Problems with Free/Busy from O365 to on-premises users

I was recently working on a customer solution with Exchange 2013 configured in a hybrid setup with Office 365.  I was having issues with free/busy requests from Exchange Online mailboxes to on-premises mailboxes.

Here is a description of the problem and the eventual resolution which took a few days and late nights to resolve:

Scenario

With a recent deployment of Exchange Server 2013 CU6 in a hybrid configuration with Office 365 user that had mailboxes on O365 couldn’t query for free/busy of on-premises users.  Users with on-premises mailboxes could query the free/busy status of O365 mailboxes.  The free/busy test for Office 365 in the Exchange Remote Connectivity Analyser (http://exrca.com ) showed the test for free/busy queries from O365 to on-premises as working successfully.

Environment

·        A multi-domain Active Directory forest with all DCs running Windows Server 2012R2

·        A single Exchange Server 2013 CU6 server with Mailbox/CAS roles installed, running on Windows Server 2012R2

·        DirSync and ADFS running on Windows Server 2012R2

·        Exchange Hybrid configured by running the hybrid configuration wizard on the Exchange Server 2013 CU6 server

·        Clients running Windows 8.1 and Outlook 2013 SP1

·        Clients running IE11 and connecting to OWA on the O365 portal

Integrating Lync 2013 with Exchange 2013 OWA 

In this article we'll go through integrating Lync 2013 with Exchange 2013 OWA. The contents of this article are unashamedly stolen from a colleague, but pointless re-inventing the wheel :).

Scenario

Multiple Exchange 2013 multi-role servers have the same public signed certificate being used for client access. This certificate does not contain the FQDN of the Exchange server as they can no longer be purchased from a public CA.  The Subject Name of the SSL certificate matches the ExternalURL configured on the OWA virtual directories and is the DNS name assigned to the Virtual IP (VIP) on the Hardware Load Balancer (HLB).

If you only have a single Exchange Server and are not using HLB then simply use the FQDN of the Exchange Server in the following steps.  You will need a certificate that contains the FQDN in the subject name field, so this will likely have to come from an internal CA.  If this is the case then the issuing CA certs will have to be trusted by both the Exchange and Lync servers.

Goal

Exchange 2013 client access server integrated with Lync 2013. 

ASP.NET problems with 2013 CU6 install

I recently did a fresh install of Exchange 2013 CU6 for a customer and had major issues trying to access the Exchange Admin Centre (EAC) and Outlook Web App (OWA).

The server was a brand new 2012R2 machine.  The AD forest was brand new and composed entirely of 2012R2 Domain Controllers.  Due to an issue they had they completely deleted the entire environment and recreated it.  All servers were installed from the 2012R2 ISO and all Windows Updates applied.  The following problem occurred in both the original environment and the rebuilt one.

After installation the Application Eventlog was full of event 1310 from source asp.net 4.0.30319.0.  This was logged every few seconds.  EAC/OWA was not accessible and simply returned the "Something Went Wrong :-(" error message.  The event was logged for each of the virtual directories, e.g. OWA/Autodiscover/EWS etc.  Details of the event related to "The file specified could not be found", each referring to a different module that was referenced in the web.config file related to each virtual directory, e.g. AntiXSS.