A couple of years ago I wrote a post on how the Exchange Hybrid Configuration Wizard (HCW) hung on adding a Federated Domain to an Office 365 tenant. You can read the old post HERE. Since then the HCW has been rather trouble free from this perspective. However, I recently had a case where this was not so. The same frozen wizard that hung on adding a federated domain occurred once more. I then tried the fix that I found in my previous post. This time this method failed. The error message was:
“An error occurred while attempting to provision Exchange to the Partner STS. Detailed Information “An error occurred
accessing Windows Live. Detailed information: “The underlying connection was closed: Could not establish trust
relationship for the SSL/TLS secure channel.”
With a bit of research I found THIS ARTICLE. A bit ironic as a commenter on my last article mentioned that the original issue was a Firewall issue. After checking with the client on the issue I found that they did not employ any sort of Proxy that would perhaps intercede and cause this issue. What the client did find was the they had some Cisco Umbrella policies that blocked traffic in this category – ‘Webmail category and a Search Engine category’. After making some adjustments to that policy, I was able to add the domain manually and then the wizard worked fine to completion.
SUMMARY
So in the end, if you have issues with the HCW adding federated domains, make sure you check these items:
- Firewall Policies
- Proxy Settings (like Blue coat)
- Add the domain manually
Now, the above list is not comprehensive, but it should provide a good starting place for troubleshooting this issue.
