Exchange Hybrid calendar sharing not working

There is an Exchange Hybrid configuration between on-premises and Microsoft 365/Office 365. However, Exchange Hybrid calendar sharing only works from the cloud to on-premises. The on-premises users can’t share their calendars with Exchange Online users. It shows the error that the calendar could not be updated. Why is this happening, and what is the solution? In this article, we will look at the solution for Exchange Hybrid cross-premises calendar sharing not working.

Table of contents

Exchange on-premises calendar could not be updated

The Hybrid Configuration Wizard runs without any problems, and there is a hybrid configuration between on-premises and Microsoft 365/Office 365. Mail flow works as expected, but the problem is that the Exchange Hybrid cross-premises calendar sharing isn’t working as we did expect.

Let’s look at the below table which calendar sharing works and what doesn’t work in the Exchange Hybrid environment:

Calendar SharingStatus
Office 365 calendar sharing to on-premises
Office 365 calendar sharing to Office 365
On-premises calendar sharing to on-premises
On-premises calendar sharing to Office 365

Why can’t Office 365 users see the Exchange on-premises calendars?

Only the on-premises users have problems with calendar sharing to Microsoft 365 users. Let’s check why this is happening and the solution to Exchange Hybrid cross-premises calendar sharing.

In our example, we have two user accounts that we will test this on:

  • Testex (Exchange on-premises mailbox)
  • Testexo (Exchange Online mailbox)

Calendar sharing Microsoft 365 to on-premises

Sign in to Outlook with the Exchange Online mailbox user (testexo). Next, click on the calendar icon.

Sign in Outlook with Exchange Online mailbox user

Right-click the calendar and click on Properties.

Exchange Online calendar properties

Click on Permissions > Add.

Add calendar permissions

Select All Users from the Address Book. Next, add the on-premises user (testex). Click OK.

Add Exchange on-premises user to calendar

Give Editor permissions to the on-premises user (testex). Click OK.

Set Editor permissions for Exchange on-premises user

Check Microsoft 365 calendar from on-premises

Sign in to Outlook with the on-premises mailbox user (testex). Next, click on the calendar icon.

Right-click Other Calendars. Select Add Calendar > From Address Book….

Add calendar to Exchange on-premises user

Select All Users from the Address Book. Next, add the Exchange Online user (testexo). Click OK.

Add Exchange Online user to calendar

The Exchange Online user (testexo) calendar shows up.

Exchange Online calendar viewable from on-premises user

In the next step, we will configure the calendar sharing the other way around.

Calendar sharing on-premises to Microsoft 365

Sign in to Outlook with the on-premises mailbox user (testex). Next, click on the calendar icon.

Sign in Outlook with Exchange on-premises mailbox user

Right-click the calendar and click on Properties.

Exchange on-premises calendar properties

Click on Permissions > Add.

Add calendar permissions

Select All Users from the Address Book. Next, add the Exchange Online user (testexo). Click OK.

Note: You will see that a red block icon appears on the Microsoft 365 users. It means that you can’t add them.

Add Exchange Online user to calendar

The Microsoft Outlook error appears:

One or more users cannot be added to the folder access list. Non-local users cannot be given rights on this server.

Non-local users cannot be given rights on this server

Check on-premises calendar from Microsoft 365

Sign in to Outlook with the Exchange Online mailbox user (testexo). Next, click on the calendar icon.

Right-click Other Calendars. Select Add Calendar > From Address Book….

Add calendar to Exchange Online user

Select All Users from the Address Book. Next, add the Exchange on-premises user (testex). Click OK.

Add Exchange on-premises user to calendar

The below error will appear in Outlook calendar:

Could not be updated.

The calendar doesn’t show up because we couldn’t add the Exchange Online user to the on-premises calendar in the previous step.

Exchange on-premises calendar could not be updated

Solution to Exchange Hybrid calendar sharing not working

Ensure that you do upgrade to the latest Azure AD Connect and the latest Exchange Cumulative Update in the organization. That’s because Microsoft fixed bugs with cross-premises mailbox permissions in both releases.

Enable ACLable object synchronization in organization

The ACLableSyncedObjectEnabled parameter specifies whether remote mailboxes in hybrid environments are stamped as ACLableSyncedMailboxUser. By default, it’s disabled.

