You are currently offline, waiting for your internet to reconnect

You cannot view the free/busy information of users in a mixed Exchange Server 2007 and Exchange Server 2010 environment

Consider the following scenario in a mixed Microsoft Exchange Server 2007 and Microsoft Exchange Server 2010 environment:
  • You have an Exchange Server 2007 mailbox.
  • You have large access tokens because you are a member of many security groups. For example, you are a member of more than 200 security groups.
  • You try to view the free/busy information of Exchange Server 2010 users.
In this scenario, the free/busy information of the users is not displayed.
The issue occurs because the size of the availability request exceeds the limit when you have large access tokens.
To resolve this issue, install the following update rollup:
2579150 Description of Update Rollup 4 for Exchange Server 2010 Service Pack 1
The update includes two scripts (LargeToken-Kerberos.ps1 and LargeToken-IIS_EWS.ps1). These scripts are saved to the following directory on your computer:
<drive>:\Program Files\Microsoft\Exchange Server\V14\Scripts
In addition to installing the update, you must follow these steps:
  1. Run the LargeToken-Kerberos.ps1 script on Client Access Server (CAS) servers in the Active Directory site.
  2. Run the LargeToken-Kerberos.ps1 script on the client computers that are experiencing this issue.
  3. Run the LargeToken-IIS_EWS.ps1 script to update the Web.config file of the Exchange Server 2010 SP1 CAS servers in the Active Directory site.
  • If the MachineList parameter of the LargeToken-Kerberos.ps1 script is not specified, the script will run against all computers and servers in the domain. We do not recommend that you do this for big domains because the process takes a long time. The information in the parameter should be comma separated.
  • The LargeToken-IIS_EWS.ps1 script increases the value of the MaxFieldLength and MaxRequestBytes IIS parameters on all CAS servers in the Active Directory site. In addition, it changes the EWS Web.config bindings on Exchange 2010 SP1 and the CAS servers.

    To run this script, you must have the following components installed:
    • The Remote Registry service
    • The Winrm service
    • PowerShell 2
    You can configure Winrm by using the winrm quickconfig command.
Important To use this workaround, you must have Exchange Server 2010 Service Pack 1 (SP1) installed.

To work around this issue, follow these steps:
  1. Create the following registry keys on all CAS servers (both Exchange Server 2007 CAS servers and Exchange Server 2010 SP1 CAS servers) in the Active Directory site:
    • Path: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters
      Name: MaxFieldLength
      Type: DWORD
      Value data: 65534
    • Path: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters
      Name: MaxRequestBytes
      Type: DWORD
      Value date: 16777216
  2. Create the following registry keys on the client computers:
    • Path: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Kerberos\Parameters
      Name: MaxPacketSize
      Type: DWORD
      Value data: 1
    • Path: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Kerberos\Parameters
      Name: MaxTokenSize
      Type: DWORD
      Value data: 65535
  3. Update the Web.config file on the Exchange Server 2010 SP1 Client Access servers. To do this, follow these steps:
    1. Open the Web.config file that is located in the following directory:
      <drive>:\Program Files\Microsoft\Exchange Server\V14\ClientAccess\exchweb\ews
    2. Locate the EWSAnonymousHttpsBinding custom binding.
    3. Set the value of maxReceivedMessageSize in the custom binding to 512000000.
    4. Set the value of maxBufferSize in the custom binding to 163840.
    5. Locate the following custom bindings, and then repeat step c and step d:
      • EWSAnonymousHttpsBinding
      • EWSAnonymousHttpBinding
      • EWSBasicHttpsBinding
      • EWSBasicHttpBinding
      • EWSNegotiateHttpsBinding
      • EWSNegotiateHttpBinding
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

Article ID: 2491354 - Last Review: 10/31/2011 02:53:00 - Revision: 5.0

Microsoft Exchange Server 2010 Service Pack 1

  • kbqfe kbfix kbsurveynew kbhotfixrollup kbexpertiseinter KB2491354