Federation Trust Unable to access Federation Metadata

Matthew Turney 0 Reputation points
2024-12-04T03:04:26.1866667+00:00

Hello,

I have been trying to run the Hybrid Configuration Wizard on our Exchange Server.

I know TLS 1.2 is running because I am able to login with my Tenant admin account(at least through IE) in the beginning of the HCW. I have checked all registry keys and they all match what I have read are correct for TLS 1.2 to be enabled...

Meaning:

Both Client and Server under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\ Disabled by Default keys are set to 0 and Enabled is set to 1.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft.NETFramework\v2.0.50727

and

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft.NETFramework\v4.0.30319

SchUseStrongCrypto and SystemDefaultTlsVersions are set to 1.

I have downloaded IISCrypto and have ran that on the server to enable TLS 1.2. Everything seems normal on that.

I cannot find any more information on this and I can only think that this is a TLS issue. I am trying to finish up a Full Hybrid environment so I can start migrating mailboxes. I don't want to migrate unless I can get some mailboxes working.

Just to have this issue in plain text...

"The underlying connection was closed. An unexpected error occurred on a send."

User's image

Active Directory Federation Services
Active Directory Federation Services
An Active Directory technology that provides single-sign-on functionality by securely sharing digital identity and entitlement rights across security and enterprise boundaries.
1,282 questions
Microsoft Exchange Hybrid Management
Microsoft Exchange Hybrid Management
Microsoft Exchange: Microsoft messaging and collaboration software.Hybrid Management: Organizing, handling, directing or controlling hybrid deployments.
2,178 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Alex Zhang-MSFT 3,155 Reputation points Microsoft Vendor
    2024-12-04T06:56:13.04+00:00

    Hello, @Matthew Turney,

    Welcome to the Microsoft Q&A platform!

    Notice that you have taken steps to ensure that TLS 1.2 is enabled and being used but the issue still exists. I would suggest you try the following to try and resolve the issue:

    1.Check for Updates: Ensure that your Exchange Server and Windows Server are fully up-to-date with the latest updates and patches. Older versions can sometimes cause issues with the Hybrid Configuration Wizard (HCW) and Federation Trust.

    2.Check Hybrid Configuration Wizard Logs: The HCW logs can provide more detailed information about where the process is failing. You can find these logs at "C:\Users<YourUsername>\AppData\Roaming\Microsoft\Exchange Hybrid Configuration" on the machine where you ran the HCW.

    3.Check Firewall and Proxy Settings: Make sure that there are no firewall or proxy rules blocking the traffic between your Exchange server and the Office 365 endpoints. This can sometimes cause unexpected connection drops.

    4.Service and Account Permissions: Verify that the account you are using has the necessary permissions to perform the Hybrid Configuration.

    5.Testing Connectivity: Use tools like "Test-FederationTrust" and "Test-OAuthConnectivity" PowerShell cmdlets to test your federation trust and OAuth configuration. This can sometimes reveal more specific problems.

    6.Re-run HCW as Administrator: Check again that you are running the HCW with administrative privileges.

    What I have provided above is a routine troubleshooting for researching such issues. If your problem is still not solved, here is a document that can help you, based on the error information you provided, please focus on error 3 and its solution, hopefully this will help solve your problem.

    User's image

    (Document Link: https://techcommunity.microsoft.com/blog/exchange/how-to-address-federation-trust-issues-in-hybrid-configuration-wizard-hcw/1144285)


    If the answer is helpful please click on ACCEPT ANSWER as it could help other members of the Microsoft Q&A community who have similar questions and are looking for solutions.

    Thank you for your support and understanding.

    Best Wishes,

    Alex Zhang


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.