Since Exchange 2010, Microsoft have introduced the Microsoft Federation Gateway. This allows companies to setup a trust to Microsoft which can be used to gain scheduling information with a third parties once policies have been configured on both parties Exchange environment.
This looked like a pretty straight forward task and certainly a LOT easier than setting up direct trusts or sharing keys. Unfortunately it wasn't quite that straight forward.
These were the Issues we ran into and the relevant fix.
1. Cannot create Organisational Relationship for third party. Also when running get-federationinformation Powershell cmdlet, it errors.
FIX = Allow unauthenticated proxy server access from CAS servers to autodiscover address of third party exchange.
2. Cannot successfully complete a Test-OrganizationRelationship powershell cmdlet.
FIX = Enable WSsecurity for EWS and Autodiscover virtual directories. This was already set to true, but resetting this to true fixed this issue.
3. Lastly, Free/Busy information worked one way, but not the other.
|Works from Lab into Enterprise|
|Fails from Enterprise into Lab|
FIX = Enable Outlook logging, attempt the Free/Busy test and in resultant FB log file it shows a proxy 407 authentication issue. The fix is to allow unauthenticated access to the EWS path from all the CAS servers.
I found the two following blogs very useful through this process. If you are struggling and the above doesn't work for you, then go check these links out.