Solved

Free/Busy Information working only one direction in cross-forest configuration

Posted on 2015-01-29
3
752 Views
Last Modified: 2015-02-04
Howdy,
I am attempting to setup a cross-forest trust between Exchange 2007 and 2010 so that users can view other user's Free/Busy information in their calendar.  Right now autodiscover from a client perspective works correctly on both domains (internally and externally).  Forefront Identity Manager has been setup on the Exchange 2010 domain and is working for a couple test accounts.  The problem is that the Exchange 2007 to Exchange 2010 is working, but 2010 to 2007 is not.  On the client side it just says "No free/busy information could be retrieved."  Same thing externally or internally.

Any ideas?  Detail below.

I used this guide to do the bulk of the configuration:
http://www.msexchange.org/articles-tutorials/exchange-server-2010/migration-deployment/deep-dive-into-rich-coexistence-between-exchange-forests-part1.html

Error on Exchange 2010:
Event ID 4002

Process 7812: ProxyWebRequest CrossForest from S-1-5-21-64772113-2013164585-2122337923-9530 to https://btu-mail.exchange2007.com/EWS/Exchange.asmx failed. Caller SIDs: NetworkCredentials. The exception returned is Microsoft.Exchange.InfoWorker.Common.Availability.ProxyWebRequestProcessingException: System.Net.WebException: The request failed with HTTP status 401: Unauthorized.
   at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, Boolean asyncCall)
   at System.Web.Services.Protocols.SoapHttpClientProtocol.EndInvoke(IAsyncResult asyncResult)
   at Microsoft.Exchange.InfoWorker.Common.Availability.Proxy.Service.EndGetUserAvailability(IAsyncResult asyncResult)
   at Microsoft.Exchange.InfoWorker.Common.Availability.FreeBusyApplication.EndProxyWebRequest(ProxyWebRequest proxyWebRequest, QueryList queryList, Service service, IAsyncResult asyncResult)
   at Microsoft.Exchange.InfoWorker.Common.Availability.ProxyWebRequest.EndInvoke(IAsyncResult asyncResult)
   at Microsoft.Exchange.InfoWorker.Common.Availability.AsyncWebRequest.EndInvokeWithErrorHandling():<No response>. The request information is ProxyWebRequest type = CrossForest, url = https://btu-mail.exchange2007.com/EWS/Exchange.asmx
Mailbox list = <Bruce Banner>SMTP:bbanner@exchange2007.com, Parameters: windowStart = 1/13/2015 9:00:00 AM, windowEnd = 2/12/2015 9:00:00 AM, MergedFBInterval = 30, RequestedView = Detailed
. ---> System.Net.WebException: The request failed with HTTP status 401: Unauthorized.
   at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, Boolean asyncCall)
   at System.Web.Services.Protocols.SoapHttpClientProtocol.EndInvoke(IAsyncResult asyncResult)
   at Microsoft.Exchange.InfoWorker.Common.Availability.Proxy.Service.EndGetUserAvailability(IAsyncResult asyncResult)
   at Microsoft.Exchange.InfoWorker.Common.Availability.FreeBusyApplication.EndProxyWebRequest(ProxyWebRequest proxyWebRequest, QueryList queryList, Service service, IAsyncResult asyncResult)
   at Microsoft.Exchange.InfoWorker.Common.Availability.ProxyWebRequest.EndInvoke(IAsyncResult asyncResult)
   at Microsoft.Exchange.InfoWorker.Common.Availability.AsyncWebRequest.EndInvokeWithErrorHandling()
   --- End of inner exception stack trace ---
. Name of the server where exception originated: COBOWA1. Make sure that the Active Directory site/forest that contain the user's mailbox has at least one local Exchange 2010 server running the Availability service. Turn up logging for the Availability service and test basic network connectivity.


2-way forest trust between Exchange 2010 and Exchange 2007.

