Inova Solutions NV: Moving EVERYTHING to the Cloud

A lot has happened since my last post. My wife and I moved to Aruba in The Caribbean and I found a great job as Solutions Architect for Inova Solutions NV. Inova Solutions NV is a Microsoft Gold Partner in Licensing, formerly known as LAR (Large Account Reseller), nowadays it’s called LSP (Licensing Solutions Provider). One of my roles is that of IT Manager for our own IT and that is what this blog is about.

As a true Caribbean Company we are scattered across a couple of islands: Aruba, Curacao, Trinidad & Tobago and Jamaica and we have customers on those and a lot of other islands. The Network Infrastructure consists off some site-to-site VPNs and Client VPNs so we can reach our resources located on Curacao where ever we are.

The CEO had a goal for me to achieve by putting 50% of those resources in the Cloud by June 30th 2014. Soon I discovered that we actually only use applications that are available in the Microsoft Cloud already: Exchange, SharePoint, Lync and CRM. My goal now is to have all that migrated to the Online Services by the end of the year.

Plus some extra wins: we don’t really need Active Directory, authentication also goes to the Cloud. That means our PC’s and laptops can no longer be managed by AD and GPO’s. For that we will leverage Windows Intune. And finally we have this RDS Server that hosts 2 applications, neither of which relies on AD, we will just rebuild that RDS Server as VM on Windows Azure.

My Christmas wish list (here on Aruba you can already buy your Christmas stuff):

  • Office365
  • CRM Online
  • Windows Intune
  • Windows Azure AD
  • Windows Azure Network
  • Windows Azure VM

Sounds like we have a plan! By the 1st of January 2014 we can start decommissioning our whole Onprem Infrastructure, all the site-to-site VPNs and oh boy, all that Client VPN stuff (I do not understand that companies still deploy that, don’t we have DirectAccess at our disposal?).

The bet is on, I have 2 months from now to make it so.

Hopi Bon!

TechEd Europe 2013 Day 3 and Day 4: Windows 8.1 & Office365 with PowerShell

Due to a tight schedule I have not been able to post a Blog last night… I’ll do it now. Although the Windows 8.1 Preview is already out there I still think I should mention a few things. And of course I had to see my co-chairman of the Dutch Office365 User Group do his session on managing Office365 with Powershell. The rest of my time at TechEd I was proctoring the Hands On Labs and I was assisting in the Instructor Led Labs, making a difference for the delegates of the Event.

So, now we have Windows 8.1 with the return of something like a Start button (imho it could be left out anyway, remember how laughed at the Start button back in ’95?). But if it makes you happy, I’m happy. The real good news is that the switching between “Metro” (oeps, Modern UI) and the classic desktop is much less. For desktop users, they can choose to stay in the classic desktop and yes, boot to the classic desktop, while touch/tablet users can stay in the Modern UI. That’s neat!

In my previous Blog I already mentioned “Workspaces”, a safe online/offline way of connecting to corporate fileshares over https for mobile devices. You need to implement this on a Server 2012 R2. Windows 8.1 defaults to Skydrive for saving files but gives the user the opportunity to keep a locally cached copy of those files.

 

Danny Burlage did a nice job in delivering his session Powershell. I know as a MCT and speaker that Powershell is not “sexy” and it’s hard to deliver an interesting hour! It took him only 1 hour to provision a newly created Office365 Tenant with User, Contact, DistributionGroups, Rooms, Archives and so on with just a few amazingly simple PowerShell scripts.

CU at the next Teched?

 

Redefine Backup for Online Services

I see a lot of questions in all sort of forums on backups. And I think it might be worth an effort to redefine what we mean and want to accomplish wit backups.

In the old days my definition of backup was that it’s only the preparation for a restore. Some file or system gets lost or corrupted, you look in your backups for a moment in time that the file or system was still working and you restore the file or system back to that point in time. That approach might lead to data loss of recent modifications to the file or system. When was the backup created and what happened to the file or system since that moment in time. We call that Recovery Point Objective (RPO), the data loss window. Next to RPO we haven RTO, Recovery Time Objective; how much time does it take to have systems or files available for use after a disruption. And last but not least, how far back in time do we want to go for recovery of files or systems

A lot of people tend to confuse a backup with an Archive. The purpose of an archive however is not to restore things to a certain point back in time, it’s about the ability to look up things from the past. So let’s have those two clearly distinct from each other: backup is no archive!

