I think you are ok. But migrate a test mailbox and see what happens.
From: [email protected] [mailto:[email protected]] On Behalf Of Jonathan Raper Sent: Thursday, April 2, 2015 3:18 PM To: [email protected] Subject: [Exchange] RE: Exchange 2013 / Office 365 BPA calling out issue with federation certificate Thanks for the reply, MBS. If "IsValid : True" = success, then....well, yes. The hybrid wizard completed successfully, so what I don't understand is why the BPA is barking at me. Further, I found this article which explicitly states that the certificate for federation is self-signed....if I am understanding correctly....so now I'm really scratching my head. https://technet.microsoft.com/en-us/library/hh563848%28v=exchg.150%29.aspx [PS] C:\Windows\system32>Get-FederationInformation cmdlet Get-FederationInformation at command pipeline position 1 Supply values for the following parameters: DomainName: contoso.com RunspaceId : 1b21a4a0-497d-41ce-87ab-************ TargetApplicationUri : FYDIBOHF25SPDLT.blahblahblah.biz DomainNames : {contoso.com} TargetAutodiscoverEpr : https://autodiscover.nwnit.com/autodiscover/autodiscover.svc/WSSecurity TokenIssuerUris : {urn:federation:MicrosoftOnline} Identity : IsValid : True ObjectState : Unchanged [PS] C:\Windows\system32>Get-FederationInformation cmdlet Get-FederationInformation at command pipeline position 1 Supply values for the following parameters: DomainName: contoso.onmicrosoft.com RunspaceId : 1b21a4a0-497d-41ce-87ab-************ TargetApplicationUri : outlook.com DomainNames : {contoso.onmicrosoft.com, contoso.mail.onmicrosoft.com, yaddayaddayadda.com} TargetAutodiscoverEpr : https://autodiscover-s.outlook.com/autodiscover/autodiscover.svc/WSSecurity TokenIssuerUris : {urn:federation:MicrosoftOnline} Identity : IsValid : True ObjectState : Unchanged [PS] C:\Windows\system32> Thanks, Jonathan From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Michael B. Smith Sent: Wednesday, April 1, 2015 5:57 PM To: [email protected]<mailto:[email protected]> Subject: [Exchange] RE: Exchange 2013 / Office 365 BPA calling out issue with federation certificate Does Get-FederationInformation return success from the tenant and from on-premises? From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Jonathan Raper Sent: Wednesday, April 1, 2015 5:05 PM To: [email protected]<mailto:[email protected]> Subject: [Exchange] Exchange 2013 / Office 365 BPA calling out issue with federation certificate My google-fu is coming up short today, and the hyperlink in the details doesn't provide much help as far as I can tell. I have 2 Exchange 2007 in coexistence with 2 Exchange 2013 servers, which are in turn configured for hybrid mode with O365. I have run the Hybrid configuration wizard, and it seems to have passed. The sole purpose of the 2013 servers is to facilitate the hybrid connection to Office 365 so that we can migrate our mailboxes from 2007 to O365. For authentication to O365, we are using ADFS built on Server 2012 R2 (essentially ADFS 3.0). ADFS works beautifully. I was preparing to migrate my first mailbox, and decided to run the BPA one last time, and got this message: "Exchange Server: Office 365 hybrid configuration - Validate the certificate 'EX001.CONTOSO.CORP\THUMBPRINT' is proper in place for federation and mail flow" "The server EX001 is configured for Office 365 hybrid, but the certificate 'EX001.CONTOSO.CORP\THUMBPRINT' is not proper in place for federation and mail flow for Office 365 hybrid configuration. Expected status: get-exchangecertificate to see it should be third party, have a private key, and have the SMTP service associated with. Actual status: IsSelfSigned = True, HasPrivateKey = True, Service = SMTP,Federation. Learn more<http://blogs.technet.com/b/mikehall/archive/2013/08/21/office-365-insight-into-the-hybrid-configuration-wizard-part-2.aspx>." My question - is this just simply looking for the third party certificate that I have installed for IMAP, POP, IIS, & SMTP to be assigned for Federation, or is it looking for a different certificate? in the EAC, you cannot assign this service, so I am assuming it has to be enabled in the Exchange Management Shell? Puzzled... Thanks, Jonathan ________________________________ Note: This message and any attachments is intended solely for the use of the individual or entity to which it is addressed and may contain information that is non-public, proprietary, legally privileged, confidential, and/or exempt from disclosure. If you are not the intended recipient, you are hereby notified that any use, dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, please notify the original sender immediately by telephone or return email and destroy or delete this message along with any attachments immediately. ________________________________ Note: This message and any attachments is intended solely for the use of the individual or entity to which it is addressed and may contain information that is non-public, proprietary, legally privileged, confidential, and/or exempt from disclosure. If you are not the intended recipient, you are hereby notified that any use, dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, please notify the original sender immediately by telephone or return email and destroy or delete this message along with any attachments immediately.
