Fixing the "Remote Server Returned an Error (403) Forbidden" During Mailbox Migration to Exchange Online

Fixing the "Remote Server Returned an Error (403) Forbidden" During Mailbox Migration to Exchange Online

Md Sajid Hossain Md Sajid Hossain

Md Sajid Hossain

Microsoft 365 Solutions Architect | Cloud Security Expert | Systems Administrator | Aspiring DevOps Engineer | Network & Security Enthusiast

发布日期: 2025年3月10日
+ 关注

If you’re managing a hybrid Exchange environment and encounter the "Remote Server Returned an Error (403) Forbidden" while moving mailboxes to Exchange Online, you’re not alone. This error often occurs during mailbox migrations and can be caused by a disabled Mailbox Replication Proxy (MRS Proxy) service. Let’s break down the symptoms, causes, and how to resolve this issue.

Symptoms

When attempting to move mailboxes from an on-premises Exchange Server to Exchange Online, the operation fails with one of the following errors:

  • In the Exchange Admin Center:

The connection to the server 'mail.<DomainName>.com' could not be completed.

  • In Exchange Online PowerShell:

The call to 'https://mail.<DomainName>.com/EWS/mrsproxy.svc' failed. Error details: The HTTP request was forbidden with client authentication scheme 'Negotiate'. The remote server returned an error: (403) Forbidden.

Root Cause

The issue typically occurs because the MRS Proxy service in the EWS (Exchange Web Services) virtual directory is disabled. This can happen in two scenarios:

  1. MRSProxy is explicitly disabled: Running the Get-WebServicesVirtualDirectory cmdlet shows MRSProxyEnabled : False.
  2. MRSProxy appears enabled but is functionally disabled: The cmdlet shows MRSProxyEnabled : True, but the Application log in Event Viewer contains Event 1309 with the message: MRS proxy service is disabled.

How to Fix It

Option 1: Enable MRSProxy

  • Open the Exchange Management Shell.
  • Run the following command to enable MRSProxy:

领英推荐

Set-WebServicesVirtualDirectory "<ServerName>\EWS (Default Web Site)" -MRSProxyEnabled $true

  • Restart Internet Information Services (IIS) using the iisreset command.

Option 2: Disable and Re-enable MRSProxy

  • Open the Exchange Management Shell.
  • Run the following command to disable MRSProxy:

Set-WebServicesVirtualDirectory "<ServerName>\EWS (Default Web Site)" -MRSProxyEnabled $false

  • Wait a few minutes, then re-enable MRSProxy:

Set-WebServicesVirtualDirectory "<ServerName>\EWS (Default Web Site)" -MRSProxyEnabled $true

  • Restart Internet Information Services (IIS) using the iisreset command.

Final Thoughts

The 403 Forbidden error during mailbox migrations can be frustrating, but it’s often caused by a simple misconfiguration of the MRS Proxy service. By enabling or re-enabling MRSProxy and restarting IIS, you can resolve the issue and get your migration back on track.

If you’ve encountered this error and found additional solutions, feel free to share your insights in the comments. Let’s collaborate to make Exchange migrations smoother for everyone.

See more information: Enable the MRS Proxy endpoint for remote moves

#ExchangeOnline #Microsoft365 #HybridExchange #ITSupport #TechTips #MailboxMigration #403Forbidden

要查看或添加评论,请登录

Md Sajid Hossain的更多文章

社区洞察

其他会员也浏览了