Symptoms
Consider the following scenario in a mixed Microsoft Exchange Server 2007 and Microsoft Exchange Server 2010 environment:
-
You have an Exchange Server 2007 mailbox.
-
You have large access tokens because you are a member of many security groups. For example, you are a member of more than 200 security groups.
-
You try to view the free/busy information of Exchange Server 2010 users.
In this scenario, the free/busy information of the users isn't displayed.
This issue also occurs in one of the following mixed environment:-
Exchange Server 2016 co-exists with Exchange Server 2010
-
Exchange Server 2013 co-exists with Exchange Server 2010
Cause
The issue occurs because the size of the availability request exceeds the limit when you have large access tokens.
Resolution
To resolve this issue, install the following update rollup:
2579150 Description of Update Rollup 4 for Exchange Server 2010 Service Pack 1 The update includes two scripts (LargeToken-Kerberos.ps1 and LargeToken-IIS_EWS.ps1). These scripts are saved to the following directory on your computer:
<drive>:\Program Files\Microsoft\Exchange Server\V14\ScriptsIn addition to installing the update, you must follow these steps:
-
Run the LargeToken-Kerberos.ps1 script on Client Access Server (CAS) servers in the Active Directory site.
-
Run the LargeToken-Kerberos.ps1 script on the client computers that are experiencing this issue.
-
Run the LargeToken-IIS_EWS.ps1 script to update the Web.config file of the Exchange Server 2010 Service Pack 1 (SP1) CAS servers in the Active Directory site.
Notes
-
If the MachineList parameter of the LargeToken-Kerberos.ps1 script isn't specified, the script will run against all computers and servers in the domain. We don't recommend that you do this for big domains because the process takes a long time. The information in the parameter should be comma separated.
-
The LargeToken-IIS_EWS.ps1 script increases the value of the MaxFieldLength and MaxRequestBytes IIS parameters on all CAS servers in the Active Directory site. In addition, it changes the EWS Web.config bindings on Exchange 2010 SP1 and the CAS servers.
To run this script, you must have the following components installed:-
The Remote Registry service
-
The Winrm service
-
PowerShell 2
You can configure Winrm by using the winrm quickconfig command.
-
Workaround
Important To use this workaround, you must have Exchange Server 2010 SP1 installed. Also, this workaround applies to the Exchange Server 2010 coexistence environment with Exchange Server 2007, Exchange Server 2013, or Exchange Server 2016.
To work around this issue, follow these steps:-
Create the following registry keys on all CAS servers (both Exchange Server 2007/Exchange Server 2013/Exchange Server 2016 CAS servers and Exchange Server 2010 SP1 CAS servers) in the Active Directory site:
-
Path: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters
Name: MaxFieldLength Type: DWORD Value data: 65534 -
Path: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters
Name: MaxRequestBytes Type: DWORD Value date: 16777216
-
-
Create the following registry keys on the client computers:
-
Path: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Kerberos\Parameters
Name: MaxPacketSize Type: DWORD Value data: 1 -
Path: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Kerberos\Parameters
Name: MaxTokenSize Type: DWORD Value data: 65535
-
-
Update the Web.config file on the Exchange Server 2010 SP1 Client Access servers. To do this, follow these steps:
-
Open the Web.config file that's located in the following directory:
<drive>:\Program Files\Microsoft\Exchange Server\V14\ClientAccess\exchweb\ews
-
Locate the EWSAnonymousHttpsBinding custom binding.
-
For Exchange Server 2010 co-existing with Exchange Server 2007, set the value of maxReceivedMessageSize in the custom binding to 512000000.
If the remote server is Exchange Server 2013 or Exchange Server 2016, set the value of maxReceivedMessageSize in the custom binding to 768000000. -
For Exchange Server 2010 co-existing Exchange Server 2007, set the value of maxBufferSize in the custom binding to 163840.
If the remote server is Exchange Server 2013 or Exchange Server 2016, set the value of maxBufferSize in the custom binding to 245760. -
Locate the following custom bindings, and then repeat step C and step D:
-
EWSAnonymousHttpsBinding
-
EWSAnonymousHttpBinding
-
EWSBasicHttpsBinding
-
EWSBasicHttpBinding
-
EWSNegotiateHttpsBinding
-
EWSNegotiateHttpBinding
-
-
More Information
This issue is associated with an "HTTP 400 Bad Request" error that can be found in the following logs:
-
The HTTP error (HTTPERR) log:
C:\Windows\System32\LogFiles\HTTPERR
-
The Internet Information Services (IIS) log:
C:\inetpub\logs\LogFiles
-
HTTP Proxy log (for Exchange 2013 and Exchange 2016 local site servers):
C:\Program Files\Microsoft\Exchange Server\<ExchangeVersion>\Logging\HttpProxy\Ews
Additionally, in some cases, Exchange Web Service logs may show the 400 error on the Exchange Server 2010 remote server in the following path:
C:\Program Files\Microsoft\Exchange Server\V14\Logging\EWS"HTTP 400 Bad Request" error when proxying HTTP requests from an Exchange Server to a previous version of Exchange Server (KB2988444) for more information.
SeeStatus
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.