I think  you are ok.

But migrate a test mailbox and see what happens.

From: [email protected] [mailto:[email protected]] On 
Behalf Of Jonathan Raper
Sent: Thursday, April 2, 2015 3:18 PM
To: [email protected]
Subject: [Exchange] RE: Exchange 2013 / Office 365 BPA calling out issue with 
federation certificate

Thanks for the reply, MBS.

If "IsValid : True" = success, then....well, yes.

The hybrid wizard completed successfully, so what I don't understand is why the 
BPA is barking at me. Further, I found this article which explicitly states 
that the certificate for federation is self-signed....if I am understanding 
correctly....so now I'm really scratching my head.

https://technet.microsoft.com/en-us/library/hh563848%28v=exchg.150%29.aspx

[PS] C:\Windows\system32>Get-FederationInformation

cmdlet Get-FederationInformation at command pipeline position 1
Supply values for the following parameters:
DomainName: contoso.com


RunspaceId            : 1b21a4a0-497d-41ce-87ab-************
TargetApplicationUri  : FYDIBOHF25SPDLT.blahblahblah.biz
DomainNames           : {contoso.com}
TargetAutodiscoverEpr : 
https://autodiscover.nwnit.com/autodiscover/autodiscover.svc/WSSecurity
TokenIssuerUris       : {urn:federation:MicrosoftOnline}
Identity              :
IsValid               : True
ObjectState           : Unchanged



[PS] C:\Windows\system32>Get-FederationInformation

cmdlet Get-FederationInformation at command pipeline position 1
Supply values for the following parameters:
DomainName: contoso.onmicrosoft.com


RunspaceId            : 1b21a4a0-497d-41ce-87ab-************
TargetApplicationUri  : outlook.com
DomainNames           : {contoso.onmicrosoft.com, contoso.mail.onmicrosoft.com, 
yaddayaddayadda.com}
TargetAutodiscoverEpr : 
https://autodiscover-s.outlook.com/autodiscover/autodiscover.svc/WSSecurity
TokenIssuerUris       : {urn:federation:MicrosoftOnline}
Identity              :
IsValid               : True
ObjectState           : Unchanged



[PS] C:\Windows\system32>


Thanks,

Jonathan

From: [email protected]<mailto:[email protected]> 
[mailto:[email protected]] On Behalf Of Michael B. Smith
Sent: Wednesday, April 1, 2015 5:57 PM
To: [email protected]<mailto:[email protected]>
Subject: [Exchange] RE: Exchange 2013 / Office 365 BPA calling out issue with 
federation certificate

Does Get-FederationInformation return success from the tenant and from 
on-premises?

From: [email protected]<mailto:[email protected]> 
[mailto:[email protected]] On Behalf Of Jonathan Raper
Sent: Wednesday, April 1, 2015 5:05 PM
To: [email protected]<mailto:[email protected]>
Subject: [Exchange] Exchange 2013 / Office 365 BPA calling out issue with 
federation certificate

My google-fu is coming up short today, and the hyperlink in the details doesn't 
provide much help as far as I can tell.

I have 2 Exchange 2007 in coexistence with 2 Exchange 2013 servers, which are 
in turn configured for hybrid mode with O365. I have run the Hybrid 
configuration wizard, and it seems to have passed. The sole purpose of the 2013 
servers is to facilitate the hybrid connection to Office 365 so that we can 
migrate our mailboxes from 2007 to O365.

For authentication to O365, we are using ADFS built on Server 2012 R2 
(essentially ADFS 3.0). ADFS works beautifully.

I was preparing to migrate my first mailbox, and decided to run the BPA one 
last time, and got this message:

"Exchange Server: Office 365 hybrid configuration - Validate the certificate 
'EX001.CONTOSO.CORP\THUMBPRINT' is proper in place for federation and mail flow"
"The server EX001 is configured for Office 365 hybrid, but the certificate 
'EX001.CONTOSO.CORP\THUMBPRINT' is not proper in place for federation and mail 
flow for Office 365 hybrid configuration. Expected status: 
get-exchangecertificate to see it should be third party, have a private key, 
and have the SMTP service associated with. Actual status: IsSelfSigned = True, 
HasPrivateKey = True, Service = SMTP,Federation. Learn 
more<http://blogs.technet.com/b/mikehall/archive/2013/08/21/office-365-insight-into-the-hybrid-configuration-wizard-part-2.aspx>."

My question - is this just simply looking for the third party certificate that 
I have installed for IMAP, POP, IIS, & SMTP to be assigned for Federation, or 
is it looking for a different certificate? in the EAC, you cannot assign this 
service, so I am assuming it has to be enabled in the Exchange Management Shell?

Puzzled...

Thanks,

Jonathan

________________________________
Note: This message and any attachments is intended solely for the use of the 
individual or entity to which it is addressed and may contain information that 
is non-public, proprietary, legally privileged, confidential, and/or exempt 
from disclosure. If you are not the intended recipient, you are hereby notified 
that any use, dissemination, distribution, or copying of this communication is 
strictly prohibited. If you have received this communication in error, please 
notify the original sender immediately by telephone or return email and destroy 
or delete this message along with any attachments immediately.

________________________________
Note: This message and any attachments is intended solely for the use of the 
individual or entity to which it is addressed and may contain information that 
is non-public, proprietary, legally privileged, confidential, and/or exempt 
from disclosure. If you are not the intended recipient, you are hereby notified 
that any use, dissemination, distribution, or copying of this communication is 
strictly prohibited. If you have received this communication in error, please 
notify the original sender immediately by telephone or return email and destroy 
or delete this message along with any attachments immediately.

Reply via email to