Problem solved - the Problem only exist with one user. This user has EwsEnabled $false in the cas-mailbox config.
Getting Error 401 / 403 EWS
Hello from Germany,
we want to upgrade from Exchange 2010 to Exchange 2016. In advance I wanted to configure Split-DNS, so that the internal and external URL is identical.
I have configured the zones as in various instructions, obtained a SAN certificate and deposited this for all services of the Exchange. In addition, I adjusted the addresses of the vDirs via Powershell and performed an iisreset.
Get-OwaVirtualDirectory -Server exch | Set-OwaVirtualDirectory -InternalUrl 'https://mail.firma.de/owa'
Get-EcpVirtualDirectory -Server exch | Set-EcpVirtualDirectory -InternalUrl 'https://mail.firma.de/ecp'
Get-OABVirtualDirectory -Server exch | Set-OABVirtualDirectory -InternalURL 'https://mail.firma.de/OAB'
Get-ActiveSyncVirtualDirectory -Server exch | Set-ActiveSyncVirtualDirectory -InternalURL 'https://mail.firma.de/Microsoft-Server-ActiveSync'
Get-WEbServicesVirtualDirectory -Server exch | Set-WEbServicesVirtualDirectory -InternalURL 'https://mail.firma.de/EWS/Exchange.asmx'
Get-ClientAccessServer -Identity exch | Set-ClientAccessServer -AutodiscoverServiceInternalUri 'https://autodiscover.firma.de/autodiscover/autodiscover.xml'
Get-OutlookAnywhere -Server exch | Set-OutlookAnywhere -ExternalHostname mail.firma.de
Get-WEbServicesVirtualDirectory -Server exch | Set-WEbServicesVirtualDirectory -InternalURL 'https://mail.firma.de/EWS/Exchange.asmx' -InternalNLBBypassUrl 'https://mail.firma.de/EWS/Exchange.asmx'
Enable-ExchangeCertificate -Thumbprint Abcd1234 -Service IIS, IMAP, SMTP, POP
The clients resolve the URL accordingly, Outlook starts and emails go in/out. However, the out of office assistant does not work and the free/busy display of the shared calendars.
Autodiscover seems to be iO though, at least according to Outlook test. I have broken up traffic between Outlook and Exchange via Fiddler and only see 401/403 error messages when accessing the EWS directory, no success messages and suspect that is where the problem is.
The virt. Directory for EWS/Webservics I have reset and recreated. No improvement. A new Outlook profile did not help either.
Have any of you had this problem before and possibly a tip?
Greetings
1 additional answer
Sort by: Most helpful
-
Xzsssss 8,861 Reputation points Microsoft Vendor
2021-10-26T05:49:55.427+00:00 Hi @_hightower_ ,
Please also check it using the EXRCA, and see if it gives us any useful information.
https://testconnectivity.microsoft.com/tests/EwsTask/inputAnd as you said, the Autodiscover test of Outlook client should be OK right? What does it give you about the Availability Service URL? Is it right like you posted above?
Another thing is that what are the error details of 401/403?
You could check the following items and see if they could help:
- Open IIS and check the BackEnd bindings of Port 444, it should be using the default Microsoft Exchange certificate.
- Test with other accounts and also use another shared calendar.
Also please enter the EWS URL, logging in and see what's going on.
Best regards,
Lou
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.