locked
Free/busy between cross forest stopped working after CU15 update RRS feed

  • Question

  • Hi all,

    Free busy between DomainA and DomainB in cross forest have been working since setup. After DomainA upgraded to CU15, DomainB can no longer see free/busy of users in DomainA. 

    DomainA can still see free/busy for domainB. Issue is same in Outlook and OWA and goes for all users(error is no free/busy info available).

    Are there any requirement that setup has to be run again after an CU update? If we check settings, everything is still intact.

    DomainB is still on CU12.

    Both use 3rd part certificate for IIS service.

    thanks!


    Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you. Thank you! Off2work

    Wednesday, May 10, 2017 6:09 PM

Answers

  • Found the root cause. re-create availabilityaddressspace for issue domains did not help. We had to remove all availabilityaddressspace then added back one by one

    Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you. Thank you! Off2work

    • Marked as answer by Off2work Wednesday, June 7, 2017 7:52 PM
    Wednesday, June 7, 2017 7:52 PM

All replies

  • Could you please run below cmdlets from Domain B to verify you are getting correct response from domain A

    Get-FederationInformation -DomainName "domainA.com"

    Also collect the etl trace from outlook to get the more details around issue.


    Thanks, AJ

    Wednesday, May 10, 2017 7:03 PM
  • Hi Ashish and thanks for your prompt reply

    Get-federationinformation has always been empty, since setup is not done using normal default Federation trust.

    Setup has been done using this: https://social.technet.microsoft.com/wiki/contents/articles/28332.steps-to-configure-cross-forest-availability-between-two-exchange-forests-in-exchange-2013.aspx

    When enable Outlook logging, this is the error that shows up:

    xmlns="http://schemas.microsoft.com/exchange/services/2006/messages"><FreeBusyResponseArray><FreeBusyResponse><ResponseMessage ResponseClass="Error"><MessageText>Unable to send cross-forest request for mailbox &lt;User, DomainA&gt;SMTP:User.DomainB@DomainB.com because of invalid configuration., inner exception: Microsoft.Exchange.InfoWorker.Common.Availability.AddressSpaceNotFoundException: Configuration information for forest/domain DomainB.com could not be found in Active Directory.&#xD;
       at Microsoft.Exchange.InfoWorker.Common.Availability.TargetForestConfigurationCache.FindByDomain(OrganizationId organizationId, String domainName)&#xD;
       at Microsoft.Exchange.InfoWorker.Common.Availability.QueryGenerator.GetTargetForestConfiguration(EmailAddress emailAddress)&#xD;


    Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you. Thank you! Off2work

    Thursday, May 11, 2017 6:36 AM
  • I would like you to try these two options..

    Option 1

    1.Disable WSSecurity authentication for the EWS virtual directory using the Set-WebServicesVirtualDirectory cmdlet.

    Set-WebServicesVirtualDirectory "<ServerName>\ews (Exchange Back End)" -WSSecurityAuthentication:$False

    2.Enable WSSecurity authentication for the EWS virtual directory using the Set-WebServicesVirtualDirectory cmdlet.

    Set-WebServicesVirtualDirectory "<ServerName>\ews (Exchange Back End)" -WSSecurityAuthentication:$True

    3.Disable WSSecurity authentication for the Autodiscover virtual directory using the Set-AutodiscoverVirtualDirectory cmdlet.

    Set-AutodiscoverVirtualDirectory "<ServerName>\Autodiscover (Exchange Back End)" -WSSecurityAuthentication:$False

    4.Eable WSSecurity authentication for the Autodiscover virtual directory using the Set-AutodiscoverVirtualDirectory cmdlet.

    Set-AutodiscoverVirtualDirectory "<ServerName>\Autodiscover (Exchange Back End)" -WSSecurityAuthentication:$True

    5.Restart the application pools using the Restart-WebAppPool cmdlet.

    Restart-WebAppPool MSExchangeAutodiscoverAppPool

    Restart-WebAppPool MSExchangeServicesAppPool

    Option 2

    add TargetAutodiscoverEpr for the target domain for which you are not able to see F\B lookup


    Thanks, AJ

    Thursday, May 11, 2017 4:06 PM
  • THanks AJ,

    TargetAutodiscoverEpr is already in place for affected domains where free/busy is not working. We can access their Autodiscover.xml path from browser.

    For option 1, should this be done on DomainA or DomainB side?

    Thanks!


    Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you. Thank you! Off2work

    Friday, May 12, 2017 7:05 AM
  • Option1 should be done on Domain A.

    Thanks, AJ

    Monday, May 15, 2017 3:19 PM
  • Thanks Ashish,

    did as provided but it did not help. I am a bit curious about this part in my above link:

    Export-AutodiscoverConfig –DomainController “LocalForestDomainController” -TargetForestDomainController "(toybox.com)" -TargetForestCredential (Get-Credential) -MultipleExchangeDeployments $true

    Is there any place in ADSI Edit we can confirm that it is still in place?

    This part should configure Autodiscover service connection point, which should be used for free/busy as well?

    Since TargetAutodiscoverEpr already has value, shouldn't outlook clients use this?

    "

    Free/Busy lookups are different from mail routing: no SMTP traffic is required. Free/Busy lookups are performed by the Availability Service which is part of the Exchange Web Services. So port 443 (HTTPS) is used. Basically a user picks the synchronized contact and tries to get Free/Busy information, then the Availability Service takes the contact’s domain-part of the PRIMARY SMTP ADDRESS and looks if there is an AVAILABILITYADDRESSSPACE configuration for this mail domain. If found it sends the Free/Busy-request via HTTPS to the remote Availability Service (of the Exchange organization which hosts the mailbox-enabled user object). 

    If you use a shared namespace at both sides it will not work by default because it is based on different AVAILABILITYADDRESSSPACE namespaces. But if the synchronized contact uses a secondary SMTP address instead you can configure a unique AVAILABILITYADDRESSSPACE.

    "


    Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you. Thank you! Off2work

    Monday, May 15, 2017 7:27 PM
  • You may try looking under configuration - Services - Microsoft Exchange - Microsoft Exchange Autodiscover under this you may see SCP for your target domain..

    Thanks, AJ

    Tuesday, May 16, 2017 5:12 PM
  • Also check under configuration - Services - Microsoft Exchange - org - Availability Configuration

    and try running below cmdlets..

    Get-AvailabilityAddressSpace | fl *


    Thanks, AJ

    Tuesday, May 16, 2017 5:18 PM
  • Thanks Ashish,

    all values are there in ADSI EDIT as well as in powershell. We will patch exchange server on domain to same CU tonight so will see if that will help.


    Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you. Thank you! Off2work

    Friday, May 19, 2017 4:06 PM
  • FYI, update to same CU did not help.

    Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you. Thank you! Off2work

    Monday, May 22, 2017 6:31 AM
  • Found the root cause. re-create availabilityaddressspace for issue domains did not help. We had to remove all availabilityaddressspace then added back one by one

    Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you. Thank you! Off2work

    • Marked as answer by Off2work Wednesday, June 7, 2017 7:52 PM
    Wednesday, June 7, 2017 7:52 PM