Exchange 2016 cross forest availability configuration confusion!

Chau Le 96 Reputation points
2022-02-28T05:32:40.6+00:00

I'm trying to configure cross-forest availability between two trusted forest. Both forest have one 2016 Exchange server, real simple. Both share same email namespace. You know the drill, target forest has un-migrated users that are "Mail Users" and migrated users that are "Mailboxes" ... Source forest the opposite... unmigrated users are "Mailboxes" and migrated users are "Mail Users"

I have routing connectors and address space configured for source.local and target.local. Email routing is working perfectly!

Followed these articles:
https://learn.microsoft.com/en-us/exchange/architecture/client-access/availability-service-for-cross-forest-topologies?view=exchserver-2019
https://learn.microsoft.com/en-us/powershell/module/exchange/set-availabilityconfig?view=exchange-ps

Here is the info:

Email Name: contoso.com
Internal routing domains: Source.local, target.local

Step 1 Ran this on both forests:
Get-MailboxServer | Add-ADPermission -Accessrights Extendedright -Extendedrights "ms-Exch-EPI-Token-Serialization" -User "<Remote Forest Domain>\Exchange servers"

Step 2 ran this on both forest - this is where the confusion is, it says "ForestName" but it means SMTP address right? I've added contoso.com, target.local, source.local ... again I added all 3 domains because i don't know which one to use here
Add-AvailabilityAddressSpace -Forestname contoso.com -AccessMethod PerUserFB -UseServiceAccount $true

Step 3 did this on both forest - did this step because 1 and 2 weren't working
Set-AvailabilityConfig -PerUserAccount freebusyaccount (created a freebusy service account in both domains)

What am I missing? Autodiscover or something? Looking at freebusy for cross forest contact is showing the \\\\\\\\\\ .

Exchange Server Management
Exchange Server Management
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Management: The act or process of organizing, handling, directing or controlling something.
7,390 questions
{count} votes

3 answers

Sort by: Most helpful
  1. Chau Le 96 Reputation points
    2022-03-02T06:24:26.97+00:00

    Finally got a event LOG: Migtest3 is the account in source (in target is a contact)

