Users from a federated organization cannot see the free/busy information of the local Exchange Server 2010 organization

Article translations Article translations
Article ID: 2752387 - View products that this article applies to.
Expand all | Collapse all
When you configure a federation trust between a local Microsoft Exchange Server 2010 organization and a remote Exchange Server 2010 organization, users from the remote organization cannot see the free/busy information of the users in the local organization.

Additionally, the following errors are logged in the event log on the local Exchange server:

Event Source: MSExchange Availability
Event ID: 4001
Description:
Process Microsoft.Exchange.InfoWorker.Common.Delayed`1[System.String]: <>SMTP:user@domain.com failed. Exception returned is Microsoft.Exchange.InfoWorker.Common.Availability.AutoDiscoverFailedException: Autodiscover failed for e-mail address <>SMTP:user@domain.com with exception System.Web.Services.Protocols.SoapHeaderException: An error occurred when verifying security for the message.

Event Source: MSExchange Availability
Event ID: 4002
Description
:
ProxyWebRequest FederatedCrossForest from S-1-5-21-3124261755-470644396-3029476549-1139 to https://autodiscover.domain.com/ews/exchange.asmx failed. Caller SIDs: WSSecurity. The exception returned is Microsoft.Exchange.InfoWorker.Common.Availability.ProxyWebRequestProcessingException: System.Web.Services.Protocols.SoapHeaderException: An error occurred when verifying security for the message.


Also, HTTP 500 responses returned for Availability requests on the Remote Forest Exchange Client Access server are logged as follows in the W3SVC logs:

POST /autodiscover/autodiscover.svc/WSSecurity - 443 - 10.0.0.20 ASAutoDiscover/CrossForest/EmailDomain/ 500 0 0 15

Cause

This issue occurs because the WSSecurity property of the "EWS" virtual directory and the "Autodiscover" virtual directory is disabled on the Client Access servers in the local Exchange Server 2010 organization.

Resolution

To resolve this issue, run the following cmdlets to enable the WSSSecurty property for each Client Access server in your organization:
Set-WebServicesVirtualDirectory –identity "CASServerName\EWS (Default Web Site)" –WSSecurityAuthentication $true

Set-AutodiscoverVirtualDirectory –identity " CASServerName\Autodiscover (Default Web Site)" –WSSecurityAuthentication $true

Properties

Article ID: 2752387 - Last Review: March 25, 2013 - Revision: 4.0
Applies to
  • Microsoft Exchange Server 2010 Coexistence
  • Microsoft Exchange Server 2010 Enterprise
  • Microsoft Exchange Server 2010 Standard
  • Microsoft Exchange Server 2010 Service Pack 1
  • Microsoft Exchange Server 2010 Service Pack 2
  • Microsoft Exchange Server 2010 Service Pack 3
Keywords: 
kbsurveynew kbtshoot kbexpertiseinter KB2752387

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com