In this blog post I want to share some tips for identifying issues when running the Office 365 Hybrid Configuration Wizard (HCW), available here .
- Where to find the Hybrid Configuration Wizard logs
- How to identify network related issues
In my experience, network relates issues are the most common cause of HCW failures, and that is where this blog post will focus. Most corporate networks have firewall and / or proxy restrictions in place. There are very specific network requirements for connectivity to Office 365 as detailed here .
There is usually a separate network team responsible for implementing the firewall and proxy rules required. It can be time consuming and frustrating going back and forth between different teams when troubleshooting issues. This post will demonstrate how to get some visibility of the what’s going on when the HCW is running (in particular on the network side), so that when you engage with the other teams (network / security etc) you have some evidence to back up your suspicions.
Where to find the Hybrid Configuration Wizard logs
The HCW writes a very detailed log which is very useful for troubleshooting. Jetze Mellema explains here where you can find the log. For example, here is the location of my HCW log from a recent deployment
C:\Users\jackson_s_admin\AppData\Roaming\Microsoft\Exchange Hybrid Configuration
This log provides very detailed information and is a good place to start when troubleshooting. In some cases, it can be very clear where the problem is. In the example below, there is a problem accessing the office 365 URL’s via the internet proxy
In other cases, we can see errors in the log, (even though in this case the GUI did not show any errors), but its not exactly clear what the cause is.
|2018.04.24 13:34:43.206 *ERROR* 10277 [Client=UX, Activity=Domain Ownership, Session=OnPremises, Cmdlet=Set-FederatedOrganizationIdentifier, Thread=12] FINISH Time=1341.1ms Results=PowerShell failed to invoke ‘Set-FederatedOrganizationIdentifier’: An error occurred while attempting to provision Exchange to the Partner STS. Detailed Information “An error occurred accessing Windows Live. Detailed information: “Unable to connect to the remote server”.”.|
Looking at the details of this error for example, I have some clue to the cause – Error accessing Windows Live. My suspicion at this point is network / proxy. But how can I prove this before engaging with the network support team? …. By running a network trace and analysing the results (as described next)!
How to identify network related issues
There are lots of tools and different ways to identify network related issues. Detailed below is just one simple approach (but definitely not the only one)
On your Hybrid server, open PowerShell (or a command prompt) and run the following command to start a network trace
netsh trace start persistent=yes capture=yes tracefile=c:\temp\HCW_Trace.etl
Next, recreate the issue you are having with the Office 365 Hybrid Configuration Wizard (HCW). In this example, the HCW was failing to connect to outlook.office365.com
Next go back to PowerShell (or a command prompt) and run the following command to stop the network trace
|Netsh trace stop|
Now, there are tools such as Network Monitor that can be used to view the trace file (ETL) as described here . However, a popular network analyser that I like to use is Wireshark. But before we can analyse the network trace using Wireshark, we need to convert it from .ETL to .CAP as described here.
Converting trace file (ETL) it into a Wireshark compatible format
On your pc, download and install the Microsoft Message Analyzer from here . Open the NETTRACE.ETL (created previously) using Microsoft Message Analyzer.
Choose FILE > SAVE AS and then select Export to save the file as NETTRACE.CAP
Analyze using Wireshark
Download and install Wireshark from here . Open the NETTRACE.CAP file for analysis
At this point, we can apply one or more filters to help narrow the information down and search for any errors. This site has some good tips of applying filters . In this example, I am going to filter on the HTTP protocol, by typing http into the filter tab
In this example I can see that the internet proxy is indeed blocking access to outlook.office365.com, and now I have some evidence to go back to the network team with.
Good luck with your troubleshooting