Error message when you try to move mailboxes from an on-premises Exchange Server environment to Office 365 in a hybrid deployment: "The call to https://<path>/mrsproxy.svc failed"

Article translations Article translations
Article ID: 2702674 - View products that this article applies to.

Not sure what release of Office 365 you're using? Go to the following Microsoft website:
Am I using Office 365 after the service upgrade?
Expand all | Collapse all

PROBLEM

You have a hybrid deployment of Microsoft Exchange Online in Microsoft Office 365 and of your on-premises Microsoft Exchange Server environment. When you try to move mailboxes from the on-premises environment to Office 365 by using the Exchange Management Console or Windows PowerShell, you receive the following error message:

The call to https://webmail.contoso.com/ews/mrsproxy.svc failed because no service was listening on the specified endpoint. Error details: There was no endpoint listening at https://webmail.contoso.com/ews/mrsproxy.svc that could accept the message. This is often caused by an incorrect address: (404) Not Found.
When you view the Internet Information Services (IIS) logs on the on-premises Exchange 2010 hybrid server, you see entries that resemble the following:

2011—10—25 22:40:46 192.168.200.33 POST /EWS/mrsproxy.svc - 80 -192.168.200.1 - 401 1 2148074254 93
2011—10—25 22:40:46 192.168.200.33 POST /EWS/mrsproxy.svc - 80 CONTOSO\jsmith 192.168.200.1 - 404 0 0 62

Additionally, if you use the remote mailbox move request wizard in the Exchange Management Console to create the move request, you're prompted to enter your credentials during the final stage of the wizard before the mailbox is moved. The prompt for credentials isn't part of the wizard. It's displayed in a separate window. 

CAUSE

This issue may occur if the rules and ports that are used in Microsoft Forefront Threat Management Gateway (TMG) are set up incorrectly. In Forefront TMG, you have to create additional rules so that preauthentication isn't required and also have to make sure that requests aren't redirected to port 80.

The Exchange Mailbox Replication Proxy (MRSProxy) service may not work correctly if a reverse proxy such as Forefront TMG or Microsoft Internet Security and Acceleration (ISA) Server publishes Exchange services in the perimeter network and requires preauthentication.

SOLUTION

To resolve this issue, create an additional rule in Forefront TMG or in ISA Server. Create the rule to use the same listener as the original Exchange 2010 rule that already enables preauthenticated traffic to the internal Exchange servers. The rule should meet the following criteria:
  • Authentication Delegation: Select the No delegation, but client may authenticate directly option.
  • Users: Select All Users.
  • Paths: Add the following paths.
    • /ews/mrsproxy.svc
    • /ews/exchange.asmx/wssecurity
    • /autodiscover/autodiscover.svc/wssecurity
    • /autodiscover/autodiscover.svc
  • Rule priority: Set the rule to a higher priority than the priority of the other Exchange publishing rules.
  • Bridging: Make sure that requests are redirected to port 443 and not to port 80.

MORE INFORMATION

For more information about how to set up Forefront TMG in a hybrid deployment of Exchange Online in Office 365 and of on-premises Exchange Server, go to the following Office 365 Community website:
How to configure TMG for Office 365 (Exchange) hybrid deployments
For more information about hybrid reverse proxy configuration, see the "Hybrid Reverse Proxy Configuration" section of the Office 365 Deployment Guide for Enterprises. The guide is available for download from the following Microsoft website:
http://www.microsoft.com/download/en/details.aspx?id=26509
For more information about how to publish Exchange Server 2010 with Forefront TMG 2010, download the "Publishing Exchange Server 2010 with Forefront Unified Access Gateway 2010 and Forefront Threat Management Gateway 2010" white paper from the following Microsoft website:
http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=8946
Still need help? Go to the Office 365 Community website.

Properties

Article ID: 2702674 - Last Review: May 31, 2013 - Revision: 6.0
Applies to
  • Microsoft Office 365 for enterprises (pre-upgrade)
  • Microsoft Office 365 for education  (pre-upgrade)
  • Microsoft Exchange Online
  • Microsoft Exchange Server 2010 Coexistence
  • Microsoft Exchange Server 2010 Enterprise
  • Microsoft Exchange Server 2010 Standard
  • Microsoft Exchange Server 2010 Service Pack 1
  • Microsoft Forefront Threat Management Gateway 2010 Enterprise
  • Microsoft Forefront Threat Management Gateway 2010 Standard
  • Microsoft Forefront Threat Management Gateway 2010 Service Pack 1
  • Microsoft Forefront Threat Management Gateway 2010 Service Pack 2
Keywords: 
o365 o365m o365e o365a o365062011 pre-upgrade hybrid o365022013 after upgrade KB2702674

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com