"Creating Organization Relationships" error when you run the Get-FederatedInformation cmdlet to set up an organization relationship

Note The Hybrid Configuration wizard that's included in the Exchange Management Console in Microsoft Exchange Server 2010 is no longer supported. Therefore, you should no longer use the old Hybrid Configuration wizard. Instead, use the Office 365 Hybrid Configuration wizard that's available at http://aka.ms/HybridWizard. For more information, see Office 365 Hybrid Configuration wizard for Exchange 2010.
PROBLEM
You want to set up a hybrid deployment between your on-premises Microsoft Exchange Server organization and an external federated organization. However, when you run the Get-FederatedInformation cmdlet, the operation isn't successful, and you receive a "Creating Organization Relationships" error message. The full text of this message resembles the following:
ERROR:Updating hybrid configuration failed with error 'Subtask Configure execution failed: Creating Organization Relationships.
Execution of the Get-FederationInformation cmdlet had thrown an exception. This may indicate invalid parameters in your Hybrid Configuration settings.

Operation is not valid due to the current state of the object.
at System.Management.Automation.PowerShell.CoreInvoke[TOutput](IEnumerable input, PSDataCollection`1 output, PSInvocationSettings settings)
at System.Management.Automation.PowerShell.Invoke(IEnumerable input, PSInvocationSettings settings)
at System.Management.Automation.PowerShell.Invoke()
at Microsoft.Exchange.Management.Hybrid.RemotePowershellSession.RunCommand(String cmdlet, Dictionary`2 parameters, Boolean ignoreNotFoundErrors)
'.
CAUSE
This issue can occur if one or more of the following conditions are true:
  • Autodiscover, Exchange Web Services (EWS), or both are published in Microsoft Forefront Unified Access Gateway (UAG), and single sign-on (SSO) is enabled.
  • The FullAuthPassthru registry value on the Forefront UAG server is not set to 1.
  • The KeepClientAuthHeader registry value on the Forefront UAG server is not set to 1.
SOLUTION
To resolve the issue, follow these steps:
  1. In the Forefront UAG Management console, open the properties of the Exchange Web Services application, click the Authentication tab, and then clear the Use SSO check box.
  2. On the Forefront UAG servers, create the following DWORD values in the registry (if they don't already exist), and then set each value to 1.
    • HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\e-Gap\von\UrlFilter\FullAuthPassthru
    • HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\e-Gap\von\UrlFilter\KeepClientAuthHeader
  3. In the Forefront UAG Management console, click Activate to enable the Forefront UAG configuration.
MORE INFORMATION
For more information about how to publish Outlook Anywhere on a Forefront UAG portal, see Publishing Outlook Anywhere on a Forefront UAG portal.

For more information about Forefront UAG registry keys, see Forefront UAG registry keys.

Still need help? Go to the Office 365 Community website or the Exchange TechNet Forums.
Properties

Article ID: 3070271 - Last Review: 04/26/2016 14:47:00 - Revision: 5.0

Microsoft Exchange Online, Microsoft Exchange Server 2013 Enterprise, Microsoft Exchange Server 2013 Standard, Microsoft Exchange Server 2010 Enterprise, Microsoft Exchange Server 2010 Standard

  • o365022013 o365 o365e o365a o365m hybrid KB3070271
Feedback