Exchange 2010 Configuration:
Windows Server 2008 R2
Single CAS server (cobowa1) and a single Mailbox server (cobmbx1).
Exchange 2010 SP3 RU8-v2
Internal Domain: cobnet.org
External Domain: exchange2010.com

Internal autodiscover lookup:
nslookup -q=srv _autodiscover._tcp.exchange2010.com
Server:  cobad1.cobnet.org
Address:  10.100.10.20

_autodiscover._tcp.exchange2010.com  SRV service location:
          priority       = 10
          weight         = 10
          port           = 443
          svr hostname   = owa.exchange2010.com

External autodiscover lookup:
nslookup -q=srv _autodiscover._tcp.exchange2010.com
Server:  b.resolvers.Level3.net
Address:  4.2.2.2

Non-authoritative answer:
_autodiscover._tcp.exchange2010.com  SRV service location:
          priority       = 0
          weight         = 0
          port           = 443
          svr hostname   = owa.exchange2010.com

		  

[PS] C:\Windows\system32>Get-ClientAccessServer | fl


RunspaceId                           : 785880d1-cf6c-4869-ac6f-e624a2556077
Name                                 : COBOWA1
Fqdn                                 : COBOWA1.cobnet.org
OutlookAnywhereEnabled               : True
AutoDiscoverServiceCN                : COBOWA1
AutoDiscoverServiceClassName         : ms-Exchange-AutoDiscover-Service
AutoDiscoverServiceInternalUri       : https://cobowa1.cobnet.org/Autodiscover/Autodiscover.xml
AutoDiscoverServiceGuid              : 77378f46-2c66-4aa9-a6a6-3e7a48b19596
AutoDiscoverSiteScope                : {Default-First-Site-Name}
AlternateServiceAccountConfiguration :
IrmLogEnabled                        : True
IrmLogMaxAge                         : 30.00:00:00
IrmLogMaxDirectorySize               : 250 MB (262,144,000 bytes)
IrmLogMaxFileSize                    : 10 MB (10,485,760 bytes)
IrmLogPath                           : D:\Program Files\Microsoft\Exchange Server\V14\Logging\IRMLogs
IsOutOfService                       : False
MigrationLogLoggingLevel             : Information
MigrationLogFilePath                 :
MigrationLogMaxAge                   : 180.00:00:00
MigrationLogMaxDirectorySize         : 10 GB (10,737,418,240 bytes)
MigrationLogMaxFileSize              : 100 MB (104,857,600 bytes)
IsValid                              : True
ExchangeVersion                      : 0.1 (8.0.535.0)
DistinguishedName                    : CN=COBOWA1,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Admi
                                       nistrative Groups,CN=COB,CN=Microsoft Exchange,CN=Services,CN=Configur
                                       ation,DC=cobnet,DC=org
Identity                             : COBOWA1
Guid                                 : f573f28f-eeb6-4b70-9d88-a3598f75f0fd
ObjectCategory                       : cobnet.org/Configuration/Schema/ms-Exch-Exchange-Server
ObjectClass                          : {top, server, msExchExchangeServer}
WhenChanged                          : 1/23/2015 11:12:28 AM
WhenCreated                          : 2/6/2012 4:15:50 PM
WhenChangedUTC                       : 1/23/2015 5:12:28 PM
WhenCreatedUTC                       : 2/6/2012 10:15:50 PM
OrganizationId                       :
OriginatingServer                    : COBAD5.cobnet.org