Check if ACLable object synchronization is enabled in the organization. Run Exchange Management Shell as administrator on your on-premises Exchange Server. Use the Get-OrganizationConfig cmdlet.

In our example, it’s disabled because the value shows as False.

[PS] C:\>Get-OrganizationConfig | ft Name,ACL*

Name  ACLableSyncedObjectEnabled
----  --------------------------
EXOIP                      False

Enable ACLable object synchronization with the Set-OrganizationConfig cmdlet including the -ACLableSyncedObjectEnabled parameter.

[PS] C:\>Set-OrganizationConfig -ACLableSyncedObjectEnabled $True

After you do this, any mailboxes that you move to Microsoft 365/Office 365 will be properly configured to support delegated mailbox permissions. If mailboxes were moved to or created in Microsoft 365/Office 365 prior to you completing these steps, you’ll need to manually enable ACLs on those mailboxes using the steps below.

Enable ACLs on single mailbox

Enable ACLs on a single mailbox moved to or created in Microsoft 365/Office 365.

[PS] C:\>Get-AdUser "testexo" | Set-AdObject -Replace @{msExchRecipientDisplayType=-1073741818}

Enable ACLs on all mailboxes

Enable ACLs on all mailboxes moved to or created in Microsoft 365/Office 365.

[PS] C:\>Get-RemoteMailbox -ResultSize Unlimited | where {$_.RecipientTypeDetails -eq "RemoteUserMailbox"} | ForEach {Get-AdUser -Identity $_.Guid | Set-ADObject -Replace @{msExchRecipientDisplayType=-1073741818}}

Verify ACLs on mailboxes

Verify that the mailboxes have been successfully updated.

[PS] C:\>Get-RemoteMailbox -ResultSize unlimited | ForEach {Get-AdUser -Identity $_.Guid -Properties msExchRecipientDisplayType | Format-Table DistinguishedName,msExchRecipientDisplayType -Auto}

Important: The msExchRecipientDisplayType value -1073741818 should only be set for user mailboxes, not for resource mailboxes.

Force sync Azure AD Connect

The last step is to force sync Azure AD Connect with PowerShell.

PS C:\> Start-ADSyncSyncCycle -PolicyType Delta

Verify calendar sharing cross-premises works

After the synchronization is run, let’s:

  1. Share on-premises mailbox calendar with Exchange Online user
  2. Add on-premises mailbox calendar to Exchange Online user

Share on-premises mailbox calendar with Exchange Online user

The on-premises mailbox user can now share the calendar with Microsoft 365/Office 365 user:

  • Sign in to Outlook with the on-premises mailbox user (testex)
  • Click on the calendar icon
  • Right-click the calendar and click on Properties
  • Click on Permissions > Add.
  • Select All Users from the Address Book
  • Add the Exchange Online user (testexo)
  • Click OK

Note: The red block icons will not appear on the Microsoft 365 user mailboxes because of the previous changes. It means that you can add them.

Add Exchange Online user to calendar

Give Editor permissions to the Exchange Online user (testexo). Click OK.

Set Editor permissions for Exchange Online user

The last step is to force sync Azure AD Connect with PowerShell.

PS C:\> Start-ADSyncSyncCycle -PolicyType Delta

Add on-premises mailbox calendar to Exchange Online user

The Microsoft 365/Office 365 user can now add the on-premises calendar and have access to the calendar.

  • Sign in to Outlook with the Exchange Online mailbox user (testexo)
  • Click on the calendar icon
  • Right-click Other Calendars > Add calendar > From Address Book…
  • Select All Users from the Address Book
  • Add the Exchange on-premises user (testex)
  • Click OK
Exchange on-premises calendar viewable from Exchange Online user

On-premises calendar shows successfully for Exchange Online users. Did it work for you?

Read more: Configure permissions in Exchange Hybrid »

Conclusion

You learned why Exchange Hybrid calendar sharing isn’t working from Exchange on-premises to Exchange Online. The solution to this problem is to enable ACLable object synchronization. After that, you can successfully share the on-premises calendar with Exchange Online users. As of last, add the on-premises calendar to the Exchange Online mailbox.

Did you enjoy this article? You may also like Manage calendar permissions in Office 365 with PowerShell. Don’t forget to follow us and share this article.

