Scheduled Task to Update Your Federation Trust

Microsoft published an article this morning about keeping your federation trust up-to-date. This is really important if you are in a hybrid configuration or if you are sharing free/busy information between two different on-premises organizations using the Microsoft Federation Gateway as a trust broker. Microsoft periodically updates the certificates used by the Microsoft Federation Gateway and updating your federation trust keeps these certs up-to-date.

Exchange 2013 SP1 and later automatically updates the federation trust. If you’re running at least this version of Exchange 2013 (and you should), you’re good to go. If you’re an Exchange 2013 RTM/CU1/CU2/CU3 customer who hasn’t upgraded yet, read on…

In the article, Microsoft provides a command to run on one of your Exchange 2010 servers that creates a Scheduled Task to update the federation trust daily. This script only works on Exchange 2010. If you have a pure Exchange 2013 pre-SP1 environment, you can use this command to create a scheduled task:

Schtasks /create /sc Daily /tn FedRefresh /tr “%SYSTEMROOT%System32WindowsPowerShellv1.0powershell.exe -command “. $ENV:ExchangeInstallPathbinRemoteExchange.ps1; Connect-ExchangeServer -auto -ClientApplication:ManagementShell;$fedTrust = Get-FederationTrust;Set-FederationTrust -Identity $fedTrust.Name -RefreshMetadata” /ru System

Note that this version will also work on Exchange 2010 servers and also works in the rare occasion where PowerShell is not located on the C: volume.

Source: Expta