Getting an error when setting up a federation trust in Exchange 2010?
Then you’re not alone. Although I have setup a couple of Exchange 2010 federation trusts without issues, I for some reason (explained later) got this error in a specific customer environment of mine:
As you can see from the above screenshot, the request failed with an HTTP status 403: Forbidden. The warning messaging explains this is because the Window Live metadata document is expired, and the certificate therefore is ignored. So what the hell does that mean?
Well, the explanation to this error was simple. It turned out that the certificate I used was from a 3rd party CA authority, that wasn’t on the list of CAs approved by the Microsoft Federation Gateway (MFG) service. You can find a list of supported CAs at this link: http://msdn.microsoft.com/en-us/library/cc287610.aspx
Thanks to Andrew Ehrensing from MCS for getting me on the right track in regards to this issue.
MCM: Exchange 2007 | MVP: Exchange Architecture
MCITP: EMA + EA | MCSE: M + S | TechNet Influent