Looking at Online Services, like Exchange Online, are backups available in that environment? Well, they are not available to users. Microsoft only uses backup technologies for continuity of service and data integrity. That means there is no way of getting back a deleted mail item once all retention periods have been expired. Not one way. The same goes for SharePoint Online. Exchange also has a feature called Litigation Hold, from a mailbox placed under that policy, items can never be deleted. Not accidentally and not on purpose. Running Exchange on premises with DAGs is also about continuity, when setup across multiple datacenters, there’s also no need for backups.

Is that bad? I don’t think so. If Microsoft guarantees continuity of service and data integrity then it’s up to users to deal with that data. The retention policies allow for enough time to recover accidentally deleted items and for the rest I don’t see any reason at all for having backups, considering that a backup is NOT an archive.

I am not suggesting we stop making backups but we can be more aware of the why, when, where and how. Could save a bit money J.

Surface experiences, absolutely fabulous!

My Surface was late, USPS Express Mail took 8 days from Seattle to Amsterdam….. But that’s all forgotten now, I’ve been playing (and working) with it for 3 days now. And I’m HOOKED!

Although I have had Windows 8 running on my Laptop for a couple of months now, Surface is surprisingly “new” because of the touch experience. I only attach the Touch Cover when I really need to type, like right now. I can manage Tweets and mail very well with the on screen keyboard. When you are already used to Windows 8, the first thing you notice is that Surface is Windows! Mostly because of Office and with that SharePoint.

I try to do everything on Surface, my full blown Laptop (2x SSD, 16 GB) just sits there as RDP endpoint. This week I will do a MCSA Server 2012 Training, the VMs run on the laptop and I will presenting on my Surface…. Cool! There is just one drawback on that; the VGA-adapter sits way to loose for walking around and gesturing, I will have to use some duck tape to keep the adapter in place. So far I do not miss a thing on Surface, and, it’s NOT a PC. For a lot of work I will use the laptop but mostly I will leave it at work or at home. No more carrying around my “portable datacenter” when I visit customers or do events. Light travelling J.

There is one thing really bugging me and that is the Lync App; it works at home, it does not work in the office. Both on the Office365 Community site and the Lync site, I found people struggling with this issue as well. So far none of the suggestions worked for me, it seems to be in the App, as the Office Lync client works perfectly and according to the Forums it happens with both Office365 and Lync Server onprem. Just have to wait for a fix I guess.

So, what else can I say. Not much although I realize I hold the Future in my hands. As I said many times before, who needs an OS, who needs a Desktop. We just want an interface in which our apps are accessible. Surface is just that.

Keep you posted!

Opinions on Windows 8 RT, where are we going?

Just five more days and Windows 8 reaches General Availability. And Windows 8 RT devices are for sale next weekend. There’s a lot of opinions going round now, a lot of them angry-like or even negative. I also have an opinion, I happily run Windows 8 and I was in time to pre-order Microsoft’s Surface RT, so my opinion is clear J.

I want to be in front, ahead of things, I’m already done with Server 2012, looking for what’s next. So I’ll be one of the first in The Netherlands to own a Surface RT, without a Start Button and without a Desktop. And I think that’s where we are going, who needs an OS, who needs a Desktop with a Start Button. It’s all about the apps.

And that is exactly what Microsoft is aiming at: deliver consistent apps-experience (apperience) on whatever device, there’s even tiles on Server 2012! Very nice that we can run our VMs on Azure but running VMs is so out of date. Microsoft is the first – and as largest OS producer they should – to recognize the end of the OS era. It will take some time, sure. But look at how fast we abandoned wired phones, both at work and at home. It must be a year ago since I last held a wired telephone device in my hands (or actually DIALED a number). On our mobile phones we talk just a little on the brand and flavor, we talk more about the apps. And if the app will run on a particular device.

That is the next step when there is no more need to run apps on the devices, here is HTML5, so the apps runs in a browser and browsers are found on all devices. Delivering apps is becoming a nightmare because of all those platforms, I think it’s really stupid to want to run a Windows Desktop running in a Datacenter on an iPad through a Citrix Receiver. Only because there are some “legacy” apps on that Desktop that cannot be run on the iPad? In my opinion it’s a transition phase, the Desktop is dying and with that so is VDI, SBC, XP, Windows 7 and even Windows 8.

