Getting an error when setting up a federation trust in Exchange 2010?

Then you’re not alone. Although I have setup a couple of Exchange 2010 federation trusts without issues, I for some reason (explained later) got this error in a specific customer environment of mine:

image

As you can see from the above screenshot, the request failed with an HTTP status 403: Forbidden. The warning messaging explains this is because the Window Live metadata document is expired, and the certificate therefore is ignored. So what the hell does that mean?

Well, the explanation to this error was simple. It turned out that the certificate I used was from a 3rd party CA authority, that wasn’t on the list of CAs approved by the Microsoft Federation Gateway (MFG) service. You can find a list of supported CAs at this link: http://msdn.microsoft.com/en-us/library/cc287610.aspx

Thanks to Andrew Ehrensing from MCS for getting me on the right track in regards to this issue.

Cheers,

Henrik Walther
Technology Architect/Writer
MCM: Exchange 2007 | MVP: Exchange Architecture
MCITP: EMA + EA | MCSE: M + S | TechNet Influent

clip_image001

About The Author

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top