Exchange 2013 Outlook 2013 cannot access EWS

We are receiving the error message when attempting to set out of office "Your automatic reply settings cannot be displayed because the server is currently unavailable. Try again later."

Free/Busy information is also failing. Essentially anything tied to EWS exchange web services is failing now.

We have triple checked auto discover information and verified its correct.

Looking for someone who can help us out. We are completely at a loss with this error.

I will provide you any information you request.

Thank you!
ryanrusty30Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

RoninCommented:
Post results of:
Get-WebServicesVirtualDirectory | fl server, Name,ExternalURL, InternalURL, *auth*

Open in new window

ryanrusty30Author Commented:
Thank you for your comment. Here is the information you requested.

[PS] C:\Windows\system32>Get-WebServicesVirtualDirectory | fl server, Name,ExternalURL, InternalURL, *auth*


Server                        : This is the name of one of our CAS servers
Name                          : EWS (Default Web Site)
ExternalUrl                   : https://autodiscover.ourdomain.com/ews/exchange.asmx
InternalUrl                   : https://autodiscover.ourdomain.com/ews/exchange.asmx
CertificateAuthentication     :
InternalAuthenticationMethods : {Ntlm, WindowsIntegrated, WSSecurity, OAuth}
ExternalAuthenticationMethods : {Ntlm, WindowsIntegrated, WSSecurity, OAuth}
LiveIdNegotiateAuthentication :
WSSecurityAuthentication      : True
LiveIdBasicAuthentication     : False
BasicAuthentication           : False
DigestAuthentication          : False
WindowsAuthentication         : True
OAuthAuthentication           : True
AdfsAuthentication            : False

Server                        : This is the name of our other CAS server
Name                          : EWS (Default Web Site)
ExternalUrl                   : https://autodiscover.ourdomain.com/ews/exchange.asmx
InternalUrl                   : https://autodiscover.ourdomain.com/ews/exchange.asmx
CertificateAuthentication     :
InternalAuthenticationMethods : {Ntlm, WindowsIntegrated, WSSecurity, OAuth}
ExternalAuthenticationMethods : {Ntlm, WindowsIntegrated, WSSecurity, OAuth}
LiveIdNegotiateAuthentication :
WSSecurityAuthentication      : True
LiveIdBasicAuthentication     : False
BasicAuthentication           : False
DigestAuthentication          : False
WindowsAuthentication         : True
OAuthAuthentication           : True
AdfsAuthentication            : False
RoninCommented:
Internally, what autodiscover.ourdomain.com resolves to?
For 2013+:
Get-ExchangeServer | fl *version*

Open in new window

For 2007+:
Get-Command Exsetup.exe | ForEach-Object {$_.FileVersionInfo}

Open in new window

Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

ryanrusty30Author Commented:
Hi Ronin,

Here are the results of the command for 2013

Get-ExchangeServer | fl *version*

[PS] C:\Windows\system32>Get-ExchangeServer | fl *version*


AdminDisplayVersion : Version 15.0 (Build 1347.2)
ExchangeVersion     : 0.1 (8.0.535.0)

AdminDisplayVersion : Version 15.0 (Build 1347.2)
ExchangeVersion     : 0.1 (8.0.535.0)

AdminDisplayVersion : Version 15.0 (Build 1347.2)
ExchangeVersion     : 0.1 (8.0.535.0)

AdminDisplayVersion : Version 15.0 (Build 1347.2)
ExchangeVersion     : 0.1 (8.0.535.0)

AdminDisplayVersion : Version 15.0 (Build 1347.2)
ExchangeVersion     : 0.1 (8.0.535.0)

AdminDisplayVersion : Version 15.0 (Build 1347.2)
ExchangeVersion     : 0.1 (8.0.535.0)
RoninCommented:
Internally, what autodiscover.ourdomain.com resolves to?
ryanrusty30Author Commented:
i have both internal and external URLs resolving to https://autodiscover.ourdomain.com/ews/exchange.asmx

is that what you mean or would you like me to find it differently?
RoninCommented:
ping autodiscover.ourdomain.com from internal machine.
What type IP do you get?
ryanrusty30Author Commented:
I am getting our 2nd CAS servers IP address when I ping autodiscover.ourdomain.com
RoninCommented:
I'm confused.
When I initially asked you to provide results for "Get-WebServicesVirtualDirectory" command, you pasted results from 2 servers.
When I asked you for results for "Get-ExchangeServer" command, you pasted results showing 6 servers.
Now you telling me that you have 2nd CAS that points to autodiscover.domain.com
Can you please clarify?
ryanrusty30Author Commented:
Sure, sorry about the confusion!

Our 2013 Exchange environment consists of 2 physical servers for the CAS role. CAS1 and CAS2. Then we have 4 additional servers  for the Mailbox servers, Mailbox A, B, C, and D. So 6 total.

Our company is divided between two building a few blocks apart. So each site gets a CAS server and each site has 2 mailbox servers. The entire environment is setup for Failover using DAGs.

When i test for you I am at location B, so my requests will speak to CAS2.

Note: Our issue is happening at both locations

If you are curious, the webservices will only show CAS1 and 2 because it is the role that handles the EWS webservices

Hope this helps and thank you for your help so far!
RoninCommented:
Thank you for clarification.
Can you please confirm that the current EWS settings are at the default settings as described here?
ryanrusty30Author Commented:
I've verified on both CAS servers that the Authentication Methods Anonymous and Windows are enabled, the rest are disabled.

Under SSL settings, Require SSL is checked.
RoninCommented:
Are you able to test EWS through Microsoft Connectivity Analyzer?
Specifically "Microsoft Exchange Web Services Connectivity Tests"
Also on the "client" tab, you should be able to download a software and test against your Exchange.
ryanrusty30Author Commented:
Here are the results of the connectivity analyzer. Im going to download the Connection analyzer tool now and run that as well.

Let me know if you need anything expanded below

Exchange Web Services synchronization, notification, availability, and Automatic Replies.
       Not all tests of Exchange Web Services tasks completed.
       
      Additional Details
       
      Test Steps
       
      The Microsoft Connectivity Analyzer is attempting to test Autodiscover for me@mydomain.com
       Autodiscover was tested successfully.
       
      Additional Details
       
      Test Steps
      Creating a temporary folder to perform synchronization tests.
       Failed to create temporary folder for performing tests.
       
      Additional Details
       
Exception details:
Message: The request failed. The remote server returned an error: (403) Forbidden.
Type: Microsoft.Exchange.WebServices.Data.ServiceRequestException
Stack trace:
at Microsoft.Exchange.WebServices.Data.ServiceRequestBase.GetEwsHttpWebResponse(IEwsHttpWebRequest request)
at Microsoft.Exchange.WebServices.Data.ServiceRequestBase.ValidateAndEmitRequest(IEwsHttpWebRequest& request)
at Microsoft.Exchange.WebServices.Data.ExchangeService.InternalBindToFolders(IEnumerable`1 folderIds, PropertySet propertySet, ServiceErrorHandling errorHandling)
at Microsoft.Exchange.WebServices.Data.ExchangeService.BindToFolder[TFolder](FolderId folderId, PropertySet propertySet)
at Microsoft.Exchange.Tools.ExRca.Tests.GetOrCreateSyncFolderTest.PerformTestReally()
Exception details:
Message: The remote server returned an error: (403) Forbidden.
Type: System.Net.WebException
Stack trace:
at System.Net.HttpWebRequest.GetResponse()
at Microsoft.Exchange.WebServices.Data.EwsHttpWebRequest.Microsoft.Exchange.WebServices.Data.IEwsHttpWebRequest.GetResponse()
at Microsoft.Exchange.WebServices.Data.ServiceRequestBase.GetEwsHttpWebResponse(IEwsHttpWebRequest request)
Elapsed Time: 1277 ms.
RoninCommented:
Based on:
(403) Forbidden.Type: Microsoft.Exchange.WebServices.Data.ServiceRequestException
You probably should rebuild the virtual directory.
That said, I assume you in no shape or form have some sort of HTTPs scanning or filtering in place for the incoming requests?
Also, see if this might apply to your case.
ryanrusty30Author Commented:
Darn, we've already rebuilt both virtual directories as one of the first steps when this came up.
The link you gave goes over the URLs and making sure they are correct and they are for both servers.


