No one has responded to this discussion for at least a year, so this information may be out of date. If you're looking for information about this topic, please search for a more recent discussion or post a new question.

Manage Hybrid Configuration Error - Federation information could not be received from the external organization

This question has suggested answer(s) This question has suggested answer(s)

Trying to figure out the what part is failing on this.  Below is the error message from MHCW and the log file. It looks like the first error in the log is:

ERROR:System.Management.Automation.RemoteException: This operation is not available in current service offer.

 

The second error:

ERROR:System.Management.Automation.RemoteException: Federation information could not be received from the external organization.

 

I don't know where to go from here to get this fixed.

 

Any help would be greatly appreciated.

 

Error:

Summary: 2 item(s). 1 succeeded, 1 failed.
Elapsed time: 00:04:05

Set-HybridConfiguration
Completed

Exchange Management Shell command completed:
Set-HybridConfiguration -Features 'MoveMailbox','OnlineArchive','FreeBusy','Mailtips','MessageTracking','OwaRedirection','SecureMail','CentralizedTransport' -Domains 'wsn.us.com' -ClientAccessServers 'S010' -TransportServers 'S010' -ExternalIPAddresses '209.32.89.187' -OnPremisesSmartHost 'mail.wsn.us.com' -SecureMailCertificateThumbprint '59B2A34A607E66305DADED7217EBFA5D49C351AE'

Elapsed Time: 00:00:00

Update-HybridConfiguration
Failed

Error:
Updating hybrid configuration failed with error 'Subtask Configure execution failed: Creating Organization Relationships.

Execution of the Get-FederationInformation cmdlet had thrown an exception. This may indicate invalid parameters in your Hybrid Configuration settings.

Federation information could not be received from the external organization.
   at Microsoft.Exchange.Management.Hybrid.RemotePowershellSession.RunCommand(String cmdlet, Dictionary`2 parameters, Boolean ignoreNotFoundErrors)
'.

Additional troubleshooting information is available in the Update-HybridConfiguration log file located at C:\Program Files\Microsoft\Exchange Server\V14\Logging\Update-HybridConfiguration\HybridConfiguration_10_18_2012_14_29_37_634861673770852491.log.

Exchange Management Shell command attempted:
Update-HybridConfiguration -OnPremisesCredentials 'System.Management.Automation.PSCredential' -TenantCredentials 'System.Management.Automation.PSCredential'

Elapsed Time: 00:04:04

 

 

Log:

