Meeting room reservation from trusted domain

We have two domains with AD two-way trust and Exchange GAL synchronization done via Forefront identity Manager 2010. We have a problem with meeting room reservation, user from domain A is trying to book meeting room from domain B (there is a contact object in domain A for this meeting room from domain B). The problem is that such room is not sending response confirmation email to user and meeting room is visible as tentative. I already found https://social.technet.microsoft.com/Forums/exchange/en-US/298ee741-3293-438c-bd2d-edc33d1aa408/unable-to-book-meeting-rooms-from-trusted-forest-rooms-are-tentative?forum=exchange2010

and set "externally secured" option on receive connector in domain B (exchange 2010 server). This didn't resolve our issue. How to troubleshoot it? 

Domain A: one exchange 2013 server

Domain B: one exchange 2010 server (meeting rooms hosted in db on this server) and 3 exchange 2013 servers in DAG, prepared to migrate mailbox db from 2010 server

Here is a message header from normal email sent from domainA to domainB - I am wondering what IP scope (private IP address of exchange server from domainA: 192.168.128.235 or public IP address of ironport from domainA 62.xxx.xx.10) should be set for receiver connector in domainB

Received: from 312EX.domainB.com (172.16.64.143) by
 316EX.domainB.com (172.16.64.231) with Microsoft SMTP Server (TLS)
 id 15.0.995.29 via Mailbox Transport; Mon, 7 Sep 2015 09:32:17 +0200
Received: from 317EX.domainB.com (172.16.64.232) by
 312EX.domainB.com (172.16.64.143) with Microsoft SMTP Server (TLS)
 id 15.0.995.29; Mon, 7 Sep 2015 09:32:16 +0200
Received: from 231EX.domainB.com (172.16.64.60) by
 317EX.domainB.com (172.16.64.232) with Microsoft SMTP Server (TLS)
 id 15.0.995.29; Mon, 7 Sep 2015 09:32:16 +0200
Received: from ironport.domainB.com (172.16.65.16) by
 231EX.domainB.com (172.16.64.60) with Microsoft SMTP Server id
 14.3.158.1; Mon, 7 Sep 2015 09:32:15 +0200
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0BCBQCdPO1V/wpblD5IFhkBgjwhLAEiMWkGrV2JWod4GgUBBYcjPBABAQEBAQEBgQqEKgwhHEIBDyRsBwEEG4gnAwGkbKQPhUJwiV2DIAxBgTEFlVWORoQziFCIPINsJoFKAQsBgilxh0SBBQEBAQ
X-IPAS-Result: A0BCBQCdPO1V/wpblD5IFhkBgjwhLAEiMWkGrV2JWod4GgUBBYcjPBABAQEBAQEBgQqEKgwhHEIBDyRsBwEEG4gnAwGkbKQPhUJwiV2DIAxBgTEFlVWORoQziFCIPINsJoFKAQsBgilxh0SBBQEBAQ
X-IronPort-AV: E=Sophos;i="5.17,484,1437429600"; 
   d="scan'208,217";a="10003978"
Received: from eta.domainA.com ([62.xxx.xx.10])  by ironport.domainA.com
 with ESMTP; 07 Sep 2015 09:32:15 +0200
Received: from ETA.domainA.com (192.168.128.235) by ETA.domainA.com
 (192.168.128.235) with Microsoft SMTP Server (TLS) id 15.0.1076.9; Mon, 7 Sep
 2015 09:34:20 +0200
Received: from ETA.domainA.com ([::1]) by ETA.domainA.com ([::1]) with
 mapi id 15.00.1076.000; Mon, 7 Sep 2015 09:34:20 +0200
From: =?iso-8859-2?Q?Be=B3ko_Bart=B3omiej?= <Bartlomiej.Belko@domainA.com>
To: "'bart.test@domainB.com'" <bart.test@domainB.com>
Subject: zaproszenie 
Thread-Topic: zaproszenie 
Thread-Index: AdDpP5kMyMCMbPmnRx2vAgAzt6KVkQ==
Date: Mon, 7 Sep 2015 07:34:19 +0000
Message-ID: <2331fe7580224c0b861e4209065012d0@ETA.domainA.com>
Accept-Language: en-US, pl-PL
Content-Language: pl-PL
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [192.168.128.194]
Content-Type: multipart/alternative;
	boundary="_000_2331fe7580224c0b861e4209065012d0ETAdomainAcom_"
MIME-Version: 1.0
Return-Path: Bartlomiej.Belko@domainA.com
X-MS-Exchange-Organization-MessageDirectionality: Incoming
X-MS-Exchange-Organization-Network-Message-Id: 89c905ae-9f54-4c63-2553-08d2b7567491
X-MS-Exchange-Organization-AVStamp-Enterprise: 1.0
X-MS-Exchange-Organization-AuthSource: 231EX.domainB.com
X-MS-Exchange-Organization-AuthAs: Anonymous