[PS] C:\Windows\system32>Get-AvailabilityAddressSpace | fl


RunspaceId        : 785880d1-cf6c-4869-ac6f-e624a2556077
ForestName        : exchange2007.com
UserName          :
UseServiceAccount : True
AccessMethod      : PerUserFB
ProxyUrl          :
ParentPathId      : CN=Availability Configuration
AdminDisplayName  :
ExchangeVersion   : 0.1 (8.0.535.0)
Name              : exchange2007.com
DistinguishedName : CN=exchange2007.com,CN=Availability Configuration,CN=COB,CN=Microsoft Exchange,CN=Services
                    ,CN=Configuration,DC=cobnet,DC=org
Identity          : exchange2007.com
Guid              : a6a6c953-3d6f-4402-a814-2b2288844958
ObjectCategory    : cobnet.org/Configuration/Schema/ms-Exch-Availability-Address-Space
ObjectClass       : {top, msExchAvailabilityAddressSpace}
WhenChanged       : 1/8/2015 9:14:12 AM
WhenCreated       : 12/11/2014 2:11:56 PM
WhenChangedUTC    : 1/8/2015 3:14:12 PM
WhenCreatedUTC    : 12/11/2014 8:11:56 PM
OrganizationId    :
OriginatingServer : COBAD5.cobnet.org
IsValid           : True



[PS] C:\Windows\system32>Get-AvailabilityAddressSpace

Name            AccessMethod                                        ForestName
----            ------------                                        ----------
exchange2007.com PerUserFB                                           exchange2007.com



[PS] C:\Windows\system32>Get-AutodiscoverVirtualDirectory | fl


RunspaceId                      : 785880d1-cf6c-4869-ac6f-e624a2556077
Name                            : Autodiscover (Default Web Site)
InternalAuthenticationMethods   : {Basic, Ntlm, WindowsIntegrated, WSSecurity}
ExternalAuthenticationMethods   : {Basic, Ntlm, WindowsIntegrated, WSSecurity}
LiveIdSpNegoAuthentication      : False
WSSecurityAuthentication        : True
LiveIdBasicAuthentication       : False
BasicAuthentication             : True
DigestAuthentication            : False
WindowsAuthentication           : True
MetabasePath                    : IIS://COBOWA1.cobnet.org/W3SVC/1/ROOT/Autodiscover
Path                            : D:\Program Files\Microsoft\Exchange Server\V14\ClientAccess\Autodiscover
ExtendedProtectionTokenChecking : None
ExtendedProtectionFlags         : {}
ExtendedProtectionSPNList       : {}
Server                          : COBOWA1
InternalUrl                     :
ExternalUrl                     :
AdminDisplayName                :
ExchangeVersion                 : 0.10 (14.0.100.0)
DistinguishedName               : CN=Autodiscover (Default Web Site),CN=HTTP,CN=Protocols,CN=COBOWA1,CN=Servers,CN=Exch
                                  ange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=COB
                                  ,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=cobnet,DC=org
Identity                        : COBOWA1\Autodiscover (Default Web Site)
Guid                            : 349e4d0e-9779-4548-801a-3c2a305720b4
ObjectCategory                  : cobnet.org/Configuration/Schema/ms-Exch-Auto-Discover-Virtual-Directory
ObjectClass                     : {top, msExchVirtualDirectory, msExchAutoDiscoverVirtualDirectory}
WhenChanged                     : 1/8/2015 9:14:11 AM
WhenCreated                     : 2/6/2012 4:20:38 PM
WhenChangedUTC                  : 1/8/2015 3:14:11 PM
WhenCreatedUTC                  : 2/6/2012 10:20:38 PM
OrganizationId                  :
OriginatingServer               : COBAD5.cobnet.org
IsValid                         : True



[PS] C:\Windows\system32>Get-WebServicesVirtualDirectory | fl


RunspaceId                      : 785880d1-cf6c-4869-ac6f-e624a2556077
CertificateAuthentication       :
InternalNLBBypassUrl            : https://cobowa1.cobnet.org/ews/exchange.asmx
GzipLevel                       : High
MRSProxyEnabled                 : False
MRSProxyMaxConnections          : 100
Name                            : EWS (Default Web Site)
InternalAuthenticationMethods   : {Ntlm, WindowsIntegrated, WSSecurity}
ExternalAuthenticationMethods   : {Ntlm, WindowsIntegrated, WSSecurity}
LiveIdSpNegoAuthentication      : False
WSSecurityAuthentication        : True
LiveIdBasicAuthentication       : False
BasicAuthentication             : False
DigestAuthentication            : False
WindowsAuthentication           : True
MetabasePath                    : IIS://COBOWA1.cobnet.org/W3SVC/1/ROOT/EWS
Path                            : D:\Program Files\Microsoft\Exchange Server\V14\ClientAccess\exchweb\EWS
ExtendedProtectionTokenChecking : None
ExtendedProtectionFlags         : {}
ExtendedProtectionSPNList       : {}
Server                          : COBOWA1
InternalUrl                     : https://cobowa1.cobnet.org/EWS/Exchange.asmx
ExternalUrl                     : https://owa.exchange2010.com/EWS/Exchange.asmx
AdminDisplayName                :
ExchangeVersion                 : 0.10 (14.0.100.0)
DistinguishedName               : CN=EWS (Default Web Site),CN=HTTP,CN=Protocols,CN=COBOWA1,CN=Servers,CN=Exchange Admi
                                  nistrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=COB,CN=Micro
                                  soft Exchange,CN=Services,CN=Configuration,DC=cobnet,DC=org
Identity                        : COBOWA1\EWS (Default Web Site)
Guid                            : 94c100b3-0614-4578-a608-3adb8fc58dda
ObjectCategory                  : cobnet.org/Configuration/Schema/ms-Exch-Web-Services-Virtual-Directory
ObjectClass                     : {top, msExchVirtualDirectory, msExchWebServicesVirtualDirectory}
WhenChanged                     : 1/8/2015 9:14:12 AM
WhenCreated                     : 4/25/2012 12:06:22 PM
WhenChangedUTC                  : 1/8/2015 3:14:12 PM
WhenCreatedUTC                  : 4/25/2012 5:06:22 PM
OrganizationId                  :
OriginatingServer               : COBAD5.cobnet.org
IsValid                         : True

Open in new window


Exchange 2007 Configuration:
Windows Server 2003 SP2 64bit
Dual CAS servers (btu-mail-a, btu-mail-b) each using NLB.  NLB IP is 10.110.4.110
Dual Mailbox servers (btu-exchange-a, btu-exchange-b) each using NLB.
Exchange 2007 SP3 RU14
Internal Domain: exchange2007.com
External Domain: exchange2007.com
I have added the registry key of DisableLoopbackCheck on the CAS servers.
I have added the maximumQueryIntervalDays line to the web.config of both CAS servers.

Internal autodiscover lookup:
nslookup -q=srv _autodiscover._tcp.exchange2007.com
Server:  btu-dc3.exchange2007.com
Address:  10.110.4.240

_autodiscover._tcp.exchange2007.com      SRV service location:
          priority       = 10
          weight         = 10
          port           = 443
          svr hostname   = btu-mail.exchange2007.com
btu-mail.exchange2007.com        internet address = 10.110.4.110

External autodiscover lookup:
nslookup -q=srv _autodiscover._tcp.exchange2007.com
Server:  b.resolvers.Level3.net
Address:  4.2.2.2

Non-authoritative answer:
_autodiscover._tcp.exchange2007.com      SRV service location:
          priority       = 0
          weight         = 0
          port           = 443
          svr hostname   = btu-mail.exchange2007.com


