The issue
Free Busy status is as follows.
OWA
- Free Busy 365 user to on premise user – working
- Free Busy On premise user to 365 user – working
Outlook Client
- Free Busy 365 user to on prem user – WORKING
- Free Busy On prem user to 365 user working –Not Working
For Troubleshoot Exchange Hybrid calendar availability issue, first option to use tool –
Microsoft Remote Connectivity Analyzer
It is a very effective online Microsoft tool, Having a lot of troubleshooting options including Free/ busy. You can select Microsoft 365 or Exchange Server as per your direction need.
In my case of, I have checked all settings but found that there was issue with TLS 1.0 & 1.1 version.
On-premises users might not be able to do free/busy requests in calendaring from on-premises mailboxes towards Exchange online mailboxes.
In Event Viewer, The error will logged as below”
Log Name: Application
Source: MSExchange Availability
Date: …………
Event ID: 4001
Task Category: Availability Service
Level: Error
Keywords: Classic
User: N/A
Computer: server01.contoso.com
The interesting parts of the event above are the following of information:
AutoDiscoverFailedException: Autodiscover failed
Checked with below command on Exchange Servers including Hybrid server with EMS (Since Autodiscover fails, let’s test it from the on-prem server and see if it can reach the server in Exchange online via Powershell):
Invoke-WebRequest -Uri “https://autodiscover-s.outlook.com/autodiscover/autodiscover.svc”
The result now as expect is:
Invoke-WebRequest : The remote server returned an error: (401) Unauthorized.
You now have proof that the TLS settings on-premises are outdated and your on-prem server not using TLS 1.2 prevents your server from connecting to the Exchange online servers.
Microsoft has announced the deprecation of TLS 1.0 and TLS 1.1 already.
Solution:
So solution will be enabling of TLS 1.2 and you can disable TLS 1.0 and 1.1 since they are not secure anymore.
As free/busy requests from On-Premise are using either TLS 1.0 or TLS 1.1 to connect Exchange Online mailbox, so was failing as per error. So we need to force to use only TLS 1.2 for all requests.
TLS 1.2 can be enabled by Exchange Windows registry settings: You can made changes to below registry settings to enable TLS 1.2 and to disable TLS 1.0 & 1.1. Then restart the server and check free busy. It should sure work, but please verify above errors 1st before proceeding.
‘HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server’
‘HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client’
Start with the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols registry key. Under that key you can create any subkeys in the set TLS 1.0, TLS 1.1, and TLS 1.2. Under each of those subkeys, you can create subkeys Client and/or Server. Under Client and Server, you can create DWORD values DisabledByDefault (0 or 1) and Enabled (0 or 1).
******************************************************
All Other Setting we can check if found that there is no any issue with TLS version –
Identify the certificate for which the authentication configuration is looking. To do this, run the following command (Normally this issue occurs if the on-premises Exchange server cannot obtain an authentication token by using OAuth. Exchange doesn’t try to use the organization relationship if an intraorganization connector exists.):
Get-AuthConfig |fl
In this case, either Certificate expired or not configured well, Certificate expiry you can check by get-exchangecertificate by using ThumbPrint from Get-AuthConfig Command.
More info with below MS URL:
Sharing More Command, which can be used to check all details which can be used in troubleshooting Free/ Busy in Exchange Hybrid.
Run these commands to gather diagnostic information:
On-Premises Exchange Server side troubleshooting:
Get-FederationTrust | fl
Get-FederatedOrganizationIdentifier | fl
Get-OrganizationRelationship | fl
Get-WebServicesVirtualDirectory | Export-Clixml C:\temp\WebVdir.xml
Get-AutoDiscoverVirtualDirectory | Export-Clixml C:\temp\AutoDVdir.xml
Get-RemoteMailbox bobc_sync | fl
Get-Mailbox “on-premises John Doe User” | fl
Test-FederationTrust -UserIdentity [email protected] | fl
Test-FederationTrustCertificate | fl
Get-IntraOrganizationConnector | fl
Exchange Online side troubleshooting:
Get-FederationTrust | fl
Get-FederatedOrganizationIdentifier | fl
Get-OrganizationRelationship | fl
Get-MailUser “on-premises John Doe User” | fl
Get-Mailbox “Cloud user” | fl
Get-IntraOrganizationConnector | fl
get-OrganizationRelationship | Test-OrganizationRelationship -UserIdentity “cloud user”
********************************************************
If the free/busy problem persists, make sure that the sharing policies in the on-premises Exchange Server environment and in Exchange Online match. To determine this, run the following command in the Exchange Management Shell, and then note the value in the Domains field in the results:
Get-SharingPolicy | FL