Here’s one I’ve seen a couple of times recently, and initially thought it was a one off. When you run the Hybrid Configuration Wizard and reach the Domain Proof of Ownership page you’ll see a table containing the TXT records you need to add to confirm you own the domain.
If you’re not sure what these are (and why you need to register them after already going through a similar process for the Office 365 custom domain itself) allow me to briefly explain. These records are used for Federated Sharing. This is different to AD FS, and relates to Exchange Free/Busy and Calendar sharing across an Exchange-organization’s boundaries. You confirm the domain with a TXT record which the Microsoft Federation Gateway will check and, once it’s confirmed will trust the certificate your Exchange organization presents.
Anyway – what do you do if you get stuck at this stage? Well (and you’ll find these now outdated instructions on one of my pre-HCW articles from a few years ago) you just need to use the Get-FederatedDomainProof cmdlet to retrieve the TXT record for the domain:
For example, Get-FederatedDomainProof -DomainName lisajanedesigns.co.uk
We can then add the TXT record into DNS as normal, then once it has taken effect re-run the HCW. The table will still be blank, but you can safely continue through the Hybrid Configuration Wizard.
3 thoughts on “When running the Hybrid Configuration Wizard in Exchange 2010 SP3 UR1 and UR2, the Domain Proof of Ownership is not populated”
Having issues adding / creating TXT Domain proof in the external DNS, The issues is the domain proof has two “+” character. one + character at the beginning, another half way though. The DNS Provider console either drops the + or drops the + and adds a space. I have look at another DNS Provider console and it will not allow the “+”. Does the string have to be exactly or does spaces need to added where the “+” character exists?
We are currently running into this Issue. Does the DNS record need to be created externally for this to work? Creating it on the domain internally does not seem to allow the wizard to finish correctly.
Yes it does, because Microsoft needs to look up the DNS record to verify you own the domain.
Comments are closed.