Hi - I have two Exchange organisations they both have domain.local domains which are obviously not resolvable by the internet. But the email domains for both are and I have setup a federation trust for both, added the txt proof to external DNS and completed the federation trust for the email domains.

The problem comes with setting up the organization relationship. I add the domain to auto discover config info and get the following error:

The following error(s) occurred while saving changes:

Get-FederationInformation -DomainName 'feddomain.com' | Set-OrganizationRelationship -Identity 'db86fcd5-7dbe-479b-a2d5-4d0357688694'
Failed
Error:
Federation information could not be received from the external organization.

If I run the Get-Federation command in verbose I get:

'Get-FederationInformation' are: View Entire Forest: 'False', Default Scope: 'domain.local', Configuration Domain
Controller: 'dc.domain.local', Preferred Global Catalog: 'dc.domain.local', Preferred Domain Controllers: '{
dc.domain.local }'
VERBOSE: [14:47:44.850 GMT] Get-FederationInformation : Runspace context: Executing user: domain.local/my user, Executing user organization: , Current organization: , RBAC-enabled: Enabled.
VERBOSE: [14:47:44.850 GMT] Get-FederationInformation : Beginning processing &
VERBOSE: [14:47:44.866 GMT] Get-FederationInformation : Current ScopeSet is: { Recipient Read Scope: {{, }}, Recipient
Write Scopes: {{, }}, Configuration Read Scope: {{, }}, Configuration Write Scope(s): {{, }, }, Exclusive Recipient
Scope(s): {}, Exclusive Configuration Scope(s): {} }
VERBOSE: [14:47:44.866 GMT] Get-FederationInformation : Resolved current organization: .
VERBOSE: [14:47:44.866 GMT] Get-FederationInformation : Using the following trusted host names: *.outlook.com.
VERBOSE: [14:47:44.881 GMT] Get-FederationInformation : The discovery process returned the following results:
Type=Failure;Url=https://autodiscover.feddomain.com/autodiscover/autodiscover.svc;Exception=Discovery for domain domain.com
failed.;Details=(Type=Failure;Url=https://autodiscover.feddomain.com/autodiscover/autodiscover.svc;Exception=The underlying
connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.;);
Type=Failure;Url=https://feddomain.com/autodiscover/autodiscover.svc;Exception=Discovery for domain feddomain.com
failed.;Details=(Type=Failure;Url=https://feddomain.com/autodiscover/autodiscover.svc;Exception=The underlying connection
was closed: Could not establish trust relationship for the SSL/TLS secure channel.;);
Type=Failure;Url=http://autodiscover.feddomain.com/autodiscover/autodiscover.xml;Exception=Discovery for domain cpbs.com
failed.;Details=(Type=Failure;Url=http://autodiscover.feddomain.com/autodiscover/autodiscover.xml;Exception=The remote
server returned an error: (403) Forbidden.;);
Type=Failure;Url=http://feddomain.com/autodiscover/autodiscover.xml;Exception=Discovery for domain feddomain.com
failed.;Details=(Type=Failure;Url=http://feddomain.com/autodiscover/autodiscover.xml;Exception=The remote server returned an
 error: (403) Forbidden.;);
.

I'd appreciate any help - this is driving me mad !

Thanks

Are you using TMGs or similar to publish Autodiscover? The federation request does not authenticate so you need to have anonymous access to a couple of paths.

 Type=Failure;Url=https://autodiscover.feddomain.com/autodiscover/autodiscover.svc;Exception=The underlying
connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.;);
Type=Failure;Url=https://feddomain.com/autodiscover/autodiscover.svc;Exception=Discovery for domain feddomain.com
failed.;Details=(Type=Failure;Url=https://feddomain.com/autodiscover/autodiscover.svc;Exception=The underlying connection
was closed: Could not establish trust relationship for the SSL/TLS secure channel.;);
Type=Failure;Url=http://autodiscover.feddomain.com/autodiscover/autodiscover.xml;Exception=Discovery for domain cpbs.com
failed.;Details=(Type=Failure;Url=http://autodiscover.feddomain.com/autodiscover/autodiscover.xml;Exception=The remote
server returned an error: (403) Forbidden.;);
Type=Failure;Url=http://feddomain.com/autodiscover/autodiscover.xml;Exception=Discovery for domain feddomain.com
failed.;Details=(Type=Failure;Url=http://feddomain.com/autodiscover/autodiscover.xml;Exception=The remote server returned an
 error: (403) Forbidden.;);

Hi,

I encountered a similar case before. According to the above information, seems to be the result of using self-signed certificates cannot establish a trust relationship.You can try to obtain a Trusted Certificate and install on the each organizations.

Hope this helps!

Thanks.

Hi, No I am not using TMG's to publish autodiscover. Sounds like the certificate trust is the problem - thanks for your help Niko.