Monday, June 30, 2014

Exchange 2010 Hybrid Configuration Wizard failing with “Execution of the Get-FederationInformation cmdlet had thrown an exception”



 

The Problem:
Exchange 2010, single server environment being used as the HCW.  No ISA/TMG, direct NAT/ACL through a Palo Alto Firewall.
The HCW fails with:
[6/25/2014 15:48:59] ERROR:Updating hybrid configuration failed with error 'Subtask Configure execution failed: Creating Organization Relationships.

Execution of the Get-FederationInformation cmdlet had thrown an exception. This may indicate invalid parameters in your Hybrid Configuration settings.

Federation information could not be received from the external organization.

ExRCA passes for web services and for autodiscover
The Federation TXT DNS entry is in place and confirmed.
The SSL certificate was from Digicert, their utility showed it was properly chaining as well.
Testing the Get-federationinformation shows a 405 Method not allowed error:
[PS] C:\>Get-FederationInformation -DomainName orgname.net -Verbose
VERBOSE: [16:44:20.030 GMT] Get-FederationInformation : Resolved current organization: .
VERBOSE: [16:44:20.030 GMT] Get-FederationInformation : Using the following trusted host names: *.outlook.com.
VERBOSE: [16:44:28.142 GMT] Get-FederationInformation : The discovery process returned the following results:
Type=Failure;Url=https://autodiscover.orgname.net/autodiscover/autodiscover.svc;Exception=Discovery for domain orgname.net
failed.;Details=(Type=Failure;Url=https://autodiscover.orgname.net/autodiscover/autodiscover.svc;Exception=The request
failed with HTTP status 405: Method Not Allowed.;);
Type=Failure;Url=https://orgname.net/autodiscover/autodiscover.svc;Exception=Discovery for domain orgname.net
failed.;Details=(Type=Failure;Url=https://orgname.net/autodiscover/autodiscover.svc;Exception=Unable to connect to the
remote server;);
Federation information could not be received from the external organization.
    + CategoryInfo          : NotSpecified: (:) [Get-FederationInformation], GetFederationInformationFailedException
    + FullyQualifiedErrorId : A864F05C,Microsoft.Exchange.Management.SystemConfigurationTasks.GetFederationInformation

 

The resolution:
  1. Reset the Autodiscover Virtual Directory using the EMC:  http://technet.microsoft.com/en-us/library/ff629372.aspx
  2. Reset the WSSecurityAuthentication to $true
  3. IIS reset, then the get-federatedinformation worked!
Here's a side by side of the autodiscover virtual directory configurations…   you might notice other than GUID and date fields, there is nothing different.
Before:
http://chrislehr.com/blogpics/063014_1428_Exchange2011.png


 

After:
http://chrislehr.com/blogpics/063014_1428_Exchange2012.png


 

1 comment:

Matt Ellis said...

Hi,
Worked like a charm. Thanks.
Matt.