It's good to through the Exchange Hybrid test plan checklist before you start to migrate…
Exchange Hybrid calendar sharing not working
There is an Exchange Hybrid configuration between on-premises and Microsoft 365/Office 365. However, Exchange Hybrid calendar sharing only works from the cloud to on-premises. The on-premises users can’t share their calendars with Exchange Online users. It shows the error that the calendar could not be updated. Why is this happening, and what is the solution? In this article, we will look at the solution for Exchange Hybrid cross-premises calendar sharing not working.
Table of contents
Exchange on-premises calendar could not be updated
The Hybrid Configuration Wizard runs without any problems, and there is a hybrid configuration between on-premises and Microsoft 365/Office 365. Mail flow works as expected, but the problem is that the Exchange Hybrid cross-premises calendar sharing isn’t working as we did expect.
Let’s look at the below table which calendar sharing works and what doesn’t work in the Exchange Hybrid environment:
| Calendar Sharing | Status |
|---|---|
| Office 365 calendar sharing to on-premises | ✓ |
| Office 365 calendar sharing to Office 365 | ✓ |
| On-premises calendar sharing to on-premises | ✓ |
| On-premises calendar sharing to Office 365 | ☓ |
Why can’t Office 365 users see the Exchange on-premises calendars?
Only the on-premises users have problems with calendar sharing to Microsoft 365 users. Let’s check why this is happening and the solution to Exchange Hybrid cross-premises calendar sharing.
In our example, we have two user accounts that we will test this on:
- Testex (Exchange on-premises mailbox)
- Testexo (Exchange Online mailbox)
Calendar sharing Microsoft 365 to on-premises
Sign in to Outlook with the Exchange Online mailbox user (testexo). Next, click on the calendar icon.
Right-click the calendar and click on Properties.
Click on Permissions > Add.
Select All Users from the Address Book. Next, add the on-premises user (testex). Click OK.
Give Editor permissions to the on-premises user (testex). Click OK.
Check Microsoft 365 calendar from on-premises
Sign in to Outlook with the on-premises mailbox user (testex). Next, click on the calendar icon.
Right-click Other Calendars. Select Add Calendar > From Address Book….
Select All Users from the Address Book. Next, add the Exchange Online user (testexo). Click OK.
The Exchange Online user (testexo) calendar shows up.
In the next step, we will configure the calendar sharing the other way around.
Calendar sharing on-premises to Microsoft 365
Sign in to Outlook with the on-premises mailbox user (testex). Next, click on the calendar icon.
Right-click the calendar and click on Properties.
Click on Permissions > Add.
Select All Users from the Address Book. Next, add the Exchange Online user (testexo). Click OK.
Note: You will see that a red block icon appears on the Microsoft 365 users. It means that you can’t add them.
The Microsoft Outlook error appears:
One or more users cannot be added to the folder access list. Non-local users cannot be given rights on this server.
Check on-premises calendar from Microsoft 365
Sign in to Outlook with the Exchange Online mailbox user (testexo). Next, click on the calendar icon.
Right-click Other Calendars. Select Add Calendar > From Address Book….
Select All Users from the Address Book. Next, add the Exchange on-premises user (testex). Click OK.
The below error will appear in Outlook calendar:
Could not be updated.
The calendar doesn’t show up because we couldn’t add the Exchange Online user to the on-premises calendar in the previous step.
Solution to Exchange Hybrid calendar sharing not working
Ensure that you do upgrade to the latest Azure AD Connect and the latest Exchange Cumulative Update in the organization. That’s because Microsoft fixed bugs with cross-premises mailbox permissions in both releases.
Enable ACLable object synchronization in organization
The ACLableSyncedObjectEnabled parameter specifies whether remote mailboxes in hybrid environments are stamped as ACLableSyncedMailboxUser. By default, it’s disabled.
Check if ACLable object synchronization is enabled in the organization. Run Exchange Management Shell as administrator on your on-premises Exchange Server. Use the Get-OrganizationConfig cmdlet.
In our example, it’s disabled because the value shows as False.
[PS] C:\>Get-OrganizationConfig | ft Name,ACL*
Name ACLableSyncedObjectEnabled
---- --------------------------
EXOIP FalseEnable ACLable object synchronization with the Set-OrganizationConfig cmdlet including the -ACLableSyncedObjectEnabled parameter.
[PS] C:\>Set-OrganizationConfig -ACLableSyncedObjectEnabled $TrueAfter you do this, any mailboxes that you move to Microsoft 365/Office 365 will be properly configured to support delegated mailbox permissions. If mailboxes were moved to or created in Microsoft 365/Office 365 prior to you completing these steps, you’ll need to manually enable ACLs on those mailboxes using the steps below.
Enable ACLs on single mailbox
Enable ACLs on a single mailbox moved to or created in Microsoft 365/Office 365.
