locked
Exchange 2007/2010 Coexistence federated calendar sharing issue RRS feed

  • Question

  • My Organization and my partner company already built Federation Trust with MFG and created Organization Relationship successfully. However, when I run Test-OrganizaitonRelationship, my partner company are both get the same error messages as below,

    [PS] C:\>Test-OrganizationRelationship -Identity shippanave -UserIdentity michael_zheng@resourcepro.com.cn -Verbose
    VERBOSE: [03:51:38.950 GMT] Test-OrganizationRelationship : Active Directory session settings for
    'Test-OrganizationRelationship' are: View Entire Forest: 'False', Default Scope: 'resourcepro0.resourcepro.com',
    Configuration Domain Controller: 'US-DC1.resourcepro0.resourcepro.com', Preferred Global Catalog:
    'US-DC1.resourcepro0.resourcepro.com', Preferred Domain Controllers: '{ US-DC1.resourcepro0.resourcepro.com }'
    VERBOSE: [03:51:38.950 GMT] Test-OrganizationRelationship : Runspace context: Executing user:
    resourcepro0.resourcepro.com/Special Account/IT/mzheng, Executing user organization: , Current organization: ,
    RBAC-enabled: Enabled.
    VERBOSE: [03:51:38.950 GMT] Test-OrganizationRelationship : Beginning processing &
    VERBOSE: [03:51:38.950 GMT] Test-OrganizationRelationship : Instantiating handler with index 0 for cmdlet extension
    agent "Admin Audit Log Agent".
    VERBOSE: [03:51:39.262 GMT] Test-OrganizationRelationship : Current ScopeSet is: { Recipient Read Scope: {{, }},
    Recipient Write Scopes: {{, }}, Configuration Read Scope: {{, }}, Configuration Write Scope(s): {{, }, }, Exclusive
    Recipient Scope(s): {}, Exclusive Configuration Scope(s): {} }
    VERBOSE: [03:51:39.262 GMT] Test-OrganizationRelationship : Searching objects "michael_zheng@resourcepro.com.cn" of
    type "ADUser" under the root "$null".
    VERBOSE: [03:51:39.278 GMT] Test-OrganizationRelationship : Previous operation run on global catalog server
    'US-DC1.resourcepro0.resourcepro.com'.
    VERBOSE: [03:51:39.278 GMT] Test-OrganizationRelationship : Searching objects "shippanave" of type
    "OrganizationRelationship" under the root "$null".
    VERBOSE: [03:51:39.278 GMT] Test-OrganizationRelationship : Previous operation run on domain controller
    'US-DC1.resourcepro0.resourcepro.com'.
    VERBOSE: Test that organization relationships are properly configured.
    VERBOSE: [03:51:39.278 GMT] Test-OrganizationRelationship : Resolved current organization: .
    VERBOSE: [03:51:39.278 GMT] Test-OrganizationRelationship : Calling the Microsoft Exchange Autodiscover service for the
     remote federation information.
    VERBOSE: [03:52:00.668 GMT] Test-OrganizationRelationship : The Autodiscover call succeeded for the following URL:
    https://autodiscover.shippanave.com/autodiscover/autodiscover.svc.
    VERBOSE: [03:52:00.668 GMT] Test-OrganizationRelationship : Generating delegation token for user
    Michael_Zheng@resourcepro.com.cn for application FYDIBOHF25SPDLT.shippanave.com.
    VERBOSE: [03:52:01.668 GMT] Test-OrganizationRelationship : Failed to get delegation token: <S:Fault
    xmlns:S="http://www.w3.org/2003/05/soap-envelope"><S:Code><S:Value>S:Sender</S:Value><S:Subcode><S:Value>wst:InvalidReq
    uest</S:Value></S:Subcode></S:Code><S:Reason><S:Text xml:lang="en-US">Invalid
    Request</S:Text></S:Reason><S:Detail><psf:error
    xmlns:psf="http://schemas.microsoft.com/Passport/SoapServices/SOAPFault"><psf:value>0x80048820</psf:value><psf:internal
    error><psf:code>0x8004786c</psf:code><psf:text>Email and UPN do not belong to the same namespace.
    </psf:text></psf:internalerror></psf:error></S:Detail></S:Fault>
    Microsoft.Exchange.Net.WSTrust.SoapFaultException: Soap fault exception received.
       at Microsoft.Exchange.Net.WSTrust.SoapClient.Invoke(IEnumerable`1 headers, XmlElement bodyContent)
       at Microsoft.Exchange.Net.WSTrust.SecurityTokenService.IssueToken(DelegationTokenRequest request)
       at Microsoft.Exchange.Management.Sharing.TestOrganizationRelationship.GetDelegationToken().


    RunspaceId  : e282c622-81ff-4f51-822c-d5b5349acb5f
    Identity    :
    Id          : FailureToGetDelegationToken
    Status      : Error
    Description : Failed to get delegation token: Soap fault exception received..
    IsValid     : True

    VERBOSE: [03:52:01.668 GMT] Test-OrganizationRelationship : Admin Audit Log: Entered Handler:OnComplete.
    VERBOSE: [03:52:01.699 GMT] Test-OrganizationRelationship : Ending processing &

    Saturday, April 19, 2014 4:01 AM

Answers

All replies

  • Hi,

    If your organization is Exchange 2007/2010 coexistence environment, what’s the Exchange version in your Partner company?

    According to your posting, the error occurs when generating delegation token for user
    Michael_Zheng@resourcepro.com.cn for application FYDIBOHF25SPDLT.shippanave.com because that Email and UPN do not belong to the same namespace. Please check whether the DNS TXT records for the federated domain namespace and all other domains you wish to add to the federation trust are configured correctly in federation delegation.

    We can follow the steps in the following article to re-configure your federation delegation:

    http://technet.microsoft.com/en-us/library/ff601760.aspx

    Additionally, here is an blog about different scenarios of federation sharing:

    http://blogs.technet.com/b/exchange/archive/2011/06/28/cross-org-availability-using-federation-trust-and-organization-relationship.aspx#scenario2

    Regards,


    Winnie Liang
    TechNet Community Support

    Wednesday, April 23, 2014 5:34 AM
  • Winnie,

    Thank you for your reply. I just solve my token error by remove and re-create Federation Trust between on-premise and Office 365.

    I will try to follow your reference articles to solve my federated calendar issue.

    Regards,

    Friday, May 9, 2014 8:24 AM