No one has responded to this discussion for at least a year, so this information may be out of date. If you're looking for information about this topic, please search for a more recent discussion or post a new question.

Hybrid Configuration Wizard: ValidateConfiguration execution failed: Configure Legacy Exchange Support

This question is answered This question is answered

I am posting this in new thread in case anyone find it useful. I did post this as a possible answer to someone elses thread but i think i want to put this in its own thread, as my situation is quite specific

 

Problem: HCW failed with error "ValidateConfiguration execution failed: Configure Legacy Exchange Support"

 

We have a native Exchange 2010 environment with 9 Exchange 2010 servers, (all exchange SP2 UR3). Roles are split and seperated

 

Site A

2x Mailbox, 2x CAS/HT, 2x Edge

Site B

1x Mailbox, 1x CAS/HT, 1x Edge

 

We have Public Folder DB's on each Mailbox Server. All PFs are fully replicated to all the DB's

The public folders were originally migrated/replicated from exchange 2003
There is no exchange 2003 in the environment anymore.
There are no problems with the public folder infrastructure. Everything is working fine.
There is no trace of any 'legacy' exchange 2003 leftovers in AD. Everything was removed after we finished moving to 2010 about 12 months ago. We were following the MS documentation, and exchange 2003 was removed cleanly. Public folder hierarchies were correctly 're-homed' off the 2003 servers, and the CN=SERVERS container was removed from the 'first administrative group' using ADSI edit after we removed the last exchange 2003 server. We made sure that public folder replica's were all problem free before we retired that

 

We have done all the preparation for hybrid configuration using 'exDelopy' steps. We spent a long time making sure the environment was ready. Office 365 deployment readiness tools showing no issues. But when we finally tried to setup hybrid coexistence: I was unable to run HCW, it would fail with: "ValidateConfiguration execution failed: Configure Legacy Exchange Support"

 

Log files show the HCW trying to 'get-publicfolders' on my mailbox servers.
It succeeds on the first server, and then fails on the next one it tries

[7/30/2012 21:36:42] INFO:Running command: Get-PublicFolderDatabase -Server 'MBX-A-00'
[7/30/2012 21:36:42] INFO:Cmdlet: Get-PublicFolderDatabase --Start Time: 30/07/2012 22:36:42.
[7/30/2012 21:36:42] INFO:Cmdlet: Get-PublicFolderDatabase --End Time: 30/07/2012 22:36:42.
[7/30/2012 21:36:42] INFO:Cmdlet: Get-PublicFolderDatabase --Processing Time: 46.884.
[7/30/2012 21:36:42] INFO:Running command: Get-PublicFolder -Identity '\NON_IPM_SUBTREE\SCHEDULE+ FREE BUSY' -Server 'MBX-A-00' -Recurse ''
[7/30/2012 21:36:42] INFO:Cmdlet: Get-PublicFolder --Start Time: 30/07/2012 22:36:42.
[7/30/2012 21:36:43] INFO:Cmdlet: Get-PublicFolder --End Time: 30/07/2012 22:36:43.
[7/30/2012 21:36:43] INFO:Cmdlet: Get-PublicFolder --Processing Time: 906.424.
[7/30/2012 21:36:43] INFO:Running command: Get-PublicFolderDatabase -Server 'VEXMBX-A-01'
[7/30/2012 21:36:43] INFO:Cmdlet: Get-PublicFolderDatabase --Start Time: 30/07/2012 22:36:43.
[7/30/2012 21:36:43] INFO:Cmdlet: Get-PublicFolderDatabase --End Time: 30/07/2012 22:36:43.
[7/30/2012 21:36:43] INFO:Cmdlet: Get-PublicFolderDatabase --Processing Time: 62.512.
[7/30/2012 21:36:43] INFO:Running command: Get-PublicFolder -Identity '\NON_IPM_SUBTREE\SCHEDULE+ FREE BUSY' -Server 'MBX-A-01' -Recurse ''
[7/30/2012 21:36:43] INFO:Cmdlet: Get-PublicFolder --Start Time: 30/07/2012 22:36:43.
[7/30/2012 21:36:43] ERROR:System.Management.Automation.RemoteException: No existing 'PublicFolder' matches the following Identity: '\NON_IPM_SUBTREE\SCHEDULE+ FREE BUSY'. Make sure that you specified the correct 'PublicFolder' Identity and that you have the necessary permissions to view 'PublicFolder'.
[7/30/2012 21:36:43] INFO:Cmdlet: Get-PublicFolder --End Time: 30/07/2012 22:36:43.
[7/30/2012 21:36:43] INFO:Cmdlet: Get-PublicFolder --Processing Time: 62.512.
[7/30/2012 21:36:43] INFO:Disconnected from On-Premises session
[7/30/2012 21:36:43] INFO:Disconnected from Tenant session
[7/30/2012 21:36:43] ERROR:Updating hybrid configuration failed with error 'Subtask ValidateConfiguration execution failed: Configure Legacy Exchange Support at Microsoft.Exchange.Management.Hybrid.Engine.ExecuteTask(TaskBase taskBase, TaskContext taskContext)

I could - as an administrator - run the same get-publicfolder command in powershell on any exchange server, or my administrative workstation and confirm the foders exist and can be enumerated on this same server on which the failure was occuring

Get-PublicFolder  -Identity '\NON_IPM_SUBTREE\SCHEDULE+ FREE BUSY' -Server 'MBX-A-01' -recurse

 

This command would return the '\NON_IPM_SUBTREE\SCHEDULE+ FREE BUSY' folder and its children. It would work fine when targeting ANYof my exchange mailbox servers. No problem. Nonetheless, the HCW would not get past this point.

 

I tried to run that same 'get-publicfolder' powershell command, by running powershell as the 'on-premise' user account specified during the HCW. It would work on 2 of my PF DB's but consistently fail on the same server mentioned in my logs. Output was as follows:

 

<powershell running as the HCW on-premise user, (with org management rights)>

Get-PublicFolder -Identity '\NON_IPM_SUBTREE\SCHEDULE+ FREE BUSY' -Server 'MBX-A-01' -Recurse

 

No existing 'PublicFolder' matches the following Identity: '\NON_IPM_SUBTREE\SCHEDULE+ FREE BUSY'. Make sure that you specified the correct 'PublicFolder' Identity and that you have the necessary permissions to view 'PublicFolder'.
    + CategoryInfo          : NotSpecified: (0:Int32) [Get-PublicFolder], MapiOperationException
    + FullyQualifiedErrorId : 1ACB800A,Microsoft.Exchange.Management.MapiTasks.GetPublicFolder

 

I confirmed the user account was a member of 'organisational management'
It didnt matter what additional rights this user was granted - i tried domain admin, enterprise admin, builtin administrators... - it would always fail.

 

Further testing revealed that this user account could not actually enumerate ANY public folders on this specific PF database on this 1 mailbox server

 

Get-PublicFolder -Identity '\' -Server 'MBX-A-01' -Recurse

No existing 'PublicFolder' matches the following Identity: '\'. Make sure that you specified the correct 'PublicFolder'  Identity and that you have the necessary permissions to view 'PublicFolder'.
    + CategoryInfo          : NotSpecified: (0:Int32) [Get-PublicFolder], MapiOperationException
    + FullyQualifiedErrorId : C0789D04,Microsoft.Exchange.Management.MapiTasks.GetPublicFolder

As it started to look like permissions, i checked and compared all of the administrative permissions on ALL the public folder DB's with each other:

 

Get-PublicFolderAdministrativePermission -Identity "\" -server MBX-A-00 | fl

Get-PublicFolderAdministrativePermission -Identity "\" -server MBX-A-01 | fl

Get-PublicFolderAdministrativePermission -Identity "\" -server MBX-B-00 | fl

 

The permissions were identical on all my public folder db's on all my mailbox servers. There were no differences at all. There were no explicit deny rights. There was nothing that would explain why i cant get-publicfolders on this one database, when running as this user.

 

In the end - out of sheer desperation - i mailbox enabled the user - just to see what would happen.
This user was not previously mailbox enabled. There was nothing in any of the documentation that indicated that it should be

 

After i mailbox enabled the user, the commands were able to execute. I could enumerate all public folders in all DB's on all servers when executing the powershell as this user.

 

I dont understand whats going on here at all. From my perspective it should not be necessary to be mailbox enabled user in order to be able to enumerate public folders...
...and, even if that were the case, why would it fail only on 1 specific PF DB on one specific server?. Surely it should fail on all of them?

 

I do not have answers to these questions.

 

but for anyone out there having a similar problem - if you need to get the HCW to work, and you have the same problem as me, try to mailbox-enable the on-prem user account thats configured during the HCW, to see if it clears your problem.

Hope this might help someone else. I had a week of hell because of this problem.

 

1 out of 1 people found this post helpful.

Verified Answer
  • i was able to solve this problem by mailbox enabling the 'on premise' user account used during HCW,

    I still did not get to the bottom of why its necessary. My problem was not to do with missing PF's or PF permissions, or incorrectly configured PF's

All Replies
  • Hello JayDee180,

    I wanted to thank you for your post. Also, I wanted to ask when doing your hybrid setup did you review Understanding Prerequisites for Exchange 2003 Hybrid Deployments http://technet.microsoft.com/en-us/library/hh757271.aspx. Please let know if the article I provided you with helps you better understand how the Hybrid deployments works.

    Kind Regards,
    Mario Novoa
     

    0 out of 1 people found this post helpful.

  • Hello Mario

    Thanks for your reply.

    If you read my original post I think you will see quite clearly that we are not attempting to do an exchange 2003 hybrid deployment.

     

    We have a native Exchange 2010 environment with 9 Exchange 2010 servers, (all exchange SP2 UR3).....

    We have Public Folder DB's on each Mailbox Server. All PFs are fully replicated to all the DB's

    The public folders were originally migrated/replicated from exchange 2003

    There is no exchange 2003 in the environment anymore.

