The following Microsoft troubleshooting guide can be followed - https://support.microsoft.com/en-us/help/10092/troubleshooting-free-busy-issues-in-exchange-hybrid-environment but this may not resolve your issue.
The issue in this instance was that the client had a TMG in front of the CAS servers with FBA authentication enabled. We had previously had to split the autodiscover.domain.com from mail.domain.com to use a separate TMG rule with no authentication remembering to limit the source IP's to the office 365 addresses.
First of all Connect to Exchange Online using remote PowerShell.
Execute Get-OrganizationRelationship -Identity * | FL and check the TargetSharingEpr value. If this is blank (default if you have used the HCW) then you will need to populate this value with the host name of the unauthenticated URL in our case https://autodiscover.domain.com/EWS/Exchange.asmx/WSSecurity
Set-OrganizationRelationship "O365 to On-premises - xxxxxxxxx" -TargetSharingEpr https://autodiscover.domain.com/EWS/Exchange.asmx/WSSecurity
Once this has been completed, allow time for replication and try this again and hopefully this will resolve your error.
Reviewing the Outlook logs I can see the following
error:
“Proxy web request failed. , inner exception: The application is
missing a linked account for RBAC roles, or the linked account has no RBAC role
assignments, or the calling users account is logon disabled. LID: 59916”
This error suggests that the LinkedAccount for the
PartnerApplication configuration has incorrect permissions or is missing in the
on-premises configuration.
Reviewing the Get-PartnerApplication output that we
collected from On-Premises I see the following:
Enabled
: True
ApplicationIdentifier
: 0000000x-0000-xxxx-xxxx-000000000000
UseAuthServer
: True
AcceptSecurityIdentifierInformation : False
LinkedAccount
:
Name
: Exchange Online
Effectively, the LinkedAccount is missing from the
configuration.
This account should exist in the on-premises AD and we
can search for it using the following commands:
Set-ADServerSettings -ViewEntireForest $true
Get-User "Exchange Online-ApplicationAccount"
After finding the account in the AD through the above
commands, we should update the configuration in the Hybrid server:
Set-PartnerApplication "Exchange Online" –LinkedAccount
“<rootdomainFQDN>/users/Exchange Online-ApplicationAccount”
After this change, it will be necessary to do an iisreset
or even restart the Exchange 2013/2016 mailbox servers.
Once all these steps have been completed we can check
if the Free/Busy is working or if there’s any other error still preventing it
from working (by collecting new Outlook logs).
Please let me know in case any assistance is required
to apply these steps and I can send you a Teams meeting invitation to apply
them.
In case you do not find the
ExchangeOnline-ApplicationAccount we will need additional steps to recover it,
or eventually recreate it.
Other articles that may help are
- http://tiftomorrow.blogspot.co.uk/2017/07/ps-exchange-hybrid-free-busy-calendar.html
- Troubleshooting free/busy issues in Exchange hybrid environment https://support.microsoft.com/en-us/help/10092/troubleshooting-free-busy-issues-in-exchange-hybrid-environment
- https://support.microsoft.com/en-us/help/2752387/users-from-a-federated-organization-cannot-see-the-free-busy-informati -
- https://blogs.technet.microsoft.com/exovoice/2016/01/04/freebusy-troubleshooting/
- Testing Autodiscover - https://testconnectivity.microsoft.com
- https://support.microsoft.com/en-us/help/2838688/-free-busy-information-couldn-t-be-retrieved-because-the-attendee-s-m
Comments
Post a Comment