Updating hybrid configuration failed with error ‘Subtask CheckPrereqs execution failed:Check Tenant Prerequisites’

I came across this error when running the Hybrid Configuration Wizard on my Exchange Server 2013 SP1 server. Detailed error :

Subtask CheckPrereqs execution failed: Check Tenant Prerequisites
Deserialization fails due to one SerializationException: Microsoft.Exchange.Compliance.Serialization.Formatters.BlockedTypeException: The type to be (de)serialized is not allowed:

Towards the end of the error, it asked to view the Hybrid Configuration log for more information. You can find the log in the following location of your Exchange 2013 server : C:\Program Files\Microsoft\Exchange Server\V15\Logging\Update-HybridConfiguration.

Upon searching on the issue, I came across a Microsoft article that says this issue occurs due to a recent change in Microsoft’s Exchange Online environment that prevents the Exchange 2013 HCW to run correctly. The issue can be resolved by installing the latest cumulative update. In my environment I had to download the CU6 update to resolve this issue.

Reference : https://support.microsoft.com/en-us/help/2988229/-subtask-checkprereqs-execution-failed-error-in-hybrid-configuration-wizard-for-exchange-server-2013

 

Converting an Office 365 Federated domain to Managed

My existing azure lab has an Exchange 2010 Hybrid set up with ADFS for single sign-on. I am planning to remove ADFS from the environment and use password sync instead.

First I should check if password sync is already enabled or not. I can check and confirm this from the Azure AD Connect application. Launch AAD Connect tool and check the current configuration :

To check the status of the domain you can use the following commands, once connected to Exchange Online using powershell:

Connect-MsolService -Credential $cred

Get-MsolDomain

The output will be similar to the below screenshot:

new1

As you can see above, the domain ‘anishjohnes.ga‘ is ‘Federated’.

If you go to ADFS management -> Relaying Party Trust, you will notice a trust already set up with MS Office 365.

dom1

Now to convert the domain to ‘Managed’ execute the below command :

Convert-MsolDomainToStandard -DomainName <String> -PasswordFile <String>              -SkipUserConversion <Boolean>  [-Confirm] [-WhatIf] [<CommonParameters>]

dom

Once the domain is converted to ‘Managed’ single sign-on will be no longer applicable, instead same sign-on will be applied. The trust with Microsoft Office 365 will be removed from Relaying Party Trust as well.