EWS proxying requests fail after you run Availability Service requests in a CAS to CAS proxying scenario in Exchange Server 2007

Article translations Article translations
Article ID: 975165 - View products that this article applies to.
Expand all | Collapse all

SYMPTOMS

Consider the following scenario:
  • You have Microsoft Exchange Server 2007 servers that are deployed in a Client Access Server (CAS) proxying scenario.
  • You have a Microsoft Exchange Web Service (EWS) application that runs in a CAS to CAS proxying scenario.
  • The CAS Server uses un-trusted certificates, such as self-signed certificates.
  • You run the Availability Service requests, such as the Test-OutlookWebServices request.
In this scenario, the EWS proxying requests fail. Additionally, events that resemble the following may be logged in the Application log.


Event Type: Error
Event Source: MSExchange Web Services
Event Category: Core
Event ID: 17
Description:
CAS server <server name> attempted to proxy EWS traffic to CAS server <CAS server where the request come from>. This failed because the registry key "HKLM/System/CurrentControlSet/Services/MSExchange OWA/AllowInternalUntrustedCerts" is set to "0", but no certificate trusted by <server name> was available for the SSL encryption of the proxy connection.


Event Type: Error
Event Source: MSExchange Web Services
Event Category: Core
Event ID: 11
Description:
CAS server <server name> failed to proxy EWS to AD site <site name where the mailbox locate in> because none of the CAS servers in this site are responding. Please check the configuration and status of the servers in site <site name where the mailbox locate in>


Note If this problem occurs, and you then run the following command:
Test-WebServicesConnectivity -ClientAccessServer <CAS server name in site one> -TrustAnySSLCertificate:$true -MailboxCredential $cred
you may receive the following error message:
[System.Web.Services.Protocols.SoapException]: An internal server error occurred. The operation failed.

However, the error will not occur if you run the same command before you run the Availability service proxying request.
$cred is the credential of a mailbox user in the back end site and the credential is from the return of the Get-Credential command.

CAUSE

This problem occurs because EWS use a certificate validation mechanism which sets a static property of the certificate in a proxying scenario. However, the Availability Service uses a different validation mechanism to validate certificates. This different validation mechanism overwrites the static property of the certificate. Therefore, later EWS certificate validations fail.

RESOLUTION

To resolve this problem, install the following update rollup:
972076 Description of Update Rollup 2 for Exchange Server 2007 Service Pack 2

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

MORE INFORMATION

For more information about Proxying for Exchange Web Services, visit the following Microsoft Web site:
http://technet.microsoft.com/en-us/library/bb310763(EXCHG.80).aspx

For more information about Availability service issues , visit the following Microsoft Web site:
http://technet.microsoft.com/en-us/library/bb124805(EXCHG.80).aspx

For more information about the Test-WebServicesConnectivity command, visit the following Microsoft Web site:
http://technet.microsoft.com/en-us/library/bb676420(EXCHG.80).aspx

For more information about the Get-Credential command, visit the following Microsoft Web site:
http://technet.microsoft.com/en-us/library/dd315327.aspx

Properties

Article ID: 975165 - Last Review: January 22, 2010 - Revision: 1.0
APPLIES TO
  • Microsoft Exchange Server 2007 Service Pack 2, when used with:
    • Microsoft Exchange Server 2007 Enterprise Edition
    • Microsoft Exchange Server 2007 Standard Edition
Keywords: 
kbsurveynew kbexpertiseinter kbfix kbqfe kbhotfixrollup KB975165

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com