On-premises users can't view free/busy information of Exchange Online users

Article
08/19/2024
Applies to: Exchange Online, Exchange Server 2016 Enterprise Edition, Exchange Server 2016 Standard Edition, Exchange Server 2013 Enterprise, Exchange Server 2013 Standard Edition

Original KB number: 3137325

Symptoms

Users who have a mailbox in the on-premises environment can't view free/busy information for mailboxes in Exchange Online in the following scenario:

You have a hybrid deployment of Exchange Online and either on-premises Exchange Server 2016 or Exchange Server 2013.
You set up an intraorganization connector between the Exchange Online organization and the on-premises Exchange organization.
You set up an organization relationship between the Exchange Online organization and the on-premises Exchange organization.

Cause

This issue occurs if the on-premises Exchange server can't obtain an authentication token by using OAuth. Exchange doesn't try to use the organization relationship if an intraorganization connector exists.

Resolution

To resolve this issue, follow these steps.

Step 1 - Verify the OAuth certificate

Open the Exchange Management Shell.
To identify the certificate for which the authentication configuration is looking, run the following command:
```
Get-AuthConfig |fl
```

If no value is returned in the output for CurrentCertificateThumbprint, run the following command to create a new certificate:

New-ExchangeCertificate -KeySize 2048 -SubjectName "cn= Microsoft Exchange ACS Certificate" -FriendlyName "Microsoft Exchange Server ACS Certificate" -PrivateKeyExportable $true -Services SMTP -DomainName <YourPrimarySmtpDomain>

Run the following commands to assign the new certificate for OAuth authentication:

Set-AuthConfig -NewCertificateThumbprint <ThumbprintFromStep3> -NewCertificateEffectiveDate (Get-Date)

Set-AuthConfig -PublishCertificate

Step 2 - Specify the user account for the partner application

Open the Exchange Management Shell.
To identify the linked user account for the partner application, run the following command:
```
Get-PartnerApplication |fl
```

If no account is returned in the output, run the following command to add the appropriate user account:

Set-PartnerApplication "Exchange Online" -LinkedAccount "contoso.com/Users/Exchange Online-ApplicationAccount"

More information

For more information about the cmdlets used in this article, see the following Microsoft TechNet resources:

Additional resources

Training

Module

Troubleshoot Federation Issues - Training

We will discuss federation and interoperability between Teams and Skype for Business.

Certification

Microsoft Certified: Windows Server Hybrid Administrator Associate - Certifications

As a Windows Server hybrid administrator, you integrate Windows Server environments with Azure services and manage Windows Server in on-premises networks.