[10/18/2012 19:10:30] INFO:Opening runspace to http://s010/powershell?serializationLevel=Full
[10/18/2012 19:10:31] INFO:Successfully connected to On-Premises
[10/18/2012 19:10:31] INFO:Opening runspace to https://ps.outlook.com/powershell-liveid?serializationLevel=Full
[10/18/2012 19:10:35] INFO:Successfully connected to Tenant
[10/18/2012 19:10:35] INFO:Executing Task: Check Prerequisites
[10/18/2012 19:10:35] INFO:Check Prerequisites state
[10/18/2012 19:10:35] INFO:Running command: Get-AcceptedDomain
[10/18/2012 19:10:35] INFO:Cmdlet: Get-AcceptedDomain --Start Time: 10/18/2012 2:10:35 PM.
[10/18/2012 19:10:36] INFO:Cmdlet: Get-AcceptedDomain --End Time: 10/18/2012 2:10:36 PM.
[10/18/2012 19:10:36] INFO:Cmdlet: Get-AcceptedDomain --Processing Time: 686.5496.
[10/18/2012 19:10:41] INFO:Running command: Get-AcceptedDomain
[10/18/2012 19:10:41] INFO:Cmdlet: Get-AcceptedDomain --Start Time: 10/18/2012 2:10:41 PM.
[10/18/2012 19:10:41] INFO:Cmdlet: Get-AcceptedDomain --End Time: 10/18/2012 2:10:41 PM.
[10/18/2012 19:10:41] INFO:Cmdlet: Get-AcceptedDomain --Processing Time: 280.8306.
[10/18/2012 19:10:41] INFO:Running command: Get-AcceptedDomain
[10/18/2012 19:10:41] INFO:Cmdlet: Get-AcceptedDomain --Start Time: 10/18/2012 2:10:41 PM.
[10/18/2012 19:10:42] INFO:Cmdlet: Get-AcceptedDomain --End Time: 10/18/2012 2:10:42 PM.
[10/18/2012 19:10:42] INFO:Cmdlet: Get-AcceptedDomain --Processing Time: 124.8136.
[10/18/2012 19:10:42] INFO:Running command: Get-OrganizationRelationship
[10/18/2012 19:10:42] INFO:Cmdlet: Get-OrganizationRelationship --Start Time: 10/18/2012 2:10:42 PM.
[10/18/2012 19:10:42] INFO:Cmdlet: Get-OrganizationRelationship --End Time: 10/18/2012 2:10:42 PM.
[10/18/2012 19:10:42] INFO:Cmdlet: Get-OrganizationRelationship --Processing Time: 93.6102.
[10/18/2012 19:10:42] INFO:Running command: Get-OrganizationRelationship
[10/18/2012 19:10:42] INFO:Cmdlet: Get-OrganizationRelationship --Start Time: 10/18/2012 2:10:42 PM.
[10/18/2012 19:10:42] INFO:Cmdlet: Get-OrganizationRelationship --End Time: 10/18/2012 2:10:42 PM.
[10/18/2012 19:10:42] INFO:Cmdlet: Get-OrganizationRelationship --Processing Time: 280.8306.
[10/18/2012 19:10:42] INFO:Running command: Get-ExchangeServer -Identity 'S010'
[10/18/2012 19:10:42] INFO:Cmdlet: Get-ExchangeServer --Start Time: 10/18/2012 2:10:42 PM.
[10/18/2012 19:10:42] INFO:Cmdlet: Get-ExchangeServer --End Time: 10/18/2012 2:10:42 PM.
[10/18/2012 19:10:42] INFO:Cmdlet: Get-ExchangeServer --Processing Time: 140.4153.
[10/18/2012 19:10:42] INFO:Running command: Get-WebServicesVirtualDirectory -Server 'S010'
[10/18/2012 19:10:42] INFO:Cmdlet: Get-WebServicesVirtualDirectory --Start Time: 10/18/2012 2:10:42 PM.
[10/18/2012 19:10:43] INFO:Cmdlet: Get-WebServicesVirtualDirectory --End Time: 10/18/2012 2:10:43 PM.
[10/18/2012 19:10:43] INFO:Cmdlet: Get-WebServicesVirtualDirectory --Processing Time: 514.8561.
[10/18/2012 19:10:43] INFO:Running command: Get-ExchangeCertificate -Server 'S010'
[10/18/2012 19:10:43] INFO:Cmdlet: Get-ExchangeCertificate --Start Time: 10/18/2012 2:10:43 PM.
[10/18/2012 19:10:48] INFO:Cmdlet: Get-ExchangeCertificate --End Time: 10/18/2012 2:10:48 PM.
[10/18/2012 19:10:48] INFO:Cmdlet: Get-ExchangeCertificate --Processing Time: 5226.5695.
[10/18/2012 19:10:48] INFO:Needs Configuration state
[10/18/2012 19:10:48] INFO:Configuration not required
[10/18/2012 19:10:48] INFO:Executing Task: Configure Legacy Exchange Support
[10/18/2012 19:10:48] INFO:Check Prerequisites state
[10/18/2012 19:10:48] INFO:Needs Configuration state
[10/18/2012 19:10:48] INFO:Running command: Get-ExchangeServer
[10/18/2012 19:10:48] INFO:Cmdlet: Get-ExchangeServer --Start Time: 10/18/2012 2:10:48 PM.
[10/18/2012 19:10:48] INFO:Cmdlet: Get-ExchangeServer --End Time: 10/18/2012 2:10:48 PM.
[10/18/2012 19:10:48] INFO:Cmdlet: Get-ExchangeServer --Processing Time: 46.8051.
[10/18/2012 19:10:48] INFO:Running command: Get-PublicFolderDatabase -Server 'S010'
[10/18/2012 19:10:48] INFO:Cmdlet: Get-PublicFolderDatabase --Start Time: 10/18/2012 2:10:48 PM.
