26 April 2023

Set-FederationTrust - "Unable to connect to the remote server"

Below are all the steps required to renew the "Exchange Delegation Federation" certificate.

By following the steps in the "Learn" document on https://learn.microsoft.com/en-us/exchange/renew-the-federation-certificate-exchange-2013-help eveuthing should work fine. But if you still use a proxy you could see this:

This is the part where I was trying to get the certificate activated but wasn't allowed through the proxy:

Welcome to the Exchange Management Shell!

Full list of cmdlets: Get-Command
Only Exchange cmdlets: Get-ExCommand
Cmdlets that match a specific string: Help *<string>*
Get general help: Help
Get help for a cmdlet: Help <cmdlet name> or <cmdlet name> -?
Exchange team blog: Get-ExBlog
Show full output for a command: <command> | Format-List

Show quick reference guide: QuickRef
VERBOSE: Connecting to sr-xxxxx.domain.lan.
VERBOSE: Connected to sr-xxxxx.domain.lan.
[PS] C:\windows\system32>Set-FederationTrust -Identity "Microsoft Federation Gateway" -Thumbprint CE7AB8B6603427556C825A1122E270E74F7B177A -RefreshMetaData
Unable to access the Federation Metadata document from the federation partner. Detailed information: "Unable to connect to the remote server".
    + CategoryInfo          : MetadataError: (:) [Set-FederationTrust], FederationMetadataException
    + FullyQualifiedErrorId : [Server=sr-xxxxx,RequestId=a22a6478-3923-408c-88f2-a54aa5db0f70,TimeStamp=25-4-2023 13:44:24] [FailureCategory=Cmdlet-FederationMetadataException] 67AB8D6B,Microsoft.Exchange
   .Management.SystemConfigurationTasks.SetFederationTrust
    + PSComputerName        : sr-xxxxx.domain.lan

[PS] C:\windows\system32>netsh winhttp show proxy

Current WinHTTP proxy settings:

    Direct access (no proxy server).

[PS] C:\windows\system32>
[PS] C:\windows\system32>netsh winhttp show proxy

Current WinHTTP proxy settings:

    Direct access (no proxy server).

[PS] C:\windows\system32>netsh winhttp import proxy source=ie

Current WinHTTP proxy settings:

    Proxy Server(s) :  proxy.domain.lan:8080
    Bypass List     :  10.*;*.domain.lan;<local>

[PS] C:\windows\system32>Set-FederationTrust -Identity "Microsoft Federation Gateway" -Thumbprint xxxxxxB6603427556Cxxxx1122E270E74Fxxxxxx -RefreshMetaData
Unable to access the Federation Metadata document from the federation partner. Detailed information: "Unable to connect to the remote server".
    + CategoryInfo          : MetadataError: (:) [Set-FederationTrust], FederationMetadataException
    + FullyQualifiedErrorId : [Server=sr-xxxxx,RequestId=c55ed676-399a-46ca-adca-13c851055ff4,TimeStamp=25-4-2023 15:13:47] [FailureCategory=Cmdlet-FederationMetadataException] 67AB8D6B,Microsoft.Exchange
   .Management.SystemConfigurationTasks.SetFederationTrust
    + PSComputerName        : sr-xxxxx.domain.lan

[PS] C:\windows\system32>Get-ExchangeServer -Identity sr-xxxxx | select *proxy*

InternetWebProxy InternetWebProxyBypassList
---------------- --------------------------



[PS] C:\windows\system32>Set-ExchangeServer -Identity sr-xxxxx -InternetWebProxy http://1.1.1.1:8080
[PS] C:\windows\system32>Get-ExchangeServer -Identity sr-xxxxx | select *proxy*

InternetWebProxy           InternetWebProxyBypassList
----------------           --------------------------
http://1.1.1.1:8080/


