I am posting this in new thread in case anyone find it useful. I did post this as a possible answer to someone elses thread but i think i want to put this in its own thread, as my situation is quite specific
Problem: HCW failed with error "ValidateConfiguration execution failed: Configure Legacy Exchange Support"
We have a native Exchange 2010 environment with 9 Exchange 2010 servers, (all exchange SP2 UR3). Roles are split and seperated
Site A
2x Mailbox, 2x CAS/HT, 2x Edge
Site B
1x Mailbox, 1x CAS/HT, 1x Edge
We have Public Folder DB's on each Mailbox Server. All PFs are fully replicated to all the DB's
The public folders were originally migrated/replicated from exchange 2003
There is no exchange 2003 in the environment anymore.
There are no problems with the public folder infrastructure. Everything is working fine.
There is no trace of any 'legacy' exchange 2003 leftovers in AD. Everything was removed after we finished moving to 2010 about 12 months ago. We were following the MS documentation, and exchange 2003 was removed cleanly. Public folder hierarchies were correctly 're-homed' off the 2003 servers, and the CN=SERVERS container was removed from the 'first administrative group' using ADSI edit after we removed the last exchange 2003 server. We made sure that public folder replica's were all problem free before we retired that
We have done all the preparation for hybrid configuration using 'exDelopy' steps. We spent a long time making sure the environment was ready. Office 365 deployment readiness tools showing no issues. But when we finally tried to setup hybrid coexistence: I was unable to run HCW, it would fail with: "ValidateConfiguration execution failed: Configure Legacy Exchange Support"
Log files show the HCW trying to 'get-publicfolders' on my mailbox servers.
It succeeds on the first server, and then fails on the next one it tries
[7/30/2012 21:36:42] INFO:Running command: Get-PublicFolderDatabase -Server 'MBX-A-00'
[7/30/2012 21:36:42] INFO:Cmdlet: Get-PublicFolderDatabase --Start Time: 30/07/2012 22:36:42.
[7/30/2012 21:36:42] INFO:Cmdlet: Get-PublicFolderDatabase --End Time: 30/07/2012 22:36:42.
[7/30/2012 21:36:42] INFO:Cmdlet: Get-PublicFolderDatabase --Processing Time: 46.884.
[7/30/2012 21:36:42] INFO:Running command: Get-PublicFolder -Identity '\NON_IPM_SUBTREE\SCHEDULE+ FREE BUSY' -Server 'MBX-A-00' -Recurse ''
[7/30/2012 21:36:42] INFO:Cmdlet: Get-PublicFolder --Start Time: 30/07/2012 22:36:42.
[7/30/2012 21:36:43] INFO:Cmdlet: Get-PublicFolder --End Time: 30/07/2012 22:36:43.
[7/30/2012 21:36:43] INFO:Cmdlet: Get-PublicFolder --Processing Time: 906.424.
[7/30/2012 21:36:43] INFO:Running command: Get-PublicFolderDatabase -Server 'VEXMBX-A-01'
[7/30/2012 21:36:43] INFO:Cmdlet: Get-PublicFolderDatabase --Start Time: 30/07/2012 22:36:43.
[7/30/2012 21:36:43] INFO:Cmdlet: Get-PublicFolderDatabase --End Time: 30/07/2012 22:36:43.
[7/30/2012 21:36:43] INFO:Cmdlet: Get-PublicFolderDatabase --Processing Time: 62.512.
[7/30/2012 21:36:43] INFO:Running command: Get-PublicFolder -Identity '\NON_IPM_SUBTREE\SCHEDULE+ FREE BUSY' -Server 'MBX-A-01' -Recurse ''
[7/30/2012 21:36:43] INFO:Cmdlet: Get-PublicFolder --Start Time: 30/07/2012 22:36:43.
[7/30/2012 21:36:43] ERROR:System.Management.Automation.RemoteException: No existing 'PublicFolder' matches the following Identity: '\NON_IPM_SUBTREE\SCHEDULE+ FREE BUSY'. Make sure that you specified the correct 'PublicFolder' Identity and that you have the necessary permissions to view 'PublicFolder'.
[7/30/2012 21:36:43] INFO:Cmdlet: Get-PublicFolder --End Time: 30/07/2012 22:36:43.
