?
Solved

Federation Information could not be received error during 2007 to Office 365 migration

Posted on 2015-01-06
13
Medium Priority
?
1,890 Views
Last Modified: 2015-01-15
Hi

While going through through the an on premise 2007 to Office365 migration, we are getting a "Federation Information could not be received" error when running Get-FederationInformation -domainname ourdomain.co.uk

Upon further reading, I've come across this MS article:

http://support.microsoft.com/kb/2773628

Here is the output for  

Get-FederationInformation -domainname ourdomain.co.uk

Federation information could not be received from the external organization.
    + CategoryInfo          : NotSpecified: (:) [Get-FederationInformation], G
   etFederationInformationFailedException
    + FullyQualifiedErrorId : [Server=AMSPR06MB245,RequestId=0816da52-03ec-49a
   7-bae1-ed3c3784b1f4,TimeStamp=06/01/2015 15:41:08] [FailureCategory=Cmdlet
  -GetFederationInformationFailedException] D319C519,Microsoft.Exchange.Mana
gement.SystemConfigurationTasks.GetFederationInformation
    + PSComputerName        : outlook.office365.com
 

It is not error 405 that is described in the above article.

Any one seen this before? Any help would be greatly appreciated.

Thanks

M
0
Comment
Question by:mk112233
  • 8
  • 5
13 Comments
 
LVL 44

Expert Comment

by:Vasil Michev (MVP)
ID: 40533813
Can you run the Get-FederationInformation cmdlet with the -Verbose parameter and post the full error/output? It's usually autodiscover related, but you never know.
0
 

Author Comment

by:mk112233
ID: 40535350
the exact output is

PS C:\Windows\system32> Get-FederationInformation -DomainName MYDOMAIN.CO.UK -Verbose
Federation information could not be received from the external organization.
    + CategoryInfo          : NotSpecified: (:) [Get-FederationInformation], GetFederationInformat
   ionFailedException
    + FullyQualifiedErrorId : [Server=AMSPR06MB245,RequestId=9fe24329-df84-453b-8cbd-98a404375fc7,
   TimeStamp=07/01/2015 11:26:04] [FailureCategory=Cmdlet-GetFederationInformationFailedException
  ] D20A8247,Microsoft.Exchange.Management.SystemConfigurationTasks.GetFederationInformation
    + PSComputerName        : outlook.office365.com

Does autodiscover ABSOLUTELY have to resolve to the hybrid server in order for this to work?


Thanks

M
0
 

Author Comment

by:mk112233
ID: 40535360
Autodiscover currently resolves to one of the on-premise CAS servers due to some other problems we were having
0
Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

 
LVL 44

Expert Comment

by:Vasil Michev (MVP)
ID: 40535462
What kind of record you have? SRV is not supported.

Can you run the Get-FederationInformation cmdlet from the EMS, verbose will give more info there.

Refer to this article for more info: http://blogs.technet.com/b/mikehall/archive/2013/08/21/office-365-insight-into-the-hybrid-configuration-wizard-part-2.aspx
0
 

Author Comment

by:mk112233
ID: 40535545
temp
0
 

Author Comment

by:mk112233
ID: 40535550
Actual text: -

[PS] C:\Windows\system32>Get-FederationInformation -DomainName MYDOMAIN.co.uk -Verbose
VERBOSE: [13:38:38.030 GMT] Get-FederationInformation : Active Directory session settings for
'Get-FederationInformation' are: View Entire Forest: 'False', Default Scope: 'DOMAIN.local', Configuration Domain
Controller: 'DC.DOMAIN.local', Preferred Global Catalog: 'SERVER.DOMAIN.local', Preferred Domain
Controllers: '{ DC.DOMAIN.local }'
VERBOSE: [13:38:38.030 GMT] Get-FederationInformation : Runspace context: Executing user: Domain.local/Domain Security
Groups/_adm_DOMAINADMIN, Executing user organization: , Current organization: , RBAC-enabled: Enabled.
VERBOSE: [13:38:38.030 GMT] Get-FederationInformation : Beginning processing &
VERBOSE: [13:38:39.778 GMT] Get-FederationInformation : Current ScopeSet is: { Recipient Read Scope: {{, }}, Recipient
Write Scopes: {{, }}, Configuration Read Scope: {{, }}, Configuration Write Scope(s): {{, }, }, Exclusive Recipient
Scope(s): {}, Exclusive Configuration Scope(s): {} }
VERBOSE: [13:38:39.778 GMT] Get-FederationInformation : Resolved current organization: .
VERBOSE: [13:38:39.825 GMT] Get-FederationInformation : Using the following trusted host names: *.outlook.com.
VERBOSE: [13:38:39.965 GMT] Get-FederationInformation : The discovery process returned the following results:
Type=Failure;Url=https://autodiscover.MYDOMAIN.co.uk/autodiscover/autodiscover.svc;Exception=Discovery for domain
MYDOMAIN.co.uk
failed.;Details=(Type=Failure;Url=https://autodiscover.MYDOMAIN.co.uk/autodiscover/autodiscover.svc;Exception=The request
failed with HTTP status 405: Method Not Allowed.;);
Type=Failure;Url=https://MYDOMAIN.co.uk/autodiscover/autodiscover.svc;Exception=Discovery for domain MYDOMAIN.co.uk
failed.;Details=(Type=Failure;Url=https://MYDOMAIN.co.uk/autodiscover/autodiscover.svc;Exception=The underlying
connection was closed: An unexpected error occurred on a send.;);
Type=Failure;Url=http://autodiscover.MYDOMAIN.co.uk/autodiscover/autodiscover.xml;Exception=Discovery for domain
MYDOMAIN.co.uk
failed.;Details=(Type=Failure;Url=http://autodiscover.MYDOMAIN.co.uk/autodiscover/autodiscover.xml;Exception=The remote
server returned an error: (403) Forbidden.;);
Type=Failure;Url=http://MYDOMAIN.co.uk/autodiscover/autodiscover.xml;Exception=Discovery for domain MYDOMAIN.co.uk
failed.;Details=(Type=Failure;Url=http://MYDOMAIN.co.uk/autodiscover/autodiscover.xml;Exception=Unexpected status code in
response: MovedPermanently.;);
.
Federation information could not be received from the external organization.
    + CategoryInfo          : NotSpecified: (:) [Get-FederationInformation], GetFederationInformationFailedException
    + FullyQualifiedErrorId : 97A6B09B,Microsoft.Exchange.Management.SystemConfigurationTasks.GetFederationInformation
    + PSComputerName        : CASsrv.DOMAIN.local

