Getting an error when setting up a federation trust in Exchange 2010?

by Henrik Walther [Published on 5 Oct. 2009 / Last Updated on 5 Oct. 2009]

Then you’re not alone. Although I have setup a couple of Exchange 2010 federation trusts without issues, I for some reason (explained later) got this error in a specific customer environment of mine: As you can see from the above screenshot, the request failed with an HTTP status 403: Forbidden. The warning messaging explains this is because the Window Live metadata document is expired, and the certificate therefore is ignored. So what the hell does that mean? Well, the explanation to this error was simple. It turned out that the certificate I used was from a 3rd party CA authority, that wasn’t on the list of CAs approved by the Microsoft Federation Gateway (MFG) service. You can find a list of supported CAs at this link: http://msdn.microsoft.com/en-us/library/cc287610.aspx Thanks to Andrew Ehrensing from MCS for getting me on the right track in regards to this issue. Cheers, Henrik WaltherTechnology Architect/WriterMCM: Exchange 2007 | MVP: Exchange Architecture MCITP: EMA + EA | MCSE: M + S | TechNet Influent

Then you’re not alone. Although I have setup a couple of Exchange 2010 federation trusts without issues, I for some reason (explained later) got this error in a specific customer environment of mine:

image

As you can see from the above screenshot, the request failed with an HTTP status 403: Forbidden. The warning messaging explains this is because the Window Live metadata document is expired, and the certificate therefore is ignored. So what the hell does that mean?

Well, the explanation to this error was simple. It turned out that the certificate I used was from a 3rd party CA authority, that wasn’t on the list of CAs approved by the Microsoft Federation Gateway (MFG) service. You can find a list of supported CAs at this link: http://msdn.microsoft.com/en-us/library/cc287610.aspx

Thanks to Andrew Ehrensing from MCS for getting me on the right track in regards to this issue.

Cheers,

Henrik Walther
Technology Architect/Writer
MCM: Exchange 2007 | MVP: Exchange Architecture
MCITP: EMA + EA | MCSE: M + S | TechNet Influent

clip_image001

Add Review or Comment

Featured Links