When you try to add a domain to Microsoft Exchange federation in Microsoft Office 365, the process is unsuccessful. This issue may occur even if the TXT (text) record of the federation proof is successfully added to the domain's DNS record.
This issue occurs if the TXT record of the federation proof is too large.
By default, DNS uses User Datagram Protocol (UDP) for queries, and it replies with a DNS payload limit of 512 bytes. Larger replies are truncated, and this leads to a later handling through Transmission Control Protocol (TCP) with more overhead. In this case, TCP is not enabled outgoing. Therefore, verification fails if the TXT record of the federation proof is too large.
To work around this issue, follow these steps:
- Manually change the hosts file on the hybrid server or servers to include the following information:
Note This server has TCP outgoing access permissions.
- Add the domain to the Exchange federation list by running the following Windows PowerShell command:
For example, run the following command:
Add-FederatedDomain –DomainName <SmtpDomain>
Add-FederatedDomain –DomainName contoso.com
- Remove the hosts file entry that you added in step 1.
In Windows 2008 Server and in Windows 2008 Server R2, the hosts file is saved in the following location:
Still need help? Go to the Office 365 Community