Free/busy lookups stop working in a cross-premises environment or in an Exchange hybrid deployment

Applies to: Exchange OnlineExchange Server 2016 Enterprise EditionExchange Server 2016 Standard Edition

Note The Hybrid Configuration wizard included in the Exchange Management Console in Microsoft Exchange Server 2010 is no longer supported. Therefore, you should no longer use the old Hybrid Configuration wizard. Instead, use the Office 365 Hybrid Configuration wizard available at http://aka.ms/HybridWizard. For more information, see Office 365 Hybrid Configuration wizard for Exchange 2010.

PROBLEM


Free/Busy lookups stop working for users in a cross-premises environment, or in a hybrid deployment of on-premises Exchange Server and Exchange Online. Additionally, these issues may extend to other features that rely on the Microsoft Federation Gateway.

If you run the Test-FederationTrust cmdlet, you receive an error message that indicates that the Delegation token has validation issues. For example, you receive an error message that resembles the following:

Id : TokenValidation
Type : Error
Message : Failed to validate delegation token.

Additionaly, you might receive one of the following error messages in the Exchange Web Services (EWS) Responses:

An error occurred when processing the security tokens in the message
Autodiscover failed for email address User@contoso.com with error System.Web.Services.Protocols.SoapHeaderException: An error occurred when verifying security for the message

CAUSE


This issue occurs if the certificate, and other metadata information, in the Microsoft Federation Gateway (or in the on-premises environment) becomes outdated or invalid.

SOLUTION


To resolve this issue, refresh the metadata by running the Get-FederationTrust | Set-FederationTrust –RefreshMetadata command.

To do this, follow these steps:

  1. Open the Exchange Management Shell on the on-premises Exchange server.
  2. Run the following cmdlet:
    Get-FederationTrust | Set-FederationTrust –RefreshMetadata 

MORE INFORMATION


This issue could affect any environment that uses the Microsoft Federation Gateway. These environments include on-premises organizations that have set up free/busy, or sharing policies, between their organization and either other on-premises organizations, or Exchange Online in Office 365.

To run the procedure in the "Solution" section as an automated task and prevent future issues, open a command prompt on the Exchange server, then run the following command. Doing this updates the Federation trust daily.
Schtasks /create /sc Daily /tn FedRefresh /tr "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -version 2.0 -command Add-PSSnapIn Microsoft.Exchange.Management.PowerShell.E2010;$fedTrust = Get-FederationTrust;Set-FederationTrust -Identity $fedTrust.Name -RefreshMetadata" /ru System 

Still need help? Go to Microsoft Community or the Exchange TechNet Forums.