The following Microsoft troubleshooting guide can be followed - https://support.microsoft.com/en-us/help/10092/troubleshooting-free-busy-issues-in-exchange-hybrid-environment but this may not resolve your issue.
The issue in this instance was that the client had a TMG in front of the CAS servers with FBA authentication enabled. We had previously had to split the autodiscover.domain.com from mail.domain.com to use a separate TMG rule with no authentication remembering to limit the source IP's to the office 365 addresses.
First of all Connect to Exchange Online using remote PowerShell.
Execute Get-OrganizationRelationship -Identity * | FL and check the TargetSharingEpr value. If this is blank (default if you have used the HCW) then you will need to populate this value with the host name of the unauthenticated URL in our case https://autodiscover.domain.com/EWS/Exchange.asmx/WSSecurity
Set-OrganizationRelationship "O365 to On-premises - xxxxxxxxx" -TargetSharingEpr https://autodiscover.domain.com/EWS/Exchange.asmx/WSSecurity
Once this has been completed, allow time for replication and try this again and hopefully this will resolve your error.
Reviewing the Outlook logs I can see the following error:
“Proxy web request failed. , inner exception: The application is missing a linked account for RBAC roles, or the linked account has no RBAC role assignments, or the calling users account is logon disabled. LID: 59916”
This error suggests that the LinkedAccount for the PartnerApplication configuration has incorrect permissions or is missing in the on-premises configuration.
Reviewing the Get-PartnerApplication output that we collected from On-Premises I see the following:
Enabled : True
ApplicationIdentifier : 0000000x-0000-xxxx-xxxx-000000000000
UseAuthServer : True
AcceptSecurityIdentifierInformation : False
Name : Exchange Online
Effectively, the LinkedAccount is missing from the configuration.
This account should exist in the on-premises AD and we can search for it using the following commands:
Set-ADServerSettings -ViewEntireForest $true
Get-User "Exchange Online-ApplicationAccount"
After finding the account in the AD through the above commands, we should update the configuration in the Hybrid server:
Set-PartnerApplication "Exchange Online" –LinkedAccount “<rootdomainFQDN>/users/Exchange Online-ApplicationAccount”
After this change, it will be necessary to do an iisreset or even restart the Exchange 2013/2016 mailbox servers.
Once all these steps have been completed we can check if the Free/Busy is working or if there’s any other error still preventing it from working (by collecting new Outlook logs).
Please let me know in case any assistance is required to apply these steps and I can send you a Teams meeting invitation to apply them.
In case you do not find the ExchangeOnline-ApplicationAccount we will need additional steps to recover it, or eventually recreate it.
Other articles that may help are
- Troubleshooting free/busy issues in Exchange hybrid environment https://support.microsoft.com/en-us/help/10092/troubleshooting-free-busy-issues-in-exchange-hybrid-environment
- https://support.microsoft.com/en-us/help/2752387/users-from-a-federated-organization-cannot-see-the-free-busy-informati -
- Testing Autodiscover - https://testconnectivity.microsoft.com