[10/18/2012 19:10:48] INFO:Cmdlet: Get-PublicFolderDatabase --End Time: 10/18/2012 2:10:48 PM.
[10/18/2012 19:10:48] INFO:Cmdlet: Get-PublicFolderDatabase --Processing Time: 62.4068.
[10/18/2012 19:10:48] INFO:Running command: Get-PublicFolder -Identity '\NON_IPM_SUBTREE\SCHEDULE+ FREE BUSY' -Server 'S010' -Recurse ''
[10/18/2012 19:10:48] INFO:Cmdlet: Get-PublicFolder --Start Time: 10/18/2012 2:10:48 PM.
[10/18/2012 19:10:48] INFO:Cmdlet: Get-PublicFolder --End Time: 10/18/2012 2:10:48 PM.
[10/18/2012 19:10:48] INFO:Cmdlet: Get-PublicFolder --Processing Time: 343.2374.
[10/18/2012 19:10:48] INFO:Configuration not required
[10/18/2012 19:10:48] INFO:Executing Task: Configure Recipient Settings
[10/18/2012 19:10:48] INFO:Check Prerequisites state
[10/18/2012 19:10:48] INFO:Needs Configuration state
[10/18/2012 19:10:48] INFO:Running command: Get-RemoteDomain
[10/18/2012 19:10:48] INFO:Cmdlet: Get-RemoteDomain --Start Time: 10/18/2012 2:10:48 PM.
[10/18/2012 19:10:48] INFO:Cmdlet: Get-RemoteDomain --End Time: 10/18/2012 2:10:48 PM.
[10/18/2012 19:10:48] INFO:Cmdlet: Get-RemoteDomain --Processing Time: 93.6102.
[10/18/2012 19:10:48] INFO:Running command: Get-EmailAddressPolicy
[10/18/2012 19:10:48] INFO:Cmdlet: Get-EmailAddressPolicy --Start Time: 10/18/2012 2:10:48 PM.
[10/18/2012 19:10:49] INFO:Cmdlet: Get-EmailAddressPolicy --End Time: 10/18/2012 2:10:49 PM.
[10/18/2012 19:10:49] INFO:Cmdlet: Get-EmailAddressPolicy --Processing Time: 46.8051.
[10/18/2012 19:10:49] INFO:Configuration not required
[10/18/2012 19:10:49] INFO:Executing Task: Creating Organization Relationships.
[10/18/2012 19:10:49] INFO:Check Prerequisites state
[10/18/2012 19:10:49] INFO:Running command: Get-OrganizationalUnit -SingleNodeOnly 'True'
[10/18/2012 19:10:49] INFO:Cmdlet: Get-OrganizationalUnit --Start Time: 10/18/2012 2:10:49 PM.
[10/18/2012 19:10:54] INFO:Cmdlet: Get-OrganizationalUnit --End Time: 10/18/2012 2:10:54 PM.
[10/18/2012 19:10:54] INFO:Cmdlet: Get-OrganizationalUnit --Processing Time: 5569.8069.
[10/18/2012 19:10:54] INFO:Running command: Get-FederationTrust
[10/18/2012 19:10:54] INFO:Cmdlet: Get-FederationTrust --Start Time: 10/18/2012 2:10:54 PM.
[10/18/2012 19:10:54] INFO:Cmdlet: Get-FederationTrust --End Time: 10/18/2012 2:10:54 PM.
[10/18/2012 19:10:54] INFO:Cmdlet: Get-FederationTrust --Processing Time: 31.2034.
[10/18/2012 19:10:54] INFO:Running command: Get-FederatedOrganizationIdentifier -IncludeExtendedDomainInfo ''
[10/18/2012 19:10:54] INFO:Cmdlet: Get-FederatedOrganizationIdentifier --Start Time: 10/18/2012 2:10:54 PM.
[10/18/2012 19:10:54] INFO:Cmdlet: Get-FederatedOrganizationIdentifier --End Time: 10/18/2012 2:10:54 PM.
[10/18/2012 19:10:54] INFO:Cmdlet: Get-FederatedOrganizationIdentifier --Processing Time: 15.6017.
[10/18/2012 19:10:54] INFO:Getting Value 'DefaultDomain' from '' with 'Get-FederatedOrganizationIdentifier'
[10/18/2012 19:10:54] INFO:Running command: Get-FederatedOrganizationIdentifier
[10/18/2012 19:10:54] INFO:Cmdlet: Get-FederatedOrganizationIdentifier --Start Time: 10/18/2012 2:10:54 PM.
[10/18/2012 19:10:56] INFO:Cmdlet: Get-FederatedOrganizationIdentifier --End Time: 10/18/2012 2:10:56 PM.
[10/18/2012 19:10:56] INFO:Cmdlet: Get-FederatedOrganizationIdentifier --Processing Time: 1591.3734.
[10/18/2012 19:10:56] INFO:Needs Configuration state
[10/18/2012 19:10:56] INFO:Configuration state
[10/18/2012 19:10:56] INFO:Running command: Enable-OrganizationCustomization
[10/18/2012 19:10:56] INFO:Cmdlet: Enable-OrganizationCustomization --Start Time: 10/18/2012 2:10:56 PM.
[10/18/2012 19:10:57] ERROR:System.Management.Automation.RemoteException: This operation is not available in current service offer.
[10/18/2012 19:10:57] INFO:Cmdlet: Enable-OrganizationCustomization --End Time: 10/18/2012 2:10:57 PM.
[10/18/2012 19:10:57] INFO:Cmdlet: Enable-OrganizationCustomization --Processing Time: 1092.119.
[10/18/2012 19:10:57] INFO:Running command: Get-FederatedOrganizationIdentifier -IncludeExtendedDomainInfo ''
[10/18/2012 19:10:57] INFO:Cmdlet: Get-FederatedOrganizationIdentifier --Start Time: 10/18/2012 2:10:57 PM.
