Solved

Federation Information could not be received error during 2007 to Office 365 migration

Posted on 2015-01-06
13
1,475 Views
Last Modified: 2015-01-15
Hi

While going through through the an on premise 2007 to Office365 migration, we are getting a "Federation Information could not be received" error when running Get-FederationInformation -domainname ourdomain.co.uk

Upon further reading, I've come across this MS article:

http://support.microsoft.com/kb/2773628

Here is the output for  

Get-FederationInformation -domainname ourdomain.co.uk

Federation information could not be received from the external organization.
    + CategoryInfo          : NotSpecified: (:) [Get-FederationInformation], G
   etFederationInformationFailedException
    + FullyQualifiedErrorId : [Server=AMSPR06MB245,RequestId=0816da52-03ec-49a
   7-bae1-ed3c3784b1f4,TimeStamp=06/01/2015 15:41:08] [FailureCategory=Cmdlet
  -GetFederationInformationFailedException] D319C519,Microsoft.Exchange.Mana
gement.SystemConfigurationTasks.GetFederationInformation
    + PSComputerName        : outlook.office365.com
 

It is not error 405 that is described in the above article.

Any one seen this before? Any help would be greatly appreciated.

Thanks

M
0
Comment
Question by:mk112233
  • 8
  • 5
13 Comments
 
LVL 38

Expert Comment

by:Vasil Michev (MVP)
ID: 40533813
Can you run the Get-FederationInformation cmdlet with the -Verbose parameter and post the full error/output? It's usually autodiscover related, but you never know.
0
 

Author Comment

by:mk112233
ID: 40535350
the exact output is

PS C:\Windows\system32> Get-FederationInformation -DomainName MYDOMAIN.CO.UK -Verbose
Federation information could not be received from the external organization.
    + CategoryInfo          : NotSpecified: (:) [Get-FederationInformation], GetFederationInformat
   ionFailedException
    + FullyQualifiedErrorId : [Server=AMSPR06MB245,RequestId=9fe24329-df84-453b-8cbd-98a404375fc7,
   TimeStamp=07/01/2015 11:26:04] [FailureCategory=Cmdlet-GetFederationInformationFailedException
  ] D20A8247,Microsoft.Exchange.Management.SystemConfigurationTasks.GetFederationInformation
    + PSComputerName        : outlook.office365.com

Does autodiscover ABSOLUTELY have to resolve to the hybrid server in order for this to work?


Thanks

M
0
 

Author Comment

by:mk112233
ID: 40535360
Autodiscover currently resolves to one of the on-premise CAS servers due to some other problems we were having
0
 
LVL 38

Expert Comment

by:Vasil Michev (MVP)
ID: 40535462
What kind of record you have? SRV is not supported.

Can you run the Get-FederationInformation cmdlet from the EMS, verbose will give more info there.

Refer to this article for more info: http://blogs.technet.com/b/mikehall/archive/2013/08/21/office-365-insight-into-the-hybrid-configuration-wizard-part-2.aspx
0
 

Author Comment

by:mk112233
ID: 40535545
temp
0
 

Author Comment

by:mk112233
ID: 40535550
Actual text: -

[PS] C:\Windows\system32>Get-FederationInformation -DomainName MYDOMAIN.co.uk -Verbose
VERBOSE: [13:38:38.030 GMT] Get-FederationInformation : Active Directory session settings for
'Get-FederationInformation' are: View Entire Forest: 'False', Default Scope: 'DOMAIN.local', Configuration Domain
Controller: 'DC.DOMAIN.local', Preferred Global Catalog: 'SERVER.DOMAIN.local', Preferred Domain
Controllers: '{ DC.DOMAIN.local }'
VERBOSE: [13:38:38.030 GMT] Get-FederationInformation : Runspace context: Executing user: Domain.local/Domain Security
Groups/_adm_DOMAINADMIN, Executing user organization: , Current organization: , RBAC-enabled: Enabled.
VERBOSE: [13:38:38.030 GMT] Get-FederationInformation : Beginning processing &
VERBOSE: [13:38:39.778 GMT] Get-FederationInformation : Current ScopeSet is: { Recipient Read Scope: {{, }}, Recipient
Write Scopes: {{, }}, Configuration Read Scope: {{, }}, Configuration Write Scope(s): {{, }, }, Exclusive Recipient
Scope(s): {}, Exclusive Configuration Scope(s): {} }
VERBOSE: [13:38:39.778 GMT] Get-FederationInformation : Resolved current organization: .
VERBOSE: [13:38:39.825 GMT] Get-FederationInformation : Using the following trusted host names: *.outlook.com.
VERBOSE: [13:38:39.965 GMT] Get-FederationInformation : The discovery process returned the following results:
Type=Failure;Url=https://autodiscover.MYDOMAIN.co.uk/autodiscover/autodiscover.svc;Exception=Discovery for domain
MYDOMAIN.co.uk
failed.;Details=(Type=Failure;Url=https://autodiscover.MYDOMAIN.co.uk/autodiscover/autodiscover.svc;Exception=The request
failed with HTTP status 405: Method Not Allowed.;);
Type=Failure;Url=https://MYDOMAIN.co.uk/autodiscover/autodiscover.svc;Exception=Discovery for domain MYDOMAIN.co.uk
failed.;Details=(Type=Failure;Url=https://MYDOMAIN.co.uk/autodiscover/autodiscover.svc;Exception=The underlying
connection was closed: An unexpected error occurred on a send.;);
Type=Failure;Url=http://autodiscover.MYDOMAIN.co.uk/autodiscover/autodiscover.xml;Exception=Discovery for domain
MYDOMAIN.co.uk
failed.;Details=(Type=Failure;Url=http://autodiscover.MYDOMAIN.co.uk/autodiscover/autodiscover.xml;Exception=The remote
server returned an error: (403) Forbidden.;);
Type=Failure;Url=http://MYDOMAIN.co.uk/autodiscover/autodiscover.xml;Exception=Discovery for domain MYDOMAIN.co.uk
failed.;Details=(Type=Failure;Url=http://MYDOMAIN.co.uk/autodiscover/autodiscover.xml;Exception=Unexpected status code in
response: MovedPermanently.;);
.
Federation information could not be received from the external organization.
    + CategoryInfo          : NotSpecified: (:) [Get-FederationInformation], GetFederationInformationFailedException
    + FullyQualifiedErrorId : 97A6B09B,Microsoft.Exchange.Management.SystemConfigurationTasks.GetFederationInformation
    + PSComputerName        : CASsrv.DOMAIN.local