VERBOSE: [13:38:39.965 GMT] Get-FederationInformation : Ending processing &

We have no SRV record, just an A record pointing at one of the on-premise CAS servers. The host file on the hybrid server has a loopback entry for 127.0.0.1 autodiscover.MYDOMAIN.co.uk

We have just changed the autodiscover A record on AD DNS to point to the Hybrid server, but i dont see how it will make any difference

Thanks
0
 
LVL 44

Expert Comment

by:Vasil Michev (MVP)
ID: 40535653
Well you have the 405 error on the scv endpoint, just as the article you linked above. In addition, you get an 403 error on the http redirect endpoint, at least this one should be accessible externally. Can you browse to it from external PC or run the test from ExRCA? Are you using ISA/TMG? If so, have you made sure that autodiscover is correctly published?

Check the WSSecurity settings on the virtual directory, make sure it's set to True. If it's still not working, recreate the virtual directory.
0
 

Author Comment

by:mk112233
ID: 40535697
Remoteconectivityanalyser (ExRCA?) gives us a Green Pass on autodiscover settings. We are no longer using TMG - the hybrid is behind a single firewall from the Internet.

So re you suggesting we reinstall the handler mappings in IIS,as described in http://support.microsoft.com/kb/2773628 as well as recreate Virtual directory (please clarify which one?)

Also what are the implications of error 403?

Thanks

M
0
 

Author Comment

by:mk112233
ID: 40535703
I have checked the settings for WSSecurityAuthentication using the command get-AutodiscoverVirtualDirectory -Identity 'autodiscover (Default Web Site)' | fl and get the following: -
WSSecurityAuthentication        : True
0
 

Author Comment

by:mk112233
ID: 40535759
As for Error 405

We do not have the symptom described in this article

 http://support.microsoft.com/kb/2773628

"This issue occurs if the IIS configuration is missing the svc-Integrated handler mapping. The following screen shot shows an example of the svc-Integrated handler mapping in IIS"

We have svc-Integrated listed in IIS exactly as shown in this article
0
 
LVL 44

Accepted Solution

by:
Vasil Michev (MVP) earned 1500 total points
ID: 40536461
ExRCA doesnt test the svc endpoint, so it would not show anything there. If the handler is present and enabled it *should* be working though, the only other suggestion I can think of is recreating the Autodiscover virtual directory.

I'm curious to see on which method ExRCA succeeds? Does it pass the HTTP redirect one, which is also failing for you when you run the Get-FederationInformation?
0
 

Author Comment

by:mk112233
ID: 40537388
No, HTTP re-direct returns the following error:

Attempting to test potential Autodiscover URL https://MYDOMAIN.co.uk:443/Autodiscover/Autodiscover.xml
       Testing of this potential Autodiscover URL failed.
       
      Additional Details
       
Elapsed Time: 671 ms.

autodiscover virtual directory has already been re-created a number of times previously - my team are reluctant to do it againm unless its the last resort..
0
 
LVL 44

Expert Comment

by:Vasil Michev (MVP)
ID: 40537475
That's the HTTPS one. Does the HTTP one pass externally? Try opening the URLs directly from a browser and compare the results with external and internal machine.
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Microsoft Office Picture Manager was included in Office 2003, 2007, and 2010, but not in Office 2013. Users had hopes that it would be in Office 2016/Office 365, but it is not. Fortunately, the same zero-cost technique that works to install it with …
If something goes wrong with Exchange, your IT resources are in trouble.All Exchange server migration processes are not designed to be identical and though migrating email from on-premises Exchange mailbox to Cloud’s Office 365 is relatively simple…
This video discusses moving either the default database or any database to a new volume.
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question