[10/18/2012 19:10:57] INFO:Cmdlet: Get-FederatedOrganizationIdentifier --End Time: 10/18/2012 2:10:57 PM.
[10/18/2012 19:10:57] INFO:Cmdlet: Get-FederatedOrganizationIdentifier --Processing Time: 15.6017.
[10/18/2012 19:10:57] INFO:Running command: Get-FederationTrust -Identity 'Microsoft Federation Gateway'
[10/18/2012 19:10:57] INFO:Cmdlet: Get-FederationTrust --Start Time: 10/18/2012 2:10:57 PM.
[10/18/2012 19:10:57] INFO:Cmdlet: Get-FederationTrust --End Time: 10/18/2012 2:10:57 PM.
[10/18/2012 19:10:57] INFO:Cmdlet: Get-FederationTrust --Processing Time: 62.4068.
[10/18/2012 19:10:57] INFO:Running command: Get-FederatedOrganizationIdentifier -IncludeExtendedDomainInfo ''
[10/18/2012 19:10:57] INFO:Cmdlet: Get-FederatedOrganizationIdentifier --Start Time: 10/18/2012 2:10:57 PM.
[10/18/2012 19:10:57] INFO:Cmdlet: Get-FederatedOrganizationIdentifier --End Time: 10/18/2012 2:10:57 PM.
[10/18/2012 19:10:57] INFO:Cmdlet: Get-FederatedOrganizationIdentifier --Processing Time: 436.8476.
[10/18/2012 19:10:58] INFO:Running command: Get-FederationTrust -Identity 'MicrosoftOnline'
[10/18/2012 19:10:58] INFO:Cmdlet: Get-FederationTrust --Start Time: 10/18/2012 2:10:58 PM.
[10/18/2012 19:10:58] INFO:Cmdlet: Get-FederationTrust --End Time: 10/18/2012 2:10:58 PM.
[10/18/2012 19:10:58] INFO:Cmdlet: Get-FederationTrust --Processing Time: 327.6357.
[10/18/2012 19:10:58] INFO:Running command: Get-FederationInformation -DomainName 'widsethsmithnolting.mail.onmicrosoft.com'
[10/18/2012 19:10:58] INFO:Cmdlet: Get-FederationInformation --Start Time: 10/18/2012 2:10:58 PM.
[10/18/2012 19:11:0] INFO:Cmdlet: Get-FederationInformation --End Time: 10/18/2012 2:11:00 PM.
[10/18/2012 19:11:0] INFO:Cmdlet: Get-FederationInformation --Processing Time: 2293.4499.
[10/18/2012 19:11:0] INFO:Running command: Remove-OrganizationRelationship -Identity 'On Premises to Exchange Online Organization Relationship' -Confirm 'False'
[10/18/2012 19:11:0] INFO:Cmdlet: Remove-OrganizationRelationship --Start Time: 10/18/2012 2:11:00 PM.
[10/18/2012 19:11:0] INFO:Cmdlet: Remove-OrganizationRelationship --End Time: 10/18/2012 2:11:00 PM.
[10/18/2012 19:11:0] INFO:Cmdlet: Remove-OrganizationRelationship --Processing Time: 156.017.
[10/18/2012 19:11:0] INFO:Running command: New-OrganizationRelationship -Name 'On Premises to Exchange Online Organization Relationship' -TargetApplicationUri 'outlook.com' -TargetAutodiscoverEpr 'https://pod51010.outlook.com/autodiscover/autodiscover.svc/WSSecurity' -Enabled 'True' -DomainNames 'Microsoft.Exchange.Data.MultiValuedProperty`1[Microsoft.Exchange.Data.SmtpDomain]'
[10/18/2012 19:11:0] INFO:Cmdlet: New-OrganizationRelationship --Start Time: 10/18/2012 2:11:00 PM.
[10/18/2012 19:11:0] INFO:Cmdlet: New-OrganizationRelationship --End Time: 10/18/2012 2:11:00 PM.
[10/18/2012 19:11:0] INFO:Cmdlet: New-OrganizationRelationship --Processing Time: 62.4068.
[10/18/2012 19:11:0] INFO:Running command: Get-OrganizationRelationship
[10/18/2012 19:11:0] INFO:Cmdlet: Get-OrganizationRelationship --Start Time: 10/18/2012 2:11:00 PM.
[10/18/2012 19:11:1] INFO:Cmdlet: Get-OrganizationRelationship --End Time: 10/18/2012 2:11:01 PM.
[10/18/2012 19:11:1] INFO:Cmdlet: Get-OrganizationRelationship --Processing Time: 93.6102.
[10/18/2012 19:11:1] INFO:Running command: Get-FederationInformation -DomainName 'wsn.us.com'
[10/18/2012 19:11:1] INFO:Cmdlet: Get-FederationInformation --Start Time: 10/18/2012 2:11:01 PM.
[10/18/2012 19:17:19] ERROR:System.Management.Automation.RemoteException: Federation information could not be received from the external organization.
[10/18/2012 19:17:19] INFO:Cmdlet: Get-FederationInformation --End Time: 10/18/2012 2:17:19 PM.
[10/18/2012 19:17:19] INFO:Cmdlet: Get-FederationInformation --Processing Time: 378907.4825.
[10/18/2012 19:17:19] INFO:Disconnected from On-Premises session
[10/18/2012 19:17:20] INFO:Disconnected from Tenant session
[10/18/2012 19:17:20] ERROR:Updating hybrid configuration failed with error 'Subtask Configure execution failed: Creating Organization Relationships.