[PS] Get-ClientAccessServer | fl

Name                           : BTU-MAIL-A
OutlookAnywhereEnabled         : True
AutoDiscoverServiceCN          : BTU-MAIL-A
AutoDiscoverServiceClassName   : ms-Exchange-AutoDiscover-Service
AutoDiscoverServiceInternalUri : https://btu-cas.exchange2007.com/Autodiscover/Autodiscover.xml
AutoDiscoverServiceGuid        : 77378f46-2c66-4aa9-a6a6-3e7a48b19596
AutoDiscoverSiteScope          : {BTU}
IsValid                        : True
OriginatingServer              : btu-dc4.exchange2007.com
ExchangeVersion                : 0.1 (8.0.535.0)
DistinguishedName              : CN=BTU-MAIL-A,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Adminis
                                 trative Groups,CN=BTU,CN=Microsoft Exchange,CN=Services,CN=Configura
                                 tion,DC=exchange2007,DC=com
Identity                       : BTU-MAIL-A
Guid                           : bd22f36c-79bb-4c63-b71b-c457583d72cd
ObjectCategory                 : exchange2007.com/Configuration/Schema/ms-Exch-Exchange-Server
ObjectClass                    : {top, server, msExchExchangeServer}
WhenChanged                    : 1/22/2015 8:49:45 PM
WhenCreated                    : 10/14/2009 11:23:54 PM

Name                           : BTU-MAIL-B
OutlookAnywhereEnabled         : True
AutoDiscoverServiceCN          : BTU-MAIL-B
AutoDiscoverServiceClassName   : ms-Exchange-AutoDiscover-Service
AutoDiscoverServiceInternalUri : https://btu-cas.exchange2007.com/Autodiscover/Autodiscover.xml
AutoDiscoverServiceGuid        : 77378f46-2c66-4aa9-a6a6-3e7a48b19596
AutoDiscoverSiteScope          : {BTU}
IsValid                        : True
OriginatingServer              : btu-dc4.exchange2007.com
ExchangeVersion                : 0.1 (8.0.535.0)
DistinguishedName              : CN=BTU-MAIL-B,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Adminis
                                 trative Groups,CN=BTU,CN=Microsoft Exchange,CN=Services,CN=Configura
                                 tion,DC=exchange2007,DC=com
Identity                       : BTU-MAIL-B
Guid                           : b4adc40f-6e4e-4954-813f-06f9ce4f59f7
ObjectCategory                 : exchange2007.com/Configuration/Schema/ms-Exch-Exchange-Server
ObjectClass                    : {top, server, msExchExchangeServer}
WhenChanged                    : 1/22/2015 8:49:45 PM
WhenCreated                    : 10/15/2009 8:54:42 AM



[PS] Get-AvailabilityAddressSpace | fl

ForestName        : exchange2010.com
UserName          :
UseServiceAccount : True
AccessMethod      : PerUserFB
ProxyUrl          :
ParentPathId      : CN=Availability Configuration
AdminDisplayName  :
ExchangeVersion   : 0.1 (8.0.535.0)
Name              : exchange2010.com
DistinguishedName : CN=exchange2010.com,CN=Availability Configuration,CN=BTU,CN=Microsoft Exchange,CN=Serv
                    ices,CN=Configuration,DC=exchange2007,DC=com
Identity          : exchange2010.com
Guid              : f9f4c375-eeb2-438f-a559-58315f561846
ObjectCategory    : exchange2007.com/Configuration/Schema/ms-Exch-Availability-Address-Space
ObjectClass       : {top, msExchAvailabilityAddressSpace}
WhenChanged       : 1/23/2015 11:10:22 AM
WhenCreated       : 1/23/2015 11:10:22 AM
OriginatingServer : btu-dc4.exchange2007.com
IsValid           : True



[PS] Get-AvailabilityAddressSpace

Name            AccessMethod                                        ForestName
----            ------------                                        ----------
exchange2010.com     PerUserFB                                           exchange2010.com


