Office 365 Hybrid deployment with TMG server

When configuring a hybrid setup of Exchange with Office 3656 a Https connection between office 365 and Exchange needs to be established. usually this will be the same configuration used for RPC over https (Outlook Anywhere). Now a lot of customers use a TMG server located in their DMZ to secure outlook anywhere. Now if you have a TMG server set up as a reverse proxy for your Exchange outlook anywhere and TMG is also performing authentication for the session, the hybrid setup is going to fail. You’ll receive an error stating that office 365 can not find the MRS endpoint connection at the supplied URL.

The solution?

Well you could disable authentication for the Outlook Anywhere rule. This will work though of course there is slight trade-off in security.

What I would recommend is creating a 2nd rule for publishing  outlook anywhere and placing it above the existing rule. Now we need to make two changes to the rule. The first is to disable authentication by choosing All Users instead of Authenticated Users

All Users

The second change is to just publish the two paths required for office 365 Hybrid. They are the Autodiscover and the EWS directories.


Adding this rule with these two changes will allow for a successful setup of office 365 hybrid with your Exchange server.



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s