Since the topic around configuring Federation using Microsoft Federation Gateway is not very clear in the documentation I decided to create a post around it.
The confusion came when SP2 was released for Exchange 2010.
One article says one thing and another says something else, things have changed after SP2, that’s why I’m posting this even if there were articles around this for SP1 (see links in the end).

Basic facts: You don’t need to create any sub-domain, it’s done and used only by Exchange itself.

Prerequisites:

You need to open up so that the server is able to reach Internet during the creation of the Federation.
Or else you will have this error message.

image

More information (read about the prereqs):
http://technet.microsoft.com/en-us/library/dd335198.aspx

 

 

Step 1.

The most basic way for creating the Federation trust is to use the EMC.
Go to “Organization Configuration” and select tab “Federation Trust”.
Press the “New Federation Trust” button and the wizard will launch.

image

image

 

 

Step 2.

You will need to run the command below for every domain you want to federate.
Copy the value from the “Proof” field and add it into a TXT record for the public DNS zone.
This is the unique value that the Federation Gateway Service is using to identify and verify.

“Get-FederatedDomainProof –DomainName testlabs.se”

image

 

 

Step 3.

For each domain you want to federate you will need to create a TXT record including the corresponding “Proof” value into.
(In my case I’m just federating one domain).

Create the TXT record in the public DNS zone.
It should look like this when the record has been created.

Let’s take a look in the public DNS using “nslookup”.

image

 

Below is an example on you create a TXT record in the Windows DNS.

Start the DNS Management tool
Select the public DNS zone
Right click the DNS zone and select “Other New Records..”
Choose the “Text (TXT)” type and press “Create Record..”
Then insert the text string into the Text field and press “OK”.

image

 

 

Step 4.

 

Now it’s time for completing the federation steps, we need to add the domain so it’s actually federated.
This is done by using the EMC, go to Organization Configuration and select the tab “Federation Trust”.
Select the “Microsoft Federation Gateway” and press “Manage Federation..”

image

 

In the wizard you can check so that the self-signed certificate (used for federation purpose only) is distributed to all Exchange servers.
Then press “Next”

image

 

Now select the domain you want to federate, in my case it’s “testlabs.se”, and press “OK”.

image

 

Type in the organizational contact for this domain and make sure that the checkbox for “Enable federation” is selected.

image

image

 

In the EMC it should now show the “Application Identifier” and “Application URI” values.
Those values were empty before.

image

 

 

Step 5.

The last step around the Federation is to make sure that the Autodiscover function is working since it’s used for finding and checking the FreeBusy information.
First thing to make sure of is that it’s published in the public DNS zone, when it’s published it should look like the picture below.

Autodiscover must be reachable from Outside/External and this is also done per domain, so for each domain you want to federate this must be done.

image

 

Below is an example on you create a Alias/CNAME record in the Windows DNS.

Start the DNS Management tool
Select the public DNS zone
Right click the DNS zone and select “New Alias (CNAME)..”
In the “Alias name” field type in Autodiscover and in the FQDN value browse for the server/name that’s used for Autodiscover
Press “OK”

image

 

For publishing Autodiscover using TMG, check this article:
http://www.testlabs.se/blog/2010/07/27/how-to-publish-owaactivesyncoutlook-anywhere-exchange-2010-with-microsoft-forefront-tmg-2/

 

 

Step 6.

The last and final step for accomplish the sharing of FreeBusy information is to create the Organization Relationship.

Go to “Organization Configuration” and select tab “Organizational Relationships”.
Press the “New Organizational Relationship..” button and the wizard will launch.

For details around which relationship you should choose, read the link below:
http://technet.microsoft.com/en-us/library/dd351260.aspx

 

If you want to specify which users that should be able to use this federation feature, this can be done by specifying a security distribution group.

image

 

Next step is to type in the organization you will be able for sharing the information with.
This can be done either by using Autodiscover (first option) or manually typing in the “Application URI” and “Autodiscover endpoint”.

image

 

 

Notice: This article is based on Exchange 2010 SP2

 

 

Sources:

http://technet.microsoft.com/en-us/library/ff601760.aspx

http://www.stevieg.org/2010/08/federation-onpremise-outlooklive/

http://www.expta.com/2011/07/how-to-configure-exchange-2010-sp1.html