    There are no problems with the public folder infrastructure. Everything is working fine.

    There is no trace of any 'legacy' exchange 2003 leftovers in AD. Everything was removed after we finished moving to 2010 about 12 months ago.

    We were following the MS documentation, and exchange 2003 was removed cleanly.

    Public folder hierarchies were correctly 're-homed' off the 2003 servers

    The CN=SERVERS container was removed from the 'first administrative group' using ADSI edit after we removed the last exchange 2003 server.

    We made sure that public folder replica's were all problem free before we retired that"

     

    thanks for the link, but that document is not relevant to my situation.

     

     

  • Hello JayDee180,

    Thanks for the post in the forum.

    With your detailed explanation of the problem  and the solution this will be a great resource for anyone else that may have this problem.


    I will archive the post with your permission.

    Best regards

    Samuel

  • sure. go ahead

  • This article helped me....

    www.ucprofessional.com/.../office-365-error-configure-legacy.html

    I ran the commands on my CAS/HUB Server and my Mailbox Server since I had those roles separated.

    Hope this helps!

    Chris

  • i was able to solve this problem by mailbox enabling the 'on premise' user account used during HCW,

    I still did not get to the bottom of why its necessary. My problem was not to do with missing PF's or PF permissions, or incorrectly configured PF's

  • Hi,

    I tried this but am getting same error

    Summary: 2 item(s). 1 succeeded, 1 failed.

    Elapsed time: 00:00:28

    Set-HybridConfiguration

    Completed

    Exchange Management Shell command completed:

    Set-HybridConfiguration -Features 'MoveMailbox','OnlineArchive','FreeBusy','Mailtips','MessageTracking','OwaRedirection','SecureMail','CentralizedTransport' -Domains 'avendus.com' -ClientAccessServers 'ACPLMUM-HO-HC2','ACPLMUM-HO-HC1' -TransportServers 'ACPLMUM-HO-HC2','ACPLMUM-HO-HC1' -ExternalIPAddresses '182.72.3.227','203.212.223.246','121.241.16.142' -OnPremisesSmartHost 'mail.avendus.com' -SecureMailCertificateThumbprint 'FC090FAB3E9CCD7A1CF49F8DFE8A80351A277533'

    Elapsed Time: 00:00:00

    Update-HybridConfiguration

    Failed

    Error:

    Updating hybrid configuration failed with error 'Subtask ValidateConfiguration execution failed: Configure Legacy Exchange Support

      at Microsoft.Exchange.Management.Hybrid.Engine.ExecuteTask(ITask taskBase, ITaskContext taskContext)

    '.

    Additional troubleshooting information is available in the Update-HybridConfiguration log file located at C:\Program Files\Microsoft\Exchange Server\V14\Logging\Update-HybridConfiguration\HybridConfiguration_1_16_2014_19_45_5_635254983053705337.log.

    Exchange Management Shell command attempted:

    Update-HybridConfiguration -OnPremisesCredentials 'System.Management.Automation.PSCredential' -TenantCredentials 'System.Management.Automation.PSCredential'

    Elapsed Time: 00:00:28

    Thanks

    Mahesh

  • Hi,

    My account is mailbox enabled but still getting below error.

    Summary: 2 item(s). 1 succeeded, 1 failed.

    Elapsed time: 00:00:28

    Set-HybridConfiguration

    Completed

    Exchange Management Shell command completed:

    Set-HybridConfiguration -Features 'MoveMailbox','OnlineArchive','FreeBusy','Mailtips','MessageTracking','OwaRedirection','SecureMail','CentralizedTransport' -Domains 'avendus.com' -ClientAccessServers 'ACPLMUM-HO-HC2','ACPLMUM-HO-HC1' -TransportServers 'ACPLMUM-HO-HC2','ACPLMUM-HO-HC1' -ExternalIPAddresses '182.72.3.227','203.212.223.246','121.241.16.142' -OnPremisesSmartHost 'mail.avendus.com' -SecureMailCertificateThumbprint 'FC090FAB3E9CCD7A1CF49F8DFE8A80351A277533'

    Elapsed Time: 00:00:00

    Update-HybridConfiguration

    Failed

    Error:

    Updating hybrid configuration failed with error 'Subtask ValidateConfiguration execution failed: Configure Legacy Exchange Support

      at Microsoft.Exchange.Management.Hybrid.Engine.ExecuteTask(ITask taskBase, ITaskContext taskContext)

    '.

    Additional troubleshooting information is available in the Update-HybridConfiguration log file located at C:\Program Files\Microsoft\Exchange Server\V14\Logging\Update-HybridConfiguration\HybridConfiguration_1_16_2014_19_45_5_635254983053705337.log.

    Exchange Management Shell command attempted:

    Update-HybridConfiguration -OnPremisesCredentials 'System.Management.Automation.PSCredential' -TenantCredentials 'System.Management.Automation.PSCredential'

    Elapsed Time: 00:00:28

    Thanks

    Mahesh