Execution of the Get-FederationInformation cmdlet had thrown an exception. This may indicate invalid parameters in your Hybrid Configuration settings.

Federation information could not be received from the external organization.
   at Microsoft.Exchange.Management.Hybrid.RemotePowershellSession.RunCommand(String cmdlet, Dictionary`2 parameters, Boolean ignoreNotFoundErrors)
'.

Additional troubleshooting information is available in the Update-HybridConfiguration log file located at C:\Program Files\Microsoft\Exchange Server\V14\Logging\Update-HybridConfiguration\HybridConfiguration_10_18_2012_19_10_30_634861842307899086.log.

All Replies
  • Hi Scott,

    Based on your description, I understand that you are doing hybrid deployment but getting some error messages.

    This problem can be related to various factors, for example, autodiscover service does not work well, DNS issue/network issues. To narrow down this problem, please try the following steps to check your environment and try again.

    1. Test the autodiscover service for your domain with Microsoft Exchange Remote Connectivity Analyzer to check if any errors.

    Note: If there are errors in the result of the test, please post a screenshot of the error status. So, we can understand the problem in more details.

    Microsoft Exchange Remote Connectivity Analyzer

    www.testexchangeconnectivity.com/default.aspx

    2. The autodiscover DNS record is not resolving to the correct location - You need to ensure that "autodiscover.domain.com" resolves to an Exchange Server Client Access Server

    3. Determine if there is an issue with DNS that is preventing us from querying for these txt records

    In addition, you can try to use the Deployment Assistant to walk through that step manually, as that should give you more detailed information:

    technet.microsoft.com/.../default.aspx

    Thanks,

    Jerry Cen

  • Attempting the Autodiscover and Exchange ActiveSync test (if requested).

     Autodiscover was successfully tested for Exchange ActiveSync.

      Test Steps

      Attempting each method of contacting the Autodiscover service.

     The Autodiscover service was tested successfully.

      Test Steps

      Attempting to test potential Autodiscover URL wsn.us.com/.../AutoDiscover.xml

     Testing of this potential Autodiscover URL failed.

      Test Steps

      Attempting to resolve the host name wsn.us.com in DNS.

     The host name resolved successfully.

      Additional Details

     IP addresses returned: 72.10.50.26

    Testing TCP port 443 on host wsn.us.com to ensure it's listening and open.

     The port was opened successfully.

    Testing the SSL certificate to make sure it's valid.

     The SSL certificate failed one or more certificate validation checks.

      Test Steps

      ExRCA is attempting to obtain the SSL certificate from remote server wsn.us.com on port 443.

     ExRCA successfully obtained the remote SSL certificate.

      Additional Details

     Remote Certificate Subject: CN=shop.ferche.com, OU=Domain Control Validated, O=shop.ferche.com, Issuer: SERIALNUMBER=10688435, CN=Starfield Secure Certification Authority, OU=certificates.starfieldtech.com/repository, O="Starfield Technologies, Inc.", L=Scottsdale, S=Arizona, C=US.

    Validating the certificate name.

     Certificate name validation failed.

      Tell me more about this issue and how to resolve it

      Additional Details

     Host name wsn.us.com doesn't match any name found on the server certificate CN=shop.ferche.com, OU=Domain Control Validated, O=shop.ferche.com.

    Attempting to test potential Autodiscover URL autodiscover.wsn.us.com/.../AutoDiscover.xml

     Testing of the Autodiscover URL was successful.

      Test Steps

      Attempting to resolve the host name autodiscover.wsn.us.com in DNS.

     The host name resolved successfully.

      Additional Details

     IP addresses returned: 209.32.89.188

    Testing TCP port 443 on host autodiscover.wsn.us.com to ensure it's listening and open.

     The port was opened successfully.

    Testing the SSL certificate to make sure it's valid.

     The certificate passed all validation requirements.

      Test Steps

      ExRCA is attempting to obtain the SSL certificate from remote server autodiscover.wsn.us.com on port 443.

     ExRCA successfully obtained the remote SSL certificate.

      Additional Details

     Remote Certificate Subject: CN=wsn.us.com, OU=Domain Control Validated, O=wsn.us.com, Issuer: SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US.

    Validating the certificate name.

     The certificate name was validated successfully.

      Additional Details

     Host name autodiscover.wsn.us.com was found in the Certificate Subject Alternative Name entry.

