When working with Exchange hybrid implementation, Free/Busy sharing is one of the most important and required feature for organizations to support long term co-existence between on premises exchange and exchange online. Being an IT Consultant, I have seen different issues that are hard to find over the internet and have limited or no information available to help you fix the issue.
Troubleshoot Hybrid Exchange Free/Busy
Last week, I have faced an issue with Free/Busy in Exchange 2013 hybrid with Exchange online, I was troubleshooting the exchange of Free/Busy information in hybrid deployments as Free/Busy information was not working. On-premises user was able to see the Free/Busy information of migrated user in office 365 but Office 365 user wasn’t able to see the Free/Busy information of on-premises mailbox.
I started my troubleshooting to basic configuration of Exchange hybrid like
- EWS Virtual Directory Authentication and URL Settings
- Autodiscover Virtual Directory Authentication Settings
- IIS Handler
- Organization Relationship Configuration
- Verified all the configurations as per Microsoft support tool
After performing all the basic tests, I started to perform advance troubleshooting and found an issue with FederationTrust test while running the Test-FederationTrust cmdlet.
Begin testing for organization relationship CN=O365 to On-premises – 961960e2-8cbd-46e7-8442-a860ec05f4dc,CN=Federation
Exchange D-Auth Federation Authentication STS Client Identities are uri:WindowsLiveID/outlook.com;urn:federation:Micros
STEP 1: Validating user configurationWARNING: The federated domain ‘msexperttalk.com’ of the user is in the local organizational relationship which normally
only contains the domains of external organizations.
STEP 2: Getting federation information from remote organization…
STEP 3: Validating consistency in returned federation information
RESULT: Success. STEP 4: Requesting delegation token from the STS…
LAST STEP: Writing results…
RunspaceId : 5c91e911-f482-4fef-9d49-ae39eec1dd81
Id : FailureToGetDelegationToken
Description : Failed to get delegation token:
How to Fix It?
This issue can be caused by many factors related to hybrid implementation. You have to execute below commands to your on-premises server in a CMD window to resolve the issue of “delegation token from the STS”
- bitsadmin /Util /SetIEProxy LOCALSYSTEM NO_Proxy
- bitsadmin /Util /SetIEProxy NETWORKSERVICE NO_Proxy
- bitsadmin /Util /SetIEProxy LOCALSERVICE NO_Proxy
After setting the value to NO_Proxy from AutoDetect i was able to fix the issue after running the cmdlet to RefreshMetaData for Federation Trust. After running the cmdlet you have to wait for about 1 Hr for changes to replicate.
Get-FederationTrust | Set-Federationtrust –RefreshMetaData
After running the command, I re-ran the Test-FederationTrust command which completed successfully.