Unable to see free / busy information across two different organizations

Antonio02
Antonio02 used Ask the Experts™
on
We have 2 organizations with Federation trust and have been sharing free / busy information successfully between the two organizations. A week ago, we had to move our Exchange server to a new location and changing our public IP address. Since we have made this change, the other organization is now unable to see free / busy information for our organization. I have checked everywhere and cannot see a reason why this would stop working. Looking for suggestions / guidance from the experts.

Both organizations are running Exchange 2010.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
System Administrator
Commented:
can they still hit your autodiscover site from their exchange servers ? and vice versa
https://autodiscover.yourdomain/autodiscover/autodiscover.svc/WSSecurity

there are also usefull exchange shell tools you can run to test the connection , get them to run them connecting to you

. https://docs.microsoft.com/en-us/powershell/module/exchange/sharing-and-collaboration/test-organizationrelationship?view=exchange-ps

we connect to another company and recently they updated their ssl cert, our exchange servers didnt have the root cert their cert was signed by. I had to install it on the exchange servers and it started working again

the test-organistationrelationship command gave me a error indicating the cert was invaild

Author

Commented:
Hi Daryl,

Thanks for the quick reply. I ran the command and get the following error. I cannot confirm if users in the external domain were able to see free / busy calendar prior to us moving the Exchange servers to a new building, but they say they are pretty sure they were able to. Also, I cannot say for sure if the test-organizationrelationship was working either.

Thanks,
OrganizationRelationShip.PNG
Daryl GawnSystem Administrator

Commented:
the user identity has to be your primary or the users primary smtp address (i believe) not your domain login, from memory when i done it i used -verbose at the end of the command too

did you check you can hit their https://autodiscover.yourdomain/autodiscover/autodiscover.svc/WSSecurity ? can you get to it without cert errors etc?   if you cant get the https connection to that site it wont work at all , probably the first thing you want to nail before checking the rest




ps also check the organisation relationship settings on both ends , easiest to do this is in the GUi Managerment console

click on organizational configuration. Check the Federation trust ( needs to be valid with Microsoft, just check its there for now  as its a prereq for a org relationship ) then check the organization relationship tabs

that is where the free busy stuff is set between you and the other side.

pps once the above is confirmed working or valid check the sharing policys which is under organizational configuration > then mailbox > sharing policys

the reason you will need to check sharing policys is by default anonymous users may not have any permissions and they will need some to see free busy info, you can apply the policy to just the calendars you want to share

let me know how you go.
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Daryl GawnSystem Administrator

Commented:
just thought of something else, you mention you changed locations, did your public IP change? if so does you auto discover record point to the new location IP?
Vijaya Babu SekarAssociate Ops Manager
Commented:
you can get the remote autodiscover URL and remote domain names

Get-FederationInformation -DomainName <Remote organization domain>

Open in new window



You can run the below command, Based on the error message you can find the solution. if you are not getting any error message. you have to verify the remote domain.

Get-OrganizationRelationship | Test-OrganizationRelationship -UserIdentity Vijayababu.sekar@abc.com

Open in new window


*UserIdentity should be your email id

Author

Commented:
Hi Vijaya,

Thanks for the reply. I verified both commands and get no errors. the Get-FederationInformation shows the domain name and target autodiscover url correctly.  The Test-OrganizationRelationship does not display anything, but no errors either.

Author

Commented:
Hi Daryl,

yes, our Public IP did change, however we have updated it in the places we could think of. The remote organization is still able to see users in our organization and invite them to meetings, however cannot see their free / busy schedule. Thanks for the follow up.
Daryl GawnSystem Administrator

Commented:
check the organization relationships tab

in the gui  Organizatin Config > organization Relationships > click on the name of the one you have setup and verify that the Free busy settings are correct on the general tab
Pavel MarinovCommercial Technical Support

Commented:
You may have to wait 24 hours for the MS Federation gateway to pickup the change.

Author

Commented:
Thanks Guys, turned out the autodiscover record was still pointing to the old public IP. After making the switch, users in the remote organization are now able to see the free / busy schedule. Thanks so much for your help and tips.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial