Hybrid Mailbox Migrations Fail when using SSL Offloading

Author by Michael Epping

I recently ran into the issue where I had an Exchange 2010 SP3 RU2 Hybrid server configured with Office 365 Wave 15.  I used the Exchange Management Console to configure Remote Mailbox Move Requests, but they were either failing or being created successfully and then disappearing.  Typically I'd get a result like this:

2013-08-26 14_58_36

After clicking Finish both move requests would disappear and the EMC wouldn't show any record of them ever existing.  Obviously the errors in the wizard don't reveal much information, so I connected to Exchange Online using remote PowerShell to try kicking off the mailbox migrations from there.

When trying a remote mailbox move request from Exchange Online I receive this error:

2013-08-26 15_02_38

Exchange Online was receiving a 404 error when attempting to connect to my Exchange 2010 Hybrid servers' mrsproxy service.  After doing a little digging I discovered that the mrsproxy service does not support SSL Offloading.  A similar situation can pop up if you are using TMG as a reverse proxy and require pre-authentication.  Microsoft outlines the solution here: http://technet.microsoft.com/en-us/library/hh852447.aspx.  The fix for our SSL Offloading scenario is similar, you need configure whatever device you are using for SSL Offloading to treat traffic bound for /ews/mrsproxy.svc a little differently.  Traffic going to /ews/mrsproxy.svc needs to be sent to the Exchange Hybrid servers on port 443, not port 80.  Depending on which type of device you are using for SSL Offloading you may have to refer to your product documentation to learn how to achieve this.

Author

Michael Epping

Systems Engineer