Exchange Free/Busy Calendar Sharing

By -
Recently we had a request to be able to share calendar with an external organisation that we are working on a project with.  In the old days of Exchange, the only way of achieving this in a seamless way was to setup trusts or use things IIRU and IIFP.

Since Exchange 2010, Microsoft have introduced the Microsoft Federation Gateway.  This allows companies to setup a trust to Microsoft which can be used to gain scheduling information with a third parties once policies have been configured on both parties Exchange environment.

https://technet.microsoft.com/en-us/library/dd335198(v=exchg.141).aspx

This looked like a pretty straight forward task and certainly a LOT easier than setting up direct trusts or sharing keys.  Unfortunately it wasn't quite that straight forward.
These were the Issues we ran into and the relevant fix.

1.  Cannot create Organisational Relationship for third party. Also when running get-federationinformation Powershell cmdlet, it errors.

FIX = Allow unauthenticated proxy server access from CAS servers to autodiscover address of third party exchange.

2.  Cannot successfully complete a Test-OrganizationRelationship powershell cmdlet.


FIX = Enable WSsecurity for EWS and Autodiscover virtual directories.  This was already set to true, but resetting this to true fixed this issue.

3.  Lastly, Free/Busy information worked one way, but not the other.

Works from Lab into Enterprise

Fails from Enterprise into Lab

FIX = Enable Outlook logging, attempt the Free/Busy test and in resultant FB log file it shows a proxy 407 authentication issue.  The fix is to allow unauthenticated access to the EWS path from all the CAS servers.

I found the two following blogs very useful through this process.  If you are struggling and the above doesn't work for you, then go check these links out.

https://johanveldhuis.nl/exchange-federation-deel-i/
https://lynclogix.wordpress.com/2014/04/22/exchange-federation-freebusy-drops-the-soap-header/

Thanks
Sam

Comments

  1. Ben Owens26 July 2016 at 20:27

    Free/busy can frequently be a pain in the neck with Exchange OnPrem to Office 365 hybrid. Reverse proxies can be an issue. WSsecurity for EWS already set to true is a real gotcha. Looks okay but you reset it and hey presto, working. Remote Connectivty Analyser is always good for troubleshooting EWS on both environments.

    ReplyDelete

Post a Comment

Popular posts from this blog

Assigning Windows 10/11 Enterprise Subscription Activation Licences to Hybrid Azure AD Joined Devices

By -
Image
Introduction Starting with Windows 10, version 1703, Windows 10 Pro supports the Subscription Activation feature, enabling users to “step-up” from Windows 10 Pro to Windows 10 Enterprise automatically if they are subscribed to Windows 10 Enterprise E3 or E5. The Subscription Activation feature eliminates the need to manually deploy Windows 10 Enterprise or Education images on each target device, then later standing up on-prem key management services such as KMS or MAK based activation, entering GVLKs, and subsequently rebooting client devices. It’s important to note that the Windows 10 Enterprise subscription activation is designed to “step-up” a device from Windows 10 Pro to Windows 10 Enterprise. Therefore, your device is required to have a Windows 10 Pro license activated as a baseline. For Windows 10 Enterprise Subscription Activation to function, there a several prerequisites which need to be in place. This blog is aimed for organisations which have Active Directory on premises an
Read more

Autopilot Hybrid Azure AD Join with Customised First Login Status

By -
Image
Introduction This is my flavour of deploying a customised HAADJ progress status, building on work by Joymalya Basu Roy's detailed article - https://joymalya.com/autopilot-hybrid-azure-ad-join-reworked-with-joy/ . The differences in my version are: Not using Active Setup to run the HAADJ retry process or Splash Screen as I found this didn't work as expected and I didn't want to add a registry item to affect all future logins with a reboot from the HAADJ process. Running the processes under the context of the SYSTEM account, but displaying status to the interactive user. Avoid the HAADJ process running again after the initial success. This provides a customised first login status which prevents the user from using the devices until Hybrid Azure AD Join from the Autopilot process. It's use is primarily for when the User ESP is configured to be skipped. Files This is my version of customised HAADJ which is built on work and guidance in blogs/articles from Michael Niehaus, S
Read more

Upgrade Samsung Galaxy Ace 2 (I8160) to Android Jelly Bean

By -
Image
There has been talk of Samsung working on an Android build of Jelly Bean for the Samsung Galaxy Ace 2 (I8160) for quite some time. A couple of leaked versions of the build have been available since the end of February and during March, but these contained various bugs as you might expect. On April 2nd, an official release was available on www.sammobile.com and available for install using KIES or OTA, but only for Portuguese customers on the TMN network.  This was curious as this network didn't actually sell the phone.  It could be a way of getting the early adopters to test this version before the big operators like Telefonica and Vodafone build and release a version themselves. There are many online guides on how to manually download the firmware and apply it to your device, but if you make the direct jump from Gingerbread (2.3) to Jelly Bean (4.1.2) you will likely have RAM issues. The gingerbread versions only allocated around 500MB for RAM whereas Jelly Bean needs more
Read more