Troubleshoot Free/Busy in Exchange 2013 Hybrid

Introduction

When working with Exchange hybrid implementation, Free/Busy sharing is one of the most important and required feature for organizations to support long term co-existence between on premises exchange and exchange online. Being an IT Consultant, I have seen different issues that are hard to find over the internet and have limited or no information available to help you fix the issue.

Troubleshoot Hybrid Exchange Free/Busy

Last week, I have faced an issue with Free/Busy in Exchange 2013 hybrid with Exchange online, I was troubleshooting the exchange of Free/Busy information in hybrid deployments as Free/Busy information was not working. On-premises user was able to see the Free/Busy information of migrated user in office 365 but Office 365 user wasn’t able to see the Free/Busy information of on-premises mailbox.
I started my troubleshooting to basic configuration of Exchange hybrid like

  • EWS Virtual Directory Authentication and URL Settings
  • Autodiscover Virtual Directory Authentication Settings
  • IIS Handler
  • Organization Relationship Configuration
  • Verified all the configurations as per Microsoft support tool

After performing all the basic tests, I started to perform advance troubleshooting and found an issue with FederationTrust test while running the Test-FederationTrust cmdlet.

Begin testing for organization relationship CN=O365 to On-premises – 961960e2-8cbd-46e7-8442-a860ec05f4dc,CN=Federation

,CN=Configuration,CN=msexperttalk.onmicrosoft.com,CN=ConfigurationUnits,DC=NAMPR04A001,DC=prod,DC=outlook,DC=com,enabled stat

e True.

 

Exchange D-Auth Federation Authentication STS Client Identities are uri:WindowsLiveID/outlook.com;urn:federation:Micros

oftOnline/outlook.com;

STEP 1: Validating user configurationWARNING: The federated domain ‘msexperttalk.com’ of the user is in the local organizational relationship which normally

 only contains the domains of external organizations.

 

RESULT: Success.

STEP 2: Getting federation information from remote organization…

 

 

RESULT: Success.

 

STEP 3: Validating consistency in returned federation information

 

 

RESULT: Success. STEP 4: Requesting delegation token from the STS…

 

RESULT: Error.

 

LAST STEP: Writing results…

 

 

 

RunspaceId  : 5c91e911-f482-4fef-9d49-ae39eec1dd81

 

Identity   

:

Id          : FailureToGetDelegationToken

Status

Error

Description : Failed to get delegation token:

 

How to Fix It?

This issue can be caused by many factors related to hybrid implementation. You have to execute below commands to your on-premises server in a CMD window to resolve the issue of “delegation token from the STS”

  1. bitsadmin /Util /SetIEProxy LOCALSYSTEM NO_Proxy
  2. bitsadmin /Util /SetIEProxy NETWORKSERVICE NO_Proxy
  3. bitsadmin /Util /SetIEProxy LOCALSERVICE NO_Proxy

After setting the value to NO_Proxy from AutoDetect i was able to fix the issue after running the cmdlet to RefreshMetaData for Federation Trust. After running the cmdlet you have to wait for about 1 Hr for changes to replicate.

Get-FederationTrust | Set-Federationtrust –RefreshMetaData

After running the command, I re-ran the Test-FederationTrust command which completed successfully.