Solved

Unable to connect to Microsoft Federation Gateway

Posted on 2014-01-28
4
1,329 Views
Last Modified: 2014-03-23
Hello,

I'm having an issue connecting to the Microsoft Federation Gateway using Exchange 2010 SP3 RU4. The Federation has existed for months without issue and recently lost connection. Autodiscover is working as normal and all certificates are up to date (Federation Certificate is Self-Signed as per Microsoft Recommendation). Running Test-FederationTrust -verbose returns this error.

Test-FederationTrust : Failed to retrieve Federation Metadata from the Microsoft Federation Gateway. This operation will be retried in a few seconds. Last error: System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSl/TLS secure channel. System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure

I have tried removing the Federation but the same error occurs on that CMDLET as well.

Any help is appreciated.
0
Comment
Question by:michd
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 9

Expert Comment

by:nick2253
ID: 39815711
Somehow there's a problem is authenticating the connection.

Double check that your connection settings between the services are set to both use (or not use) encryption, etc.
0
 

Author Comment

by:michd
ID: 39815767
According to Microsoft Technet the connection should be going outbound over 443 and coming back in using Autodiscover service. I have tested the Autodiscover service using https://testconnectivity.microsoft.com/ and verified that traffic over 443 is allowed out from the Exchange servers and all appears well traffic wise.

Any other ideas?
0
 

Accepted Solution

by:
michd earned 0 total points
ID: 39938051
Ended up speaking with Microsoft Support on the issue. The root cause was that both local Exchange servers did not trust the SSL cert on the Microsoft Federation Gateway. Solution was to export the cert and import it onto each server
0
 

Author Closing Comment

by:michd
ID: 39948373
The issue was resolved through Microsoft support and my comment provides the solution.
0

Featured Post

The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains how to install and use the NTBackup utility that comes with Windows Server.
How to resolve IMCEAEX NDRs in Exchange or Exchange Online related to invalid X500 addresses.
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…
Suggested Courses

626 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question