Im sure at this point i can try anything.

Is there scanning or filtering tool you want me to use to get that information?
RoninCommented:
No, I meant to ask if YOU have anything in front of the Exchange server/s that performs filtering or any other security inspection of any kind?
ryanrusty30Author Commented:
ohhh I see now. Yes we have Sophos Pure Message and Edgewave for spam filtering.
RoninCommented:
So, spam filtering is working on port 25, I'm referring to port 443.
Let's have a look at other settings for the servers.
Execute on any Exchange 2013, paste results as CODE, remove any real info:

Get-OabVirtualDirectory | fl server, Name, ExternalURL, InternalURL, *auth*
Get-EcpVirtualDirectory | fl server, Name, ExternalURL, InternalURL, *auth*
Get-ActiveSyncVirtualDirectory | fl server, Name, ExternalURL, InternalURL, *auth*
Get-OutlookAnywhere | fl server, Name, *hostname*, *auth*
Get-OwaVirtualDirectory | fl server, Name, ExternalURL, InternalURL, *auth*
Get-ClientAccessServer | fl Name,OutlookAnywhereEnabled, AutodiscoverServiceInternalUri
Get-ExchangeCertificate | fl FriendlyName, Subject, CertificateDomains, Thumbprint, Services, Issuer, *not*
Get-MapiVirtualDirectory | fl server, Name,ExternalURL,InternalURL, *auth*
Get-ExchangeServer | fl *version*
Get-OrganizationConfig | fl *mapi*

Open in new window

For the below, replace ServerName with the names of the Exchange servers:
Get-ServerComponentState -identity ServerName

Open in new window

ryanrusty30Author Commented:
Okay i understand now. I will write our network admin and ask if anything else is filtering on 443 https.

Here is the information you requested.

Server                        : CAS1
Name                          : OAB (Default Web Site)
ExternalUrl                   : https://my.domain.com/OAB
InternalUrl                   : https://cas1.my.domain.com/OAB
BasicAuthentication           : False
WindowsAuthentication         : True
OAuthAuthentication           : True
InternalAuthenticationMethods : {WindowsIntegrated, OAuth}
ExternalAuthenticationMethods : {WindowsIntegrated, OAuth}

Server                        : CAS2
Name                          : OAB (Default Web Site)
ExternalUrl                   : https://my.domain.com/OAB
InternalUrl                   : https://cas2.my.domain.com/OAB
BasicAuthentication           : False
WindowsAuthentication         : True
OAuthAuthentication           : True
InternalAuthenticationMethods : {WindowsIntegrated, OAuth}
ExternalAuthenticationMethods : {WindowsIntegrated, OAuth}

Open in new window


Server                        :CAS1
Name                          : ecp (Default Web Site)
ExternalUrl                   : https://my.domain.com/ecp
InternalUrl                   : https://my.domain.com/ecp
InternalAuthenticationMethods : {Basic, Fba}
BasicAuthentication           : True
WindowsAuthentication         : False
DigestAuthentication          : False
FormsAuthentication           : True
LiveIdAuthentication          : False
AdfsAuthentication            : False
OAuthAuthentication           : False
ExternalAuthenticationMethods : {Fba}

Server                        : CAS2
Name                          : ecp (Default Web Site)
ExternalUrl                   : https://my.domain.com/ecp
InternalUrl                   : https://my.domain.com/ecp
InternalAuthenticationMethods : {Basic, Fba}
BasicAuthentication           : True
WindowsAuthentication         : False
DigestAuthentication          : False
FormsAuthentication           : True
LiveIdAuthentication          : False
AdfsAuthentication            : False
OAuthAuthentication           : False
ExternalAuthenticationMethods : {Fba}

Open in new window


Server                              : CAS1
Name                                : Microsoft-Server-ActiveSync (Default Web Site)
ExternalUrl                         : https://my.domain.com/Microsoft-Server-ActiveSync
InternalUrl                         : https://my.domain.com/Microsoft-Server-ActiveSync
MobileClientCertificateAuthorityURL : 
BasicAuthEnabled                    : True
WindowsAuthEnabled                  : False
ClientCertAuth                      : Ignore
InternalAuthenticationMethods       : {}
ExternalAuthenticationMethods       : {}

Server                              : CAS2
Name                                : Microsoft-Server-ActiveSync (Default Web Site)
ExternalUrl                         : https://my.domain.com/Microsoft-Server-ActiveSync
InternalUrl                         : https://my.domain.com/Microsoft-Server-ActiveSync
MobileClientCertificateAuthorityURL : 
BasicAuthEnabled                    : True
WindowsAuthEnabled                  : False
ClientCertAuth                      : Ignore
InternalAuthenticationMethods       : {}
ExternalAuthenticationMethods       : {}

Open in new window


Server                             : CAS1
Name                               : Rpc (Default Web Site)
ExternalHostname                   : my.domain.com
InternalHostname                   : my.domain.com
ExternalClientAuthenticationMethod : Ntlm
InternalClientAuthenticationMethod : Ntlm
IISAuthenticationMethods           : {Basic, Ntlm, Negotiate}

Server                             : CAS2
Name                               : Rpc (Default Web Site)
ExternalHostname                   : my.domain.com
InternalHostname                   : my.domain.com
ExternalClientAuthenticationMethod : Ntlm
InternalClientAuthenticationMethod : Ntlm
IISAuthenticationMethods           : {Basic, Ntlm, Negotiate}

Open in new window


Server                        : CAS1
Name                          : owa (Default Web Site)
ExternalUrl                   : https://my.domain.com/owa
InternalUrl                   : https://my.domain.com/owa
ClientAuthCleanupLevel        : High
InternalAuthenticationMethods : {Basic, Fba}
BasicAuthentication           : True
WindowsAuthentication         : False
DigestAuthentication          : False
FormsAuthentication           : True
LiveIdAuthentication          : False
AdfsAuthentication            : False
OAuthAuthentication           : False
ExternalAuthenticationMethods : {Fba}

Server                        : CAS2
Name                          : owa (Default Web Site)
ExternalUrl                   : https://my.domain.com/owa
InternalUrl                   : https://my.domain.com/owa
ClientAuthCleanupLevel        : High
InternalAuthenticationMethods : {Basic, Fba}
BasicAuthentication           : True
WindowsAuthentication         : False
DigestAuthentication          : False
FormsAuthentication           : True
LiveIdAuthentication          : False
AdfsAuthentication            : False
OAuthAuthentication           : False
ExternalAuthenticationMethods : {Fba}

Open in new window


Name                           : CAS1
OutlookAnywhereEnabled         : True
AutoDiscoverServiceInternalUri : https://autodiscover.domain.com/Autodiscover/autodiscover.xml

Name                           : CAS2
OutlookAnywhereEnabled         : True
AutoDiscoverServiceInternalUri : https://autodiscover.domain.com/Autodiscover/autodiscover.xml

Open in new window


FriendlyName       : Microsoft Exchange
Subject            : CN=MAILBOXD
CertificateDomains : {MAILBOXD, MAILBOXD.my.domain.com}
Thumbprint         : *************************
Services           : IMAP, POP, IIS, SMTP
Issuer             : CN=MAILBOXD
NotAfter           : : */**/2020 *****
NotBefore          : : */**/2015 *****

FriendlyName       : WMSVC
Subject            : CN=WMSvc-MAILBOXD
CertificateDomains : {WMSvc-MAILBOXD}
Thumbprint         : ********************
Services           : None
Issuer             : CN=WMSvc-MAILBOXD
NotAfter           : */**/2025 *****
NotBefore          : */**/2015 *****

FriendlyName       : Microsoft Exchange Server Auth Certificate
Subject            : CN=Microsoft Exchange Server Auth Certificate
CertificateDomains : {}
Thumbprint         : ********************
Services           : SMTP
Issuer             : CN=Microsoft Exchange Server Auth Certificate
NotAfter           : */**/2019 *****
NotBefore          : */*/2014 *****

Open in new window



Open in new window


AdminDisplayVersion : Version 15.0 (Build 1347.2)
ExchangeVersion     : 0.1 (8.0.535.0)

AdminDisplayVersion : Version 15.0 (Build 1347.2)
ExchangeVersion     : 0.1 (8.0.535.0)

AdminDisplayVersion : Version 15.0 (Build 1347.2)
ExchangeVersion     : 0.1 (8.0.535.0)

AdminDisplayVersion : Version 15.0 (Build 1347.2)
ExchangeVersion     : 0.1 (8.0.535.0)

AdminDisplayVersion : Version 15.0 (Build 1347.2)
ExchangeVersion     : 0.1 (8.0.535.0)

AdminDisplayVersion : Version 15.0 (Build 1347.2)
ExchangeVersion     : 0.1 (8.0.535.0)

Open in new window


MapiHttpEnabled : False

Open in new window


Server                                  Component                               State                                  
------                                  ---------                               -----                                  
****************CAS1.my.domain.com      ServerWideOffline                       Active                                 
****************CAS1.my.domain.com      HubTransport                            Active                                 
****************CAS1.my.domain.com      FrontendTransport                       Active                                 
****************CAS1.my.domain.com      Monitoring                              Active                                 
****************CAS1.my.domain.com      RecoveryActionsEnabled                  Active                                 
****************CAS1.my.domain.com      AutoDiscoverProxy                       Active                                 
****************CAS1.my.domain.com      ActiveSyncProxy                         Active                                 
****************CAS1.my.domain.com      EcpProxy                                Active                                 
****************CAS1.my.domain.com      EwsProxy                                Active                                 
****************CAS1.my.domain.com      ImapProxy                               Active                                 
****************CAS1.my.domain.com      OabProxy                                Active                                 
****************CAS1.my.domain.com      OwaProxy                                Active                                 
****************CAS1.my.domain.com      PopProxy                                Active                                 
****************CAS1.my.domain.com      PushNotificationsProxy                  Active                                 
****************CAS1.my.domain.com      RpsProxy                                Active                                 
****************CAS1.my.domain.com      RwsProxy                                Active                                 
****************CAS1.my.domain.com      RpcProxy                                Active                                 
****************CAS1.my.domain.com      UMCallRouter                            Active                                 
****************CAS1.my.domain.com      XropProxy                               Active                                 
****************CAS1.my.domain.com      HttpProxyAvailabilityGroup              Active                                 
****************CAS1.my.domain.com      ForwardSyncDaemon                       Inactive                               
****************CAS1.my.domain.com      ProvisioningRps                         Inactive                               
****************CAS1.my.domain.com      MapiProxy                               Active                                 
****************CAS1.my.domain.com      EdgeTransport                           Active                                 
****************CAS1.my.domain.com      HighAvailability                        Active                                 
****************CAS1.my.domain.com      SharedCache                             Active  

Open in new window


Server                                  Component                               State                                  
------                                  ---------                               -----                                  
****************CAS2.my.domain.com      ServerWideOffline                       Active                                 
****************CAS2.my.domain.com      HubTransport                            Active                                 
****************CAS2.my.domain.com      FrontendTransport                       Active                                 
****************CAS2.my.domain.com      Monitoring                              Active                                 
****************CAS2.my.domain.com      RecoveryActionsEnabled                  Active                                 
****************CAS2.my.domain.com      AutoDiscoverProxy                       Active                                 
****************CAS2.my.domain.com      ActiveSyncProxy                         Active                                 
****************CAS2.my.domain.com      EcpProxy                                Active                                 
****************CAS2.my.domain.com      EwsProxy                                Active                                 
****************CAS2.my.domain.com      ImapProxy                               Active                                 
****************CAS2.my.domain.com      OabProxy                                Active                                 
****************CAS2.my.domain.com      OwaProxy                                Active                                 
****************CAS2.my.domain.com      PopProxy                                Active                                 
****************CAS2.my.domain.com      PushNotificationsProxy                  Active                                 
****************CAS2.my.domain.com      RpsProxy                                Active                                 
****************CAS2.my.domain.com      RwsProxy                                Active                                 
****************CAS2.my.domain.com      RpcProxy                                Active                                 
****************CAS2.my.domain.com      UMCallRouter                            Active                                 
****************CAS2.my.domain.com      XropProxy                               Active                                 
****************CAS2.my.domain.com      HttpProxyAvailabilityGroup              Active                                 
****************CAS2.my.domain.com      ForwardSyncDaemon                       Inactive                               
****************CAS2.my.domain.com      ProvisioningRps                         Inactive                               
****************CAS2.my.domain.com      MapiProxy                               Active                                 
****************CAS2.my.domain.com      EdgeTransport                           Active                                 
****************CAS2.my.domain.com      HighAvailability                        Active                                 
****************CAS2.my.domain.com      SharedCache                             Active                                 