  • Edited by bbelko Monday, September 07, 2015 1:50 PM
September 7th, 2015 1:30pm

Hi,

Please confirm whether this room mailbox can process internal meeting process properly. Also run the following command to check the calendar processing settings for this room:

Get-CalendarProcessing Room1 | fl

Additionally, please create a Mail User for this domainA user in domainB and send the test meeting request to check whether the issue persists.

Regards,

Free Windows Admin Tool Kit Click here and download it now
September 8th, 2015 3:40am

I confirm that this room can process internal meeting requests properly. 

Get-CalendarProcessing result:

RunspaceId                          : ed128c74-0fa6-4c1c-aaf1-0d0726a9bc85
AutomateProcessing                  : AutoAccept
AllowConflicts                      : False
BookingWindowInDays                 : 360
MaximumDurationInMinutes            : 1440
AllowRecurringMeetings              : True
EnforceSchedulingHorizon            : True
ScheduleOnlyDuringWorkHours         : False
ConflictPercentageAllowed           : 70
MaximumConflictInstances            : 50
ForwardRequestsToDelegates          : True
DeleteAttachments                   : True
DeleteComments                      : True
RemovePrivateProperty               : False
DeleteSubject                       : False
AddOrganizerToSubject               : True
DeleteNonCalendarItems              : True
TentativePendingApproval            : True
EnableResponseDetails               : True
OrganizerInfo                       : True
ResourceDelegates                   : {xxx}
RequestOutOfPolicy                  : {}
AllRequestOutOfPolicy               : False
BookInPolicy                        : {}
AllBookInPolicy                     : True
RequestInPolicy                     : {}
AllRequestInPolicy                  : False
AddAdditionalResponse               : False
AdditionalResponse                  :
RemoveOldMeetingMessages            : True
AddNewRequestsTentatively           : True
ProcessExternalMeetingMessages      : False
RemoveForwardedMeetingNotifications : False
MailboxOwnerId                      : xxx
Identity                            : xxx
IsValid                             : True
ObjectState                         : Changed

I also created mail user and issue persist. I believe this could be caused by misconfiguration of receive connector. For test purposes I created new room in domainA and mail contact for this room in domainB. What I want to configure now is a receive connector in domainA but the option "externally secured" could not be setup with:
ExternalAuthoritative cannot be set with BasicAuth, BasicAuthRequireTLS, ExchangeServer, or Integrated authentication mechanisms.

I need to know what IP addresses I should use in scope of this new receive connector in domainA. Then I can configure externally secured as option of this new receive connector (we have a site to site VPN between both domains). So the question is what IP address range should I use (based on the above mentioned message header)? Public IP address of ironport or private IPs of exchange servers?

September 8th, 2015 4:57am

Hi,

I noticed that the ProcessExternalMeetingMessages is set to False, please set it to True to have a try:

Set-CalendarProcessing xxx -ProcessExternalMeetingMessages $True

Regards,

Free Windows Admin Tool Kit Click here and download it now
September 8th, 2015 5:25am

I set ProcessExternalMeetingMessages to $True but this does not resolve the problem. What about receiver connector configuration in such case where there are several exchange servers (as in our case in domainB we have one exchange 2010 and 3x exchange 2013)? This option externally secured should be configured on all of them?
September 8th, 2015 6:35am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics