EWS proxying requests fail after you run Availability Service requests in a CAS to CAS proxying scenario in Exchange Server 2007

Article ID: 975165 - View products that this article applies to.
Expand all | Collapse all

SYMPTOMS

Consider the following scenario:
  • You have Microsoft Exchange Server 2007 servers that are deployed in a Client Access Server (CAS) proxying scenario.
  • You have a Microsoft Exchange Web Service (EWS) application that runs in a CAS to CAS proxying scenario.
  • The CAS Server uses un-trusted certificates, such as self-signed certificates.
  • You run the Availability Service requests, such as the Test-OutlookWebServices request.
In this scenario, the EWS proxying requests fail. Additionally, events that resemble the following may be logged in the Application log.


Event Type: Error
Event Source: MSExchange Web Services
Event Category: Core
Event ID: 17
Description:
CAS server <server name> attempted to proxy EWS traffic to CAS server <CAS server where the request come from>. This failed because the registry key "HKLM/System/CurrentControlSet/Services/MSExchange OWA/AllowInternalUntrustedCerts" is set to "0", but no certificate trusted by <server name> was available for the SSL encryption of the proxy connection.


Event Type: Error
Event Source: MSExchange Web Services
Event Category: Core
Event ID: 11
Description:
CAS server <server name> failed to proxy EWS to AD site <site name where the mailbox locate in> because none of the CAS servers in this site are responding. Please check the configuration and status of the servers in site <site name where the mailbox locate in>


Note If this problem occurs, and you then run the following command:
Test-WebServicesConnectivity -ClientAccessServer <CAS server name in site one> -TrustAnySSLCertificate:$true -MailboxCredential $cred
you may receive the following error message:
[System.Web.Services.Protocols.SoapException]: An internal server error occurred. The operation failed.

However, the error will not occur if you run the same command before you run the Availability service proxying request.
$cred is the credential of a mailbox user in the back end site and the credential is from the return of the Get-Credential command.
Back to the top | Give Feedback

CAUSE

This problem occurs because EWS use a certificate validation mechanism which sets a static property of the certificate in a proxying scenario. However, the Availability Service uses a different validation mechanism to validate certificates. This different validation mechanism overwrites the static property of the certificate. Therefore, later EWS certificate validations fail.
Back to the top | Give Feedback

RESOLUTION

To resolve this problem, install the following update rollup:
972076
(http://support.microsoft.com/kb/972076/ )
Description of Update Rollup 2 for Exchange Server 2007 Service Pack 2
Back to the top | Give Feedback

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
Back to the top | Give Feedback

MORE INFORMATION

For more information about Proxying for Exchange Web Services, visit the following Microsoft Web site:
http://technet.microsoft.com/en-us/library/bb310763(EXCHG.80).aspx
(http://technet.microsoft.com/en-us/library/bb310763(EXCHG.80).aspx)

For more information about Availability service issues , visit the following Microsoft Web site:
http://technet.microsoft.com/en-us/library/bb124805(EXCHG.80).aspx
(http://technet.microsoft.com/en-us/library/bb124805(EXCHG.80).aspx)

For more information about the Test-WebServicesConnectivity command, visit the following Microsoft Web site:
http://technet.microsoft.com/en-us/library/bb676420(EXCHG.80).aspx
(http://technet.microsoft.com/en-us/library/bb676420(EXCHG.80).aspx)

For more information about the Get-Credential command, visit the following Microsoft Web site:
http://technet.microsoft.com/en-us/library/dd315327.aspx
(http://technet.microsoft.com/en-us/library/dd315327.aspx)
Back to the top | Give Feedback

Properties

Article ID: 975165 - Last Review: January 22, 2010 - Revision: 1.0
APPLIES TO
  • Microsoft Exchange Server 2007 Service Pack 2, when used with:
    • Microsoft Exchange Server 2007 Enterprise Edition
    • Microsoft Exchange Server 2007 Standard Edition
Keywords: 
kbsurveynew kbexpertiseinter kbfix kbqfe kbhotfixrollup KB975165
Back to the top | Give Feedback

Give Feedback

 
Back to the topBack to the top