    Log Name: Application
    Source: MSExchange Availability
    Date: 3/1/2022 10:15:42 PM
    Event ID: 4001
    Task Category: Availability Service
    Level: Error
    Keywords: Classic
    User: N/A
    Computer: NEXEX16A.NexfinityOne.local
    Description:
    Process Microsoft.Exchange.InfoWorker.Common.Delayed1[System.String]: <migtest3>SMTP:migtest3@source.local failed in application Free/Busy. Exception returned is Microsoft.Exchange.InfoWorker.Common.Availability.AutoDiscoverFailedException: Autodiscover failed for email address migtest3@source.local with error Microsoft.Exchange.InfoWorker.Common.Availability.AutoDiscoverFailedException: The underlying connection was closed: An unexpected error occurred on a send.. The request information is Discovery URL : https://mail.nexfinityonedev.com/autodiscover/autodiscover.xml, EmailAddress : <migtest3>SMTP:migtest3@source.local. ---> System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a send. ---> System.IO.IOException: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host. ---> System.Net.Sockets.SocketException: An existing connection was forcibly closed by the remote host at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size) --- End of inner exception stack trace --- at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size) at System.Net.FixedSizeReader.ReadPacket(Byte[] buffer, Int32 offset, Int32 count) at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult) at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx) at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx) at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state) at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result) at System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size) at System.Net.PooledStream.Write(Byte[] buffer, Int32 offset, Int32 size) at System.Net.ConnectStream.WriteHeaders(Boolean async) --- End of inner exception stack trace --- at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context) at System.Net.HttpWebRequest.GetRequestStream() at Microsoft.Exchange.InfoWorker.Common.Availability.AutoDiscoverRequest.BeginInvoke() --- End of inner exception stack trace --- . Name of the server where exception originated: NEXEX16A. LID: 56716. ---> Microsoft.Exchange.InfoWorker.Common.Availability.AutoDiscoverFailedException: The underlying connection was closed: An unexpected error occurred on a send.. The request information is Discovery URL : https://mail.nexfinityonedev.com/autodiscover/autodiscover.xml, EmailAddress : <migtest3>SMTP:migtest3@source.local. ---> System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a send. ---> System.IO.IOException: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host. ---> System.Net.Sockets.SocketException: An existing connection was forcibly closed by the remote host at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size) --- End of inner exception stack trace --- at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size) at System.Net.FixedSizeReader.ReadPacket(Byte[] buffer, Int32 offset, Int32 count) at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult) at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx) at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx) at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state) at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result) at System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size) at System.Net.PooledStream.Write(Byte[] buffer, Int32 offset, Int32 size) at System.Net.ConnectStream.WriteHeaders(Boolean async) --- End of inner exception stack trace --- at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context) at System.Net.HttpWebRequest.GetRequestStream() at Microsoft.Exchange.InfoWorker.Common.Availability.AutoDiscoverRequest.BeginInvoke() --- End of inner exception stack trace --- --- End of inner exception stack trace --- . Name of the server where exception originated: NEXEX16A. LID: 56716. This event may occur when the Free/Busy application cannot discover a corresponding application in the remote forest. Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="MSExchange Availability" /> <EventID Qualifiers="49156">4001</EventID> <Level>2</Level> <Task>4</Task> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2022-03-02T06:15:42.204397400Z" /> <EventRecordID>7313461</EventRecordID> <Channel>Application</Channel> <Computer>NEXEX16A.NexfinityOne.local</Computer> <Security /> </System> <EventData> <Data>Microsoft.Exchange.InfoWorker.Common.Delayed1[System.String]</Data>
    <Data><migtest3>SMTP:migtest3@Source Technology .local</Data>
    <Data>Free/Busy</Data>
    <Data>Microsoft.Exchange.InfoWorker.Common.Availability.AutoDiscoverFailedException: Autodiscover failed for email address migtest3@Source Technology .local with error Microsoft.Exchange.InfoWorker.Common.Availability.AutoDiscoverFailedException: The underlying connection was closed: An unexpected error occurred on a send.. The request information is Discovery URL : https://mail.nexfinityonedev.com/autodiscover/autodiscover.xml, EmailAddress : <migtest3>SMTP:migtest3@Source Technology .local. ---> System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a send. ---> System.IO.IOException: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host. ---> System.Net.Sockets.SocketException: An existing connection was forcibly closed by the remote host
    at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size)
    --- End of inner exception stack trace ---
    at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size)
    at System.Net.FixedSizeReader.ReadPacket(Byte[] buffer, Int32 offset, Int32 count)
    at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
    at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
    at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
    at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
    at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
    at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
    at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
    at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result)
    at System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size)
    at System.Net.PooledStream.Write(Byte[] buffer, Int32 offset, Int32 size)
    at System.Net.ConnectStream.WriteHeaders(Boolean async)
    --- End of inner exception stack trace ---
    at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
    at System.Net.HttpWebRequest.GetRequestStream()
    at Microsoft.Exchange.InfoWorker.Common.Availability.AutoDiscoverRequest.BeginInvoke()
    --- End of inner exception stack trace ---
    . Name of the server where exception originated: NEXEX16A. LID: 56716. ---> Microsoft.Exchange.InfoWorker.Common.Availability.AutoDiscoverFailedException: The underlying connection was closed: An unexpected error occurred on a send.. The request information is Discovery URL : https://mail.nexfinityonedev.com/autodiscover/autodiscover.xml, EmailAddress : <migtest3>SMTP:migtest3@Source Technology .local. ---> System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a send. ---> System.IO.IOException: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host. ---> System.Net.Sockets.SocketException: An existing connection was forcibly closed by the remote host
    at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size)
    --- End of inner exception stack trace ---
    at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size)
    at System.Net.FixedSizeReader.ReadPacket(Byte[] buffer, Int32 offset, Int32 count)
    at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
    at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
    at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
    at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
    at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
    at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
    at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
    at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result)
    at System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size)
    at System.Net.PooledStream.Write(Byte[] buffer, Int32 offset, Int32 size)
    at System.Net.ConnectStream.WriteHeaders(Boolean async)
    --- End of inner exception stack trace ---
    at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
    at System.Net.HttpWebRequest.GetRequestStream()
    at Microsoft.Exchange.InfoWorker.Common.Availability.AutoDiscoverRequest.BeginInvoke()
    --- End of inner exception stack trace ---
    --- End of inner exception stack trace ---
    . Name of the server where exception originated: NEXEX16A. LID: 56716</Data>
    </EventData>
    </Event>


  2. Kael Yao-MSFT 37,576 Reputation points Microsoft Vendor
    2022-03-03T02:42:53.887+00:00

    Hi @Chau Le

    To my knowledge, you may need to first ensure autodiscover and GALSync for cross-forest availability to work.

    Autodiscover:
    You may refer to the following link (Cross-Forest Availability and the Autodiscover Service part) to either use the SCP method or DNS method:
    How to Configure the Availability Service for Cross-Forest Topologies

    While since there is a known issue on the DNS method, I would recommend using the SCP method.
    (run cmdlet Export-AutodiscoverConfig -TargetForestDomainController "dc.contoso.com" -TargetForestCredential (Get-Credential) -MultipleExchangeDeployments $true)
    For your reference: Cross forest free/busy lookup fails when target forest is Exchange Server 2013 or Exchange Server 2016

    GALSync:
    You may use FIM/MIM to do a GALSync between forests.
    While based on my test, manually creating cross-forest mail contact should also work.
    Please refer to this link: Manually Creating a cross-forest mail contact
    You may need to manually configure few attributes in Active Directory.

    After the configuration, the mail contact would appear as "cross-forest mail contact" in Exchange Admin Center.
    179418-12.png

    Addition:
    There is a known issue after you install April 2021 and May 2021 security update for Exchange 2019/2016/2013.
    So I suppose you should also be affected.

    Link: "(400) Bad Request" error during Autodiscover for per-user free/busy in a trusted cross-forest topology
    Please refer to the workaround and check Method 1 part.

    Instead of the service account, you may need to manually create a FBA account and use its credentials.


    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments

  3. Chau Le 96 Reputation points
    2022-03-03T05:41:48.417+00:00

    The issue also is that both forest share the same email domain ... how does this impact autodiscover?