TPOV

When you run the Get-FederationInformation commandlet in Exchange 2010 (Service Pack 2) you might run into an apparently vague error. This problem might prevent you from succesfully completing the Exchange 2010 Service Pack 2 Hybrid Configuration Wizard, because that wizard runs the Get-FederationInformation commandlet as well.

Here’s an excerpt from what you might see when you run into the problem, during the Hybrid Configuration Wizard;

[1/10/2012 13:14:31] INFO:Running command: Get-OrganizationRelationship
[1/10/2012 13:14:31] INFO:Cmdlet: Get-OrganizationRelationship –Start Time: 1/10/2012 2:14:31 PM.
[1/10/2012 13:14:31] INFO:Cmdlet: Get-OrganizationRelationship –End Time: 1/10/2012 2:14:31 PM.
[1/10/2012 13:14:31] INFO:Cmdlet: Get-OrganizationRelationship –Processing Time: 31.2498.
[1/10/2012 13:14:31] INFO:Running command: Get-FederationInformation -DomainName ‘domain.com’
[1/10/2012 13:14:31] INFO:Cmdlet: Get-FederationInformation –Start Time: 1/10/2012 2:14:31 PM.
[1/10/2012 13:14:58] ERROR:System.Management.Automation.RemoteException: Federation information could not be received from the external organization.
[1/10/2012 13:14:58] INFO:Cmdlet: Get-FederationInformation –End Time: 1/10/2012 2:14:58 PM.
[1/10/2012 13:14:58] INFO:Cmdlet: Get-FederationInformation –Processing Time: 27781.0722.
[1/10/2012 13:14:58] INFO:Disconnected from On-Premises session
[1/10/2012 13:15:4] INFO:Disconnected from Tenant session
[1/10/2012 13:15:4] ERROR:Updating hybrid configuration failed with error ‘Subtask Configure execution failed: Creating Organization Relationships.

When you run the commandlet from the management shell, you see an error that just states that the command failed because it could’t retrieve the federation information.

To troubleshoot this problem, it is important to understand how this command actually works.

The Get-FederationInformation commandlet is run from the Exchange Online tenant. The tenant will attempting to query the on-premises Client Access Server (CAS) to obtain the information it needs to create the cloud side of the organization relationship.

This task failing is usually caused by one of the following conditions:

• The autodiscover DNS record for primary smtp domain is not resolvable.
• The DNS record resolves to a pre-2010 SP1 CAS (e.g. a 2007 CAS or a 2010 RTM CAS).  For the hybrid configuration to work, the DNS record must resolve to a 2010 SP1 or greater CAS.
• There is an issue with publishing the autodiscover and EWS virtual directories to the Internet. (Examples are; bad/internally issued certificate or preauthentication is turned on at the TMG layer or some other intermediate device.)

Bottom line is the cloud tenant needs to be able to resolve the autodiscover record for any hybrid domain (e.g. autodiscover.domain.com) to an Exchange Server 2010 SP1+ Client Access Server, and then be able to access both the /autodiscover and /EWS virtual directories.