In a couple of years we will all have pretty simple devices running nothing but a browser and some supporting OS for connectivity and Interface purposes; not for running apps though. Microsoft’s Surface RT is a pretty dumb device, kind of portal for apps. I will use Office2013 WebApps on Office365, save my files on SkyDrive and SkyDrive Pro, tether through my Windows Phone when there’s no Wifi available (hardly imaginable in The Netherlands), and yes, connect to my full blown Windows 8 Enterprise machine if I must (hey, this is a transition phase for me also). Some people are waiting for the Windows 8 Pro tablets, the Intel based machines which can run legacy Windows application. Those people clearly missed something in the conversation. Huh? You wait to by the newest of the newest of the hottest because you want to be able to run LEGACY apps? Yeah, smart. Will cost you something also.

So, I can hardly wait to start working with my Surface RT!

 

Exchange 2013 Hybrid Deployment on Office365 leveraging Azure

With all the new releases of Servers, Services and Devices, I thought it was time to build a Hybrid Deployment using Exchange 2013 Preview and Office 365 Preview.

I set out to do everything on Server 2012 but unfortunately that didn’t work out. So I had to cheat a little (making it more interesting though); my onprem environment consists of Server 2012 machines only. The Win2k8R2 machine I needed runs on Azure. The AD FS Service required for Single Sign On with Office 365 does not (yet) run on Server 2012. As the High Available AD FS Service is a constraint for a lot of customers to go for SSO, this might be good option anyway. Have your AD FS Servers in the Cloud, you could even force geo-redundancy and stuff like that.

So, I first need to acknowledge Office 365 MVP Jethro Seghers (http://jethroseghers.blogspot.nl/ and @jsegehrs) from Belgium who already set up this config but has had no time yet to describe it.

Secondly I used a great blogpost from Paul Cunningham on installing Exchange 2013 on Server 2012 (http://exchangeserverpro.com/install-exchange-2013-pre-requisites-windows-server-2012 .

And Trevor Smith for getting DirSync to run on Server 2012 http://community.office365.com/en-us/forums/613/p/63806/243279.aspx

I also acknowledge myself J for my earlier posts on setting up a Hybrid Deployment (been there, done that, got the certifcations….. no t-shirts though).

Okay, that being said, let’s get going.

Here is my Bill of Materials:

And you need a couple of rainy Sunday afternoons to set it all up. It’s not that hard but we all met Mr.Murphy, he’ll check in every now and then.

Onprem Configuration

I have a lack of resources so I only used 3 VMs in my “Private Cloud”: a Domain Controller, an Exchange Server and a Windows 8 client. It’s certainly no best-practice to put the Directory Synchronization tool on the Exchange server but it works.

It’s all straight forward configuration work, the certificate tool in Exchange 2013 works great. Just make the request, go to your certificate provider to submit the request and import the certificate. This is what it looks like:

 

 

 

I added the “sts” so I can use this certificate on the AD FS Server as well.

Create some users, dynamic distribution groups and mailboxes and start mailing, scheduling and stuff like that. There should be something in there before we start moving things to Office 365.

Then you do ALL of the tests in the Exchange Remote Connectivity Analyser (https://www.testexchangeconnectivity.com/ ):

 

 

 

 

 

 

….. and fix any issue before proceeding (keeps Mr.Murphy away).

 

Azure Configuration

The new Azure Portal is a real pleasure to work with, everything is in the place where you expect it to be. First we have to do some networking so that the VMs running on Azure can connect to the Onprem environment, using also your Onprem DNS Server. On Azure you have to create a so called Gateway Network and private subnet, name them as an Affinity group. Tick the Checkbox that you want to use this Gateway Network to connect to you Onprem environment.

Azure gives you the Gateway IP Address and there’s a button that will show the Pre-Shared Key to use when setting up your IPSec LAN-to-LAN VPN Tunnel. On my Draytek Router (running from my HAN, Home Area Network) that was a quick one. Although the default time-out was too low (300 sec), I adjusted it to 1500 secs. The result (in the pic even my two VMs are already spinning):

 

 

 

 

 

 

 

I set up 2 VMs on Azure, just pick them form the Gallery, I took a Server 2012 for a Read-Only-Domain-Controller (it only serves authentication purposes out there) and a Win2k8R2SP1 for the AD FS Server. When the Networks are properly configured the machines obtain the appropriate IP Addresses. A RDP Endpoint is automatically created so you can manage the machines through RDP. I created an additional Endpoint for the AD FS Service.

I did the dcpromo wizard to create the RODC (the Azure Neworking gave it the right IP settings, including my Onprem DNS Server) and I also joined the AD FS Server to the domain.

 

 

 

 

Office 365 Preview Configuration

The steps to take in the Admin Portal are the same as they are in the current version, it is still very important (keeps you out of trouble) to do thing in the right order.