[PS] C:\windows\system32>Set-FederationTrust -Identity "Microsoft Federation Gateway" -Thumbprint xxxxxxB6603427556Cxxxx1122E270E74Fxxxxxx -RefreshMetaData
WARNING: The federation trust has changed to prepare for the usage of a new certificate for Federation. You should update all TXT proof-of-ownership records that were previously set in DNS for all the
domains configured for Federation before publishing the new certificate.
The new hash-value should be replaced with the OrgNextCertificate proof value output generated with "Get-FederatedDomainProof -DomainName example.com".
[PS] C:\windows\system32>Get-FederatedDomainProof -DomainName domain.nl


RunspaceId : 010137a2-e51c-41f7-88f6-f4e982724bb7
DomainName : domain.nl
Name       : OrgNextPrivCertificate
Thumbprint : xxxxxxB6603427556Cxxxx1122E270E74Fxxxxxx
Proof      : XXXXXXXXnUXZ5I2/1r4OtQd+Ajif1kUWjbE/ZV/CIQfijGJlvcXXXXXXxsATxs82lE5l56iO+37XXXXXXXX
DnsRecord  : domain.nl TXT IN XXXXXXXXnUXZ5I2/1r4OtQd+Ajif1kUWjbE/ZV/CIQfijGJlvcXXXXXXxsATxs82lE5l56iO+37XXXXXXXX

RunspaceId : 010137a2-e51c-41f7-88f6-f4e982724bb7
DomainName : domain.nl
Name       : OrgPrivCertificate
Thumbprint : XXXXXXXX1770CAA82C2XXXXXX385DD36XXXXXXXX
Proof      : XXXXXXXXxqi4Dw2u377XXXXXXwpQUDo6TZrCyc+XgvWERobhE4b7WRnc2/lE89Sqta6FyFmOx++toIrBXXXXXXXX
DnsRecord  : domain.nl TXT IN XXXXXXXXxqi4Dw2u377XXXXXXwpQUDo6TZrCyc+XgvWERobhE4b7WRnc2/lE89Sqta6FyFmOx++toIrBXXXXXXXX



[PS] C:\windows\system32>Set-ExchangeServer -Identity sr-xxxxx -InternetWebProxy $null
[PS] C:\windows\system32>Get-ExchangeServer -Identity sr-xxxxx | select *proxy*

InternetWebProxy InternetWebProxyBypassList
---------------- --------------------------



[PS] C:\windows\system32>netsh winhttp show proxy

Current WinHTTP proxy settings:

    Proxy Server(s) :  proxy.domain.lan:8080
    Bypass List     :  10.*;*.domain.lan;<local>

[PS] C:\windows\system32>netsh winhttp clear proxy
The following command was not found: winhttp clear proxy.
[PS] C:\windows\system32>netsh winhttp reset proxy

Current WinHTTP proxy settings:

    Direct access (no proxy server).

[PS] C:\windows\system32>netsh winhttp show proxy

Current WinHTTP proxy settings:

    Direct access (no proxy server).

[PS] C:\windows\system32>$Servers = Get-ExchangeServer; $Servers | foreach {Get-ExchangeCertificate -Server $_ | Where {$_.Services -match 'Federation'}} | Format-List Identity,Thumbprint,Services,Subject


Identity   : sr-xxxxx.domain.lan\xxxxxxB6603427556Cxxxx1122E270E74Fxxxxxx
Thumbprint : xxxxxxB6603427556Cxxxx1122E270E74Fxxxxxx
Services   : SMTP, Federation
Subject    : CN=Federation

Identity   : sr-xxxxx.domain.lan\XXXXXXXX1770CAA82C2XXXXXX385DD36XXXXXXXX
Thumbprint : XXXXXXXX1770CAA82C2XXXXXX385DD36XXXXXXXX
Services   : SMTP, Federation
Subject    : CN=Federation

Identity   : sr-xxxxx.domain.lan\xxxxxxB6603427556Cxxxx1122E270E74Fxxxxxx
Thumbprint : xxxxxxB6603427556Cxxxx1122E270E74Fxxxxxx
Services   : SMTP, Federation
Subject    : CN=Federation

