"HCW failing with HTTP error 405 'Method not allowed'" error when you try to configure TMG by using the Hybrid Configuration Wizard in Office 365

Article translations Article translations
Article ID: 2821214 - View products that this article applies to.
Expand all | Collapse all

On This Page

PROBLEM

When you try to run the Hybrid Configuration Wizard (HCW) to configure Threat Management Gateway (TMG) in Microsoft Office 365, you receive the following error message:
HCW failing with HTTP error 405 "Method not allowed"

CAUSE

This issue occurs if TMG is set for pre-authentication.

SOLUTION

To resolve this issue, set the TMG rule authentication to the No Delegation, but client may authenticate directly option. To do this, follow these steps.

Step 1: Create a new TMG rule for use with the hybrid components

To create a new TMG rule for use with the hybrid components, follow these steps:
  1. In the Microsoft Forefront Threat Management Gateway Console, right-click Firewall Policy in the tree on the left side.
  2. Point to New, and then click Web Site Publishing Rule.

    Collapse this imageExpand this image
    A screen shot of Forefront Threat Management Gateway Console, showing steps 1 and 2
  3. On the Welcome to the New Web Publishing Rule Wizard page, type a name for the rule, and then click Next.

    Collapse this imageExpand this image
    A screen shot of the Welcome to the New Web Publishing Rule Wizard, showing the Web publishing rule name box
  4. On the Select Rule Action page, click Allow, and then click Next.

    Collapse this imageExpand this image
    A screen shot showing the Allow option is selected
  5. On the Publishing Type page, select the appropriate option, and then click Next. For example, you might select the Publish a single Web site or load balancer option, as follows:

    Collapse this imageExpand this image
    A screen shot of the Publishing Type page, showing the Publish a single Web site or load balancer option is selected
  6. On the Server Connection Security page, click Use SSL to connect to the published Web server or server farm, and then click Next.

    Collapse this imageExpand this image
    A screen shot of the Server Connection Security page, showing the Use SSL to connect to the published Web server or server farm option is selected
  7. On the Internal Publishing Details page, enter the correct site name and IP address, as in the following example. If you're not sure what to enter here, see the current Exchange publishing rule. After you enter the site name and IP address, click Next.

    Collapse this imageExpand this image
    A screen shot of the Internal Publishing Details page, showing the site name and IP address are entered
  8. On the Internal Publishing Details page, leave the default, and then click Next. The paths will be configured later in the configuration process.

    Collapse this imageExpand this image
    A screen shot of the Internal Publishing Details page
  9. On the Public Name Details page, make sure that the external website names for Exchange Web Services (EWS) are listed, and then click Next. In the following example, the external website name is mail.contoso.com.

    Collapse this imageExpand this image
    A screen shot of the Public Name Details page, showing the external website names are listed
  10. On the Select Web Listener page, select the listener that is used for the regular Exchange rule from the Web listener list, and then click Next.

    Collapse this imageExpand this image
    A screen shot of the Select Web Listener page, showing the Web listener is selected
  11. On the Authentication Delegation page, select the No Delegation, but client may authenticate directly option, and then click Next.

    Collapse this imageExpand this image
    A screen shot of the Authentication Delegation page, showing the No Delegation, but client may authenticate directly option is selected
  12. On the Select User Sets page, click All Users, and then click Next.

    Collapse this imageExpand this image
    A screen shot of User Sets page, showing the All Users option
  13. Click Finish.

Step 2: Change the paths and the public names of the newly created rule

You must locate the properties of the newly created rule and then change the paths and the public names in the rule. To do this, follow these steps:
  1. In the TMG management interface, right-click the newly created rule, and then click Properties.
  2. On the Public Names tab, add the autodiscover external URL (for example, autodiscover.contoso.com), and then click Apply.

    Collapse this imageExpand this image
    A screen shot of the Public Names tab of the hybrid Properties dialog box
  3. On the Paths tab, add the following paths, and then click Apply.
    • /ews/mrsproxy.svc
    • /ews/exchange.asmx/wssecurity
    • /autodiscover/autodiscover.svc/wssecurity
    • /autodiscover/autodiscover.svc

    Note Make sure that you remove the default /* path.

    Collapse this imageExpand this image
    A screen shot of the Path tab of the hybrid Properties dialog box
  4. Make sure that this new rule is displayed above the primary Exchange rule in the list. To do this, right-click the rule, click Move Up until the rule is above the primary Exchange rule, and then click Apply.


MORE INFORMATION

For more information about how to configure the TMG rule, go to the following Microsoft website:
How to configure TMG for Office 365 (Exchange) hybrid deployments

Still need help? Go to the Office 365 Community website.

Properties

Article ID: 2821214 - Last Review: June 3, 2014 - Revision: 7.0
Applies to
  • Microsoft Exchange Online
Keywords: 
o365e o365a o365m o365022013 hybrid kbgraphxlink kbgraphic KB2821214

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com