Rumoured to be fixed end of June 2023
A short blog post on this issue – you see in the Microsoft Exchange Server Hybrid Configuration Wizard logs the following error “Connecting to remote server failed with the following error message: Connecting to remote server outlook.office365.com failed with the following error message : For more information, see the about_Remote_Troubleshooting Help topic.”. The error does not appear to be listed, it just says nothing and then says for more information see…
You will get this error if you run the Hybrid Configuration Wizard in two scenarios. Firstly with any new Microsoft 365 tenant created since 1st April 2023 will be impacted by this and secondly any previously created tenant who never used Remote PowerShell to administer Exchange Online in the tenant.
If you run the Hybrid Configuration Wizard against an older tenant that you have used Remote PowerShell against, at this time you will find that the same client device can connect successfully – so you know its not a local firewall or other restriction.
I also understand this issue happens with Azure Cloud Shell as well.
So what is the issue. It is that Microsoft is disabling the older Remote PowerShell communications into the tenant. This used to be the way to do PowerShell based administration and both the Hybrid Configuration Wizard and Azure Cloud Shell use the older toolset. Both of these will be updated, so at some point this blog post will be irrelevant, but for the current time (April 2023 until probably the end of August 2023) there are steps needed to reenable this legacy admin protocol so that Hybrid Configuration Wizard and Azure Cloud Shell keep working.
There is a timeline for Remote PowerShell (RPS) available at the Microsoft Exchange Server blog and in summary tenants created on April 1st and newer will have RPS disabled by default, as well as those who never used RPS and have not asked for an extension.
We will start disabling RPS for WW tenants who have not opted-out or re-enabled RPS yet and have used it in the past. Re-enablement of RPS using the diagnostic is possible until September 2023 (unless tenant was created after April 2023, in which case you have until June 2023 before RPS is disabled in your tenant). The ability to opt-out from the disablement feature will be removed in September 2023 and from October 2023 Microsoft will start blocking RPS for all tenants, no matter the tenant creation date, size, or opt-out status or cloud environment (WW, GCC, etc.) they use.
Suggested now, and required from the point RPS is disabled in your tenant, all tenants must use Exchange Online PowerShell v3 module using Connect-ExchangeOnline without the UseRPSSession parameter.
So how do you fix it and get the Hybrid Configuration Wizard running again – if you are Global Admin of your tenant just visit https://aka.ms/PillarEXORPS. You can also go to the Microsoft 365 admin center or the Exchange admin center and click on the green Help & Support button in the lower right-hand corner of the screen. When you click the button, you enter our self-service help system. Here you can enter the magic phrase “Diag: Enable RPS in EXO”.
Run the tests and after a minute or so you will be informed if your tenant is blocked or not already. If it is not blocked, the error you got is unrelated to this issue
Legacy RPS is less secure that REST based connections to Exchange Online, so only opt-out if you need to.
We ran this for one of my colleagues and it was fixed in moments and the Hybrid Configuration Wizard was functional from that point onward (well, until you get to the bit about not being allowed to make inbound connectors and that needs Microsoft Support to enable it, and I hear that can take weeks!
Photo by RDNE Stock project: https://www.pexels.com/photo/close-up-shot-of-a-wand-beside-a-potion-7978807/
Leave a Reply