Identity   : sr-xxxxx.domain.lan\XXXXXXXX1770CAA82C2XXXXXX385DD36XXXXXXXX
Thumbprint : XXXXXXXX1770CAA82C2XXXXXX385DD36XXXXXXXX
Services   : SMTP, Federation
Subject    : CN=Federation

The Exchange Certificate operation has failed with an exception on server sr-xxxx1.  The error message is: Access is denied
    + CategoryInfo          : InvalidOperation: (:) [Get-ExchangeCertificate], LocalizedException
    + FullyQualifiedErrorId : [Server=sr-xxxxx,RequestId=80e9b8ef-a09d-4128-a7c9-533951782758,TimeStamp=25-4-2023 15:41:21] [FailureCategory=Cmdlet-LocalizedException] 12503763,Microsoft.Exchange.Manageme
   nt.SystemConfigurationTasks.GetExchangeCertificate
    + PSComputerName        : sr-xxxxx.domain.lan

The Exchange Certificate operation has failed with an exception on server sr-xxxx1.  The error message is: Access is denied
    + CategoryInfo          : InvalidOperation: (:) [Get-ExchangeCertificate], LocalizedException
    + FullyQualifiedErrorId : [Server=sr-xxxxx,RequestId=a311f800-dc09-4efa-8ceb-ecd97b6f5965,TimeStamp=25-4-2023 15:41:21] [FailureCategory=Cmdlet-LocalizedException] 9671FFC8,Microsoft.Exchange.Manageme
   nt.SystemConfigurationTasks.GetExchangeCertificate
    + PSComputerName        : sr-xxxxx.domain.lan



[PS] C:\windows\system32>Set-FederationTrust -Identity "Microsoft Federation Gateway" -PublishFederationCertificate
Creating a new session for implicit remoting of "Set-FederationTrust" command...
An error occurred accessing Windows Live. Detailed information: "The remote server returned an error: (407) Proxy Authentication Required.".
    + CategoryInfo          : InvalidResult: (:) [Set-FederationTrust], LiveDomainServicesException
    + FullyQualifiedErrorId : [Server=sr-xxxxx,RequestId=4a2f2b24-cb84-4f2a-95c5-a87a4d36bc8f,TimeStamp=26-4-2023 07:34:59] [FailureCategory=Cmdlet-LiveDomainServicesException] 5A701C9F,Microsoft.Exchange
   .Management.SystemConfigurationTasks.SetFederationTrust
    + PSComputerName        : sr-xxxxx.domain.lan

[PS] C:\windows\system32>$webclient=New-Object System.Net.WebClient
[PS] C:\windows\system32>$webclient.Proxy.Credentials = [System.Net.CredentialCache]::DefaultNetworkCredentials
[PS] C:\windows\system32>Set-FederationTrust -Identity "Microsoft Federation Gateway" -PublishFederationCertificate
An error occurred accessing Windows Live. Detailed information: "The remote server returned an error: (407) Proxy Authentication Required.".
    + CategoryInfo          : InvalidResult: (:) [Set-FederationTrust], LiveDomainServicesException
    + FullyQualifiedErrorId : [Server=sr-xxxxx,RequestId=4a2f2b24-cb84-4f2a-95c5-a87a4d36bc8f,TimeStamp=26-4-2023 07:35:22] [FailureCategory=Cmdlet-LiveDomainServicesException] 5A701C9F,Microsoft.Exchange
   .Management.SystemConfigurationTasks.SetFederationTrust
    + PSComputerName        : sr-xxxxx.domain.lan

[PS] C:\windows\system32>netsh winhttp show proxy

Current WinHTTP proxy settings:

    Direct access (no proxy server).

[PS] C:\windows\system32>[Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]::Tls12;
[PS] C:\windows\system32>[Net.ServicePointManager]::SecurityProtocol = [Net.ServicePointManager]::SecurityProtocol -bor [Net.SecurityProtocolType]::Tls12
[PS] C:\windows\system32>Set-FederationTrust -Identity "Microsoft Federation Gateway" -PublishFederationCertificate
An error occurred accessing Windows Live. Detailed information: "The remote server returned an error: (407) Proxy Authentication Required.".
    + CategoryInfo          : InvalidResult: (:) [Set-FederationTrust], LiveDomainServicesException
    + FullyQualifiedErrorId : [Server=sr-xxxxx,RequestId=42e63050-a895-4073-a082-6d835d11e3eb,TimeStamp=26-4-2023 07:35:57] [FailureCategory=Cmdlet-LiveDomainServicesException] 5A701C9F,Microsoft.Exchange
   .Management.SystemConfigurationTasks.SetFederationTrust
    + PSComputerName        : sr-xxxxx.domain.lan

[PS] C:\windows\system32>Set-ExchangeServer -Identity sr-xxxxx -InternetWebProxy http://1.1.1.1:8080
[PS] C:\windows\system32>Set-FederationTrust -Identity "Microsoft Federation Gateway" -PublishFederationCertificate
An error occurred accessing Windows Live. Detailed information: "The remote server returned an error: (407) Proxy Authentication Required.".
    + CategoryInfo          : InvalidResult: (:) [Set-FederationTrust], LiveDomainServicesException
    + FullyQualifiedErrorId : [Server=sr-xxxxx,RequestId=4a2f2b24-cb84-4f2a-95c5-a87a4d36bc8f,TimeStamp=26-4-2023 07:36:47] [FailureCategory=Cmdlet-LiveDomainServicesException] 5A701C9F,Microsoft.Exchange
   .Management.SystemConfigurationTasks.SetFederationTrust
    + PSComputerName        : sr-xxxxx.domain.lan

[PS] C:\windows\system32>netsh winhttp import proxy source=ie

Current WinHTTP proxy settings:

    Direct access (no proxy server).

[PS] C:\windows\system32>netsh winhttp import proxy source=ie

Current WinHTTP proxy settings:

    Proxy Server(s) :  http://proxy.domain.lan:8080
    Bypass List     :  10.*;*.domain.lan;<local>

[PS] C:\windows\system32>Set-FederationTrust -Identity "Microsoft Federation Gateway" -PublishFederationCertificate
An error occurred accessing Windows Live. Detailed information: "The remote server returned an error: (407) Proxy Authentication Required.".
    + CategoryInfo          : InvalidResult: (:) [Set-FederationTrust], LiveDomainServicesException
    + FullyQualifiedErrorId : [Server=sr-xxxxx,RequestId=4a2f2b24-cb84-4f2a-95c5-a87a4d36bc8f,TimeStamp=26-4-2023 07:40:27] [FailureCategory=Cmdlet-LiveDomainServicesException] 5A701C9F,Microsoft.Exchange
   .Management.SystemConfigurationTasks.SetFederationTrust
    + PSComputerName        : sr-xxxxx.domain.lan




[PS] C:\windows\system32>Set-FederationTrust -Identity "Microsoft Federation Gateway" -PublishFederationCertificate
An error occurred accessing Windows Live. Detailed information: "The remote server returned an error: (407) Proxy Authentication Required.".
    + CategoryInfo          : InvalidResult: (:) [Set-FederationTrust], LiveDomainServicesException
    + FullyQualifiedErrorId : [Server=sr-xxxxx,RequestId=42e63050-a895-4073-a082-6d835d11e3eb,TimeStamp=26-4-2023 07:40:53] [FailureCategory=Cmdlet-LiveDomainServicesException] 5A701C9F,Microsoft.Exchange
   .Management.SystemConfigurationTasks.SetFederationTrust
    + PSComputerName        : sr-xxxxx.domain.lan

[PS] C:\windows\system32>netsh winhttp reset proxy

Current WinHTTP proxy settings:

    Direct access (no proxy server).

