none
Federation Trust Free/Busy not showing on-premise RRS feed

  • Question

  • Hi,

    I have two separate on-premise Exchange Server 2010sp3 trying to do calendar sharing.  The federation trust and organization relationship was successfully setup.  The calendars on both sides open but no information is displayed. 

    I'm getting an error message on my Exchange Server that I can't figure out how to resolve.  WSSecurityauthentication is set to true at autodiscovervirtualdirectory and webservicesvirtualdirectory.  test-organizationrelationship didn't respond with any errors.  I believe this error is causing free/busy info not to show on the calendar.

    Event 4002, MSExchange Availability

    Process 9284: ProxyWebRequest FederatedCrossForest from S-1-5-21-1685695643-2742731794-459845495-1382 to https://mail.fabrikam.com/EWS/Exchange.asmx/WSSecurity failed. Caller SIDs: WSSecurity. The exception returned is Microsoft.Exchange.InfoWorker.Common.Availability.ProxyWebRequestProcessingException: System.Web.Services.Protocols.SoapHeaderException: An error occurred when verifying security for the message.
       at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, Boolean asyncCall)
       at System.Web.Services.Protocols.SoapHttpClientProtocol.EndInvoke(IAsyncResult asyncResult)
       at Microsoft.Exchange.InfoWorker.Common.Availability.Proxy.Service.EndGetMailTips(IAsyncResult asyncResult)
       at Microsoft.Exchange.InfoWorker.Common.MailTips.MailTipsApplication.EndProxyWebRequest(ProxyWebRequest proxyWebRequest, QueryList queryList, Service service, IAsyncResult asyncResult)
       at Microsoft.Exchange.InfoWorker.Common.Availability.ProxyWebRequest.EndInvoke(IAsyncResult asyncResult)
       at Microsoft.Exchange.InfoWorker.Common.Availability.AsyncWebRequest.EndInvokeWithErrorHandling(). The request information is ProxyWebRequest type = FederatedCrossForest, url = https://mail.fabrikam.com/EWS/Exchange.asmx/WSSecurity
    Mailbox list = <>SMTP:siteB@fabrikam.com, 5410344 SMTP:siteA@contoso.com
    . ---> System.Web.Services.Protocols.SoapHeaderException: An error occurred when verifying security for the message.
       at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, Boolean asyncCall)
       at System.Web.Services.Protocols.SoapHttpClientProtocol.EndInvoke(IAsyncResult asyncResult)
       at Microsoft.Exchange.InfoWorker.Common.Availability.Proxy.Service.EndGetMailTips(IAsyncResult asyncResult)
       at Microsoft.Exchange.InfoWorker.Common.MailTips.MailTipsApplication.EndProxyWebRequest(ProxyWebRequest proxyWebRequest, QueryList queryList, Service service, IAsyncResult asyncResult)
       at Microsoft.Exchange.InfoWorker.Common.Availability.ProxyWebRequest.EndInvoke(IAsyncResult asyncResult)
       at Microsoft.Exchange.InfoWorker.Common.Availability.AsyncWebRequest.EndInvokeWithErrorHandling()
       --- End of inner exception stack trace ---
    . Name of the server where exception originated: CAS. Make sure that the Active Directory site/forest that contain the user's mailbox has at least one local Exchange 2010 server running the Availability service. Turn up logging for the Availability service and test basic network connectivity. 

    Thanks,

    Doug


    • Edited by Doug125 Wednesday, March 19, 2014 9:38 PM
    Wednesday, March 19, 2014 8:34 PM

Answers

  • Hi Doug,

    According to you post, it seems that all your configuration are checked and configured correctly. The event 4002 indicates that the issue is related to WSSecurity authorization. Please try the following methods:

    1. On both the organization, run the following cmdlet:

    Get-FederationTrust | Set-FederationTrust –RefreshMetaData

    2. Reset the WSSecurity Authentication on CAS servers on two Exchange Organization by performing the following commands:

    Get-AutodiscoverVirtualDirectory –Server “CAS” | Set-Autodiscovervirtualdirectory –WSSecurityAuthentication $false

    Get-WebServicesVirtualDirectory –Server “CAS” | Set-WebServicesVirtualDirectory –WSSecurityAuthentication $false

    Reset IIS by running IISRESET

    Get-AutodiscoverVirtualDirectory –Server “CAS” | Set-Autodiscovervirtualdirectory –WSSecurityAuthentication $True

    Get-WebServicesVirtualDirectory –Server “CAS” | Set-WebServicesVirtualDirectory –WSSecurityAuthentication $True

    Reset IIS by running IISRESET

    If the issue persists, please check your TMG configuration and disable authentication in TMG to have a try.

