EWS proxying requests fail after you run Availability Service requests in a CAS to CAS proxying scenario in Exchange Server 2007


Consider the following scenario:
  • You have Microsoft Exchange Server 2007 servers that are deployed in a Client Access Server (CAS) proxying scenario.
  • You have a Microsoft Exchange Web Service (EWS) application that runs in a CAS to CAS proxying scenario.
  • The CAS Server uses un-trusted certificates, such as self-signed certificates.
  • You run the Availability Service requests, such as the Test-OutlookWebServices request.
In this scenario, the EWS proxying requests fail. Additionally, events that resemble the following may be logged in the Application log.
Note If this problem occurs, and you then run the following command:
Test-WebServicesConnectivity -ClientAccessServer <CAS server name in site one> -TrustAnySSLCertificate:$true -MailboxCredential $cred
you may receive the following error message:
[System.Web.Services.Protocols.SoapException]: An internal server error occurred. The operation failed.

However, the error will not occur if you run the same command before you run the Availability service proxying request.
$cred is the credential of a mailbox user in the back end site and the credential is from the return of the Get-Credential command.


This problem occurs because EWS use a certificate validation mechanism which sets a static property of the certificate in a proxying scenario. However, the Availability Service uses a different validation mechanism to validate certificates. This different validation mechanism overwrites the static property of the certificate. Therefore, later EWS certificate validations fail.


To resolve this problem, install the following update rollup:
972076 Description of Update Rollup 2 for Exchange Server 2007 Service Pack 2


Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

More Information

For more information about Proxying for Exchange Web Services, visit the following Microsoft Web site:
For more information about Availability service issues , visit the following Microsoft Web site:
For more information about the Test-WebServicesConnectivity
command, visit the following Microsoft Web site:
For more information about the Get-Credential command, visit the following Microsoft Web site:

Article ID: 975165 - Last Review: Jan 22, 2010 - Revision: 1