VERBOSE: [13:38:39.965 GMT] Get-FederationInformation : Ending processing &

We have no SRV record, just an A record pointing at one of the on-premise CAS servers. The host file on the hybrid server has a loopback entry for 127.0.0.1 autodiscover.MYDOMAIN.co.uk

We have just changed the autodiscover A record on AD DNS to point to the Hybrid server, but i dont see how it will make any difference

Thanks
0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 
LVL 38

Expert Comment

by:Vasil Michev (MVP)
ID: 40535653
Well you have the 405 error on the scv endpoint, just as the article you linked above. In addition, you get an 403 error on the http redirect endpoint, at least this one should be accessible externally. Can you browse to it from external PC or run the test from ExRCA? Are you using ISA/TMG? If so, have you made sure that autodiscover is correctly published?

Check the WSSecurity settings on the virtual directory, make sure it's set to True. If it's still not working, recreate the virtual directory.
0
 

Author Comment

by:mk112233
ID: 40535697
Remoteconectivityanalyser (ExRCA?) gives us a Green Pass on autodiscover settings. We are no longer using TMG - the hybrid is behind a single firewall from the Internet.

So re you suggesting we reinstall the handler mappings in IIS,as described in http://support.microsoft.com/kb/2773628 as well as recreate Virtual directory (please clarify which one?)

Also what are the implications of error 403?

Thanks

M
0
 

Author Comment

by:mk112233
ID: 40535703
I have checked the settings for WSSecurityAuthentication using the command get-AutodiscoverVirtualDirectory -Identity 'autodiscover (Default Web Site)' | fl and get the following: -
WSSecurityAuthentication        : True
0
 

Author Comment

by:mk112233
ID: 40535759
As for Error 405

We do not have the symptom described in this article

 http://support.microsoft.com/kb/2773628

"This issue occurs if the IIS configuration is missing the svc-Integrated handler mapping. The following screen shot shows an example of the svc-Integrated handler mapping in IIS"

We have svc-Integrated listed in IIS exactly as shown in this article
0
 
LVL 38

Accepted Solution

by:
Vasil Michev (MVP) earned 500 total points
ID: 40536461
ExRCA doesnt test the svc endpoint, so it would not show anything there. If the handler is present and enabled it *should* be working though, the only other suggestion I can think of is recreating the Autodiscover virtual directory.

I'm curious to see on which method ExRCA succeeds? Does it pass the HTTP redirect one, which is also failing for you when you run the Get-FederationInformation?
0
 

Author Comment

by:mk112233
ID: 40537388
No, HTTP re-direct returns the following error:

Attempting to test potential Autodiscover URL https://MYDOMAIN.co.uk:443/Autodiscover/Autodiscover.xml
       Testing of this potential Autodiscover URL failed.
       
      Additional Details
       
Elapsed Time: 671 ms.

autodiscover virtual directory has already been re-created a number of times previously - my team are reluctant to do it againm unless its the last resort..
0
 
LVL 38

Expert Comment

by:Vasil Michev (MVP)
ID: 40537475
That's the HTTPS one. Does the HTTP one pass externally? Try opening the URLs directly from a browser and compare the results with external and internal machine.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Utilizing an array to gracefully append to a list of EmailAddresses
Find out what Office 365 Transport Rules are, how they work and their limitations managing Office 365 signatures.
Office 365 is currently available in five editions. Three of them are for business use: Office 365 Business Essentials, Office 365 Business, and Office 365 Business Premium. Two of them are for home/personal use: Office 365 Home and Office 365 Perso…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now