• RSS
  • Twitter
  • FaceBook

Exchange Server Forums

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Cross Forest Free/Busy

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Microsoft Exchange 2010] >> General >> Cross Forest Free/Busy Page: [1]
Login
Message << Older Topic   Newer Topic >>
Cross Forest Free/Busy - 17.Apr.2013 11:05:33 AM   
dkjenness

 

Posts: 6
Joined: 19.May2008
Status: offline
Hello,
I'm not sure which forum to post this in so General seems logical.

I have a EXCH2007/EXCH2010 environment in my company. We recently purchased another company that has EXCH2010. We will be moving the second company to our environment but probably not until summer/fall. My VPs would like the free//busy information available for all users in both companies. I have set this up following a simplified version with a forest trust following this article.

http://blog.exchange-addict.com/2012/11/cross-forest-freebusy-simple-version_13.html.

Now users in the parent company, the EXCH2007/EXCH2010 company, can see the free/busy information from the newly purchased EXCH2010 company but they cannot see the free/busy information from the parent company.

The error is: no information error code 500

Any thoughts or ideas on how I can get this working will be appreciated.
Post #: 1
RE: Cross Forest Free/Busy - 17.Apr.2013 11:19:16 AM   
mohammed.yusuf

 

Posts: 96
Joined: 28.Sep.2011
From: Lancashire
Status: offline
You need to create Federation Trust using Microsoft Federation Gateway. In order to create Federation trust the domain should be resolvable from the internet.
An X509 Certificate issued by a third party CA( one trusted by Microsoft Federation gateway) is required. It is easy enough to create Federation Trust using the EMC or EMS. With EMC you can use New Federation Trust Wizard. With the EMS you can use New-Federation Trust cmdlet. Once the trust is in place add federated domains (assuming you can connect to your new company domain).

(in reply to dkjenness)
Post #: 2
RE: Cross Forest Free/Busy - 17.Apr.2013 12:12:36 PM   
dkjenness

 

Posts: 6
Joined: 19.May2008
Status: offline
Do I have to create this on both company Exchange servers or only the parent Exchange server?

(in reply to mohammed.yusuf)
Post #: 3
RE: Cross Forest Free/Busy - 17.Apr.2013 12:34:36 PM   
mohammed.yusuf

 

Posts: 96
Joined: 28.Sep.2011
From: Lancashire
Status: offline
You need to create it on both servers, it is bit tricky on certificate side to find the certificate when you select new federation trust in EMC. If it finds the certificate then should be ok to add domains. It is a little buggy as well cannot say it has worked properly in the past.

(in reply to dkjenness)
Post #: 4
RE: Cross Forest Free/Busy - 18.Apr.2013 9:08:16 AM   
dkjenness

 

Posts: 6
Joined: 19.May2008
Status: offline
So I have a two questions:

On the txt DNS entry is that done internally or externally? I was confused by the instruction on TechNet.

On the certificate I am assuming that I need to change that to our mail.domainname.com GeoTrust certificate rather than leaving it at the self-signed that it created when I first ran through the Federation wizard?

Thanks for your help!

(in reply to mohammed.yusuf)
Post #: 5
RE: Cross Forest Free/Busy - 18.Apr.2013 11:30:32 AM   
mohammed.yusuf

 

Posts: 96
Joined: 28.Sep.2011
From: Lancashire
Status: offline
Thanks it does happen when We can not see what you are seeing your screen.
The External dns should resolve the partner company name autodiscover.partner.com and mail.partner.com.
The federation domain you are using must be public. Meaning it can be resolved by any of the public dns servers. This is a requirement so Windows live and external parties can resolve them.
Federation trust certificate must be issued by trusted Public CA such as VeriSign or Digicert. Self-sign or internal Certificate authority cannot be used since Windows live doesn’t trust them. This certificate used for federation trust must be installed on all Exchange 2010 CAS servers.
All the mailboxes / end users must have an SMTP address configured with its own federation domain. Note that this address does not need to be a primary SMTP address. Usually this can be done by editing your Exchange 2010 email address policy.
once all requirement completed then
Launch Exchange Management Console
Under Organization, select “New Federation Trust”
The wizard will launch. Browse and choose the certificate you wish to use.
Click new button to create trust.just follow the screen.

(in reply to dkjenness)
Post #: 6
RE: Cross Forest Free/Busy - 18.Apr.2013 1:04:12 PM   
dkjenness

 

Posts: 6
Joined: 19.May2008
Status: offline
OK.

Thanks for the info.

I have the Federation Trust setup on both Exchange servers as well as an Organization Partnership but the sticking point is the cert.

We already have a 3 year SAN cert from GeoTrust and this trust only needs to be in place for 6 months. Can I purchase another cert from one Microsoft's "approved" root providers and only have it in place for the Federated Trust? In other words it won't be my primary mail cert?

Thanks!

(in reply to mohammed.yusuf)
Post #: 7
RE: Cross Forest Free/Busy - 19.Apr.2013 4:00:51 AM   
mohammed.yusuf

 

Posts: 96
Joined: 28.Sep.2011
From: Lancashire
Status: offline
If you have already got X.509 Certificate approved by Microsoft approved company then you should be ok to use it. For certificate you could try EMS cmdlet.
Get-ExchangeCertificate | where {$_.IsSelfSigned –eq $false} | fl
When you run the above command you would be able to see certificate thumb print at the bottom.
Now you create Federation trust
New-FederationTrust –Name “Partner Trust” –thumbprint 237845454d555d4dfddfddf54 -verbose
at least you would see the warning as why it is failing
Thanks

(in reply to dkjenness)
Post #: 8

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [Microsoft Exchange 2010] >> General >> Cross Forest Free/Busy Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts


Follow TechGenix on Twitter