Cross Forest Availability (Calendaring) in Exchange 2010

We are in the process of migrating 3500 users to a recently built exchange platform as part of an acquisition.  To give executives the ability to schedule meetings between the two companies, we recently configured the availability service to provide cross-forest functionality.  The process is simple enough when you have a forest trust in place:

From the Exchange Management Shell, first run:

Get-ClientAccessServer | Add-ADPermission -Accessrights Extendedright -Extendedrights "ms-Exch-
EPI-Token-Serialization"  -User "<Remote Forest Domain>\Microsoft Exchange Servers"

Next, we execute:

Add-AvailabilityAddressSpace -Forestname ForestB.com -AccessMethod PerUserFB -UseServiceAccount:$true

Run the same commands in the opposite forest, give it some time to replicate between your AD servers & sites, and viola, we have cross forest availability service.

This all worked well, except we started getting the Outlook 2007 & 2010 autodiscover warning on just one side of the trust.

“Allow this website to configure first.last@forestb.com server settings?”

With the proper service packs, Outlook now has a checkbox that says  “Don’t Ask Me About This Website Again”.  Unfortunately, that checkbox is USER BY USER!  Every time you schedule an appointment for a new user, that message pops up.

As part of the configuration, we had given this organization accepted email domains for both forestA.com and forestB.com.  As such, the Exchange system is programmed to protect you from autodiscover entries that are outside of your domain.  When the availability service used autodiscover to find the CAS servers for forestB.com users, it threw a security alert in forest A.

Luckily we did not need the additional address space, so we deleted the accepted domain and the issue cleared up.  If we had needed the address space, we would have needed to take an alternate route, such as a implementing a registry change for Outlook 2007 and 2010 clients.  Or we could use an Edge server to re-write the addresses on the way out of the network.

This entry was posted in Exchange 2010, Exchange Availability Service, Exchange Calendaring. Bookmark the permalink. Both comments and trackbacks are currently closed.