Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Unable to connect to Microsoft Federation Gateway

Posted on 2014-01-28
4
Medium Priority
?
1,407 Views
Last Modified: 2014-03-23
Hello,

I'm having an issue connecting to the Microsoft Federation Gateway using Exchange 2010 SP3 RU4. The Federation has existed for months without issue and recently lost connection. Autodiscover is working as normal and all certificates are up to date (Federation Certificate is Self-Signed as per Microsoft Recommendation). Running Test-FederationTrust -verbose returns this error.

Test-FederationTrust : Failed to retrieve Federation Metadata from the Microsoft Federation Gateway. This operation will be retried in a few seconds. Last error: System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSl/TLS secure channel. System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure

I have tried removing the Federation but the same error occurs on that CMDLET as well.

Any help is appreciated.
0
Comment
Question by:michd
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 9

Expert Comment

by:nick2253
ID: 39815711
Somehow there's a problem is authenticating the connection.

Double check that your connection settings between the services are set to both use (or not use) encryption, etc.
0
 

Author Comment

by:michd
ID: 39815767
According to Microsoft Technet the connection should be going outbound over 443 and coming back in using Autodiscover service. I have tested the Autodiscover service using https://testconnectivity.microsoft.com/ and verified that traffic over 443 is allowed out from the Exchange servers and all appears well traffic wise.

Any other ideas?
0
 

Accepted Solution

by:
michd earned 0 total points
ID: 39938051
Ended up speaking with Microsoft Support on the issue. The root cause was that both local Exchange servers did not trust the SSL cert on the Microsoft Federation Gateway. Solution was to export the cert and import it onto each server
0
 

Author Closing Comment

by:michd
ID: 39948373
The issue was resolved through Microsoft support and my comment provides the solution.
0

Featured Post

What Is Blockchain Technology?

Blockchain is a technology that underpins the success of Bitcoin and other digital currencies, but it has uses far beyond finance. Learn how blockchain works and why it is proving disruptive to other areas of IT.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
I don't pretend to be an expert at this, but I have found a few things that are useful. I hope that sharing them here will help others, so they will not have to face some rather hard choices. Since I felt this to be a topic of enough importance and…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question