Maybe this will help to troubleshoot your Settings:

http://andywolf.com/exchange-2010-cross-forest-free-busy-not-working/

http://www.tools4exchange.com/2013/03/troubleshooting-cross-forest-delegation.html

http://www.netsec.de/fileadmin/download/GALsync/Whitepaper_CrossForest_FreeBusy_Delegation_EN.pdf

Hi, I have several questions surrounding this topic which I don't know the answers to, and I have part way configured to certain degree some coexistence but got stuck. just to give you some upfront information on my setup:

Domain 1:

Server 2008, Exchange 2007, Self signed certificate for exchange

Domain 2:

Server 2008 R2, Exchange 2010, public signed certificate

a forest trust exists between the two networks, can ping properly, autodiscover records exists in both domains. so far if we create a contact in domain 2 (exchange 2010) representing a user from domain 1 then we can see the free/busy information from that user in domain 1, but if we add a domain 2 contact in domain 1 then we can not see free busy data about domain 2 user.

to implement this I have configured the environment from a rather well written article located at the following link (we have not used GALSync though we just manually created the contacts and manually set the attributes so the contacts are recognised as "forest mail contacts") http://www.msexchange.org/articles-tutorials/exchange-server-2010/migration-deployment/deep-dive-into-rich-coexistence-between-exchange-forests-part1.html

my questions are as follows:

1. is it possible to see free busy data between both domains in my situation without having to install any extra products - if so, then I am missing a small configuration from being able to see domain 2 users FB from domain 1 (how would I troubleshoot this?)

2. is it possible to create contacts in both domains that will allow for calendar sharing (delegation) without using a product like FIM or GALSync (is this just a tool to automatically synchronise the GAL's or is there more going on under the hood)?

3.in order for calendar sharing to work must we have exchange 2010 CAS in both domains regardless of whether we use FIM or would FIM be an answer to solve calendar sharing without having exchange 2010 CAS in domain 1?

many thanks

Steve

Hi,

if I run the test-outlookwebservices command in domain 1 I get the following output:

Test-OutlookWebServices -identity domain2user@domain2.local

                        Id                       Type Message
                        --                       ---- -------
                      1010                      Error Unable to identify use...

Test-OutlookWebServices -identity domain2user@domain2.co.uk

                        Id                       Type Message
                        --                       ---- -------
                      1003                Information About to test AutoDisc...
                      1013                      Error When contacting https:...
                      1006                      Error The Autodiscover servi...

1. am I right to assume I should be trying .local because .co.uk would go on the internet to resolve that right?

2. if I am supposed to be using .local then how does it send its request for free busy data? does it use a send connector on the hub transport to lookup info from domain2, or is it using some other mechanism? remember that my two sites are linked through a private fibre cable, but domain 1 (2007) doesn't have a send connector to domain 2, but domain 2 does have a send connector to domain 1 (and FB data works fine from 2010 to 2007)

if I run the test-outlookwebservices command from exchange 2010 (domain2) to look up FB data in 2007 I get lots of success except for the following two (yet in OWA or Outlook it does still display FB data)

RunspaceId : cb622036-2fcd-4aba-8d47-a195aab8d699
Id         : 1023
Type       : Error
Message    : The Autodiscover response is not complete.

RunspaceId : cb622036-2fcd-4aba-8d47-a195aab8d699
Id         : 1123
Type       : Error
Message    : The Autodiscover response is not complete.

Hi

Did you reed this:

http://blogs.technet.com/b/neiljohn/archive/2011/10/12/exchange-server-2010-cross-forest-delegation.aspx

http://technet.microsoft.com/en-us/library/bb125182(v=exchg.80).aspx

I think there is maybe a Problem with the self signed certificate.

Hi,

I read that first article, I will now read that second one.

if there was an issue with the self signed certificate wouldn't that cause me to NOT be able to read FB data from 2007 domain 1? I am able to read FB data from users in domain 1 from domain 2, but not the other way round. I haven't imported any certificates into domain 1 (exchange 2007) because the certificates from exchange 2010 are publically signed as far as I can tell so surely 2007 should trust these.

one possible reason which might be linked to this is the internal EWS virtual directory in exchange 2007.... I thought it might cause an issue but then I'm thinking "doesn't it go and query domain 2 exchange 2010 server, not its own local 2007 for availability data"

the configuration in exchange 2007 is set to the following:

Server                        : EX2007
InternalUrl                   : https://mail.domain1.com/Ews/Exchange.asmx
ExternalUrl                   : https://mail.aseconddomain1.com/Ews/Exchange.asmx

Domain 1 has more than 1 domain name by the way, domain1.com is its local name but also resolvable from the internet for emails addressed to users user@domain1.com emails can also be sent to user@aseconddomain1.com

shouldn't the internalURL be set to https://EX2007.domain1.com/ews/exchange/asmx ?

thanks

Steve

Oh and one more thing, from the article I referenced in my original post I was unable to create a functioning send connector in domain 1 because then email started getting stuck in the queue. emailing works fine between domain 1 and domain 2, I made a send connector in domain 2 going to domain 1 just fine, but not the other way round.

there is already one send connector in domain 1 (exchange 2007) called EdgeSync - domain1EBS to Internet

it looks like at some point they had Essential Business Server with an Edge server, however since the two domains are linked with a fibre optic (they are geographically separate) I wouldn't have thought email need to go through that send connector for emails destined for domain2 - so why are they getting stuck in a queue? I though email would only go to the edge if it were going outside to the internet or have I mis-understood this? perhaps that's where i'm failing on this.

domain 2 hasn't got an edge server, im not even sure if domain 1 has got one anymore but perhaps it goes through some other proxy.

Steve

has anyone got any further information on this post? particularly around my questions at the start to clear up any lack of understanding as to how calendar sharing works between 2007 and 2010 and separate forests. 

thanks

Steve