I have confirmed With Microsoft that there are significant bugs in Exchange 2013 Cumulative Update 6 for hybrid customers.
Update #1: Microsoft just published a new article, Exchange Server 2013 databases unexpectedly fail over in a co-existence environment with Exchange Server 2007, which describes a different issue where Exchange 2013 databases unexpectedly fail over between the nodes of database availability groups. A hotfix is available for this issue, but you have to call Microsoft Support to get it.
Update #2: Microsoft just published another new article, Exchange Online mailboxes cannot be managed by using EAC after you deploy Exchange Server 2013 CU6, which provides a script that fixes the problems described in this article. Thankfully, you do not need to contact Microsoft Support to obtain the script, but you do need to configure PowerShell script execution to run it and you should know script resets IIS without prompting. Run “Set-ExecutionPolicy -ExecutionPolicy unrestricted” to allow the script to run.
Hybrid deployments are used to bridge the gap between Exchange on-premises and Office 365. An Exchange hybrid server is used as the on-prem MRS endpoint for mailbox moves to Office 365, provides rich coexistence (free/busy sharing), and provides encrypted TLS mail flow between on-prem and Office 365.
Both Exchange 2010 and Exchange 2013 support hybrid servers. If the on-prem environment is Exchange 2010, the existing Exchange 2010 Hub/CAS servers can be used as hybrid servers, or new Exchange 2013 servers can be deployed. Exchange 2007 customers must deploy at least one new hybrid server and they usually deploy Exchange 2013.
Microsoft has maintained that customers will always be able to manage their hybrid environments from on-prem. Hybrid servers are supposed to bridge the administrative gap, providing a single pane of glass through which customers can manage both on-prem and Exchange Online environments.
That was until Exchange 2013 CU6…
With CU6, admins can no longer use the Exchange Admin Center (EAC) to create new Office 365 mailboxes, move mailboxes to Exchange Online, or create In-Place Archive mailboxes. Admins either need to use the Exchange Management Shell (EMS) or logon to the Office 365 Portal to perform these actions. In addition, when you click the Office 365 tab it normally takes you to the Office 365 signon portal so you can manage your Office 365 tenant Instead, it opens a new website for the Office 365 marketing page. These are huge problems for most hybrid customers and there’s no mention of this anywhere in the CU6 release notes.
Here’s the experience in Exchange 2013 CU5:
|CU5 – Create New Office 365 Mailbox|
|CU5 – Move Mailbox to Exchange Online|
|CU5 – Create In-Place Archive Online|
|CU6 – Admins Can Only Create On-Prem Mailboxes|
|CU6 – Admins Can Only Move Mailboxes to Another On-Prem Mailbox|
|CU6 – Admins Can Only Create On-Prem Archive Mailboxes|
And here’s what Admins see when they click the Office 365 tab in the EAC:
|CU6 – Office 365 Tab|
I expect Microsoft to publish an article soon regarding these bugs, but with a long Labor Day weekend ahead of us I wouldn’t expect anything sooner that Tuesday. I do expect that CU7 will correct these bugs. In the meantime, I recommend that hybrid customers do not deploy CU6 at this time. If you’ve already deployed CU6 in your environment, there’s no way to role back.