Hi,
I am configuring Hybrid configuration for Exchange 2010 SP3 (on-prem) to Office 365 (v15).
The HCW fails with the following error
ERROR:Updating hybrid configuration failed with error 'Subtask Configure execution failed: Creating Organization Relationships.
Execution of the Get-FederationInformation cmdlet had thrown an exception. This may indicate invalid parameters in your Hybrid Configuration settings.
My reading around this points to several possibel causes - all of which I have checked and appear to be acceptable:
1. authentication on autodiscovervirtualdirectory not configured to allow WSSecurityAuthentication. Im my case this is set to Ture on the Hybrid server
- WSSecurityAuthentication : True
2. Exchange is published using ISA. An additional rule is required to allow unauthentiocated access to autodiscover adn EWS subdirectories.
/ews/mrsproxy.svc
/ews/exchange.asmx/wssecurity
/autodiscover/autodiscover.svc/wssecurity
/autodiscover/autodiscover.svc
This has been created.
3. Autodiscover DNS record in External DNS.
This has been in palce for some time. Running the Remote Connectivity Test is successful for autodiscover and availability information.
4. Testing with Get-FederationInformation -domainname xxxxxx.com.au -verbose fails
The response is posted below: (I have changed the domain anme to mXXXXX.com.au)
[PS] C:\Windows\system32>Get-FederationInformation -DomainName mXXXXXX.com.au -Verbose
VERBOSE: [06:35:26.177 GMT] Get-FederationInformation : Active Directory session settings for
'Get-FederationInformation' are: View Entire Forest: 'False', Default Scope: 'mXXXXXX.com', Configuration Domain
Controller: 'dc1.mXXXXXX.com', Preferred Global Catalog: 'dc2.mXXXXXX.com', Preferred Domain Controllers: '{
dc2.mXXXXXX.com }'
VERBOSE: [06:35:26.193 GMT] Get-FederationInformation : Runspace context: Executing user: mXXXXXX.com/XXXX/Users/Robert
Chung, Executing user organization: , Current organization: , RBAC-enabled: Enabled.
VERBOSE: [06:35:26.193 GMT] Get-FederationInformation : Beginning processing &
VERBOSE: [06:35:26.209 GMT] Get-FederationInformation : Current ScopeSet is: { Recipient Read Scope: {{, }}, Recipient
Write Scopes: {{, }}, Configuration Read Scope: {{, }}, Configuration Write Scope(s): {{, }, }, Exclusive Recipient
Scope(s): {}, Exclusive Configuration Scope(s): {} }
VERBOSE: [06:35:26.209 GMT] Get-FederationInformation : Resolved current organization: .
VERBOSE: [06:35:26.209 GMT] Get-FederationInformation : Using the following trusted host names: *.outlook.com.
VERBOSE: [06:35:26.224 GMT] Get-FederationInformation : The discovery process returned the following results:
Type=Failure;Url=https://autodiscover.mXXXXXX.com.au/autodiscover/autodiscover.svc;Exception=Domain isn't
federated.;Details=(Type=Success;Url=https://autodiscover.mXXXXXX.com.au/autodiscover/autodiscover.svc;);
.
Federation information could not be received from the external organization.
+ CategoryInfo : NotSpecified: (:) [Get-FederationInformation], GetFederationInformationFailedException
+ FullyQualifiedErrorId : AA396F1E,Microsoft.Exchange.Management.SystemConfigurationTasks.GetFederationInformation
VERBOSE: [06:35:26.240 GMT] Get-FederationInformation : Ending processing &
Does anyone have any ideas?
When we we check the ISA firewall logs we cannot see the request being dropped (or allowed through). Appreciate any assistance.
Cheers