Open in new window

RoninCommented:
Good info, thanks.
Several followup questions:
1. Any particular reason you specify for OAB vdir - cas1.my.domain.com and cas2.my.domain.com for the InternalUrl?
You probably should fix it by running the below:
Set-OABVirtualDirectory –Identity "CAS1\OAB (default web site)" -ExternalURL https://my.domain.com/OAB -InternalURL https://my.domain.com/OAB
Set-OABVirtualDirectory –Identity "CAS2\OAB (default web site)" -ExternalURL https://my.domain.com/OAB -InternalURL https://my.domain.com/OAB

Open in new window

2. What my.domain.com as well as autodiscover.domain.com resolves to on your network?
3. According to what I see in the output of the commands you don't have either my.domain.com or autodiscover.domain.com in the certificate on the CAS servers.
ryanrusty30Author Commented:
okay OAB urls updated to https://my.domain.com/OAB for both CAS 1 and 2

When i ping my.domain.com for our mail server it ends up pinging CAS1 over at the other site

When i ping autodiscover is end ups pinging CAS2 located here

Id like to verify the cert another way. Is it possible to check it elsewhere on the cas servers?
RoninCommented:
When you ping either my.domain.com and autodiscover.domain.com you get INTERNAL IPs, right?
I assume you want to add additional a record for my pointing to another CAS, as well the same for autodiscover. It will create a DNS round-robin load-balancing.
In order to locate certificates installed on the Exchange:
Start -> Run, type MMC, ADD/REMOVE snap-ins
Choose CERTIFICATES, select LOCAL COMPUTER  and navigate to Personal STORE.
All the certificates should be there.
ryanrusty30Author Commented:
Yes getting internal IPs for those. Thats correct.

I like the idea of DNS load balancing and will add the CAS servers to one anothers configs

I see all the various certs for us. Found one for mail.domain.com on both CAS servers and it resolves all of our various DNS names for exchange/email. Its also currently active and expires in a few years.

After seeing that i went into IIS, and selected Edit Bindings on Default Website and Exchange Backend. In there it listed https 443 and had an area to select the cert. i made sure the cert i saw that expires 2019 was selected for both. It looks to have been that cert for awhile now.

Is that the right place to decide what cert you will use for these IIS functions of Exchange?
If not, do you know any other areas I should check to make sure the right cert is selected for us?
RoninCommented:
You should NOT touch Exchange Backend, please revert back the changes on it. It should be defined on the 81 and 444 ports and binded to self-signed cert.

Also, you haven't mentioned anything about autodiscover.domain.com

Are you allowing connectivity from outside to your Exchange server? If yes, are you configuring profiles manually?
ryanrusty30Author Commented:
Okay that has been reverted back for Exchange Backend

Autodiscover.domain.com is also resolving our internal IP for CAS2, when pinged from computer.

We do not allow outside connectivity to exchange. Its only accessible to some of our users from OWA while offsite.
RoninCommented:
ok, since you don't have certificate for autodiscover.domain.com as well as you don't allow connectivity from outside, the FQDN autodiscover.domain.com is useless for Outlook anywhere, since workstations on the domain use SCP to connect to CAS (as Client Access Server and not one of your CASes), I suggest you update your Client Access server to my.domain.com instead of autodiscover.domain.com
Less configuration - less problems.

Were your users experienced certificate prompt issues? As you don't seems to have a cert for my.domain.com either.
ryanrusty30Author Commented:
No they we do not get any kind of cert error when we click to set out of office. Just the error message about it not being able to talk to the server.
RoninCommented:
When you just setup a user profile, on a clean machine, or a machine without ANY profiles.
What do you get?
ryanrusty30Author Commented:
Same error message, also tried installing office 2010 for kicks, same thing.
RoninCommented:
Have you changed the settings from autodiscover to my?

