Mailbox Connectivity Issue after Migration

I had a client call up about an issue with around 10 of their users, my client raised a support call but never got very far after a week. These user had been migrated from Exchange 2010 via Hybrid and were all working until they suddenly could not connect to OWA or Outlook. So I went through the following investigation steps,

  1. Tried to connect to Outlook and OWA from External to the accounts – Failed
  2. Tried to open the mailbox from another account – Failed
  3. Run the Microsoft Remote Connectivity Analyzer “Outlook RPC” – Failed with the error 403 unauthorised
  4. Run the Microsoft Remote Connectivity Analyzer “Single Sign On” – Success
  5. Run Get-Mailbox and Get-MSOLUser all was brought back fine and looked correct.

It seems to be a very strange issue, it seemed like the Windows Azure AD (WAAD) had lost authorisation to the correlating mailboxes.

To resolve this issue I did the following,

  1. Move the mailboxes back to an on-premises 2010 server. New-MoveRequest -Identity "This email address is being protected from spambots. You need JavaScript enabled to view it." -Outbound -RemoteTargetDatabase "DB003" -RemoteHostName "" -RemoteCredential $cred -TargetDeliveryDomain "”
  2. Removed the Online License from the account.
  3. Removed the MSOL Account from WAAD.(Soft Delete)
    1. First collected all the ObjectID Get-MsolUser –UserPrincipalName “This email address is being protected from spambots. You need JavaScript enabled to view it.” | FL UserPrincipalName, ObjectID
    2. Removed the accounts. Remove-MsolUser -UserPrincipalName This email address is being protected from spambots. You need JavaScript enabled to view it.
  4. Remove MSOL Account from Recycle Bin (Hard Delete) Remove-MsolUser -ObjectId "1fc8558e-601b-498f-a1d6-7ef8888886fc" -RemoveFromRecycleBin –Force
  5. Force Directory Synchronisation
  6. Re-Assigned Online Licenses
  7. 7. Move the mailboxes back to Online New-MoveRequest -Identity "TestJ" –TargetDeliveryDomain "" -BadItemLimit 100 -RemoteHostName "" -remoteCredential $Cred -remote -largeItemLimit 10 –AcceptLargeDataLoss

Once had all been migrated the mailboxes connected back up perfectly and all was working again.

This may seem like a solution for niche issue, however this should work for any individual mailbox issues which is on Microsoft side instead of your configuration. This solution totally provisions a new Azure AD account and a Mailbox in Exchange Online.

Exchange 2003 Free/Busy Information Sharing with Office 365

One of the challenges of getting feature rich coexistence from an on-premise exchange 2003 organisation with Exchange online is to keep the free/busy information that you get in exchange. (This is the feature that lets you see who’s busy by looking at their calendar or at the scheduling assistant in outlook/owa)

History of 2003 Free/Busy Information

All Free/Busy information in exchange 2003 is stored in a system folder called SCHEDULED+FREE BUSY and keeps a folder for each administrative group (Basically a system wide Public Folder). So when a user publishes their free busy information exchange posts the information in a message in to the appropriate subfolder.

To retrieve another user Free Busy the user first goes to AD and collects the LegacyExchangeDN attribute which direct the request to Public Folder with the correct information.

How Exchange 2010 Free/busy Information

Exchange 2010 work very differently to 2003 as it no longer uses Public folders or System Folders to store Free Busy information. Instead 2010 uses the Availability Service which on request it pulls the current information directly from the recipient’s mailbox server.


During coexistence free busy information needs to be available from 2003 users to Exchange Online users and Vice Versa, but the two system use different mechanism for free/busy.

Exchange Online requesting Free/Busy information of an Exchange 2003 Mailbox

From Exchange Online free busy information is pulled from the 2003 user’s by the Availability service connecting via HTTP to the /Public virtual directory of the exchange 2003 mailbox. Simple and efficient

Exchange 2003 Mailbox requesting Free/Busy information of an Exchange Online Mailbox

Exchange 2003 mailbox cannot use the availability service they can only use Local Public Folders. So for exchange 2003 to get Free/Busy information it must request the information from a public folder.

This splits into two areas:

· Exchange onpremise 2010 Free Busy Information

· Exchange Online Free Busy Information

For Exchange 2010 On-premise users there is a public folder created when you first install the first Exchange 2010 for the Exchange 2010 Administrative group. This is called Exchange Administrative Group (FYDIBOHF23SPDLT) and the Free/busy information is stored here for mailboxes on the 2010 server. However Exchange 2003 Mailboxes cannot get access to 2010 public folders so to get this working you need to replicate the folder to the 2003 Mailbox servers. Once it has access to the public folder users can retrieve free/busy information.

Exchange Online!

Here’s where it gets interesting. Now there is a second public folder that is created on the 2010 servers called EX:/O=DOMAIN/OU=EXTERNAL (FYDIBOHF25SPDLT) this is for users who have been migrated to Exchange Online. However there is no connection or updates that happen from exchange online to the public folder, so 2003 cannot get the information from this public folder.

For this to work Exchange does something very clever for exchange 2003 mailboxes to retrieve Exchange online free/busy information. Exchange 2003 sends the request to the OU=EXTERNAL (FYDIBOHF25SPDLT) public which resides on the 2010 server which then uses MAPI on the Middle Tier (MoMT) to intercept the public folder query and executes and availability service query and the free busy information is retrieved from online. Example:

User A – Exchange 2003 Mailbox / User B – Exchange Online Mailbox

1. User A makes a request

2. The request search AD picks up the LegacyExchangeDN which is pointed at the OU=EXTERNAL (FYDIBOHF25SPDLT) folder

3. Sends the request to the OU=EXTERNAL (FYDIBOHF25SPDLT) folder

4. Exchange 2010 Server intercepts the Public Folder Request and starts an Availability Service Query

5. Free/Busy Information is then returned to the exchange 2003 user.

Magic so this should just work – Yeah Right (maybe in a fresh VM setup)! ! !

So we get to the real reason why I wrote this blog what happens when it doesn’t just work. This next section is written with the assumption that:

· Exchange Hybrid Configuration is correct and on SP2+

· Free/Busy is working from Exchange Online to Exchange 2003

· Free/Busy is working from 2003 to 2010 On-Premise

· Routing Group Connector between 2003 to 2010 is configured with Public Folder Referral

· OU=EXTERNAL (FYDIBOHF25SPDLT) exists on the 2010 servers

So what could be the problem?

Most likely explanation if you have gone through all the KB articles and still no answer the 2003 public folder request is not reaching the 2010 servers. So how do we force exchange 2003 to send request to the 2010 server?

In exchange 2003 when a mailbox user requests free/busy information from public folder it first searches itself and then forwards it to alternate exchange servers based on link cost. Which should in hindsight forward the request to the 2010, but if this does not work we need to set this up manually.

1. So first we need to create a custom referral list on the exchange 2003 server to send request directly at the 2010 if it cannot find it on its local server.

a. Go to System Manager

b. First Administrative Group - Server – Right Click Properties

d. Select the Public Folder Referrals Tab

e. Add the Exchange 2010 Server in to the list.


We then get to another problem exchange 2003 needs to send public folder request to the exchange 2010 servers and not Public Folder on the server, and at the moment it set to public folders due to the Custom list we have setup.

1) First go and collect the Server GUID, this can be done with the following PowerShell.

a. Enter "get-publicfolderdatabase | fl name,guid"

b. Enter "get-exchangeserver | fl name,guid"

c. Make a record of the Exchange GUID “7d2557e7-3d11-4f3c-9971-c6dc8bba494d”

2) To change the address from the public folder address to the server address we need to go into ADSIedit and change the MSExchFolderAfficnity field to match the Exchange 2010 Server GUID.

a. Configuration/Services/Microsoft Exchange/Domain/Administrative Groups/First Administrative Group/Servers

b. Right-Click the 2003 Server and go to properties

c. Add the Server GUID and remove the old entry which should match the Public Folder GUID.


And there you have it Exchange 2003 will be directed at the 2010 server and not the public folder, and then exchange can work its magic.