woensdag 5 oktober 2011

Error when making new federation trust with Microsoft Federation Gateway "The remote name could not be resolved: 'nexus.microsoftonline.com'".

A while ago we started our migration to Office 365.
We planned to move to a Hybrid deployment of Exchange 2010 and Office 365.
During the deployment we came across a problem when making a federation with the "Microsoft Federation Gateway".

When running the "New Federation Trust" wizard the Exchange EMC prompted the error below.


The specific error is : "The remote name could not be resolved 'nexus.microsoftonline.com' "
A ping to this name resulted in the same error.

On the Office 365 community they referred to the Office 365 Readyness Tool, which checks connectivity with the Microsoft Online Federation Services Endpoint. ( and does several other cool things )
Running the readyness tool did not make the issue any easyer....


It connected succesfully...

Googling the error i found this :
IIRC you need connectivity on port 443 to at least nexus.microsoftonline-p.com, login.microsoftonline.com, ppsanamespace.service.microsoftonline-p.net.

Notice the -P in nexus.microsoftonline-P.com. Unfortunately, the nexus.microsoftonline.com part in the cmdlet is not changeable. It is a static entry that comes from somewhere.

At this point I contacted Microsoft Support.
Several days and an escalation later.... the issue got resolved.

I did not use the EMC to run the commands, but I used the Exchange Management Shell.
First, copy the thumbprint from the EMC error, u need this in the New-FederationTrust cmdlet.
Then open the Exchange Management Shell ( elevated )
Run the command below, and replace the 'thumbprint' with the thumbprint you copied earlyer.

New-FederationTrust -Name 'Microsoft Federation Gateway' -Thumbprint 'thumbprint' -MetadataUrl
https://nexus.microsoftonline-p.com/FederationMetadata/2006-12/FederationMetadata.xml

You wil notice the command is succesfully run, and the federation with the Microsoft Federation gateway is made.

This can be confirmed by opening the EMC and click on Organization Configuration.
On the right side you see a federation trust with the federation gateway.


Once the federation was made I could follow the rest of the steps in the Exchange deployment assistant.

Here are some url's that might come in handy when deploying Office 365/:
Office 365 readyness tool: http://community.office365.com/en-us/f/183/t/2285.aspx
Exchange / Office 365 deployment assistant: http://technet.microsoft.com/en-us/exdeploy2010/default.aspx#Index
Info on hybrid deployments: http://technet.microsoft.com/en-us/library/gg577584.aspx

Stay tuned, I have a feeling this is not the last error I face when migrating to Office 365

1 opmerking: