Compliance/ELCComponent_LastSuccessTooLongAgo

On scom 2016 monitoring server below alert was raised for some mailboxes on Exchange 2016. Exchange 2016 is hybrid configured Exchange Online, and mailbox moves are done frequently between on-premise and Exchange Online.

Full alert description from scom:-

Probe: {Compliance/ELCComponent_LastSuccessTooLongAgo}
Mailbox guid: {d5xxe174-xxxxxx-b5d8-324xxxx5d93}
In Org: {}
Is archive: {IsArchiveMailbox = False}
With stack trace: {The difference: 7.89530321780208 days between today: 11/26/2021 8:41:11 AM and the date of last successful ELC run: 11/18/2021 11:11:57 AM for mailbox: d56be174-5c84-40d5-b5d8-32470b3f5d93 is above the threshold: 7; Exception message: Microsoft.Exchange.MailboxAssistants.Assistants.ELC.ElcEwsException.ArchiveExchangeWebServiceNotAvailable.}
Get last ELC exception from Export-MailboxDiagnosticLogs -Component MRM then statistics with -ExtendedProperties and look at all ELC properties, specifically the value of ELCLastSuccessTimestamp. If mailbox is Archive use -Archive.

My client had a few mailboxes moved from Office365 to On-premise Exchange with exchange online archiving still active on them, but the on-premise exchange mailbox servers are not internet facing. Proxy is used on them.

So, If you run the command suggested by SCOM

Export-MailboxDiagnosticLogs -Identity Mailboxname -ComponentName MRM

You will see the full error, but look closely at the exception warning:-

ELC EWS failed with error type: ‘ArchiveExchangeWebServiceNotAvailable’. Message: Archive EWS url is
unknown
.

You can verify an on-premise mailbox who has exchange online archiving enabled using these commands as shown on Microsoft docs: – https://docs.microsoft.com/en-us/exchange/hybrid-deployment/create-cloud-based-archive#step-2-verify-that-the-cloud-based-archive-mailbox-is-created

note the archiveguid and archivename properties

since my exchange servers are not internet facing, exchange online archiving on-premise will not work as intended, and as such I get hit with the error ArchiveExchangeWebServiceNotAvailable.

Further digging on the matter, I found below articles one from Microsoft support https://support.microsoft.com/en-us/topic/mrm-does-not-work-for-mailboxes-that-have-an-online-archive-mailbox-in-exchange-server-4aa026c9-81d1-219e-2209-b3ba2e792282 and another reported by someone who faced similar error, article on technet:- ELC EWS failed with error type: ‘ArchiveExchangeWebServiceNotAvailable’ (microsoft.com),

The article from Microsoft support is pretty clear on why you have error:-

You configure a server that is running Exchange Server to use a proxy to connect to Office 365 (without a direct access).

Cause
This issue occurs because the web proxy is not set when the server that is running Exchange Server tries to connect to Office 365. Therefore, the cloud-based archive mailbox cannot be found by Exchange Server, and MRM stops processing the mailbox.

in conclusion you need to enable firewall direct access from your exchange server to exchange online port 443 for exchange online archiving to function properly. Depending on your situation if you rather want to use on-premise mailbox exchange online archiving you will have to follow documentation on Microsoft docs to have it running properly, in my case we don’t have a need for that. I hope this article helps you out.