Solved

Exchange EWS externally not working

Posted on 2014-04-30
6
1,236 Views
Last Modified: 2014-06-23
Hi

Having some issues getting Exchange Web Services to work.
Need EWS to work with Lync 2013 mobile, and external desktop clients.

Using TMG to try to publish EWS.
OWA, Activesync, Lync is already published with TMG and working.
Using autodiscover with autodiscover.contoso.com.

Whenever we do a test with Remote Connectivity, the result is:
The remote name could not be resolved. 'ExchangeInternal.contoso.com'

For some reason it returns the internal name of the Exchange server, i'm guessing the TMG is returning it, but why ?
Checked InternalURL and ExternalURL for WebServicesVirtualDirectory:

InternalUR: https://ExhangeInternal.contoso.com/EWS/Exchange.asmx
ExternalURL: https://mail.contoso.com/EWS/Exchange.asmx


Tried setting the ExternalURL in the Remote Connectivity test manually, and then it works.


Any ideas why this might happen, and how to solve this ?

Our setup:
Lync 2013 internal server
Lync 2013 edge server
TMG 2010
Exchange 2010


Regards.
0
Comment
Question by:Lenblock
  • 3
  • 2
6 Comments
 
LVL 30

Expert Comment

by:Gareth Gudger
Comment Utility
Do you have split-brain DNS? If so, what about setting the internal URL to match the external URL?
0
 
LVL 4

Expert Comment

by:HostOne
Comment Utility
How you done the following?

Open Exchange Powershell - Now you need to set the CAS details and autodiscover, etc:
Set-ClientAccessServer -Identity CAS_Server_Name -AutodiscoverServiceInternalUri https://mail.contoso.com/autodiscover/autodiscover.xml

Open in new window


Now change the InternalUrl attribute of the EWS:
Set-WebServicesVirtualDirectory -Identity "CAS_Server_Name\EWS (Default Web Site)" -InternalUrl https://mail.contoso.com/ews/exchange.asmx

Open in new window


Next change the InternalUrl attribute for Web-based Offline Address Book distribution:
Set-OABVirtualDirectory -Identity "CAS_Server_name\oab (Default Web Site)" -InternalUrl https://mail.contoso.com/oab

Open in new window


Now change the InternalUrl attribute of the UM Web service:
Set-UMVirtualDirectory -Identity "CAS_Server_Name\unifiedmessaging (Default Web Site)" -InternalUrl https://mail.contoso.com/unifiedmessaging/service.asmx

Now open IIS management and recycle the MSExchangeAutodiscoverAppPool application pool.

If that doesn't help, next guess would be TMG is trying to reverse proxy Exchange, in which case I would change all the external EWS details to internal, because that's what people will be being served (same procedure as above but set everything to internal URLs).

-Or- Don't use TMG to proxy EWS, because I am struggling to see a point to that, anyway?
0
 

Author Comment

by:Lenblock
Comment Utility
Hi

Not to familiar with split-brain DNS.
Both internal and external have contoso.com
We have DNS servers in our LAN, and a public DNS.

All URL's are set up for external services, with exception of Outlook Anywhere.
We don't have Outlook Anywhere set up, should that make any difference for EWS ?

Tried hitching the EWS on the OWA publishing rule in TMG and still get the same error.
OWA, Activesync, autodiscover have the similar internal and external URL.
internal: https://ExhangeInternal.contoso.com/XX
External: https://mail.contoso.com/XX

It works when setting the EWS external URL manually when testing, but fails with autodiscover.



Regards.
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 30

Expert Comment

by:Gareth Gudger
Comment Utility
Not to familiar with split-brain DNS.
 Both internal and external have contoso.com
 We have DNS servers in our LAN, and a public DNS.

What you are describing here is split-brain DNS. That your external and internal URLs all match. Furthermore than your Public DNS points to the public IP of your CAS. Then you have recreated the contoso.com domain internally and the same records points to the internal IPs of the server, as opposed to the public IPs.

All URL's are set up for external services, with exception of Outlook Anywhere.
 We don't have Outlook Anywhere set up, should that make any difference for EWS ?

Outlook Anywhere isn't a factor. But the addresses you have for EWS does.

Run this command that HostOne mentioned to make the internals and externals match for EWS.
Set-WebServicesVirtualDirectory -Identity "CAS_Server_Name\EWS (Default Web Site)" -InternalUrl https://mail.contoso.com/ews/exchange.asmx

Also set the Autodiscover URL.

Set-ClientAccessServer -Identity CAS-SERVER-NAME –AutoDiscoverServiceInternalUri https://mail.contoso.com/Autodiscover/Autodiscover.xml
0
 

Accepted Solution

by:
Lenblock earned 0 total points
Comment Utility
Hi

Enabled Outlook Anywhere, and it worked as it should, it returned the correct path.
Guessing something sometime happened, which is causing EWS to fail when Outlook Anywhere is not enabled.

Guessing a reset virtual directory for ews could be helpful in solving this ?
Would a reset directory require anything more than just setting the path again ?


Regards.
0
 

Author Closing Comment

by:Lenblock
Comment Utility
Enabling outlook anywhere solved the issue
0

Featured Post

Are end users causing IT problems again?

You’ve taken the time to design and update all your end user’s email signatures, only to find out they’re messing up the HTML, changing the font and ruining the imagery. What can you do to prevent this? Find out how you can save your signatures from end users today.

Join & Write a Comment

Resolve DNS query failed errors for Exchange
Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
In this video we show how to create a User Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Mailb…
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now