EDIT 9/19/2023: This blog post has received significant update.
In this second part of the Demystifying Hybrid Free/Busy, we will cover troubleshooting of Hybrid Free/Busy scenarios, more specifica...
Updated Sep 19, 2023
Version 16.0
Blog Post
Hi MarcoLFrancisco , the Federation Trust fails to test from 2010 servers on both steps where it reaches out to Microsoft (unable to retrieve metadata and then later step fails to get the token).
Test-FeferationTrust works fine for the 2016 servers. Auth cert fully distributed too and current.
We did find the DefaultSecureProtocols DWORD under WinHTTP step was missed, even though the SCHANNEL and KB update parts were done. So adding this DWORD is the next step being tried early next week.
To confirm RCA with Modern Auth shows no issues until which point it fails and stops completely with the error about Modern Auth. Didn't seem to show us much up til that point.
Last bit of confirmation - 2010 can FB lookup 2016. Leaves just 2010 > EXO as the sole unworkable scenario. Migrations work BTW, including from 2010.
Will report back once the DWORD is tried. It might be a give up and migrate as is at that point. Thanks again for the guidance.
PS going to see if we can check with Edge tools in OWA as Mirela suggested while waiting for next week.
#Update: The missing DWORD was tried but no change. However the client will move forward with expedited migration schedule rather than troubleshoot further and migration batches are well planned (good visibility into permission relationships, devices, etc.). Thanks again!! It would still be nice to get the basic auth working in RCA for on-prem. Exchange. Here's hoping.