question

NurHossain-4331 avatar image
0 Votes"
NurHossain-4331 asked YukiSun-MSFT commented

In Exchange Server and Reverse Proxy Server, Getting 401 status with Null User Information

In Exchange server Hybrid Environment, we are getting 401 status with Null User for MAPI, EWS and Active Sync.
D:\RPIISLog\Exmbx-dc-2\u_ex210523.log 831406 2021-05-23 06:44:09 10.96.64.101 NULL NULL EXMBX-DC-2 10.96.36.101 443 POST /EWS/Exchange.asmx &CorrelationID=<empty>;&cafeReqId=36f2e160-e8db-4b7e-a8ff-0255b433d25f; 401 0 0 NULL NULL 19 NULL NULL Microsoft+Office/16.0+(Windows+NT+6.2;+Microsoft+Outlook+16.0.4417;+Pro) OutlookSession="{6F1FF216-ADBC-449A-BF0D-DFBF373ECE29}" NULL NULL NULL NULL NULL NULL NULL NULL NULL


D:\RPIISLog\Exmbx-dc-2\u_ex210523.log 831646 2021-05-23 06:44:13 10.96.64.100 NULL NULL EXMBX-DC-2 10.96.36.101 443 POST /EWS/Exchange.asmx &CorrelationID=<empty>;&cafeReqId=c6a4fd6f-1502-4195-9a6a-4a4cf7b9658d; 401 0 0 NULL NULL 30 NULL NULL Microsoft+Office/16.0+(Windows+NT+6.2;+Microsoft+Outlook+16.0.4266;+Pro) OutlookSession="{83BE22C9-1E53-46A8-993F-50B3F01C9795}" NULL NULL NULL NULL NULL NULL NULL NULL NULL





D:\RPIISLog\Exmbx-dc-2\u_ex210523.log 831533 2021-05-23 06:44:12 10.21.26.51 NULL NULL EXMBX-DC-2 10.96.36.101 443 POST /mapi/emsmdb/ MailboxId=3142a0b8-351f-49e4-9067-08c5ddcc2bbc@mydomain.com&CorrelationID=<empty>;&cafeReqId=39a29516-633d-48ff-b93f-9de29984dfec; 401 0 0 NULL NULL 9 NULL NULL Microsoft+Office/16.0+(Windows+NT+10.0;+Microsoft+Outlook+16.0.4549;+Pro) MapiContext=MAPIAAAAAOC49bfvwobF6Nn6yPjK+9bm0/7M/Nzt1e/c7dfj0oirmaCQpJKnl6KW9zIAAAAAAAA=;MapiRouting=UlVNOjVhOWFjMWU1LTM4ZTktNGY0Yy04OTFmLWYyNDFjODNhMzI5MzpiAs7xtR3ZCA==;MapiSequence=493-9Bw/Aw==;X-BackEndCookie=3142a0b8-351f-49e4-9067-08c5ddcc2bbc=u56Lnp2ejJqBxsfLmZuZz8vSzpnNzdLLy5uc0p7IxpzSm8aazs2ayZ3Lx5ucgYHNz83O0s/J0s3Nq8/JxcvLxc7O NULL NULL NULL NULL NULL NULL NULL NULL NULL



D:\RPIISLog\Exmbx-dc-2\u_ex210523.log 831606 2021-05-23 06:44:13 10.21.92.109 NULL NULL EXMBX-DC-2 10.96.36.101 443 POST /autodiscover/autodiscover.xml &CorrelationID=<empty>;&cafeReqId=7dad860b-73c7-4d17-9ae0-417d6fdeb98a; 401 0 0 NULL NULL 53 NULL NULL Microsoft+Office/16.0+(Windows+NT+10.0;+Microsoft+Outlook+16.0.4954;+Pro) OutlookSession="{CD7A4BC8-E0AA-4B82-BBC6-AE4C48F55FB6}" NULL NULL NULL NULL NULL NULL NULL NULL NULL


D:\RPIISLog\Exmbx-dc-2\u_ex210523.log 831646 2021-05-23 06:44:13 10.96.64.100 NULL NULL EXMBX-DC-2 10.96.36.101 443 POST /EWS/Exchange.asmx &CorrelationID=<empty>;&cafeReqId=c6a4fd6f-1502-4195-9a6a-4a4cf7b9658d; 401 0 0 NULL NULL 30 NULL NULL Microsoft+Office/16.0+(Windows+NT+6.2;+Microsoft+Outlook+16.0.4266;+Pro) OutlookSession="{83BE22C9-1E53-46A8-993F-50B3F01C9795}" NULL NULL NULL NULL NULL NULL NULL NULL NULL

99616-inkedcapture1-li.jpg


office-exchange-server-administrationoffice-exchange-online-itprooffice-exchange-server-mailflowoffice-exchange-server-itpro
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @NurHossain-4331 ,
Since the screenshot you provided contains your personal information (domain name), in order to prevent your information from leaking, I will overwrite it and upload it again.

1 Vote 1 ·

Hi @NurHossain-4331 ,
I am writing here to confirm with you how thing going now?



If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


0 Votes 0 ·

1 Answer

AshokM-8240 avatar image
0 Votes"
AshokM-8240 answered YukiSun-MSFT commented

Hi @NurHossain-4331

Try enabling advanced logging in IIS and see if the usernames are logged. Also, could you please let us know the below,

1.What authentication is enabled on the virtual directories
2.Are there any impact for the users like disconnection/not working/functionality not working, etc
3.If you open the IIS log in notepad, does it show the cs-username or is it still NULL. This is just to isolate if there could be issues with loading the IIS log to the log parser studio

https://docs.microsoft.com/en-us/iis/extensions/advanced-logging-module/advanced-logging-for-iis-custom-logging#server_logging

· 6
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @NurHossain-4331 ,
In addition to the above, the following points need to be confirmed:
What's the version of Exchange server?
Have any changes been made to the Exchange organization before the problem occurred?
Please check the Authentication of MAPI,EWS and ActiveSync in IIS.



If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.



0 Votes 0 ·

Below are the details:

Authentication is enabled on the virtual directories
For Autodiscover: Integrated Windows Authentication and Basic Authentication.
For Active Sync: Basic Authentication
For MAPI: Windows Authentication (NTLM, Negotiate) and server to server authentication (OAuth).
Exchange Server Version: Exchange Server 2016 CU20 (latest SU Installed). Exchange hybrid Environment.
Enable advanced logging: Options is not available.
Impact: No, users are not facing any issue but getting reports from the Monitoring tool.

Note: In notepad also showing the same.

Thank You
Nur


0 Votes 0 ·

Hi @NurHossain-4331

As per the log parser screenshot shared in your initial post, I'm wondering do you mean all the cs-username entries are showing as "NULL", which means no cs-username is recorded, or you have alreay filtered out the other usernames when querying the logs?
Is this a recently occurred issue after any changes were implemented in the environment?

0 Votes 0 ·
Show more comments