Calendar and Free/Busy access is one of the most utilized features within Outlook in my experience. During a migration to Exchange Online in a Hybrid setup, if users can’t access Calendars and/or free/busy, it’s a big deal. Calendar access hasn’t always been supported in a Hybrid setup, until now, but free/busy is something that has.

There are always complications when configuring Exchange Hybrid and I came across one I haven’t seen before, so thought I’d share my experience:

The issue was that users still on-premises were receiving password prompts when trying to access calendars and/or free/busy for a user who had been migrated to Exchange Online. However, this wasn’t the case for all users. Usually, this type of issue is experienced across the organization but in this situation it differed from user to user.

After some investigational work, I found that the differences between users who were working and who weren’t, was the location of their mailbox. If the mailbox was hosted on a server in one datacenter, the user’s had no issues, but in the second datacenter it did not work. Continuing investigations found the following tests in Exchange, also succeeded in one datacenter and failed in the other:




I ended up running the above on all Exchange servers in the solution and had the same errors on each server in the second datacenter. All pointing to certificate issues:


Federation Trust

RunspaceId : e8622894-92a4-4b79-a99b-d2512ae0657f
Id : OrganizationCertificate
Type : Error
Message : Unable to find the certificate referenced by property OrgPrivCertificate in the FederationTrust object.

Error: GetOrganizationCertificates(federationTrust) returned null when called in Process()
+ CategoryInfo : NotSpecified: (:) [], LocalizedException
+ FullyQualifiedErrorId : [Server=XXXXXX,RequestId=d054d005-9440-4f86-8466-2fc4178f2026,TimeStamp=14/03/2018 10
:54:03] [FailureCategory=Cmdlet-LocalizedException] 3C7459D6
+ PSComputerName :

Organization Relationship

There is an error with the local federation configuration, error code is ‘MisconfiguredFederationTrust’ and error sub
code is ‘CertificateNotInStore’.
+ CategoryInfo : InvalidOperation: (:) [Test-OrganizationRelationship], InvalidOperationException
+ FullyQualifiedErrorId : [Server=XXXXXX,RequestId=9ea52383-a699-4ff6-bd5d-36a163055a2d,TimeStamp=14/03/2018 10
:57:20] [FailureCategory=Cmdlet-InvalidOperationException] 4DB424,Microsoft.Exchange.Management.Sharing.TestOrgani
+ PSComputerName :

OAuth Connectivity

Exchange Response Details:
HTTP response message:
System.Net.WebException: The request was aborted: The request was canceled. —>
Microsoft.Exchange.Security.OAuth.OAuthTokenRequestFailedException: Missing signing certificate.


So with a clear indication that certificates were the cause of our issue, I checked the local computer certificates and found that all the servers in the second datacenter were missing the Federation and the Microsoft Exchange Server Auth Certificate from their personal store. Exporting the certificates from an Exchange server that was able to complete the above tests successfully and importing them in to each server that was failing resolved the issue.

Why the servers in that single datacenter did not have the certificates remains a mystery to me at the moment, but I believe the Hybrid Configuration Wizard should have installed them. During my initial investigations, the HCW was run a few times but those certificates were never installed. Whether this is a bug in the HCW or a communications issues between the server the HCW was run on and the servers in the second datacenter I’m not sure but I’m hoping to determine why soon.


So to sum up, when investigating Free/Busy or Calendar issues in a hybrid environment, be sure to run the above tests on all servers to confirm each server can connect to Exchange Online successfully.