    Certificate trust is being validated.

     The certificate is trusted and all certificates are present in the chain.

      Test Steps

      ExRCA is attempting to build certificate chains for certificate CN=wsn.us.com, OU=Domain Control Validated, O=wsn.us.com.

     One or more certificate chains were constructed successfully.

      Additional Details

     A total of 1 chains were built. The highest quality chain ends in root certificate OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US.

    Analyzing the certificate chains for compatibility problems with versions of Windows.

     Potential compatibility problems were identified with some versions of Windows.

      Additional Details

     ExRCA can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the "Update Root Certificates" feature isn't enabled.

    Testing the certificate date to confirm the certificate is valid.

     Date validation passed. The certificate hasn't expired.

      Additional Details

     The certificate is valid. NotBefore = 9/26/2012 3:48:18 PM, NotAfter = 4/5/2017 1:00:25 PM

    Checking the IIS configuration for client certificate authentication.

     Client certificate authentication wasn't detected.

      Additional Details

     Accept/Require Client Certificates isn't configured.

    Attempting to send an Autodiscover POST request to potential Autodiscover URLs.

     ExRCA successfully retrieved Autodiscover settings by sending an Autodiscover POST.

      Test Steps

  • Jerry,

    Here is the ExRCA results

     

     Attempting the Autodiscover and Exchange ActiveSync test (if requested).
      Autodiscover was successfully tested for Exchange ActiveSync.
     
     Test Steps
     
     Attempting each method of contacting the Autodiscover service.
      The Autodiscover service was tested successfully.
     
     Test Steps
     
     Attempting to test potential Autodiscover URL https://wsn.us.com/AutoDiscover/AutoDiscover.xml
      Testing of this potential Autodiscover URL failed.
     
     Test Steps
     
     Attempting to resolve the host name wsn.us.com in DNS.
      The host name resolved successfully.
     
     Additional Details
     Testing TCP port 443 on host wsn.us.com to ensure it's listening and open.
      The port was opened successfully.
     Testing the SSL certificate to make sure it's valid.
      The SSL certificate failed one or more certificate validation checks.
     
     Test Steps
     
     ExRCA is attempting to obtain the SSL certificate from remote server wsn.us.com on port 443.
      ExRCA successfully obtained the remote SSL certificate.
     
     Additional Details
     Validating the certificate name.
      Certificate name validation failed.
        Tell me more about this issue and how to resolve it
     
     Additional Details
      Host name wsn.us.com doesn't match any name found on the server certificate CN=shop.ferche.com, OU=Domain Control Validated, O=shop.ferche.com.
     Attempting to test potential Autodiscover URL https://autodiscover.wsn.us.com/AutoDiscover/AutoDiscover.xml
      Testing of the Autodiscover URL was successful.
     
     Test Steps
     
     Attempting to resolve the host name autodiscover.wsn.us.com in DNS.
      The host name resolved successfully.
     
     Additional Details
     Testing TCP port 443 on host autodiscover.wsn.us.com to ensure it's listening and open.
      The port was opened successfully.
     Testing the SSL certificate to make sure it's valid.
      The certificate passed all validation requirements.
     
     Test Steps
     
     ExRCA is attempting to obtain the SSL certificate from remote server autodiscover.wsn.us.com on port 443.
      ExRCA successfully obtained the remote SSL certificate.
     
     Additional Details
     Validating the certificate name.
      The certificate name was validated successfully.
     
     Additional Details
     Certificate trust is being validated.
      The certificate is trusted and all certificates are present in the chain.
     
     Test Steps
     
     ExRCA is attempting to build certificate chains for certificate CN=wsn.us.com, OU=Domain Control Validated, O=wsn.us.com.
      One or more certificate chains were constructed successfully.
     
     Additional Details
     Analyzing the certificate chains for compatibility problems with versions of Windows.
      Potential compatibility problems were identified with some versions of Windows.
     
     Additional Details
      ExRCA can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the "Update Root Certificates" feature isn't enabled.
     Testing the certificate date to confirm the certificate is valid.
      Date validation passed. The certificate hasn't expired.
     
     Additional Details
     Checking the IIS configuration for client certificate authentication.
      Client certificate authentication wasn't detected.
     
     Additional Details
     Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
      ExRCA successfully retrieved Autodiscover settings by sending an Autodiscover POST.
     
     Test Steps

     

     

    I checked to make sure the intermediate certs are installed on the server.

     

    I copied and pasted the https://autodiscover.wsn.us.com/AutoDiscover/AutoDiscover.xml link into IE and was prompted with a login box, entered my creds. and recieved this error in the browser. Is this normal?

     

      

    <?xml version="1.0" encoding="utf-8" ?>

    - <Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
    - <Response>
    - <Error Time="07:42:21.2819231" Id="1104295296">
      <ErrorCode>600</ErrorCode>
      <Message>Invalid Request</Message>
      <DebugData />
      </Error>
      </Response>
      </Autodiscover>
  • Hi Scott French,

    First, please use the following Cmdlet in local Exchange server and check the Autodiscover setting.

    Get-AutodiscoverVirtualDirectory -Server EXserverName | fl

    And please post the output of this Cmdlet to this thread.

    Then, you can use the ExRCA to test the Autodiscover service and post all test result to this thread.

    www.testexchangeconnectivity.com

    And, Do you deploy any firewall or load balancer in the organization?  If so, would you mind give some information about the network scenario.

    Thanks,

    Ray Yang

  • Results from Get-AutoDiscoverVirtual Directory...

     

    RunspaceId: 6584bbca-8886-48bd-a211-8a6e8abfccc9
    Name: Autodiscover (Default Web Site)
    InternalAuthenticationMethods: {Basic, Ntlm, WindowsIntegrated, WSSecurity}
    ExternalAuthenticationMethods: {Basic, Ntlm, WindowsIntegrated, WSSecurity}
    LiveIdSpNegoAuthentication: False
    WSSecurityAuthentication: True
    LiveIdBasicAuthentication: False
    BasicAuthentication: True
    DigestAuthentication: False
    WindowsAuthentication: True
    MetabasePath: IIS://S010.WSN-MN.loc/W3SVC/1/ROOT/Autodiscover
    Path: C:\Program Files\Microsoft\Exchange Server\V14\ClientAccess\Autodiscover
    ExtendedProtectionTokenChecking: None
    ExtendedProtectionFlags: {}
    ExtendedProtectionSPNList: {}
    Server: S010
    InternalUrl:
    ExternalUrl:
    AdminDisplayName:
    ExchangeVersion: 0.10 (14.0.100.0)
    DistinguishedName: CN=Autodiscover (Default Web Site),CN=HTTP,CN=Protocols,CN=S010,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Widseth Smith Nolting,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=WSN-MN,DC=loc
    Identity: S010\Autodiscover (Default Web Site)
    Guid: 804dd079-3608-46d4-949c-88da9c19511c
    ObjectCategory: WSN-MN.loc/Configuration/Schema/ms-Exch-Auto-Discover-Virtual-Directory
    ObjectClass: {top, msExchVirtualDirectory, msExchAutoDiscoverVirtualDirectory}
    WhenChanged: 2/14/2012 3:53:52 PM
    WhenCreated: 2/14/2012 3:53:52 PM
    WhenChangedUTC: 2/14/2012 9:53:52 PM
    WhenCreatedUTC: 2/14/2012 9:53:52 PM
    OrganizationId:
    OriginatingServer: S001.WSN-MN.loc
    IsValid: True

     

     

    Results from ExRCA

     

     Attempting the Autodiscover and Exchange ActiveSync test (if requested).
      Autodiscover was successfully tested for Exchange ActiveSync.
     
     Test Steps
     
     Attempting each method of contacting the Autodiscover service.
      The Autodiscover service was tested successfully.
     
     Test Steps
     
     Attempting to test potential Autodiscover URL https://wsn.us.com/AutoDiscover/AutoDiscover.xml
      Testing of this potential Autodiscover URL failed.
     
     Test Steps
     
     Attempting to resolve the host name wsn.us.com in DNS.
      The host name resolved successfully.
     
     Additional Details
     Testing TCP port 443 on host wsn.us.com to ensure it's listening and open.
      The port was opened successfully.
     Testing the SSL certificate to make sure it's valid.
      The SSL certificate failed one or more certificate validation checks.
     
     Test Steps
     
     ExRCA is attempting to obtain the SSL certificate from remote server wsn.us.com on port 443.
      ExRCA successfully obtained the remote SSL certificate.
     
     Additional Details
     Validating the certificate name.
      Certificate name validation failed.
        Tell me more about this issue and how to resolve it
     
     Additional Details
      Host name wsn.us.com doesn't match any name found on the server certificate CN=shop.ferche.com, OU=Domain Control Validated, O=shop.ferche.com.
     Attempting to test potential Autodiscover URL https://autodiscover.wsn.us.com/AutoDiscover/AutoDiscover.xml
      Testing of the Autodiscover URL was successful.
     
     Test Steps
     
     Attempting to resolve the host name autodiscover.wsn.us.com in DNS.
      The host name resolved successfully.
     
     Additional Details
     Testing TCP port 443 on host autodiscover.wsn.us.com to ensure it's listening and open.
      The port was opened successfully.
     Testing the SSL certificate to make sure it's valid.
      The certificate passed all validation requirements.
     
     Test Steps
     
     ExRCA is attempting to obtain the SSL certificate from remote server autodiscover.wsn.us.com on port 443.
      ExRCA successfully obtained the remote SSL certificate.
     
     Additional Details
     Validating the certificate name.
      The certificate name was validated successfully.
     
     Additional Details
     Certificate trust is being validated.
      The certificate is trusted and all certificates are present in the chain.
     
     Test Steps
     
     ExRCA is attempting to build certificate chains for certificate CN=wsn.us.com, OU=Domain Control Validated, O=wsn.us.com.
      One or more certificate chains were constructed successfully.
     
     Additional Details
     Analyzing the certificate chains for compatibility problems with versions of Windows.
      Potential compatibility problems were identified with some versions of Windows.
     
     Additional Details
      ExRCA can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the "Update Root Certificates" feature isn't enabled.
     Testing the certificate date to confirm the certificate is valid.
      Date validation passed. The certificate hasn't expired.
     
     Additional Details
     Checking the IIS configuration for client certificate authentication.
      Client certificate authentication wasn't detected.
     
     Additional Details
     Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
      ExRCA successfully retrieved Autodiscover settings by sending an Autodiscover POST.
     
     Test Steps

  • We do have a firewall in place and ports 80,443 and 25 are open.
  • Hi Scott French,

    Do you mean you are using TMG as the firewall?

    If so, you can refer the following link to publish Exchange 2010 through TMG.

    www.microsoft.com/.../details.aspx

    Thanks,

    Ray Yang

  • Ray Yang,

    I am not using TMG, I am using a Fortinet Fortigate firewall.

    Scott

  • Hi Scott,

    You may need to check the publish status of the Exchange through the firewall.

    Also, you can check the federation status through PowerShell in local Exchange server. You can use the Cmdlet Get-FederationInformation –domainname yourdomain.com and Get-FederationInformation –domainname yourdomain.onmicrosoft.com

    Thanks,

    Ray Yang

  • Hi Scott,

    How are things going?

    If you have any other questions or concerns, please do not hesitate to contact us. It is always our pleasure to be of assistance.

    Thanks,

    Ray Yang

  • DomainName: wsn.us.com

    RunspaceId            : bcc3d9d4-649e-4872-95e0-812754602054
    TargetApplicationUri  : FYDIBOHF25SPDLT.wsn.us.com
    DomainNames           : {wsn.us.com}
    TargetAutodiscoverEpr : https://autodiscover.wsn.us.com/autodiscover/autodiscover.svc/WSSecurity
    TokenIssuerUris       : {urn:federation:MicrosoftOnline}
    IsValid               : True

     

    DomainName: widsethsmithnolting.onmicrosoft.com

    RunspaceId            : bcc3d9d4-649e-4872-95e0-812754602054
    TargetApplicationUri  : outlook.com
    DomainNames           : {widsethsmithnolting.onmicrosoft.com, widsethsmithnolting.mail.onmicrosoft.com}
    TargetAutodiscoverEpr : https://pod51010.outlook.com/autodiscover/autodiscover.svc/WSSecurity
    TokenIssuerUris       : {uri:WindowsLiveID, urn:federation:MicrosoftOnline}
    IsValid               : True

  • Ray,

    I still have not found a fix. Setting up online archiving should not be this hard.

    Scott

  • Hi Scott,

    Do you mean you prefer to deploy On-Premises Exchange server with Online-Archive? And do you receive the same error message as the first post showed?

    Please post the result of the Cmdlet Get-FederationInformation –domainname yourdomain.com and Get-FederationInformation –domainname yourdomain.onmicrosoft.com.

    Thanks,

    Ray Yang

  • Ray,

    Yes, that is what I am trying to do. I already have Exchange 2010 SP2  installed and patched to latest. I have been running on it for 8 months now. Now I am trying to get online archiving setup. I went through the Deployment Assistant and selected Exchange Archive Only deployment. Downloaded the document and have gone through the steps in it. When I try to setup the hybrid config wizard the error is what i have posted I have also tried it through EMS with only Online Archiving. I get the same error as above.

     

    I have been doing some digging throught the logs and thought that it was wierd that it could not create the Org Relationship for the On Premises to Exchange Online Org. I tried to view the properties of it and recieved an error that it could not find information on it. I tried to delete it through EMC and it would error out so i deleted it through EMS. I was able to create the On Premises to Exchange Omline Organization Relationship through the EMC.

     

    As I am writing this reply the Get-FederationInformation that I posted yesterday just recieved approval to be posted. The information is up a couple posts.

     

    Thanks,

    Scott

  • Hi Scott,

    To further troubleshooting the issue, I would like to collect the result of Get-FederationInformation. I have sent you a private message on this. It was responded in a private message with a subject of "Information Request".

    Please go to the Your details section on the right side of the community site.

    Click Private messages.

    Click the subject title of the response to read the message.

    You can reply by using the form in that display to provide the information requested.

    Thanks,

    Ray Yang