Hybrid Configuration Wizard and Multiple Domains – Get-FederationInformation cmdlet had thrown an exception

When running the Exchange Hybrid Wizard for multiple domains, you may find it fails and shows you the error below:

Execution of the Get-FederationInformation cmdlet had thrown an exception. This may indicate invalid parameters in your Hybrid Configuration settings.

Federation information could not be received from the external organization.

In addition to this, if you check the Update-HybridConfiguration log file in the Exchange Logging directory, you will find that the failure occurs just after the command Get-FederationInformation is run on one of your domains.

The first test you can run is to login to Microsoft Online PowerShell and try running:

Get-FederationInformation -DomainName domain.com

If this comes back with an error, then you likely have an issue with Autodiscover. It may be that autodiscover is not configured for all your domains, which is quite a common occurrence. There are 2 traditional ways to get around this:

  1. Configure multiple SRV DNS records to point Autodiscover at your primary Autodiscover service
  2. Add all your autodiscover domains to your SAN certificate and configure A records to point autodiscover to the public facing IP of your Exchange server/s

As of Exchange 2010 SP3 UR6 and Exchange 2012 SP1 however, there is a much cleaner way of doing this.

  1. Make sure Autodiscover is configured and working on your Primary SMTP domain (use https://testconnectivity.microsoft.com/ to verify functionality)
  2. Run the HCW (Hybrid Configuration Wizard) for just your Primary domain. This should complete without issues
  3. Go into the Exchange Management Shell on your On Premise Exchange environment and run:

Set-HybridConfiguration -Domains domainb.com,domainc.com,domain.com,autod:domaina.com

Where domaina.com is your Primary SMTP domain. This sets your autodiscover domain for all domains to domaina.com.

  1. Re-run the HCW. You should now see all domains populated and the HCW should complete successfully.

PST Lockdown

PST files are very much of their time, but just like public folders and pre-windows 2000 logon names, they are still used in anger almost everywhere I go. They are usually scattered around the network and/or on users C:\ drives, causing mayhem and corruption wherever they go.

Admittedly, there were good reasons to use them back in the days of Exchange 2003, when disks were expensive and Mailbox Stores were limited to 70GB. These days it’s a much better idea to use a 3rd party archiving solution or integrate them back into the original mailbox. The problem here is that users love to hang on to what they know, even if they loathe it themselves. So how to stop those pesky users from messing around with PST files? Enter the magical wizardry of Group Policy, back to save the day as always.

The first thing you will need is to have the correct Administrative templates loaded for either Office 2010 or Office 2013. I’m going to pretend that nobody is running Office 2007 as it is now 8 years old and a bit old hat.

Go and edit your existing Office group policy or create a new one, and configure the following settings:

Microsoft Outlook 2010/2013 > Outlook Options > Other > AutoArchive > AutoArchive Settings – Disabled

Microsoft Outlook 2010/2013 > Outlook Options > Other > AutoArchive > Disable File|Archive – Enabled

Microsoft Outlook 2010/2013 > Miscellaneous > PST Settings > Prevent users from adding PSTs to Outlook profiles and/or prevent using Sharing-Exclusive PSTs – No PSTs can be added

Microsoft Outlook 2010/2013 > Miscellaneous > PST Settings > Prevent users from adding new content to existing PST files – Enabled

If you create the above configuration in Group Policy and apply it to your users, you will find that usersĀ a) will not be able to access the ‘Open Outlook Data File’ option in Outlook, b) Currently attached PST files will remain connected but data cannot be added to them and c) Users will not be able to use the Import/Export functions or AutoArchive functions with regards to PST files.

Once you’ve made these changes, you can move onto the process of hunting down and getting rid of those dreaded PST files without worrying about more file cropping up around you!

Good luck and god speed.