[7/30/2012 21:36:43] INFO:Cmdlet: Get-PublicFolder --Processing Time: 62.512.
[7/30/2012 21:36:43] INFO:Disconnected from On-Premises session
[7/30/2012 21:36:43] INFO:Disconnected from Tenant session
[7/30/2012 21:36:43] ERROR:Updating hybrid configuration failed with error 'Subtask ValidateConfiguration execution failed: Configure Legacy Exchange Support at Microsoft.Exchange.Management.Hybrid.Engine.ExecuteTask(TaskBase taskBase, TaskContext taskContext)
I could - as an administrator - run the same get-publicfolder command in powershell on any exchange server, or my administrative workstation and confirm the foders exist and can be enumerated on this same server on which the failure was occuring
Get-PublicFolder -Identity '\NON_IPM_SUBTREE\SCHEDULE+ FREE BUSY' -Server 'MBX-A-01' -recurse
This command would return the '\NON_IPM_SUBTREE\SCHEDULE+ FREE BUSY' folder and its children. It would work fine when targeting ANYof my exchange mailbox servers. No problem. Nonetheless, the HCW would not get past this point.
I tried to run that same 'get-publicfolder' powershell command, by running powershell as the 'on-premise' user account specified during the HCW. It would work on 2 of my PF DB's but consistently fail on the same server mentioned in my logs. Output was as follows:
<powershell running as the HCW on-premise user, (with org management rights)>
Get-PublicFolder -Identity '\NON_IPM_SUBTREE\SCHEDULE+ FREE BUSY' -Server 'MBX-A-01' -Recurse
No existing 'PublicFolder' matches the following Identity: '\NON_IPM_SUBTREE\SCHEDULE+ FREE BUSY'. Make sure that you specified the correct 'PublicFolder' Identity and that you have the necessary permissions to view 'PublicFolder'.
+ CategoryInfo : NotSpecified: (0:Int32) [Get-PublicFolder], MapiOperationException
+ FullyQualifiedErrorId : 1ACB800A,Microsoft.Exchange.Management.MapiTasks.GetPublicFolder
I confirmed the user account was a member of 'organisational management'
It didnt matter what additional rights this user was granted - i tried domain admin, enterprise admin, builtin administrators... - it would always fail.
Further testing revealed that this user account could not actually enumerate ANY public folders on this specific PF database on this 1 mailbox server
Get-PublicFolder -Identity '\' -Server 'MBX-A-01' -Recurse
No existing 'PublicFolder' matches the following Identity: '\'. Make sure that you specified the correct 'PublicFolder' Identity and that you have the necessary permissions to view 'PublicFolder'.
+ CategoryInfo : NotSpecified: (0:Int32) [Get-PublicFolder], MapiOperationException
+ FullyQualifiedErrorId : C0789D04,Microsoft.Exchange.Management.MapiTasks.GetPublicFolder
As it started to look like permissions, i checked and compared all of the administrative permissions on ALL the public folder DB's with each other:
Get-PublicFolderAdministrativePermission -Identity "\" -server MBX-A-00 | fl
Get-PublicFolderAdministrativePermission -Identity "\" -server MBX-A-01 | fl
Get-PublicFolderAdministrativePermission -Identity "\" -server MBX-B-00 | fl
The permissions were identical on all my public folder db's on all my mailbox servers. There were no differences at all. There were no explicit deny rights. There was nothing that would explain why i cant get-publicfolders on this one database, when running as this user.
In the end - out of sheer desperation - i mailbox enabled the user - just to see what would happen.
This user was not previously mailbox enabled. There was nothing in any of the documentation that indicated that it should be
After i mailbox enabled the user, the commands were able to execute. I could enumerate all public folders in all DB's on all servers when executing the powershell as this user.
I dont understand whats going on here at all. From my perspective it should not be necessary to be mailbox enabled user in order to be able to enumerate public folders...
...and, even if that were the case, why would it fail only on 1 specific PF DB on one specific server?. Surely it should fail on all of them?
I do not have answers to these questions.
but for anyone out there having a similar problem - if you need to get the HCW to work, and you have the same problem as me, try to mailbox-enable the on-prem user account thats configured during the HCW, to see if it clears your problem.
Hope this might help someone else. I had a week of hell because of this problem.
