Exchange 2010 Troubleshooting: Test-FederationTrust failure Error:FederationMetadata

  • Article

Symptom:

Federation test failure with below error

[PS] C:\Test-FederationTrust

RunspaceId : 7300c778-da78-4aa0-b35c-6155cb9141a3

Id : FederationMetadata

Type : Error

Message : The federation trust doesn't contain the same certificates published by the security token service in its federation metadata

 

Root Cause:

  • Microsoft periodically refreshes certificates in Microsoft Federation Gateway. If a certificate is not updated, the certificate and other metadata information in the on-premises environment become stale or invalid. Customers with a federation trust to the MFG must refresh their configuration so that they are aware of the new certificate.
  • Viewing Certificate Details in Federation Trust

Use the Test-FederationTrustCertificate cmdlet to see the certificates:

Solution:

  • If you’re using Exchange Server 2013 SP1 or later no action is required. This is a common task in Exchange 2013 SP1, it happens automatically.
  • If you are not running Exchange 2013 SP1 or later, you can create a scheduled task to keep your Federation Trust up-to-date. You can use the following command on your Exchange Server to create a scheduled task to run the update process periodically. This is how we recommend you keep your Federation Trust constantly updated. This will prevent you from being negatively affected by future metadata changes.
  • Schtasks /create /sc Daily /tn FedRefresh /tr "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -version 2.0 -command Add-PSSnapIn Microsoft.Exchange.Management.PowerShell.E2010;$fedTrust = Get-FederationTrust;Set-FederationTrust -Identity $fedTrust.Name -RefreshMetadata" /ru System
  • If you prefer to not use a scheduled task, you can manually run the command at any time to refresh the metadata. If you choose a manual option, it is still best practice to update Federation information at least monthly.
  • Get-Federationtrust | Set-FederationTrust –RefreshMetadata

More Information:

Free/busy lookups stop working in a cross-premises environment or in an Exchange hybrid deployment:

https://support.microsoft.com/en-in/help/2928514/free-busy-lookups-stop-working-in-a-cross-premises-environment-or-in-an-exchange-hybrid-deployment

 

Awareness – Is Your Federation Trust Metadata Updated?

https://blogs.technet.microsoft.com/rmilne/2014/09/22/awareness-is-your-federation-trust-metadata-updated/