[PS] C:\>Get-AdUser "testexo" | Set-AdObject -Replace @{msExchRecipientDisplayType=-1073741818}Enable ACLs on all mailboxes
Enable ACLs on all mailboxes moved to or created in Microsoft 365/Office 365.
[PS] C:\>Get-RemoteMailbox -ResultSize Unlimited | where {$_.RecipientTypeDetails -eq "RemoteUserMailbox"} | ForEach {Get-AdUser -Identity $_.Guid | Set-ADObject -Replace @{msExchRecipientDisplayType=-1073741818}}Verify ACLs on mailboxes
Verify that the mailboxes have been successfully updated.
[PS] C:\>Get-RemoteMailbox -ResultSize unlimited | ForEach {Get-AdUser -Identity $_.Guid -Properties msExchRecipientDisplayType | Format-Table DistinguishedName,msExchRecipientDisplayType -Auto}Important: The msExchRecipientDisplayType value -1073741818 should only be set for user mailboxes, not for resource mailboxes.
Force sync Azure AD Connect
The last step is to force sync Azure AD Connect with PowerShell.
PS C:\> Start-ADSyncSyncCycle -PolicyType DeltaVerify calendar sharing cross-premises works
After the synchronization is run, let’s:
- Share on-premises mailbox calendar with Exchange Online user
- Add on-premises mailbox calendar to Exchange Online user
Share on-premises mailbox calendar with Exchange Online user
The on-premises mailbox user can now share the calendar with Microsoft 365/Office 365 user:
- Sign in to Outlook with the on-premises mailbox user (testex)
- Click on the calendar icon
- Right-click the calendar and click on Properties
- Click on Permissions > Add.
- Select All Users from the Address Book
- Add the Exchange Online user (testexo)
- Click OK
Note: The red block icons will not appear on the Microsoft 365 user mailboxes because of the previous changes. It means that you can add them.
Give Editor permissions to the Exchange Online user (testexo). Click OK.
The last step is to force sync Azure AD Connect with PowerShell.
PS C:\> Start-ADSyncSyncCycle -PolicyType DeltaAdd on-premises mailbox calendar to Exchange Online user
The Microsoft 365/Office 365 user can now add the on-premises calendar and have access to the calendar.
- Sign in to Outlook with the Exchange Online mailbox user (testexo)
- Click on the calendar icon
- Right-click Other Calendars > Add calendar > From Address Book…
- Select All Users from the Address Book
- Add the Exchange on-premises user (testex)
- Click OK
On-premises calendar shows successfully for Exchange Online users. Did it work for you?
Read more: Configure permissions in Exchange Hybrid »
Conclusion
You learned why Exchange Hybrid calendar sharing isn’t working from Exchange on-premises to Exchange Online. The solution to this problem is to enable ACLable object synchronization. After that, you can successfully share the on-premises calendar with Exchange Online users. As of last, add the on-premises calendar to the Exchange Online mailbox.
Did you enjoy this article? You may also like Manage calendar permissions in Office 365 with PowerShell. Don’t forget to follow us and share this article.
What Others Are Reading
HI Ali,
Great articles across the site. Have you come across in your hybrid testing where sharing a calendar from on-prem to a 365 mailbox via the “email calendar” share option throws this error message when you hit “accept” from the invite within the 365 mailbox “There was a problem connecting you to the shared calendar. Please ask the person who invited you to send another sharing invitation.”
Everything thus far on our hybrid testing works without error. Free/Busy both ways. Calendar sharing from 365 to on-prem without any errors. We are able to share via the permissions tab from the calendar on-prem and open the shared calendar via “Add Calendar – Open Shared Calendar”. This works without any issues. The email link and clicking accept is where we hit the above error. Where I’m going with all of this is how would we go about sharing an additional calendar that isn’t the default if you can’t accept the invitation via the email. I haven’t found a way to open a newly created non default calendar with a 365 mailbox user.
Thanks
Steve
Hi, Steve.
I would be interested to know about it if you ever find a solution to this. I too have been scouring the internet and have come up empty. Identical issue: Sharing default calendars works fine, but no way to accept invitations for non-default in Outlook365.
Jarrod
Hello,
If i can ask something. why i dont have MessageTrackingLog for messages that i send from powershell or script in powershell. I wrote script for powershell to send mail to multiple recipients from csv file. They all have receive mail but i have no MessageTrackingLog for that mails and i have ProtocolLog regulary.
Thank you.
Dragan
Hi Dragan,
It should show the messages in the message tracking log.
I assume you have set a default email address in the PowerShell script. So you can search for that email address in the message tracking log.
Run Exchange Management Shell on-premises and run below command (change the sender email “application@exoip.com” to yours):
I recommend to search message tracking logs in Exchange with the GUI tool.