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ryanrusty30Author Commented:
First, thank you Ronin for troubleshooting this issue, i believe you where starting to hone in and solve it.

We ended up getting level 2 Microsoft exchange support to solve it

Here is the entire troubleshooting log for those of you who need to fix this down the road. It stumped everyone.

================================
Microsoft Windows [Version 6.3.9600]
(c) 2013 Microsoft Corporation. All rights reserved.

C:\Users\Administrator.CONTOSO>cd Extrace
The system cannot find the path specified.

C:\Users\Administrator.CONTOSO>cd
C:\Users\Administrator.CONTOSO

C:\Users\Administrator.CONTOSO>cd\

C:\>cd Extrace

C:\Extrace>ExTrace.exe -c -v ExchangeDebugTraces.etl > Traceout.csv

C:\Extrace>^A

Followed below article
==============

https://blogs.technet.microsoft.com/samdrey/2013/09/13/aide-mmoire-converting-extra-etl-trace-to-csv/

================================

We did not found any error for the particular user

================================
we checked which Protocol the Outlook is using to connect

Get-OrganizationConfig | FL *MAPI*


MapiHttpEnabled : False
=============================
It is using Outlook anywhere protocol

=============================
We checked the configration for MAPI protocol it is not set properly we ran the below command
Get-MapiVirtualDirectory | FL *URL*, *AUTH*, *IDENT*


InternalUrl                   : https://FQDN of server/mapi
ExternalUrl                   :
IISAuthenticationMethods      : {Ntlm, OAuth, Negotiate}
InternalAuthenticationMethods : {Ntlm, OAuth, Negotiate}
ExternalAuthenticationMethods : {}
Identity                      : CAS1\mapi (Default Web Site)

InternalUrl                   : https://FQDN of server/mapi
ExternalUrl                   :
IISAuthenticationMethods      : {Ntlm, OAuth, Negotiate}
InternalAuthenticationMethods : {Ntlm, OAuth, Negotiate}
ExternalAuthenticationMethods : {}
Identity                      : CAS2\mapi (Default Web Site)

===================================

we then set
Set-MapiVirtualDirectory -Identity "CAS1\mapi (Default Web Site)" -InternalUrl https://mail.domain.com/mapi -ExternalUrl https://mail.domain.com/mapi

Set-MapiVirtualDirectory -Identity "CAS2\mapi (Default Web Site)" -InternalUrl https://mail.domain.com/mapi -ExternalUrl https://mail.domain.com/mapi

Set-MapiVirtualDirectory -Identity "CAS1\mapi (Default Web Site)" -IISAuthenticationMethods Ntlm, OAuth, Negotiate

Set-MapiVirtualDirectory -Identity "CAS2\mapi (Default Web Site)" -IISAuthenticationMethods Ntlm, OAuth, Negotiate


===================================

Get-MapiVirtualDirectory | FL *URL*, *AUTH*, *IDENT*


InternalUrl                   : https://mail.domain.com/mapi
ExternalUrl                   : https://mail.domain.com/mapi
IISAuthenticationMethods      : {Ntlm, OAuth, Negotiate}
InternalAuthenticationMethods : {Ntlm, OAuth, Negotiate}
ExternalAuthenticationMethods : {Ntlm, OAuth, Negotiate}
Identity                      : CAS1\mapi (Default Web Site)

InternalUrl                   : https://mail.domain.com/mapi
ExternalUrl                   : https://mail.domain.com/mapi
IISAuthenticationMethods      : {Ntlm, OAuth, Negotiate}
InternalAuthenticationMethods : {Ntlm, OAuth, Negotiate}
ExternalAuthenticationMethods : {Ntlm, OAuth, Negotiate}
Identity                      : CAS2\mapi (Default Web Site)


=========================================
we enabled  MApi

Set-OrganizationConfig -MapiHttpEnabled $TRUE

========================================

Ran iisreset still same issue

==========================================
EWS is pointng to autodiscover.askallegiance.com

Get-WebServicesVirtualDirectory | fl *url*, *ident*
Creating a new session for implicit remoting of "Get-WebServicesVirtualDirectory" command...


InternalNLBBypassUrl : https://FQDN of server/ews/exchange.asmx
InternalUrl          : https://autodiscover.domain.com/ews/exchange.asmx
ExternalUrl          : https://autodiscover.domain.com/ews/exchange.asmx
Identity             : CAS2\EWS (Default Web Site)

InternalNLBBypassUrl : https://FQDN of server/ews/exchange.asmx
InternalUrl          : https://autodiscover.domain.com/ews/exchange.asmx
ExternalUrl          : https://autodiscover.domain.com/ews/exchange.asmx
Identity             : CAS1\EWS (Default Web Site)


=========================================

Checked OAB is pointing properly

>Get-OabVirtualDirectory | fl *url*, *ident*


InternalUrl : https://mail.domain.com/OAB
ExternalUrl : https://mail.domain.com/OAB
Identity    : CAS2\OAB (Default Web Site)

InternalUrl : https://mail.domain.com/OAB
ExternalUrl : https://mail.domain.com/OAB
Identity    : CAS1\OAB (Default Web Site)

=========================================
we set EWS to mail.domain.com

Set-WebServicesVirtualDirectory -Identity "CAS1\EWS (Default Web Site)" -InternalUrl https://mail.domain.com/ews/exchange.asmx -ExternalUrl https://mail.domain.com/ews/exchange.asmx


Set-WebServicesVirtualDirectory -Identity "CAS2\EWS (Default Web Site)" -InternalUrl https://mail.domain.com/ews/exchange.asmx -ExternalUrl https://mail.domain.com/ews/exchange.asmx

===========================================
Get-WebServicesVirtualDirectory | fl *url*, *ident*


InternalNLBBypassUrl : https://FQDN of server/ews/exchange.asmx
InternalUrl          : https://mail.domain.com/ews/exchange.asmx
ExternalUrl          : https://mail.domain.com/ews/exchange.asmx
Identity             : CAS2\EWS (Default Web Site)

InternalNLBBypassUrl : https://FQDN of server/ews/exchange.asmx
InternalUrl          : https://mail.domain.com/ews/exchange.asmx
ExternalUrl          : https://mail.domain.com/ews/exchange.asmx
Identity             : CAS1\EWS (Default Web Site)

===============================================
we checked client access server
Get-ClientAccessServer | fl *uri*


AutoDiscoverServiceInternalUri : https://autodiscover.domain.com/Autodiscover/autodiscover.xml

AutoDiscoverServiceInternalUri : https://autodiscover.domain.com/Autodiscover/autodiscover.xml

================================================

Checked Outlook provider was set

Get-OutlookProvider

Name                          Server                        CertPrincipalName             TTL
----                          ------                        -----------------             ---
EXCH                          mail.domain.com              msstd:mail.domain.com              1
EXPR                          mail.domain.com               msstd:mail.domain.com              1
WEB                           mail.domain.com            msstd:mail.domain.com              1

==================================================
Set-OutlookProvider EXCH -Server $null
Set-OutlookProvider web -Server $null
Set-OutlookProvider EXCH -CertPrincipalName $null
Set-OutlookProvider EXPR -CertPrincipalName $null
Set-OutlookProvider WEB -CertPrincipalName $null


Get-OutlookProvider

Name                          Server                        CertPrincipalName             TTL
----                          ------                        -----------------             ---
EXCH                                                                                      1
EXPR                                                                                      1
WEB                                                                                       1

==================================================
RoninCommented:
So the Outlook Provider was the issue, am I understanding this correctly?
ryanrusty30Author Commented:
He believes it was a combination of the Outlook Provider not being cleared out, MAPI not being enabled and setup, and having an autodiscover URL for EWS URLs.
RoninCommented:
Thanks for the update.
ryanrusty30Author Commented:
Here is one final summary for those that end up on this page looking for the fix. Good luck!

Solution :
 
      We checked which Protocol the Outlook is using to connect
      There are two protocols Outlook anywhere and MAPI
      Exchange 2013 and Exchange 2016 are recommend to use MAPI protocol it is more secure then Outlook anywhere
      We found the configuration is not correct.
      EWS is the virtual directory which is responsible for Out of Office and Free busy issues
      We checked EWS URL is pointing to “autodiscover.askallegiance.com” where as it should point to “mail.domain.com”
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.