locked
Exchange 2010 Federation Trust using Microsoft Federation Gateway Failed RRS feed

  • Question

  • Hi

    I am trying to build a Federation Trust between our Organization mydomain.com with our sister concern for Free/Busy sharing using Microsoft Federation Gateway (MSG).

    Our Environment have Exchange 2010 SP3 Hub/CAS/MBX in separate box.

    At the very first step I am trying to create a Federation Trust with MSG using New-FederationTrust -Name 'Microsoft Federation Gateway' -Thumbprint '3E996D9B7328417A1D65069BB908D63xxxxxxxx'

    Self-sign certificate Federation got created using EMS or EMC.

    I am getting below error either doing it using EMC or EMS.

    Unable to access the Federation Metadata document from the federation partner. Detailed information: "The remote server returned an error: (401) Unauthorized.".

    I am able to access MFG sites from my CAS server, even can browse the metadata xml.

    We have ISA proxy server to access internet. Exchange server admin ID have internet access rights.

    We can able to browse other https sites from CAS server.

    Our webmail and auto discover published through Bluecoat proxy.

    I have tried multiple times after deleting the old certificate

    Urgent Help required: What could be the root cause?

    Thanks,

    Soumen


    Soumen Ghosh

    Wednesday, November 26, 2014 8:11 PM

All replies

  • This is not the place for urgent help, that would be Microsoft Support.

    Have you verified connectivity to your server using Exchange Web Services using http://exrca.com?


    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."


    Thursday, November 27, 2014 5:17 AM
    Moderator
  • Hi ED,

    Is it really required to test EWS @ the very begining stage when I am just trying to establish a new federation trust with MFG?

    I am failing to understand why EWS comes into picture while executing New-FederationTrust.

    Thanks,

    Soumen


    Soumen Ghosh

    Thursday, November 27, 2014 7:37 AM
  • Hi ED,

    Our RCA test also successful and all are green.

    We have monitored the Proxy log and the traffic is passing through the same and after few syn/ack to exchange application data its got RST from a remote IP 157.55.59.222 which belongs to Microsoft.

    So, now we are clueless.

    Any help appreciated...

    Thanks,

    Soumen


    Soumen Ghosh

    Thursday, November 27, 2014 12:30 PM
  • I don't have a good answer for you.  This link might hold some promise.

    https://social.technet.microsoft.com/Forums/exchange/en-US/deb2cc16-08c7-45b7-a401-3fda89bfa51b/cant-setup-exchange-2010-federation?forum=exchange2010

    I have seen cases where the federation won't create because Microsoft has blocked the domain, but the error message is different.  In those cases you have to contact Microsoft Support to get the domain reset.

    Since the problem appears to be on their end, I recommend you contact them for support if the above suggestions don't help.


    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

    Thursday, November 27, 2014 8:16 PM
    Moderator