Exchange 2013/2010 Federation Trust

Hello,

We have a federation trust setup with another organization to share free/busy calendar information. My organization is running an Exchange 2013 and 2010 coexistence while the other organization is solely Exchange 2010. All the employees in the 2010 organization can see our free busy information for both 2013 and 2010 users. In my coexistence organization only the Exchange 2010 users can see their free busy information.

I've tested the federation-trust on the 2013 server and ran get-federationtrust -refreshmetadata. Both commands run successfully. I was at a loss and did some research. I found the excerpt below in this link: https://technet.microsoft.com/en-us/library/dd638083%28v=exchg.150%29.aspx#scenarios

"In organizations that contain both Exchange 2010 and Exchange 2013 servers, users who have a mailbox on an Exchange 2010 Mailbox server can use organization relationships to share free/busy information with recipients in external Exchange 2013 federated domain organizations. The Exchange 2010 Client Access and Mailbox servers must be running SP2 or higher, and you must have at least one Exchange 2013 Client Access server in the Exchange 2010 organization."

Does this mean the other Exchange organization will need a 2013 CAS server? They currently don't have one. I verified they're running SP3 on the 2010 servers.

Thanks,

Nick


May 18th, 2015 8:17pm

Hi Nick,

I can get that you have Configured federated sharing on Ex2013+2010 Mixed environment.

And hope you have  Configured Federated Delegation and created an organization relationship on the Exchange 2010 only environment as well.

Your Ex2013 users  not being able to see the other 2010 users would be more of other 2010 org issue allowing you to access or not. Do check for issues on their side as well.

For example, if Contoso creates an organization relationship with Tailspin Toys, the users at Tailspin Toys will be able to schedule meetings with the users at Contoso by adding their email address to the meeting invitation. The availability of the invited Contoso user would display to the Tailspin Toys user. However, before Contoso can also see availability for users at Tailspin Toys, their administrator needs to set up an organization relationship with Contoso.

I agree the article you posted is confusing to me as well. But another article states below.

Configuring federated sharing between Exchange organizations

This topic provides a summary of the requirements and configuration steps necessary to enable free/busy sharing between different types of the following common Exchange deployments:

  • An Exchange 2013 organization and an Exchange 2010 SP2 organization.

And the steps nowwhere states that we need to have Ex2013 CAS for it to work. But it emphasises that we need ex2010SP2 for Ex2007,Ex2003.

This makes some sense, as federated sharing between  Ex2003 - Ex2013 works, and we know that Ex2003 org can't have Exchange 2013 installed in the environment, this makes Ex2010 capable of doing the Federation without Ex2013.

I think they are refering to support Sharing Policies and not Org Relationships.

The following are required for sharing policies between federated Exchange organizations:

  • An Exchange 2013 Client Access server exists in each Exchange organization or Sharing policies are also supported between Exchange organizations where one organization has Exchange 2013 Client Access servers and the other one organization has Exchange 2010 SP3 or later Client Access servers.

The following are required for sharing policies with non-federated Exchange organizations or individuals:

  • An Exchange 2013 Client Access server exists in the Exchange organization that's sharing user's calendar information.

Organization relationships<o:p></o:p>

https://technet.microsoft.com/en-in/library/jj657445(v=exchg.150).aspx<o:p></o:p>

Configure a federation trust<o:p></o:p>

https://technet.microsoft.com/en-IN/library/jj657462(v=exchg.150).aspx<o:p></o:p>

Cross Org Availability using Federation Trust and Organization Relationship<o:p></o:p>

http://blogs.technet.com/b/exchange/archive/2011/06/28/cross-org-availability-using-federation-trust-and-organization-relationship.aspx<o:p></o:p>

Free Windows Admin Tool Kit Click here and download it now
May 20th, 2015 6:49am

Thanks for the response Satyajit.

I don't believe anything is misconfigured on the remote 2010 side because all of our 2010 users can see their free/busy information. The organization relationship existed before our implementation of Exchange 2013. We have a federation trust and sharing policy policy setup. The remote domain is running Exchange 2010 version 14.3 which is SP3. According to this line by Microsoft it should work: 

The following are required for sharing policies between federated Exchange organizations:

  • An Exchange 2013 Client Access server exists in each Exchange organization. Sharing policies are also supported between Exchange organizations where one organization has Exchange 2013 Client Access servers and the other one organization has Exchange 2010 SP3 or later Client Access servers.

I wonder if it won't work for us because we also have an Exhange 2010  and 2013 CAS in one org. I would be surprised if that was the case though. 

All tests passed when I ran "test-federationtrust" from our 2010, 2013 CAS servers and the remote 2010 CAS. I'm not sure where else to look. Any help is appreciated.


July 9th, 2015 3:21pm

Hi Nick,

What about this test from Ex2013 server to their domain.com

Test-OrganizationRelationship

Have you tried creating a new Sharing Policy from Ex2013

Review if you have gone through these steps.

Managing Federated Sharing with the EAC

http://blogs.technet.com/b/exchange/archive/2012/10/30/managing-federated-sharing-with-the-eac.aspx

Hope you have all your Virtual Directories updated correctly both on Ex2013 & Ex2010

Free Windows Admin Tool Kit Click here and download it now
July 10th, 2015 7:43am

I think we're getting somewhere now. Running Test-OrganizationRelationship fails from Exchange 2013:

STEP 1 of 4: Getting federation information from remote organization...
Terminating execution. No federated domains were found in the remote organization.

I successfully ran test-organizationrelationship from the remote domain and out 2010 server.

I have not created a new sharing policy from 2013 because when I go to the EAC the federation trust and sharing policy appears there with it enabled. If I created a new sharing policy would the remote domain need to do the same?

I believe we have the virtual directories configured properly. We have no issues from the 2013 server other than the sharing with the remote organization.

July 16th, 2015 2:40pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics