Federation Trus And Free/Busy - not work. Error 401 Unauthorized. RRS feed

  • Question

  • Hello!
    Faced with this problem, I can not share free / busy information to another organization. Auto-discovery works well in both organizations, but for authorized users. Of command: Get-FederationInformation rvsco.ru -verbos turns this answer: 

    VERBOSE: [11:22:20.308 GMT] Get-FederationInformation : Active Directory session settings for
    'Get-FederationInformation' are: View Entire Forest: 'False', Default Scope: 'rvsco.ru', Configuration Domain
    Controller: 'rvsco-dc02.rvsco.ru', Preferred Global Catalog: 'rvsco-dc02.rvsco.ru', Preferred Domain Controllers: '{
    rvsco-dc02.rvsco.ru }'
    VERBOSE: [11:22:20.323 GMT] Get-FederationInformation : Runspace context: Executing user:
    rvsco.ru/Administrator_OU/rvsadmin, Executing user organization: , Current organization: , RBAC-enabled: Enabled.
    VERBOSE: [11:22:20.323 GMT] Get-FederationInformation : Beginning processing &
    VERBOSE: [11:22:20.355 GMT] Get-FederationInformation : Current ScopeSet is: { Recipient Read Scope: {{, }}, Recipient
    Write Scopes: {{, }}, Configuration Read Scope: {{, }}, Configuration Write Scope(s): {{, }, }, Exclusive Recipient
    Scope(s): {}, Exclusive Configuration Scope(s): {} }
    VERBOSE: [11:22:20.355 GMT] Get-FederationInformation : Resolved current organization: .
    VERBOSE: [11:22:20.355 GMT] Get-FederationInformation : Using the following trusted host names: *.outlook.com.
    VERBOSE: [11:22:20.370 GMT] Get-FederationInformation : The discovery process returned the following results:
    Type=Failure;Url=https://autodiscover.rvsco.ru/autodiscover/autodiscover.svc;Exception=Discovery for domain rvsco.ru
    failed.;Details=(Type=Failure;Url=https://autodiscover.rvsco.ru/autodiscover/autodiscover.svc;Exception=The request
    failed with HTTP status 401: Unauthorized.;);
    Type=Failure;Url=https://rvsco.ru/autodiscover/autodiscover.svc;Exception=Discovery for domain rvsco.ru
    failed.;Details=(Type=Failure;Url=https://rvsco.ru/autodiscover/autodiscover.svc;Exception=The request failed with HTTP
     status 404: Not Found.;);
    Type=Failure;Url=http://autodiscover.rvsco.ru/autodiscover/autodiscover.xml;Exception=Discovery for domain rvsco.ru
    failed.;Details=(Type=Failure;Url=http://autodiscover.rvsco.ru/autodiscover/autodiscover.xml;Exception=The remote
    server returned an error: (401) Unauthorized.;);
    Type=Failure;Url=http://rvsco.ru/autodiscover/autodiscover.xml;Exception=Discovery for domain rvsco.ru
    failed.;Details=(Type=Failure;Url=http://rvsco.ru/autodiscover/autodiscover.xml;Exception=The remote server returned an
     error: (404) Not Found.;);

    Get-AutodiscoverVirtualDirectory | fl

    RunspaceId                      : da448b71-0949-4c9b-b15c-c067139cc607
    Name                            : Autodiscover (Default Web Site)
    InternalAuthenticationMethods   : {Basic, Ntlm, WindowsIntegrated, WSSecurity}
    ExternalAuthenticationMethods   : {Basic, Ntlm, WindowsIntegrated, WSSecurity}
    LiveIdSpNegoAuthentication      : False
    WSSecurityAuthentication        : True
    LiveIdBasicAuthentication       : False
    BasicAuthentication             : True
    DigestAuthentication            : False
    WindowsAuthentication           : True
    MetabasePath                    : IIS://RVSCO-MX01.rvsco.ru/W3SVC/1/ROOT/Autodiscover
    Path                            : C:\Program Files\Microsoft\Exchange Server\V14\ClientAccess\Autodiscover
    ExtendedProtectionTokenChecking : None
    ExtendedProtectionFlags         : {}
    ExtendedProtectionSPNList       : {}
    Server                          : RVSCO-MX01
    InternalUrl                     :
    ExternalUrl                     : https://autodiscover.rvsco.ru/autodiscover/autodiscover.xml
    AdminDisplayName                :
    ExchangeVersion                 : 0.10 (
    DistinguishedName               : CN=Autodiscover (Default Web Site),CN=HTTP,CN=Protocols,CN=RVSCO-MX01,CN=Servers,CN=E
                                      xchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Rvsco,CN=M
                                      icrosoft Exchange,CN=Services,CN=Configuration,DC=rvsco,DC=ru
    Identity                        : RVSCO-MX01\Autodiscover (Default Web Site)
    Guid                            : c50855f0-9104-422f-8c71-33f1a63544ff
    ObjectCategory                  : rvsco.ru/Configuration/Schema/ms-Exch-Auto-Discover-Virtual-Directory
    ObjectClass                     : {top, msExchVirtualDirectory, msExchAutoDiscoverVirtualDirectory}
    WhenChanged                     : 12.07.2012 18:19:38
    WhenCreated                     : 05.07.2012 17:40:21
    WhenChangedUTC                  : 12.07.2012 14:19:38
    WhenCreatedUTC                  : 05.07.2012 13:40:21
    OrganizationId                  :
    OriginatingServer               : rvsco-dc02.rvsco.ru
    IsValid                         : True

    Test-FederationTrustCertificate | fl

    RunspaceId : da448b71-0949-4c9b-b15c-c067139cc607
    Site       : rvsco.ru/Configuration/Sites/Default-Firs
    Server     : RVSCO-MX01
    State      : Installed
    Thumbprint : A91EEBCE652DDA7677332B8847FA8E0BA2A94674

    Tell me what is wrong?

    Monday, July 16, 2012 11:40 AM

All replies

  • Hi Pnagibin,

    Did you creates a federation trust with the Microsoft Federation Gateway?
    I would suggest that you could refer below article to confirm you have configured everything well,



    TechNet Community Support

    Wednesday, July 18, 2012 7:17 AM
  • Hi Gavin-Zhang,

    I read this statement, as well as searching the forums similar problem, tried lots of different recommendations, but could not solve this problem and was confused.

    Autodiscover is working.
    TXT records exist.
    The Microsoft Federation Trust is established. (Microsoft Federation Gateway)
    But I can not create the Organization Relationship.

    The Client Access Server is behind a firewall Forefront TMG, the listener is configured with authentication "HTML Form", set up a rule for Autodiscover with authenticated No delegation, but client may authenticate directly
    • Edited by pnagibin Wednesday, July 18, 2012 7:50 AM
    Wednesday, July 18, 2012 7:26 AM
  • Hi pngibin,

    Per the information, you are using TMG as the proxy, please try as below:
    1. confirm both of end configure the Organization relationship well
    2. Check TargetSharingEpr and post here, then we could narrow down the issue
       refer to below:
    3. do you have other version of exchange in your scenario
    4. caused by Missing svc-Integrated handler and misconfigured web.config file of Autodiscover, plase try : make appropriate entries for svc-Integrated handler in Applicationhost.config and Correct the web.config file



    TechNet Community Support

    Thursday, July 19, 2012 10:22 AM