ALI TAJRAN

ALI TAJRAN

ALI TAJRAN is a passionate IT Architect, IT Consultant, and Microsoft Certified Trainer. He started Information Technology at a very young age, and his goal is to teach and inspire others. Read more »

X TwitterLinkedIn

What Others Are Reading

This Post Has 10 Comments

  1. Hi, I have a hybrid config with exchange 2016 and basically calendar sharing is working so far, that an o365 user can see the calendar shared by an on-remember user. But it’s only the default calendar possible to share, not a second, manually created calendar.
    I think it’s because the calendar is not visible in any address book / GAL.
    Is it basically possible to share and to connect to a different than the default calendar?
    Thanks in advance, I hope you find some time to answer 😉
    best regards, Erik

    Reply

  2. We are in hybrid and a recently created equipment calendar has standard Properties > Permissions Share features, yet all other Owners see blank. I used another machine today and now I see blank. The good Share view on my original laptop shows a MAPI calendar. All other Owners and my second laptop shows a REST calendar. Do I have to upgrade an Office version or downgrade an EXO calendar?

    Reply

  3. If we do change Set-OrganizationConfig “ACLableSyncedObjectEnabled $True”, what about going forward when we do a company migration to M365. You mentioned “Important: The msExchRecipientDisplayType value -1073741818 should only be set for user mailboxes, not for resource mailboxes.” we have shared mailboxes and resource mailboxes setup in our on-prem. Isnt leaving -“ACLableSyncedObjectEnabled $True” automatically label those -1073741818 ?

    Reply

  4. Hi Ali,

    This looks very useful in resolving issues we’ve had with some of few users still on-prem in our hybrid situation.

    But on this command:
    [PS] C:\>Get-RemoteMailbox -ResultSize Unlimited | where {$_.RecipientTypeDetails -eq “RemoteUserMailbox”} | ForEach {Get-AdUser -Identity $_.Guid | Set-ADObject -Replace @{msExchRecipientDisplayType=-1073741818}}

    When you add the note “The msExchRecipientDisplayType value -1073741818 should only be set for user mailboxes, not for resource mailboxes,” does the above command need to be amended to exclude resource mailboxes (I’m not PShell-fluent, sorry)? Thanks!

    Reply

  5. HI Ali,

    Great articles across the site. Have you come across in your hybrid testing where sharing a calendar from on-prem to a 365 mailbox via the “email calendar” share option throws this error message when you hit “accept” from the invite within the 365 mailbox “There was a problem connecting you to the shared calendar. Please ask the person who invited you to send another sharing invitation.”

    Everything thus far on our hybrid testing works without error. Free/Busy both ways. Calendar sharing from 365 to on-prem without any errors. We are able to share via the permissions tab from the calendar on-prem and open the shared calendar via “Add Calendar – Open Shared Calendar”. This works without any issues. The email link and clicking accept is where we hit the above error. Where I’m going with all of this is how would we go about sharing an additional calendar that isn’t the default if you can’t accept the invitation via the email. I haven’t found a way to open a newly created non default calendar with a 365 mailbox user.

    Thanks
    Steve

    Reply

    1. Hi, Steve.

      I would be interested to know about it if you ever find a solution to this. I too have been scouring the internet and have come up empty. Identical issue: Sharing default calendars works fine, but no way to accept invitations for non-default in Outlook365.

      Jarrod

      Reply

  6. Hello,

    If i can ask something. why i dont have MessageTrackingLog for messages that i send from powershell or script in powershell. I wrote script for powershell to send mail to multiple recipients from csv file. They all have receive mail but i have no MessageTrackingLog for that mails and i have ProtocolLog regulary.

    Thank you.

    Dragan

    Reply

    1. Hi Dragan,

      It should show the messages in the message tracking log.

      I assume you have set a default email address in the PowerShell script. So you can search for that email address in the message tracking log.

      Run Exchange Management Shell on-premises and run below command (change the sender email “application@exoip.com” to yours):

      Get-TransportService | Get-MessageTrackingLog -wa 0 -Sender "application@exoip.com" | where {$_.sender -notmatch "HealthMailbox" -and $_.recipients -notmatch "Health"}

      I recommend to search message tracking logs in Exchange with the GUI tool.

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *