The Exchange SP2 Hybrid Configuration Wizard simplified the Office 365 configuration steps massively, however it may not work behind a proxy server.
The proxy server settings in Internet Explorer are often used by programs attempting to find a route to the internet; however this does not guarantee internet access to all installed software.
Exchange 2010 very often assumes a “direct connection”, which does not imply that Exchange is connected directly to the internet, but that it is able to connect without hinderance.
Modern firewall software and proxy servers can very often accommodate this scenario, however this article deals with the scenario where this may not be possible at all, and the assumed connection fails outright.
The Exchange SP2 Hybrid Configuration Wizard runs in the same context as the system and thereby assumes that it can connect directly to the internet, as well as blatantly ignoring all Internet Explorer Proxy Settings.
The Hybrid Configuration Wizard does a number of things when it first starts up. First it generates a new Self Signed Certificate for the federation trust. No internet connectivity required there. All subsequent steps, including the creation of the federation trust to the Microsoft Federation Gateway fail immediatelly.
Starting with Server 2008 a number of network configuration settings are resolved best using NETSH. The same applies here.
NETSH is a command line utility able to modify a server or workstation network configuration, without requiring a GUI, and setting or resolving configuration items which cannot be set in a Windows GUI.
NETSH may be run interactively or as a command line utility. From a command prompt type NETSH and hit Enter. The following commands run in sequence will show NETSH running interactively as well as displaying the systems proxy settings.
The same may be achieved using a one liner from the command prompt:
netsh winhttp show proxy
Setting the proxy server is just as simple as querying it.
winhttp set proxy proxy.nbclabs.net:8080 <local>
Adding the <local> parameter at the end bypasses the proxy for local addresses. If <local> is omitted, all calls are routed via the proxy, including local PowerShell.
The internet Explorer proxy settings may be imported as follows:
netsh winhttp import proxy source=ie
Lastly proxy settings may be cleared using:
netsh winhttp reset proxy
Assuming the proxy settings are correct, the New Hybrid Configuration Wizard may be run again and connects to the internet successfully.
I hope that this little piece of knowledge helps save you some time in troubleshooting your environment.