Availability service for cross-forest topologies between Exchange 2013 and Exchange 2010 not working.

We had configured Availability service across two Exchange 2010 Org without using federation services but following TechNet article https://technet.microsoft.com/en-us/library/bb125182(v=exchg.141).aspx using org-wide configuration using a service account in each forest. This worked flawless without any issue as all auto-discovery information for availability address space was configured correctly and accessible. 

Recently one of the Exchange 2010 went in the mixed mode by introduction of Exchange 2013 in a new site while the other remained native Exchange 2010. The cross forest availability configuration continued to work for address space which were already in place without any issue. 

However when we tried to introduce new address space using Add-AvailabilityAddressspace -Forestname '2013.Domain' -Accessmethod OrgWideFB -Credential:$a in the native exchange 2010 org , even though the command executed successfully we are not able to access the free/busy information of the users on Exchange 2013 cross forest.

After adding the availability address space we started getting error Event ID  4012 indicating - 

Cross-forest proxy request to 2013.Domain could not be initiated due to invalid credentials. Specific error is: The credentials for cross-forest authentication are invalid.

We checked to make sure the Service account is not locked and further validated the service account by access the cross forest autodiscovery url  and EWS url using the service account.

Recently we also need to add new domain to availability address space and this domain was add to old exchange 2010 server and we got the same error as above 4012 however old domain added before introduction of Exchange 2013 is still working fine.

When I ran further test 

when I ran Test-OutlookWebServices -TargetAddress someone@2010.new.domain and got this error "When querying Availability for the recipient e-mail address someone@2010.new.domainthe following error code and message were received: ErrorProxyRequestProcessingFailed:Unable to send cross-forest request for mailbox <SomeOne>SMTP:Someone@2010.new.domain because of invalid configuration., inner exception: The credentials for cross-forest authentication are invalid."

How do we fix it? Even if the exchange 2013 is not working we should be able to get the address space on exchange 2010 working. Has anything change in 2013 other than giving permission to mailbox server?

Any help is appreciate. This is one of the topic I didn't get much help on the web. Now days the premier support has become pathetic hence don't want to waste hours there. For them this will be either a non supported scenario or   third party issue. 

With Regards.
M

September 2nd, 2015 12:38am

Hi,

According to event 4012, incorrect certificate issue. I suggest to correct the certificate first.

If the certificate is correct, then try to create a new user account on both forest to update address space and availability configuration, then force AD replication on both forest.

Best Regards.
Free Windows Admin Tool Kit Click here and download it now
September 2nd, 2015 10:57pm

Hi! Lynn-Li,

There is no certificate issue. We trust the whole chain on both sides and it is currently working from some domains. We also Tested using browser by accessing the auto-discover and exchange web services from browser  and it didn't give any certificate errors. And all the Cert chain is trusted at Computer account level.



September 14th, 2015 10:33am

At this time we were able to fix this issue by using domain\username format for passing  the credentials to Add-AvaialbilityAddressSpace. Before we were using UPN format which for some reason doesn't work in Mixed environment with Exchange 2010 and Exchange 2013. We have asked Microsoft why UPN is not being accepted and currently awaiting their response. 

At this time  using domain\username format while passing  the credentials to Add-AvaialbilityAddressSpace cmdlet fixes the issue.

Free Windows Admin Tool Kit Click here and download it now
September 14th, 2015 10:42am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics