none
Exchange Federation works with one partner, but not another

    Question

  • Hi!

    I'm trying to setup an Exchange Federation with a partner company. When I use Get-FederationInformation I get the following error message:

    Federation information could not be received from the external organization.
        + CategoryInfo          : NotSpecified: (:) [Get-FederationInformation], GetFederationInformationFailedException
        + FullyQualifiedErrorId : [Server=<ServerName>,RequestId=951c3b3c-8332-461c-9baa-fd462afa5a55,TimeStamp=20.04.2018
       12:23:37] [FailureCategory=Cmdlet-GetFederationInformationFailedException] D12B1CB8,Microsoft.Exchange.Management.
      SystemConfigurationTasks.GetFederationInformation
        + PSComputerName        : <ServerFQDN>

    When I do the same with a different partner I receive the correct information. Strange enough the same thing is happening when this partner tries to test our domain.

    Both sides (mine and the partners) are configured correctly, so it should work. Any Ideas on what's missing?


    Regards,

    Gerrit


    If you think your to small to make a differnce, try going to bed with a mosquito in the room...


    Friday, April 20, 2018 12:30 PM

Answers

  • Problem solved!

    It seems that our partner was having issues with their routing and their Exchange Server was generating a faulty autodiscover.xml file.

    Now everything is up and running. :)

    Thanks for the input everyone!


    If you think your to small to make a differnce, try going to bed with a mosquito in the room...

    • Marked as answer by Gerrit Deike Monday, May 28, 2018 11:55 AM
    Monday, May 28, 2018 11:55 AM

All replies

  • Is the partner properly federated with the Microsoft Federation Gateway?

    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
    Celebrating 20 years of providing Exchange peer support!

    Saturday, April 21, 2018 12:38 AM
    Moderator
  • Hi Ed,

    as I mentioned in the last sentence, both sides are configured identically. We both can test other organizations, but can't see eachother...


    If you think your to small to make a differnce, try going to bed with a mosquito in the room...

    Saturday, April 21, 2018 5:50 AM
  • Hi Gerrit,

    How about run below command to list all settings, then double confirm?
    Get-FederatedDomain
    Get-OrganizationRelationship | FL

    If this issue remain exists, try to re-add it again for testing.

    Best Regards,
    Allen Wang


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Monday, April 23, 2018 9:28 AM
    Moderator
  • Hi Allen,

    did you mean Get-FederatedDomainProof? Here's the output for our domain:

    [PS] C:\Windows\system32>Get-FederatedDomainProof
    cmdlet Get-FederatedDomainProof at command pipeline position 1
    Supply values for the following parameters:
    DomainName: kps.com

    RunspaceId : d3c9758f-e7cb-4616-ad7b-8991ff9fcfd5
    DomainName : kps.com
    Name       : OrgPrivCertificate
    Thumbprint : 4809F5626E2DFA4E25543AE67ED1C7F953DDA6A4
    Proof      : LmCJSlVO3zXGZUwoOwGFE6sSvYu77sVDilS/353UUPuFkwHsWvSZbJ4EexadzwPA72hFDQ8yM+FL6N5ZkaBUMQ==
    DnsRecord  : kps.com TXT IN LmCJSlVO3zXGZUwoOwGFE6sSvYu77sVDilS/353UUPuFkwHsWvSZbJ4EexadzwPA72hFDQ8yM+FL6N5ZkaBUMQ==

    Get-OrganizationRelationship doesn't have an output yet, because we don't have any relationsships yet. The first one I'm trying to create doesn't work...

    When I do a Get-FederationInformation for my ex-employer I get this:

    [PS] C:\Windows\system32>Get-FederationInformation <SMTP-Domain>

    RunspaceId                : d3c9758f-e7cb-4616-ad7b-8991ff9fcfd5
    TargetApplicationUri   : outlook.com
    DomainNames           : {<SMTP-Domain>.onmicrosoft.com, <SMTP-Domain>, <SMTP-Domain>.mail.onmicrosoft.com}
    TargetAutodiscoverEpr : https://autodiscover-s.outlook.com/autodiscover/autodiscover.svc/WSSecurity
    TokenIssuerUris       : {urn:federation:MicrosoftOnline}
    Identity                   :
    IsValid                    : True
    ObjectState             : Unchanged

    ...but not when I try to contact our partner...

    Federation information could not be received from the external organization.<

        + CategoryInfo          : NotSpecified: (:) [Get-FederationInformation], GetFederationInformationFailedException
        + FullyQualifiedErrorId : [Server=<ServerName>,RequestId=951c3b3c-8332-461c-9baa-fd462afa5a55,TimeStamp=20.04.2018
       12:23:37] [FailureCategory=Cmdlet-GetFederationInformationFailedException] D12B1CB8,Microsoft.Exchange.Management.
      SystemConfigurationTasks.GetFederationInformation
        + PSComputerName        : <ServerFQDN>

    Our Partner says the same thing happens when they try to test our domain...


    If you think your to small to make a differnce, try going to bed with a mosquito in the room...


    Monday, April 23, 2018 11:27 AM
  • Hi,

    Sorry for delay.

    Would you please run below command and post the result?
    Get-FederationInformation xxxx.xxx -Verbose

    Also, does those two domain place in same WLAN, any web proxy server?

    Best Regards,
    Allen Wang


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Wednesday, May 2, 2018 2:19 AM
    Moderator
  • Hi Allen,

    no problem, I've been busy too. ;)

    When I enter Get-FederationInformation <domain name> -verbose I get the exact same error:

    Federation information could not be received from the external organization.<

        + CategoryInfo          : NotSpecified: (:) [Get-FederationInformation], GetFederationInformationFailedException
        + FullyQualifiedErrorId : [Server=<ServerName>,RequestId=951c3b3c-8332-461c-9baa-fd462afa5a55,TimeStamp=20.04.2018
       12:23:37] [FailureCategory=Cmdlet-GetFederationInformationFailedException] D12B1CB8,Microsoft.Exchange.Management.
      SystemConfigurationTasks.GetFederationInformation
        + PSComputerName        : <ServerFQDN>

    I was wondering; do I have to have ADFS setup between the other company an ours? 

    Is there a "deep dive" on Exchange Federation somewhere in the NET?


    If you think your to small to make a differnce, try going to bed with a mosquito in the room...

    Wednesday, May 2, 2018 9:11 AM
  • No, you don't need ADFS to do Exchange federation. It is done through the Microsoft Federation Gateway, which is a relationship that is set up between each Exchange server and a central MS cloud-based server that acts as an intermediary between Exchange Orgs. There isn't much to it, to be honest. You create a relationship with the Federated Gateway for each organization, then configure sharing between domains. https://technet.microsoft.com/en-us/library/jj657462(v=exchg.150).aspx covers the setup instructions. More than likely, the organization that isn't working properly is not configured to allow new relationships to get set up successfully. The linked article and the articles in the list on the left of the page should give you the info you need to troubleshoot.
    Wednesday, May 16, 2018 3:28 PM
  • Yea, that's how I understood it as well. We have been able to solve part of the problem. Now we have been able to set up the federation, but it still doesn't work the other way around. The problem had to do with routing and I suspect that it will also be the reason why the other side isn't working...

    If you think your to small to make a differnce, try going to bed with a mosquito in the room...

    Thursday, May 17, 2018 7:57 AM
  • Problem solved!

    It seems that our partner was having issues with their routing and their Exchange Server was generating a faulty autodiscover.xml file.

    Now everything is up and running. :)

    Thanks for the input everyone!


    If you think your to small to make a differnce, try going to bed with a mosquito in the room...

    • Marked as answer by Gerrit Deike Monday, May 28, 2018 11:55 AM
    Monday, May 28, 2018 11:55 AM