[PS] Get-AutodiscoverVirtualDirectory | fl

Name                            : Autodiscover (Default Web Site)
InternalAuthenticationMethods   : {Basic, Ntlm, WindowsIntegrated}
ExternalAuthenticationMethods   : {Basic, Ntlm, WindowsIntegrated}
BasicAuthentication             : True
DigestAuthentication            : False
WindowsAuthentication           : True
MetabasePath                    : IIS://BTU-MAIL-A.exchange2007.com/W3SVC/1/ROOT/Autodiscover
Path                            : C:\Program Files\Microsoft\Exchange Server\ClientAccess\Autodiscover
ExtendedProtectionTokenChecking : None
ExtendedProtectionFlags         : {}
ExtendedProtectionSPNList       : {}
Server                          : BTU-MAIL-A
InternalUrl                     :
ExternalUrl                     :
AdminDisplayName                :
ExchangeVersion                 : 0.1 (8.0.535.0)
DistinguishedName               : CN=Autodiscover (Default Web Site),CN=HTTP,CN=Protocols,CN=BTU-MAIL-A,CN=Servers,CN=E
                                  xchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=BTU,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=exchange2007,DC=com
Identity                        : BTU-MAIL-A\Autodiscover (Default Web Site)
Guid                            : 2539fa71-d163-4af0-8915-0fd1fa4600ad
ObjectCategory                  : exchange2007.com/Configuration/Schema/ms-Exch-Auto-Discover-Virtual-Directory
ObjectClass                     : {top, msExchVirtualDirectory, msExchAutoDiscoverVirtualDirectory}
WhenChanged                     : 10/4/2012 9:01:16 PM
WhenCreated                     : 10/28/2009 5:13:34 PM
OriginatingServer               : btu-dc4.exchange2007.com
IsValid                         : True

Name                            : Autodiscover (Default Web Site)
InternalAuthenticationMethods   : {Basic, Ntlm, WindowsIntegrated}
ExternalAuthenticationMethods   : {Basic, Ntlm, WindowsIntegrated}
BasicAuthentication             : True
DigestAuthentication            : False
WindowsAuthentication           : True
MetabasePath                    : IIS://BTU-MAIL-B.exchange2007.com/W3SVC/1/ROOT/Autodiscover
Path                            : C:\Program Files\Microsoft\Exchange Server\ClientAccess\Autodiscover
ExtendedProtectionTokenChecking : None
ExtendedProtectionFlags         : {}
ExtendedProtectionSPNList       : {}
Server                          : BTU-MAIL-B
InternalUrl                     :
ExternalUrl                     :
AdminDisplayName                :
ExchangeVersion                 : 0.1 (8.0.535.0)
DistinguishedName               : CN=Autodiscover (Default Web Site),CN=HTTP,CN=Protocols,CN=BTU-MAIL-B,CN=Servers,CN=E
                                  xchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=BTU,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=exchange2007,DC=com
Identity                        : BTU-MAIL-B\Autodiscover (Default Web Site)
Guid                            : 3a745a33-00e7-46fa-9e56-a335edef17d3
ObjectCategory                  : exchange2007.com/Configuration/Schema/ms-Exch-Auto-Discover-Virtual-Directory
ObjectClass                     : {top, msExchVirtualDirectory, msExchAutoDiscoverVirtualDirectory}
WhenChanged                     : 10/4/2012 9:01:16 PM
WhenCreated                     : 10/29/2009 10:59:53 AM
OriginatingServer               : btu-dc4.exchange2007.com
IsValid                         : True



[PS] Get-WebServicesVirtualDirectory | fl

InternalNLBBypassUrl            : https://btu-mail-a.exchange2007.com/ews/exchange.asmx
Name                            : EWS (Default Web Site)
InternalAuthenticationMethods   : {Ntlm, WindowsIntegrated}
ExternalAuthenticationMethods   : {Ntlm, WindowsIntegrated}
BasicAuthentication             : False
DigestAuthentication            : False
WindowsAuthentication           : True
MetabasePath                    : IIS://BTU-MAIL-A.exchange2007.com/W3SVC/1/ROOT/EWS
Path                            : C:\Program Files\Microsoft\Exchange Server\ClientAccess\exchweb\EWS
ExtendedProtectionTokenChecking : None
ExtendedProtectionFlags         : {}
ExtendedProtectionSPNList       : {}
Server                          : BTU-MAIL-A
InternalUrl                     : https://btu-cas.exchange2007.com/EWS/Exchange.asmx
ExternalUrl                     : https://btu-mail.exchange2007.com/EWS/Exchange.asmx
AdminDisplayName                :
ExchangeVersion                 : 0.1 (8.0.535.0)
DistinguishedName               : CN=EWS (Default Web Site),CN=HTTP,CN=Protocols,CN=BTU-MAIL-A,CN=Servers,CN=Exchange A
                                  dministrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=BTU,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=exchange2007,DC=com
Identity                        : BTU-MAIL-A\EWS (Default Web Site)
Guid                            : ae581fb4-76c9-41f2-8b32-40b5f5712dfa
ObjectCategory                  : exchange2007.com/Configuration/Schema/ms-Exch-Web-Services-Virtual-Directory
ObjectClass                     : {top, msExchVirtualDirectory, msExchWebServicesVirtualDirectory}
WhenChanged                     : 1/22/2015 9:56:36 PM
WhenCreated                     : 10/28/2009 5:13:51 PM
OriginatingServer               : btu-dc4.exchange2007.com
IsValid                         : True

