I have a Live@EDU org and an onPrem Org that need to share free busy. I have followed multiple articles on trying to get this to work but now I have an error that does not show up in any searches. First, I obtained a x509 cert for the OnPrem org, created a fed trust. Then added my delegated domain, and setup my org relationship. Second I setup the org relationship and sharing policies in Live@edu. I was able to retrieve free busy for a cloud account from an onPrem account right away, but the reverse did not work. I was troubleshooting that and attempted to switch the cert onPrem, which failed and I ended up deleting the federation trust and re-creating it. (a couple of times now). Currently, when I use test-FederationTrust -verbose, I receive VERBOSE: [19:59:54.589 GMT] Test-FederationTrust : Failed to request delegation token. Reason: <S:Fault xmlns:S="S:Receiverhttp://www.w3.org/2003/05/soap-envelope"><S:Code><S:Value>S:Receiver</S:Value></S:Code><S:Reason><S:Text xml:lang="en-US">Internal Server Error</S:Text></S:Reason><S:Detail><psf:error xmlns:psf="<psf:value>0x80048820</psf:value><psf:internal">http://schemas.microsoft.com/Passport/SoapServices/SOAPFault"><psf:value>0x80048820</psf:value><psf:internal</psf:internal"> error><psf:code>0xcffffc16</psf:code><psf:text>The record already exists in Database </psf:text></psf:internalerror></psf:error></S:Detail></S:Fault> Microsoft.Exchange.Net.WSTrust.SoapFaultException: Soap fault exception received. at Microsoft.Exchange.Net.WSTrust.SoapClient.Invoke(IEnumerable`1 headers, XmlElement bodyContent) at Microsoft.Exchange.Net.WSTrust.SecurityTokenService.IssueToken(DelegationTokenRequest request) at Microsoft.Exchange.Management.SystemConfigurationTasks.TestFederationTrust.GetDelegationToken(ADUser user, Uri target, SecurityTokenService securityTokenService) with the following as the standard output. RunspaceId : aff5ff95-ba75-47ea-8375-3d98372b9b68 Id : FederationTrustConfiguration Type : Success Message : FederationTrust object in ActiveDirectory is valid. RunspaceId : aff5ff95-ba75-47ea-8375-3d98372b9b68 Id : FederationMetadata Type : Success Message : The federation trust contains the same certificates published by the security token service in its federat ion metadata. RunspaceId : aff5ff95-ba75-47ea-8375-3d98372b9b68 Id : StsCertificate Type : Success Message : Valid certificate referenced by property TokenIssuerCertificate in the FederationTrust object. RunspaceId : aff5ff95-ba75-47ea-8375-3d98372b9b68 Id : StsPreviousCertificate Type : Success Message : Valid certificate referenced by property TokenIssuerPrevCertificate in the FederationTrust object. RunspaceId : aff5ff95-ba75-47ea-8375-3d98372b9b68 Id : OrganizationCertificate Type : Success Message : Valid certificate referenced by property OrgPrivCertificate in the FederationTrust object. RunspaceId : aff5ff95-ba75-47ea-8375-3d98372b9b68 Id : TokenRequest Type : Error Message : Failed to request delegation token. Now, does the error 'The record already exist in the database' mean that since I recreated the trust and the AppID changed, that something is mismatched now? Is this something in the MFG? Any direction would be greatly appreciated.

First, I obtained a x509 cert for the OnPrem org, created a fed trust. Hi Russ, Microsoft recommend using a self-signed certificate, which can be automatically created and installed using the New Federation Trust wizard in the EMC to establish a federation trust with the Microsoft Federation Gateway. Please use the self-signed certificate instead if possible(You may need to wait for 24hours). If you really want to use x509 one, please check the requirement: Certificate Requirements for Federation http://technet.microsoft.com/en-us/library/dd335047.aspx#certreq By the way, Exchange 2010 SP1 or SP2? The setup steps are different: Federated Delegation http://technet.microsoft.com/en-us/library/hh529924.aspx#BKMK_FederatedDelegation Frank Wang TechNet Community Support

Exchange SP2, but the federation is with Live@EDU which uses the consumer gateway, and that instance requires a 3rd party cert, not self-signed. The cert is not the issue since the trust was working and tested fine the first time I set it up. I have read through those docs that you provided and followed the setup, but am still seeing that error.