So, assuming that all is set to go, working and tested, this is the order:

  • Set up Single Sign On by installing AD FS 2.0 and configure it with the proper commandlets in de MSOLPowershell Module.
  • The previous step asks that you must add a TXT Record in DNS for validation, after doing that you re-issue the last commandlet
  • Verify the addition of your domainname in the Portal
  • Enable Directory Synchronization, it’s just a button in the Portal. It says it might take 24 hours, my experience is it takes about 30 minutes.
  • When you see that DirSync is enabled you can run the configwizard prompting for both Online Admin credentials and Onprem (Schema) Admin credentials
  • Verify Directory Synchronization in the Portal, your Onprem AD Users should be listed there
  • Verify SSO by logging in to the Portal with a Synchronized user

All this is necessary because a Hybrid Exchange Deployment uses only Federated Users, thus AD FS and DirSync.

 

Exchange 2013 and Exchange Online Hybrid Deployment

Finally, we’re getting there. Getting the 2 Exchange Organizations talk to each other, allowing for Calendar Sharing, mailbox moves, complete GALs , etc, etc. I was not that enthusiastic about the wizard in Exchange 2010 SP2. It takes away the deeper level insights of what is actually happening. In my Trainings I still do it the manual way and if time permits I let my students do the SP2-Wizard.

So I’m quit curious about the Exchange 2013 “Exchange Administration Center” and the Wizard in there…..

As soon as you hit “Hybrid” in the al new Exchange Admin Center, a button appears with “Enable”, then it asks you to logon to Exchange Online so you end up in the Exchange Admin Center …… online! As soon as you hit Hybrid in there, a button appears with “Enable”. Looks like that way you have enabled Hybrid Deployment on both sides.

 

 

 

 

 

That looks very promising! YES! The next one looks familiar from the “old” Hybrid Deployment, proof of ownership for your domain:

 

 

 

 

 

 

 

I go to GoDaddy to do just that. Oeps, slight error in the “Copy to clipboard”, it also takes the domain name field… do NOT put that into your DNS Tool!! GoDaddy is fast, I could continue right away.

 

 

 

 

 

 

Centralized Mail Transport allows for mail flow from Exchange Online to the Internet to be routed through your Onprem mail servers (Compliance, Journaling or whatsoever). The Edge Role does not exist anymore (as TMG will soon) so I choose Hub Transport.

 

 

 

 

 

Easy choice, I only have one server deployed…. It should be an Internet facing CAS Server though, Hybrid Deployment is leveraged by Exchange Web Services found through Autodiscover. I skip the next screenshot, it’s the same but now it’s about the Sending Server.

 

 

 

 

I have set up my Exchange Certificate real good! Exchange Online recognizes it right away. And asks me for the SMTP Address of my Onprem server:

 

 

 

 

 

 

No surprise here (I’ll keep that for myself J):

 

 

 

 

This looks almost too easy to be true:

 

 

 

 

 

 

 

Checking Onprem, checking Tenant, checking prerequisites ….. a

All the manual steps from the good old times come by….. and yes indeed, this used to be the case all the time….

 

 

It used to be a matter of time-outs, so I’ll just cancel it (changes made are already there) and do some manual stuff, but not after running the wizard for a third time (Mr.Murphy please leave).

 

 

Let’s see what there is to modify….. hmmm, not much, exactly the same Wizard with the same results L.

 

 

Hey, I’m on Wave 15! This appears when I look at the Node “Organization”.

Here’s the FIX!

 

 

 

 

I added my namespace not from the Online Interface but from the Onprem Interface! That seems to be working perfectly! Just passed all the nodes and settings and it looks okay…. Time to move a Mailbox to Online, I guess.

The usual credential stuff (I’m triggering the Move from Online):

 

 

 

 

The Wizard does it wrong again…. As in Exchange 2010 SP2, the automatically configured endpoint is my local FQDN, which is of course not resolvable from Online. I manually enter the webmail.domain.domain endpoint and of we go.

 

 

 

 

YES! There he is! Note the very, very, very small arrow pointing to “Office365”, took me some minutes J, by that time the move had already completed (just 2 items).

Last checks for now:

  • mailflow Onprem-Online and vice versa                                   check
  • mailflow Online-Internet and vice versa                                    check
  • Calender sharing                                                                       check
  • That all will double check the AD FS Deployment as well J    check

Great!

Been there, done that, now I want the T-Shirt!

Thanks for reading and don’t hesitate to comment or to contact me!