When you try to run the Hybrid Configuration Wizard (HCW) to configure Threat Management Gateway (TMG) in Microsoft Office 365, you receive the following error message:
HCW failing with HTTP error 405 "Method not allowed"
This issue occurs if TMG is set for pre-authentication.
To resolve this issue, set the TMG rule authentication to the No Delegation, but client may authenticate directly option. To do this, follow these steps.
Step 1: Create a new TMG rule for use with the hybrid components
To create a new TMG rule for use with the hybrid components, follow these steps:
In the Microsoft Forefront Threat Management Gateway Console, right-click Firewall Policy in the tree on the left side.
Point to New, and then click Web Site Publishing Rule.
On the Welcome to the New Web Publishing Rule Wizard page, type a name for the rule, and then click Next.
On the Select Rule Action page, click Allow, and then click Next.
On the Publishing Type page, select the appropriate option, and then click Next. For example, you might select the Publish a single Web site or load balancer option, as follows:
On the Server Connection Security page, click Use SSL to connect to the published Web server or server farm, and then click Next.
On the Internal Publishing Details page, enter the correct site name and IP address, as in the following example. If you're not sure what to enter here, see the current Exchange publishing rule. After you enter the site name and IP address, click Next.
On the Internal Publishing Details page, leave the default, and then click Next. The paths will be configured later in the configuration process.
On the Public Name Details page, make sure that the external website names for Exchange Web Services (EWS) are listed, and then click Next. In the following example, the external website name is mail.contoso.com.
On the Select Web Listener page, select the listener that is used for the regular Exchange rule from the Web listener list, and then click Next.
On the Authentication Delegation page, select the No Delegation, but client may authenticate directly option, and then click Next.
On the Select User Sets page, click All Users, and then click Next.
Step 2: Change the paths and the public names of the newly created rule
You must locate the properties of the newly created rule and then change the paths and the public names in the rule. To do this, follow these steps:
In the TMG management interface, right-click the newly created rule, and then click Properties.
On the Public Names tab, add the autodiscover external URL (for example, autodiscover.contoso.com), and then click Apply.
On the Paths tab, add the following paths, and then click Apply.
Note Make sure that you remove the default /* path.
Make sure that this new rule is displayed above the primary Exchange rule in the list. To do this, right-click the rule, click Move Up until the rule is above the primary Exchange rule, and then click Apply.
For more information about how to configure the TMG rule, go to the following Microsoft website: