Solved

Federation Information could not be received error during 2007 to Office 365 migration

Posted on 2015-01-06
13
1,596 Views
Last Modified: 2015-01-15
Hi

While going through through the an on premise 2007 to Office365 migration, we are getting a "Federation Information could not be received" error when running Get-FederationInformation -domainname ourdomain.co.uk

Upon further reading, I've come across this MS article:

http://support.microsoft.com/kb/2773628

Here is the output for  

Get-FederationInformation -domainname ourdomain.co.uk

Federation information could not be received from the external organization.
    + CategoryInfo          : NotSpecified: (:) [Get-FederationInformation], G
   etFederationInformationFailedException
    + FullyQualifiedErrorId : [Server=AMSPR06MB245,RequestId=0816da52-03ec-49a
   7-bae1-ed3c3784b1f4,TimeStamp=06/01/2015 15:41:08] [FailureCategory=Cmdlet
  -GetFederationInformationFailedException] D319C519,Microsoft.Exchange.Mana
gement.SystemConfigurationTasks.GetFederationInformation
    + PSComputerName        : outlook.office365.com
 

It is not error 405 that is described in the above article.

Any one seen this before? Any help would be greatly appreciated.

Thanks

M
0
Comment
Question by:mk112233
  • 8
  • 5
13 Comments
 
LVL 40

Expert Comment

by:Vasil Michev (MVP)
ID: 40533813
Can you run the Get-FederationInformation cmdlet with the -Verbose parameter and post the full error/output? It's usually autodiscover related, but you never know.
0
 

Author Comment

by:mk112233
ID: 40535350
the exact output is

PS C:\Windows\system32> Get-FederationInformation -DomainName MYDOMAIN.CO.UK -Verbose
Federation information could not be received from the external organization.
    + CategoryInfo          : NotSpecified: (:) [Get-FederationInformation], GetFederationInformat
   ionFailedException
    + FullyQualifiedErrorId : [Server=AMSPR06MB245,RequestId=9fe24329-df84-453b-8cbd-98a404375fc7,
   TimeStamp=07/01/2015 11:26:04] [FailureCategory=Cmdlet-GetFederationInformationFailedException
  ] D20A8247,Microsoft.Exchange.Management.SystemConfigurationTasks.GetFederationInformation
    + PSComputerName        : outlook.office365.com

Does autodiscover ABSOLUTELY have to resolve to the hybrid server in order for this to work?


Thanks

M
0
 

Author Comment

by:mk112233
ID: 40535360
Autodiscover currently resolves to one of the on-premise CAS servers due to some other problems we were having
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 40

Expert Comment

by:Vasil Michev (MVP)
ID: 40535462
What kind of record you have? SRV is not supported.

Can you run the Get-FederationInformation cmdlet from the EMS, verbose will give more info there.

Refer to this article for more info: http://blogs.technet.com/b/mikehall/archive/2013/08/21/office-365-insight-into-the-hybrid-configuration-wizard-part-2.aspx
0
 

Author Comment

by:mk112233
ID: 40535545
temp
0
 

Author Comment

by:mk112233
ID: 40535550
Actual text: -

[PS] C:\Windows\system32>Get-FederationInformation -DomainName MYDOMAIN.co.uk -Verbose
VERBOSE: [13:38:38.030 GMT] Get-FederationInformation : Active Directory session settings for
'Get-FederationInformation' are: View Entire Forest: 'False', Default Scope: 'DOMAIN.local', Configuration Domain
Controller: 'DC.DOMAIN.local', Preferred Global Catalog: 'SERVER.DOMAIN.local', Preferred Domain
Controllers: '{ DC.DOMAIN.local }'
VERBOSE: [13:38:38.030 GMT] Get-FederationInformation : Runspace context: Executing user: Domain.local/Domain Security
Groups/_adm_DOMAINADMIN, Executing user organization: , Current organization: , RBAC-enabled: Enabled.
VERBOSE: [13:38:38.030 GMT] Get-FederationInformation : Beginning processing &
VERBOSE: [13:38:39.778 GMT] Get-FederationInformation : Current ScopeSet is: { Recipient Read Scope: {{, }}, Recipient
Write Scopes: {{, }}, Configuration Read Scope: {{, }}, Configuration Write Scope(s): {{, }, }, Exclusive Recipient
Scope(s): {}, Exclusive Configuration Scope(s): {} }
VERBOSE: [13:38:39.778 GMT] Get-FederationInformation : Resolved current organization: .
VERBOSE: [13:38:39.825 GMT] Get-FederationInformation : Using the following trusted host names: *.outlook.com.
VERBOSE: [13:38:39.965 GMT] Get-FederationInformation : The discovery process returned the following results:
Type=Failure;Url=https://autodiscover.MYDOMAIN.co.uk/autodiscover/autodiscover.svc;Exception=Discovery for domain
MYDOMAIN.co.uk
failed.;Details=(Type=Failure;Url=https://autodiscover.MYDOMAIN.co.uk/autodiscover/autodiscover.svc;Exception=The request
failed with HTTP status 405: Method Not Allowed.;);
Type=Failure;Url=https://MYDOMAIN.co.uk/autodiscover/autodiscover.svc;Exception=Discovery for domain MYDOMAIN.co.uk
failed.;Details=(Type=Failure;Url=https://MYDOMAIN.co.uk/autodiscover/autodiscover.svc;Exception=The underlying
connection was closed: An unexpected error occurred on a send.;);
Type=Failure;Url=http://autodiscover.MYDOMAIN.co.uk/autodiscover/autodiscover.xml;Exception=Discovery for domain
MYDOMAIN.co.uk
failed.;Details=(Type=Failure;Url=http://autodiscover.MYDOMAIN.co.uk/autodiscover/autodiscover.xml;Exception=The remote
server returned an error: (403) Forbidden.;);
Type=Failure;Url=http://MYDOMAIN.co.uk/autodiscover/autodiscover.xml;Exception=Discovery for domain MYDOMAIN.co.uk
failed.;Details=(Type=Failure;Url=http://MYDOMAIN.co.uk/autodiscover/autodiscover.xml;Exception=Unexpected status code in
response: MovedPermanently.;);
.
Federation information could not be received from the external organization.
    + CategoryInfo          : NotSpecified: (:) [Get-FederationInformation], GetFederationInformationFailedException
    + FullyQualifiedErrorId : 97A6B09B,Microsoft.Exchange.Management.SystemConfigurationTasks.GetFederationInformation
    + PSComputerName        : CASsrv.DOMAIN.local

VERBOSE: [13:38:39.965 GMT] Get-FederationInformation : Ending processing &

We have no SRV record, just an A record pointing at one of the on-premise CAS servers. The host file on the hybrid server has a loopback entry for 127.0.0.1 autodiscover.MYDOMAIN.co.uk

We have just changed the autodiscover A record on AD DNS to point to the Hybrid server, but i dont see how it will make any difference

Thanks
0
 
LVL 40

Expert Comment

by:Vasil Michev (MVP)
ID: 40535653
Well you have the 405 error on the scv endpoint, just as the article you linked above. In addition, you get an 403 error on the http redirect endpoint, at least this one should be accessible externally. Can you browse to it from external PC or run the test from ExRCA? Are you using ISA/TMG? If so, have you made sure that autodiscover is correctly published?

Check the WSSecurity settings on the virtual directory, make sure it's set to True. If it's still not working, recreate the virtual directory.
0
 

Author Comment

by:mk112233
ID: 40535697
Remoteconectivityanalyser (ExRCA?) gives us a Green Pass on autodiscover settings. We are no longer using TMG - the hybrid is behind a single firewall from the Internet.

So re you suggesting we reinstall the handler mappings in IIS,as described in http://support.microsoft.com/kb/2773628 as well as recreate Virtual directory (please clarify which one?)

Also what are the implications of error 403?

Thanks

M
0
 

Author Comment

by:mk112233
ID: 40535703
I have checked the settings for WSSecurityAuthentication using the command get-AutodiscoverVirtualDirectory -Identity 'autodiscover (Default Web Site)' | fl and get the following: -
WSSecurityAuthentication        : True
0
 

Author Comment

by:mk112233
ID: 40535759
As for Error 405

We do not have the symptom described in this article

 http://support.microsoft.com/kb/2773628

"This issue occurs if the IIS configuration is missing the svc-Integrated handler mapping. The following screen shot shows an example of the svc-Integrated handler mapping in IIS"

We have svc-Integrated listed in IIS exactly as shown in this article
0
 
LVL 40

Accepted Solution

by:
Vasil Michev (MVP) earned 500 total points
ID: 40536461
ExRCA doesnt test the svc endpoint, so it would not show anything there. If the handler is present and enabled it *should* be working though, the only other suggestion I can think of is recreating the Autodiscover virtual directory.

I'm curious to see on which method ExRCA succeeds? Does it pass the HTTP redirect one, which is also failing for you when you run the Get-FederationInformation?
0
 

Author Comment

by:mk112233
ID: 40537388
No, HTTP re-direct returns the following error:

Attempting to test potential Autodiscover URL https://MYDOMAIN.co.uk:443/Autodiscover/Autodiscover.xml
       Testing of this potential Autodiscover URL failed.
       
      Additional Details
       
Elapsed Time: 671 ms.

autodiscover virtual directory has already been re-created a number of times previously - my team are reluctant to do it againm unless its the last resort..
0
 
LVL 40

Expert Comment

by:Vasil Michev (MVP)
ID: 40537475
That's the HTTPS one. Does the HTTP one pass externally? Try opening the URLs directly from a browser and compare the results with external and internal machine.
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
A list of top three free exchange EDB viewers that helps the user to extract a mailbox from an unmounted .edb file and get a clear preview of all emails & other items with just a single click on mailboxes.
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question