Failed to validate delegation token. Reason: InvalidExpired

When you test the Federation Trust that you have created between your On-Premise Exchange environment and the Microsoft Federated Gateway the Token Validation fails with the message 'Failed to validate delegation token' run the same command with the -Verbose switch to see detailed information on the error.



If the reason is appears is InvalidExpired this can be due to a time difference problem between your server and MS Federated Gateway service.

So you will need to configure an authoritative time server on your side. The MS article How to configure an authoritative time server in Windows Server  provides detailed information about configuring NTP , you can use the manual steps to accomplish it or use Fix It utilities provided. You can run the following command to set the time service to synchronise with an external time service.

• w32tm /config /manualpeerlist:time.windows.com /syncfromflags:manual /reliable:yes /update


• net stop w32time


• net start w32time

After restarting the time service ensure that the system is synchronising the time with the source set in the above step successfully.



Re-run the Test-FederationTrust command. This time the delegation token should be displayed as valid.



 

ecsword