[PS] C:\windows\system32>netsh winhttp set proxy proxy.domain.lan:8080

Current WinHTTP proxy settings:

    Proxy Server(s) :  proxy.domain.lan:8080
    Bypass List     :  (none)

[PS] C:\windows\system32>Set-FederationTrust -Identity "Microsoft Federation Gateway" -PublishFederationCertificate
An error occurred accessing Windows Live. Detailed information: "The remote server returned an error: (407) Proxy Authentication Required.".
    + CategoryInfo          : InvalidResult: (:) [Set-FederationTrust], LiveDomainServicesException
    + FullyQualifiedErrorId : [Server=sr-xxxxx,RequestId=4a2f2b24-cb84-4f2a-95c5-a87a4d36bc8f,TimeStamp=26-4-2023 07:43:46] [FailureCategory=Cmdlet-LiveDomainServicesException] 5A701C9F,Microsoft.Exchange
   .Management.SystemConfigurationTasks.SetFederationTrust
    + PSComputerName        : sr-xxxxx.domain.lan

[PS] C:\windows\system32>netsh winhttp set proxy proxy.domain.lan:8080 bypass-list="*.microsoftonline-p.com"

Current WinHTTP proxy settings:

    Proxy Server(s) :  proxy.domain.lan:8080
    Bypass List     :  *.microsoftonline-p.com

[PS] C:\windows\system32>Set-FederationTrust -Identity "Microsoft Federation Gateway" -PublishFederationCertificate
An error occurred accessing Windows Live. Detailed information: "The remote server returned an error: (407) Proxy Authentication Required.".
    + CategoryInfo          : InvalidResult: (:) [Set-FederationTrust], LiveDomainServicesException
    + FullyQualifiedErrorId : [Server=sr-xxxxx,RequestId=2f6f2f77-9d84-4029-b860-3274731a42b7,TimeStamp=26-4-2023 07:45:04] [FailureCategory=Cmdlet-LiveDomainServicesException] 5A701C9F,Microsoft.Exchange
   .Management.SystemConfigurationTasks.SetFederationTrust
    + PSComputerName        : sr-xxxxx.domain.lan

[PS] C:\windows\system32>Stop-Service -Name WinHttpAutoProxySvc -Force
Stop-Service : Service 'WinHTTP Web Proxy Auto-Discovery Service (WinHttpAutoProxySvc)' cannot be stopped due to the following error: Cannot open WinHttpAutoProxySvc service on computer '.'.
At line:1 char:1
+ Stop-Service -Name WinHttpAutoProxySvc -Force
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : CloseError: (System.ServiceProcess.ServiceController:ServiceController) [Stop-Service], ServiceCommandException
    + FullyQualifiedErrorId : CouldNotStopService,Microsoft.PowerShell.Commands.StopServiceCommand

Stop-Service : Collection was modified; enumeration operation may not execute.
At line:1 char:1
+ Stop-Service -Name WinHttpAutoProxySvc -Force
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Stop-Service], InvalidOperationException
    + FullyQualifiedErrorId : System.InvalidOperationException,Microsoft.PowerShell.Commands.StopServiceCommand

[PS] C:\windows\system32>Set-Service -Name WinHttpAutoProxySvc -StartupType disabled
Set-Service : Service 'WinHTTP Web Proxy Auto-Discovery Service (WinHttpAutoProxySvc)' cannot be configured due to the following error: Access is denied
At line:1 char:1
+ Set-Service -Name WinHttpAutoProxySvc -StartupType disabled
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : PermissionDenied: (System.ServiceProcess.ServiceController:ServiceController) [Set-Service], ServiceCommandException
    + FullyQualifiedErrorId : CouldNotSetService,Microsoft.PowerShell.Commands.SetServiceCommand

[PS] C:\windows\system32>whoami
domain\Username
[PS] C:\windows\system32>
[PS] C:\windows\system32>
[PS] C:\windows\system32>Get-ExchangeServer -Identity sr-xxxxx | select *proxy*

InternetWebProxy           InternetWebProxyBypassList
----------------           --------------------------
http://1.1.1.1:8080/


[PS] C:\windows\system32>Set-ExchangeServer -Identity sr-xxxxx -InternetWebProxy http://1.1.1.1:8080 -InternetWebProxyBypassList "10.*;*.domain.lan"
Cannot process argument transformation on parameter 'InternetWebProxyBypassList'. Cannot convert value "10.*;*.domain.lan" to type "Microsoft.Exchange.Data.MultiValuedProperty`1[Microsoft.Exchange.Data.Fqd
n]". Error: "Failed to convert 10.*;*.domain.lan from System.String to Microsoft.Exchange.Data.Fqdn. Error: Error while converting string '10.*;*.domain.lan' to result type Microsoft.Exchange.Data.Fqdn: "1
0.*;*.domain.lan" isn't a valid SMTP domain."
    + CategoryInfo          : InvalidData: (:) [Set-ExchangeServer], ParameterBindin...mationException
    + FullyQualifiedErrorId : ParameterArgumentTransformationError,Set-ExchangeServer
    + PSComputerName        : sr-xxxxx.domain.lan

[PS] C:\windows\system32>Get-ExchangeServer -Identity sr-xxxxx | select *proxy*

InternetWebProxy           InternetWebProxyBypassList
----------------           --------------------------
http://1.1.1.1:8080/


[PS] C:\windows\system32>Set-ExchangeServer -Identity sr-xxxxx -InternetWebProxy http://1.1.1.1:8080 -InternetWebProxyBypassList @{"10.*","*.domain.lan","*.microsoftonline-p.com"}
>> ^C
[PS] C:\windows\system32>Set-ExchangeServer -Identity sr-xxxxx -InternetWebProxy http://1.1.1.1:8080 -InternetWebProxyBypassList @("10.*","*.domain.lan","*.microsoftonline-p.com")
Cannot process argument transformation on parameter 'InternetWebProxyBypassList'. Cannot convert value "10.* *.domain.lan *.microsoftonline-p.com" to type "Microsoft.Exchange.Data.MultiValuedProperty`1[Mic
rosoft.Exchange.Data.Fqdn]". Error: "Cannot convert value "10.*" to type "Microsoft.Exchange.Data.Fqdn". Error: ""10.*" isn't a valid SMTP domain.""
    + CategoryInfo          : InvalidData: (:) [Set-ExchangeServer], ParameterBindin...mationException
    + FullyQualifiedErrorId : ParameterArgumentTransformationError,Set-ExchangeServer
    + PSComputerName        : sr-xxxxx.domain.lan

[PS] C:\windows\system32>Set-ExchangeServer -Identity sr-xxxxx -InternetWebProxy http://1.1.1.1:8080 -InternetWebProxyBypassList @("domain.lan","microsoftonline-p.com")
[PS] C:\windows\system32>Get-ExchangeServer -Identity sr-xxxxx | select *proxy*

InternetWebProxy           InternetWebProxyBypassList
----------------           --------------------------
http://1.1.1.1:8080/ {domain.lan, microsoftonline-p.com}


[PS] C:\windows\system32>Set-FederationTrust -Identity "Microsoft Federation Gateway" -PublishFederationCertificate
An error occurred accessing Windows Live. Detailed information: "The remote server returned an error: (407) Proxy Authentication Required.".
    + CategoryInfo          : InvalidResult: (:) [Set-FederationTrust], LiveDomainServicesException
    + FullyQualifiedErrorId : [Server=sr-xxxxx,RequestId=c3dd4e8e-34bc-402a-9cdb-3cf6ca994637,TimeStamp=26-4-2023 07:56:54] [FailureCategory=Cmdlet-LiveDomainServicesException] 5A701C9F,Microsoft.Exchange
   .Management.SystemConfigurationTasks.SetFederationTrust
    + PSComputerName        : sr-xxxxx.domain.lan
	