InternalNLBBypassUrl            : https://btu-mail-b.exchange2007.com/ews/exchange.asmx
Name                            : EWS (Default Web Site)
InternalAuthenticationMethods   : {Ntlm, WindowsIntegrated}
ExternalAuthenticationMethods   : {Ntlm, WindowsIntegrated}
BasicAuthentication             : False
DigestAuthentication            : False
WindowsAuthentication           : True
MetabasePath                    : IIS://BTU-MAIL-B.exchange2007.com/W3SVC/1/ROOT/EWS
Path                            : C:\Program Files\Microsoft\Exchange Server\ClientAccess\exchweb\EWS
ExtendedProtectionTokenChecking : None
ExtendedProtectionFlags         : {}
ExtendedProtectionSPNList       : {}
Server                          : BTU-MAIL-B
InternalUrl                     : https://btu-cas.exchange2007.com/EWS/Exchange.asmx
ExternalUrl                     : https://btu-mail.exchange2007.com/EWS/Exchange.asmx
AdminDisplayName                :
ExchangeVersion                 : 0.1 (8.0.535.0)
DistinguishedName               : CN=EWS (Default Web Site),CN=HTTP,CN=Protocols,CN=BTU-MAIL-B,CN=Servers,CN=Exchange A
                                  dministrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=BTU,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=exchange2007,DC=com
Identity                        : BTU-MAIL-B\EWS (Default Web Site)
Guid                            : 6fb2685d-d575-4f61-a183-aea60bba3388
ObjectCategory                  : exchange2007.com/Configuration/Schema/ms-Exch-Web-Services-Virtual-Directory
ObjectClass                     : {top, msExchVirtualDirectory, msExchWebServicesVirtualDirectory}
WhenChanged                     : 1/22/2015 9:59:16 PM
WhenCreated                     : 10/29/2009 11:00:08 AM
OriginatingServer               : btu-dc4.exchange2007.com
IsValid                         : True

Open in new window

0
Comment
Question by:Alan Shearer
  • 3
3 Comments
 

Author Comment

by:Alan Shearer
ID: 40577776
Additionally I sometimes get the below error on the Exchange 2010 server, but it doesnt not always coincide with the 401 error listed above:

The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server host/btu-mail-b.exchange2007.com. The target name used was HTTP/btu-mail.exchange2007.com. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account used by the server. This error can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the server and the KDC are both updated to use the current password. If the server name is not fully qualified, and the target domain (exchange2007.com) is different from the client domain (COBNET.ORG), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.
0
 

Author Comment

by:Alan Shearer
ID: 40584212
Any thoughts?
0
 

Accepted Solution

by:
Alan Shearer earned 0 total points
ID: 40588598
This is resolved.
I contacted MS Support.  We determined that since Exchange 2007 was running on Windows Server 2003, the externalurl of EWS was causing the 401 errors.  We set this to null and the problem went away.  This did not prevent any issues either when using the services externally.
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
This video discusses moving either the default database or any database to a new volume.

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now