Wednesday, March 2, 2016

Federation Information Could not be received from the External Organization –Exchange 2010-Office 365

Issue:

Last week, i was setting up the Exchange Federation one of my Exchange on premises to Office 365 for setting up free busy and more..
I have followup all Microsoft recommendation as usual to create the federation trust, everything seems fine, i have created TXT record in external DNS and update the federation proof, updated autodiscover url and create the rules in reverse proxy.

When i came back to my  on-premises Exchange server and tried to get the federation information for new domain and it was RED.


Workaround 

After getting the error, i have started troubleshooting step by steps:

1. First of all i verified the Telnet and found it is working fine with port 443.

2. Second step  "WSSecurityAuthentication"  is enabled(True) is not, i have checked on  virtual directory with following cmdlet:


Get-AutodiscoverVirtualDirectory | Fl *wssecurity* 
It was true on server
If in case if it is not true use following command to set 
Set-AutodiscoverVirtualDirectory "MBX\Autodiscover (Default Web Site)" –WSSecurityAuthentication:$true

3. Third steps verify the Autodiscover URL working or not 
Use a browser from external world, you have to make sure it opens a credential prompt.

4. Next steps If Get-FederationInformation -DomainName Test.com failed on internal server and working on external server than you have  verify “autodiscover.tech.com” is pinging 

5. Fifth step is to verify MRSPRoxy is enabled or not with following cmdlet :
Get-WebServicesVirtualDirectory | fl *mrs*
If it is not set use below cmdlet
Set-WebServicesVirtualDirectory "MBX\EWS (Default Web Site)" -MRSProxyEnabled:$true
6. Final you have to verify the Authentication in Autodiscover directory in IIS, it should not Kerberos.

In mine case it was authentication issues in IIS directory, once i change issues got solved.

Hope it will help you for Federation troubleshooting.
Cheers!

No comments:

Post a Comment