And here I added the following domains "domains.live.com" & "www.msftconnecttest.com" to the bypass list on the proxy:




[PS] C:\windows\system32>Set-FederationTrust -Identity "Microsoft Federation Gateway" -PublishFederationCertificate
WARNING: The federation trust has changed to use a new certificate for Federation. You should update all TXT proof-of-ownership records that were previously set in DNS for all the domains configured for
Federation. The new hash-value should be replaced with the OrgNextCertificate proof value output of the OrgNextCertificate generated with "Get-FederatedDomainProof -DomainName example.com".
[PS] C:\windows\system32>Get-FederationTrust | Format-List *priv*


OrgPrivCertificate     : xxxxxxB6603427556Cxxxx1122E270E74Fxxxxxx
OrgNextPrivCertificate :
OrgPrevPrivCertificate : XXXXXXXX1770CAA82C2XXXXXX385DD36XXXXXXXX



[PS] C:\windows\system32>Test-FederationTrust -UserIdentity user@domain.nl


Begin process.

STEP 1 of 6: Getting ADUser information for user@domain.nl...
RESULT: Success.

STEP 2 of 6: Getting FederationTrust object for user@domain.nl...
RESULT: Success.

STEP 3 of 6: Validating that the FederationTrust has the same STS certificates as the actual certificates published by the STS in the federation metadata.
RESULT: Success.

STEP 4 of 6: Getting STS and Organization certificates from the federation trust object...
RESULT: Success.


Validating current configuration for FYDIBOHF25SPDLT.domain.nl...


Validation successful.

STEP 5 of 6: Requesting delegation token...
RESULT: Success. Token retrieved.

STEP 6 of 6: Validating delegation token...
RESULT: Success.

Closing Test-FederationTrust...


RunspaceId : 043079c7-9ca2-4188-ac0e-681276d2b6e5
Id         : FederationTrustConfiguration
Type       : Success
Message    : FederationTrust object in ActiveDirectory is valid.

RunspaceId : 043079c7-9ca2-4188-ac0e-681276d2b6e5
Id         : FederationMetadata
Type       : Error
Message    : Unable to retrieve federation metadata from the security token service.

RunspaceId : 043079c7-9ca2-4188-ac0e-681276d2b6e5
Id         : StsCertificate
Type       : Success
Message    : Valid certificate referenced by property TokenIssuerCertificate in the FederationTrust object.

RunspaceId : 043079c7-9ca2-4188-ac0e-681276d2b6e5
Id         : StsPreviousCertificate
Type       : Success
Message    : Valid certificate referenced by property TokenIssuerPrevCertificate in the FederationTrust object.

RunspaceId : 043079c7-9ca2-4188-ac0e-681276d2b6e5
Id         : OrganizationCertificate
Type       : Success
Message    : Valid certificate referenced by property OrgPrivCertificate in the FederationTrust object.

RunspaceId : 043079c7-9ca2-4188-ac0e-681276d2b6e5
Id         : OrganizationPreviousCertificate
Type       : Success
Message    : Valid certificate referenced by property OrgPrevPrivCertificate in the FederationTrust object.

RunspaceId : 043079c7-9ca2-4188-ac0e-681276d2b6e5
Id         : TokenRequest
Type       : Success
Message    : Request for delegation token succeeded.

RunspaceId : 043079c7-9ca2-4188-ac0e-681276d2b6e5
Id         : TokenValidation
Type       : Success
Message    : Requested delegation token is valid.



[PS] C:\windows\system32>
[PS] C:\windows\system32>Set-ExchangeServer -Identity sr-xxxxx -InternetWebProxy $null -InternetWebProxyBypassList $null
[PS] C:\windows\system32>Get-ExchangeServer -Identity sr-xxxxx | select *proxy*

InternetWebProxy InternetWebProxyBypassList
---------------- --------------------------