    Thanks,


    Winnie Liang
    TechNet Community Support

    • Marked as answer by Doug125 Friday, March 21, 2014 5:27 PM
    Friday, March 21, 2014 6:52 AM
    Moderator

All replies

  • Hi Doug,

    According to you post, it seems that all your configuration are checked and configured correctly. The event 4002 indicates that the issue is related to WSSecurity authorization. Please try the following methods:

    1. On both the organization, run the following cmdlet:

    Get-FederationTrust | Set-FederationTrust –RefreshMetaData

    2. Reset the WSSecurity Authentication on CAS servers on two Exchange Organization by performing the following commands:

    Get-AutodiscoverVirtualDirectory –Server “CAS” | Set-Autodiscovervirtualdirectory –WSSecurityAuthentication $false

    Get-WebServicesVirtualDirectory –Server “CAS” | Set-WebServicesVirtualDirectory –WSSecurityAuthentication $false

    Reset IIS by running IISRESET

    Get-AutodiscoverVirtualDirectory –Server “CAS” | Set-Autodiscovervirtualdirectory –WSSecurityAuthentication $True

    Get-WebServicesVirtualDirectory –Server “CAS” | Set-WebServicesVirtualDirectory –WSSecurityAuthentication $True

    Reset IIS by running IISRESET

    If the issue persists, please check your TMG configuration and disable authentication in TMG to have a try.

    Thanks,


    Winnie Liang
    TechNet Community Support

    • Marked as answer by Doug125 Friday, March 21, 2014 5:27 PM
    Friday, March 21, 2014 6:52 AM
    Moderator
  • Hi Winnie,

    Thanks for your response.  Seems like we're making progress.  I was able to see the remote side's calendar info after your suggestion.  The problem is that they can't see my calendar info.  I'm requesting that they send me any error logs they are still receiving.  Will post back with results.

    Please let me know if you have any suggestions in the meantime.

    Thanks,

    Doug

    P.S.  Will this error cause any issues with the Fed Trust.  I believe I just need to run adprep to get the discovery mailbox back.

    Event 5000, MSExchange Management Application

    Failed to save admin audit log for this cmdlet invocation.
    Organization:  
    Log content:
    Subject: greencourtepartners.local/Administrative Accounts/GCPartners : Set-WebServicesVirtualDirectory
    Body:
    Cmdlet Name: Set-WebServicesVirtualDirectory
    Object Modified: GCP-EXCH03\EWS (Default Web Site)
    Parameter: WSSecurityAuthentication = True
    Parameter: Identity = GCP-EXCH03\EWS (Default Web Site)
    Property Modified: AuthenticationMethodFlags = Ntlm, WindowsIntegrated, WSSecurity
    Property Modified: InternalAuthenticationMethods = Ntlm;WindowsIntegrated;WSSecurity
    Property Modified: ExternalAuthenticationMethods = Ntlm;WindowsIntegrated;WSSecurity
    Property Original: AuthenticationMethodFlags = Ntlm, WindowsIntegrated
    Property Original: InternalAuthenticationMethods = Ntlm;WindowsIntegrated
    Property Original: ExternalAuthenticationMethods = Ntlm;WindowsIntegrated
    Caller: greencourtepartners.local/Administrative Accounts/GCPartners
    Succeeded: True
    Error: None
    Run Date: 2014-03-21T15:44:52
    OriginatingServer: GCP-EXCH03 (14.03.0123.002)
     
    Error:
    Exception thrown during AdminLogProvisioningHandler.Validate: Microsoft.Exchange.Data.Storage.ObjectNotFoundException: The discovery mailbox, a hidden default mailbox that is required to search mailboxes, can't be found. It may have been inadvertently deleted. This mailbox must be re-created before you can search mailboxes.
       at Microsoft.Exchange.Data.Storage.Infoworker.MailboxSearch.MailboxDataProvider.GetDiscoveryMailbox(ADRecipientSession session)
       at Microsoft.Exchange.Management.SystemConfigurationTasks.AdminAuditLogHelper.CheckArbitrationMailboxStatus(OrganizationId organizationId, ADUser& user, ExchangePrincipal& principal, String& errorMessage)


    • Edited by Doug125 Friday, March 21, 2014 3:59 PM
    Friday, March 21, 2014 3:51 PM
  • Hi ,

    i also had this issues and a download of the address book fixed my Problem.

    i was able to see the information only with Exchange-Cache-Modus disabled.

    Friday, March 21, 2014 4:35 PM
  • Thanks for your response.  It took about 15 minutes but both sides can see calendar info now.

    Thanks for your help.Doug

    Friday, March 21, 2014 5:27 PM
  • Hello can you please describe in more details the procedure you performed to resolve this problem?  I have the same issue as well.  Thank you.

    anthony maw/vancouver/canada

    Monday, June 9, 2014 1:32 PM
  • I followed Winnie's directions.  If it's still not working I would suggest removing the trust and re-creating it.

    Doug

    Tuesday, June 10, 2014 6:29 PM