Hi,
I am trying to get Calendar sharing working via Federation Trust and Organization Relationships between several Exchange organizations. Most of the several organizations are working fine, but one is only working in one direction - this exchange org can see the Free/busy from other orgs, but they can not see free busy from this domain.
There appears to be an issue with Autodiscover, though it does succeed with the initial query I eventually get this error and can not find any more information:
VERBOSE: [03:03:39.406 GMT] Test-OrganizationRelationship : The delegation token was successfully generated.
VERBOSE: [03:03:39.422 GMT] Test-OrganizationRelationship : The Microsoft Exchange Autodiscover service is being called
to determine the remote organization relationship settings.
VERBOSE: [03:03:39.422 GMT] Test-OrganizationRelationship : The client will call the Microsoft Exchange Autodiscover
service using the following URL: https://autodiscover.domain.com/autodiscover/autodiscover.svc/WSSecurity.
VERBOSE: [03:03:39.438 GMT] Test-OrganizationRelationship : The Microsoft Exchange Autodiscover service failed to be called at 'https://autodiscover.domain.com/autodiscover/autodiscover.svc/WSSecurity' because the following error occurred: SoapException.Code
=
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd:InvalidSecurity
Could this be IIS security on Autodiscover? Not sure what else to look at, any other ideas would be appreciated.
Here are the complete results of Test-OrganizationRelationship
[PS] C:\Windows\system32>Test-OrganizationRelationship -UserIdentity testaccount@company.com -Identity "Domain" -ver
bose
VERBOSE: [03:03:37.563 GMT] Test-OrganizationRelationship : Active Directory session settings for
'Test-OrganizationRelationship' are: View Entire Forest: 'False', Default Scope: 'corp.company.com', Configuration
Domain Controller: 'CORP-AD01.corp.company.com', Preferred Global Catalog: 'CORP-AD02.corp.company.com', Preferred Domain
Controllers: '{ CORP-AD02.corp.company.com }'
VERBOSE: [03:03:37.578 GMT] Test-OrganizationRelationship : Runspace context: Executing user:
corp.company.com/Technical/Admin Accounts/Admin - Admin, Executing user organization: , Current organization: ,
RBAC-enabled: Enabled.
VERBOSE: [03:03:37.594 GMT] Test-OrganizationRelationship : Beginning processing
VERBOSE: [03:03:37.594 GMT] Test-OrganizationRelationship : Instantiating handler with index 0 for cmdlet extension
agent "Admin Audit Log Agent".
VERBOSE: [03:03:37.625 GMT] Test-OrganizationRelationship : Current ScopeSet is: { Recipient Read Scope: {{, }},
Recipient Write Scopes: {{, }}, Configuration Read Scope: {{, }}, Configuration Write Scope(s): {{, }, }, Exclusive
Recipient Scope(s): {}, Exclusive Configuration Scope(s): {} }
VERBOSE: [03:03:37.625 GMT] Test-OrganizationRelationship : Searching objects "testaccount@company.com" of type
"ADUser" under the root "$null".
VERBOSE: [03:03:37.641 GMT] Test-OrganizationRelationship : Previous operation run on global catalog server
'CORP-AD02.corp.company.com'.
VERBOSE: [03:03:37.641 GMT] Test-OrganizationRelationship : Searching objects "Domain" of type
"OrganizationRelationship" under the root "$null".
VERBOSE: [03:03:37.641 GMT] Test-OrganizationRelationship : Previous operation run on domain controller
'CORP-AD01.corp.company.com'.
VERBOSE: Test that organization relationships are properly configured.
VERBOSE: [03:03:37.641 GMT] Test-OrganizationRelationship : Resolved current organization: .
VERBOSE: [03:03:37.656 GMT] Test-OrganizationRelationship : Calling the Microsoft Exchange Autodiscover service for the
remote federation information.
VERBOSE: [03:03:38.094 GMT] Test-OrganizationRelationship : The Autodiscover call succeeded for the following URL:
https://autodiscover.domain.com/autodiscover/autodiscover.svc.
VERBOSE: [03:03:38.094 GMT] Test-OrganizationRelationship : The Autodiscover call succeeded for the following URL:
https://autodiscover.domain.com/autodiscover/autodiscover.svc.
VERBOSE: [03:03:38.094 GMT] Test-OrganizationRelationship : Generating delegation token for user
testaccount@company.com for application FYDIBOHF25SPDLT.domain.com.
VERBOSE: [03:03:39.406 GMT] Test-OrganizationRelationship : The delegation token was successfully generated.
VERBOSE: [03:03:39.422 GMT] Test-OrganizationRelationship : The Microsoft Exchange Autodiscover service is being called
to determine the remote organization relationship settings.
VERBOSE: [03:03:39.422 GMT] Test-OrganizationRelationship : The client will call the Microsoft Exchange Autodiscover
service using the following URL: https://autodiscover.domain.com/autodiscover/autodiscover.svc/WSSecurity.
VERBOSE: [03:03:39.438 GMT] Test-OrganizationRelationship : The Microsoft Exchange Autodiscover service failed to be called at 'https://autodiscover.domain.com/autodiscover/autodiscover.svc/WSSecurity' because the following error occurred: SoapException.Code
=
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd:InvalidSecurity
Exception:
System.Web.Services.Protocols.SoapHeaderException: An error occurred when verifying security for the message.
at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse
response, Stream responseStream, Boolean asyncCall)
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
at
Microsoft.Exchange.SoapWebClient.AutoDiscover.DefaultBinding_Autodiscover.GetOrganizationRelationshipSettings(GetOrgani
zationRelationshipSettingsRequest Request)
at
Microsoft.Exchange.Management.Sharing.TestOrganizationRelationship.<>c__DisplayClass8.<GetInvokeDelegate>b__7(DefaultBi
nding_Autodiscover binding)
at
Microsoft.Exchange.SoapWebClient.AutodiscoverClient.<>c__DisplayClassf.<InvokeAndFollowSecureRedirects>b__c(IWebProxy
webProxy)
at Microsoft.Exchange.SoapWebClient.AutodiscoverClient.InvokeWithWebProxy(String url, InvokeWithWebProxyDelegate
invokeWithWebProxy)
at Microsoft.Exchange.SoapWebClient.AutodiscoverClient.InvokeAndFollowSecureRedirects(InvokeDelegate invokeDelegate,
Uri url)
at Microsoft.Exchange.SoapWebClient.AutodiscoverClient.InvokeForUrl(InvokeDelegate invokeDelegate, Uri url)
.
VERBOSE: [03:03:39.438 GMT] Test-OrganizationRelationship : The Autodiscover call failed.
RunspaceId : SID
Identity :
Id : AutodiscoverServiceCallFailed
Status : Error
Description : The Autodiscover call failed.
IsValid : True
ObjectState : New
VERBOSE: [03:03:39.438 GMT] Test-OrganizationRelationship : Admin Audit Log: Entered Handler:OnComplete.
VERBOSE: [03:03:39.438 GMT] Test-OrganizationRelationship : Ending processing
Cheers,
James