Hello everyone,

I have a quick question. I have a on prem exchange enviornment and we have recently signed up for office 365. we are deploying ADFS and Hybrid enviornmnet. Now here the catch:

 MY office 365 domain is mydomain.com

 My on prem exchange accepted domain is mail.mydomain.com. The MX records in my external dns is setup for mail.mydomain.com which is the on prem

now will that be an issue that the domains are different?

I have added the mail.mydomain.com in my office 365 domains as well. but have not added the DNS records cuz i am confused of what will be the conflict between two. if i configure the DNS record to point mx to office 365 what will happen to on prem enviornment? will that stop working. Can i add mail.mydomain.com in office 365 and have them both enviornments work at the same time? will the DNS records in external affect anything?

• Edited by Riaz Ansary 19 hours 25 minutes ago

This is not the place for urgent requests.  That would be Microsoft Support.

The domains can be different.

Don't worry about pointing DNS records to Office 365 until you're ready.  If you set up the hybrid right, mail will flow through your on-premises Exchange to Office 365.  You can make the switch when it's convenient for you to

GOod Call on the urgent notice :)

so when i am ready to make the complete switch to office 365 do I just add the mail.mydomain.com to office 365 and point all DNS servers there?

I do have the mail.mydomain.com in my office 365 added but hybrid confix after a while running gives this error.

Updating hybrid configuration failed with error 'Subtask Configure execution failed: Configure Organization Relationship Execution of the Set-FederatedOrganizationIdentifier cmdlet has thrown an exception. This may indicate invalid parameters in your hybrid configuration settings. Proof of domain ownership has failed. Make sure that the TXT record for the specified domain is available in DNS. The format of the TXT record should be "example.com IN TXT hash-value" where "example.com" is the domain you want to configure for Federation and "hash-value" is the proof value generated with "Get-FederatedDomainProof -DomainName example.com".

Even tho I did add the txt record and office 365 did say mail.domain.com is verified

No, all domains you use for mail routing should be verified domains in Office 365.

You will need to make two DNS TXT records.  The first one, something like "MS=ms12345678" is when you verify the domain in Office 365.  The second, a longer uglier one, is a domain proof that is required by the Hybrid Configuration Wizard.

One more issue i am facing. How come all of a sudden I CANNOT access my live outlook web app and exchange admin center from within on prem network now? I can access then from outside network just fine but from inside network it doest work says page cant be displayed.

Also why I get the OAuth Authentication process after hybrid config is done. and its running for too long and then gives an error that check  your internet connection while my internet connection is just fine.

• Edited by Riaz Ansary Wednesday, May 06, 2015 6:56 PM

I recommend you open a ticket with Microsoft Online Support.

Hi,

From your description, you need to configure OAuth authentication between Exchange and Office 365, you can follow the steps below to do it.

1. Create an authorization server object for your Exchange Online organization.
2. Enable the partner application for your Exchange Online organization.
3. Export the on-premises authorization certificate.
4. Upload the on-premises authorization certificate to Azure Active Directory ACS.
5. Register all hostname authorities for your external on-premises Exchange HTTP endpoints with Azure Active Directory.
6. Create an IntraOrganizationConnector from your on-premises organization to Office 365.
7. Create an IntraOrganizationConnector from your Office 365 tenant to your on-premises Exchange organization.

For your reference:

https://technet.microsoft.com/en-us/library/dn594521(v=exchg.150).aspx

If your issue is urgent, it is recommended to contact Microsoft Support. If you still would like to handle this issue on forum, I will continue to help you.

For your convenience:

https://support.microsoft.com/en-hk?wa=wsignin1.0

Best regards,

Amyy THanks a lot. My question is that why do you have to go through all this? under normal situation these steps are not needed right? if we have ADFS that does the Authentications or Dirsync does these steps needed?

I am not facing another issue I dont know what is wrong and why. the outlook web app cant be accessed. from INSIDE network. from outside its totally fine. I have diabled the SSL required on default site and exchange back end but then setup redirect to https://webmail.mydomain.com thats how its  been setup always. but all of a sudden now i cant access the web app from inside netwrok unless use the local path

• Edited by Riaz Ansary 14 hours 10 minutes ago