Troubleshooting the Office 365 Hybrid Configuration Wizard

In this blog post I want to share some tips for identifying issues when running the Office 365 Hybrid Configuration Wizard (HCW), available here .

Specifically,

  1. Where to find the Hybrid Configuration Wizard logs
  2. How to identify network related issues

In my experience, network relates issues are the most common cause of HCW failures, and that is where this blog post will focus.   Most corporate networks have firewall and / or proxy restrictions in place.  There are very specific network requirements for connectivity to Office 365 as detailed here .

There is usually a separate network team responsible for implementing the firewall and proxy rules required.   It can be time consuming and frustrating going back and forth between different teams when troubleshooting issues.  This post will demonstrate how to get some visibility of the what’s going on when the HCW is running (in particular on the network side), so that when you engage with the other teams (network / security etc) you have some evidence to back up your suspicions.

Where to find the Hybrid Configuration Wizard logs

The HCW writes a very detailed log which is very useful for troubleshooting.  Jetze Mellema explains here where you can find the log.   For example, here is the location of my HCW log from a recent deployment

C:\Users\jackson_s_admin\AppData\Roaming\Microsoft\Exchange Hybrid Configuration

hcw1

This log provides very detailed information and is a good place to start when troubleshooting.  In some cases, it can be very clear where the problem is.  In the example below, there is a problem accessing the office 365 URL’s via the internet proxy

hcw2

In other cases, we can see errors in the log, (even though in this case the GUI did not show any errors), but its not exactly clear what the cause is.

hcw3

2018.04.24 13:34:43.206 *ERROR* 10277 [Client=UX, Activity=Domain Ownership, Session=OnPremises, Cmdlet=Set-FederatedOrganizationIdentifier, Thread=12] FINISH Time=1341.1ms Results=PowerShell failed to invoke ‘Set-FederatedOrganizationIdentifier’: An error occurred while attempting to provision Exchange to the Partner STS.  Detailed Information “An error occurred accessing Windows Live. Detailed information: “Unable to connect to the remote server”.”.

Looking at the details of this error for example, I have some clue to the cause – Error accessing Windows Live.  My suspicion at this point is network / proxy.  But how can I prove this before engaging with the network support team?  …. By running a network trace and analysing the results (as described next)!

 

How to identify network related issues

There are lots of tools and different ways to identify network related issues.  Detailed below is just one simple approach (but definitely not the only one)

On your Hybrid server, open PowerShell (or a command prompt) and run the following command to start a network trace

 

netsh trace start persistent=yes capture=yes tracefile=c:\temp\HCW_Trace.etl

 

hcw4

Next, recreate the issue you are having with the Office 365 Hybrid Configuration Wizard (HCW).  In this example, the HCW was failing to connect to outlook.office365.com

hcw5

Next go back to PowerShell (or a command prompt) and run the following command to stop the network trace

Netsh trace stop

hcw6

Now, there are tools such as Network Monitor that can be used to view the trace file (ETL) as described here .  However, a popular network analyser that I like to use is Wireshark.  But before we can analyse the network trace using Wireshark, we need to convert it from .ETL to .CAP as described here.

Converting trace file (ETL) it into a Wireshark compatible format

On your pc, download and install the Microsoft Message Analyzer from here .  Open the NETTRACE.ETL (created previously) using Microsoft Message Analyzer.

hcw7

Choose FILE > SAVE AS and then select Export to save the file as NETTRACE.CAP

hcw8

Analyze using Wireshark

Download and install Wireshark from here . Open the NETTRACE.CAP file for analysis

hcw9

At this point, we can apply one or more filters to help narrow the information down and search for any errors.  This site has some good tips of applying filters .  In this example, I am going to filter on the HTTP protocol, by typing http into the filter tab

hcw10

In this example I can see that the internet proxy is indeed blocking access to outlook.office365.com, and now I have some evidence to go back to the network team with.

Good luck with your troubleshooting

Leave a Reply

Your email address will not be published. Required fields are marked *