"Creating Organization Relationships" error when you run the Get-FederatedInformation cmdlet to set up an organization relationship

Kehtib: Exchange OnlineExchange Server 2013 EnterpriseExchange Server 2013 Standard Edition

Note The Hybrid Configuration wizard that's included in the Exchange Management Console in Microsoft Exchange Server 2010 is no longer supported. Therefore, you should no longer use the old Hybrid Configuration wizard. Instead, use the Office 365 Hybrid Configuration wizard that's available at http://aka.ms/HybridWizard. For more information, see Office 365 Hybrid Configuration wizard for Exchange 2010.


You want to set up a hybrid deployment between your on-premises Microsoft Exchange Server organization and an external federated organization. However, when you run the Get-FederatedInformation cmdlet, the operation isn't successful, and you receive a "Creating Organization Relationships" error message. The full text of this message resembles the following:
ERROR:Updating hybrid configuration failed with error 'Subtask Configure execution failed: Creating Organization Relationships.
Execution of the Get-FederationInformation cmdlet had thrown an exception. This may indicate invalid parameters in your Hybrid Configuration settings.

Operation is not valid due to the current state of the object.
at System.Management.Automation.PowerShell.CoreInvoke[TOutput](IEnumerable input, PSDataCollection`1 output, PSInvocationSettings settings)
at System.Management.Automation.PowerShell.Invoke(IEnumerable input, PSInvocationSettings settings)
at System.Management.Automation.PowerShell.Invoke()
at Microsoft.Exchange.Management.Hybrid.RemotePowershellSession.RunCommand(String cmdlet, Dictionary`2 parameters, Boolean ignoreNotFoundErrors)


This issue can occur if one or more of the following conditions are true:
  • Autodiscover, Exchange Web Services (EWS), or both are published in Microsoft Forefront Unified Access Gateway (UAG), and single sign-on (SSO) is enabled.
  • The FullAuthPassthru registry value on the Forefront UAG server is not set to 1.
  • The KeepClientAuthHeader registry value on the Forefront UAG server is not set to 1.


To resolve the issue, follow these steps:
  1. In the Forefront UAG Management console, open the properties of the Exchange Web Services application, click the Authentication tab, and then clear the Use SSO check box.
  2. On the Forefront UAG servers, create the following DWORD values in the registry (if they don't already exist), and then set each value to 1.
    • HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\e-Gap\von\UrlFilter\FullAuthPassthru
    • HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\e-Gap\von\UrlFilter\KeepClientAuthHeader
  3. In the Forefront UAG Management console, click Activate to enable the Forefront UAG configuration.


For more information about how to publish Outlook Anywhere on a Forefront UAG portal, see Publishing Outlook Anywhere on a Forefront UAG portal.

For more information about Forefront UAG registry keys, see Forefront UAG registry keys.

Still need help? Go to Microsoft Community or the Exchange TechNet Forums.