question

hightower88 avatar image
0 Votes"
hightower88 asked ZhengqiLou-MSFT commented

Getting Error 401 / 403 EWS

Hello from Germany,

we want to upgrade from Exchange 2010 to Exchange 2016. In advance I wanted to configure Split-DNS, so that the internal and external URL is identical.

I have configured the zones as in various instructions, obtained a SAN certificate and deposited this for all services of the Exchange. In addition, I adjusted the addresses of the vDirs via Powershell and performed an iisreset.

Get-OwaVirtualDirectory -Server exch | Set-OwaVirtualDirectory -InternalUrl 'https://mail.firma.de/owa'
Get-EcpVirtualDirectory -Server exch | Set-EcpVirtualDirectory -InternalUrl 'https://mail.firma.de/ecp'
Get-OABVirtualDirectory -Server exch | Set-OABVirtualDirectory -InternalURL 'https://mail.firma.de/OAB'
Get-ActiveSyncVirtualDirectory -Server exch | Set-ActiveSyncVirtualDirectory -InternalURL 'https://mail.firma.de/Microsoft-Server-ActiveSync'
Get-WEbServicesVirtualDirectory -Server exch | Set-WEbServicesVirtualDirectory -InternalURL 'https://mail.firma.de/EWS/Exchange.asmx'
Get-ClientAccessServer -Identity exch | Set-ClientAccessServer -AutodiscoverServiceInternalUri 'https://autodiscover.firma.de/autodiscover/autodiscover.xml'
Get-OutlookAnywhere -Server exch | Set-OutlookAnywhere -ExternalHostname mail.firma.de
Get-WEbServicesVirtualDirectory -Server exch | Set-WEbServicesVirtualDirectory -InternalURL 'https://mail.firma.de/EWS/Exchange.asmx' -InternalNLBBypassUrl 'https://mail.firma.de/EWS/Exchange.asmx'
Enable-ExchangeCertificate -Thumbprint Abcd1234 -Service IIS, IMAP, SMTP, POP

The clients resolve the URL accordingly, Outlook starts and emails go in/out. However, the out of office assistant does not work and the free/busy display of the shared calendars.

Autodiscover seems to be iO though, at least according to Outlook test. I have broken up traffic between Outlook and Exchange via Fiddler and only see 401/403 error messages when accessing the EWS directory, no success messages and suspect that is where the problem is.

The virt. Directory for EWS/Webservics I have reset and recreated. No improvement. A new Outlook profile did not help either.

Have any of you had this problem before and possibly a tip?

Greetings

office-exchange-server-administrationoffice-exchange-server-itpro
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

2 Answers

hightower88 avatar image
1 Vote"
hightower88 answered ZhengqiLou-MSFT commented

Problem solved - the Problem only exist with one user. This user has EwsEnabled $false in the cas-mailbox config.

· 1
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

ZhengqiLou-MSFT avatar image ZhengqiLou-MSFT ·

Glad to hear that the issue was resolved & thanks for sharing how you resolved it.

You could click the accept button to mark an answer as accepted to close this thread and if others have the same problem could get help from this thread:)

Have a nice day!

Best regards,
Lou

0 Votes 0 ·
ZhengqiLou-MSFT avatar image
0 Votes"
ZhengqiLou-MSFT answered

Hi @hightower88 ,

Please also check it using the EXRCA, and see if it gives us any useful information.
https://testconnectivity.microsoft.com/tests/EwsTask/input

And as you said, the Autodiscover test of Outlook client should be OK right? What does it give you about the Availability Service URL? Is it right like you posted above?

Another thing is that what are the error details of 401/403?

You could check the following items and see if they could help:
1. Open IIS and check the BackEnd bindings of Port 444, it should be using the default Microsoft Exchange certificate.
2. Test with other accounts and also use another shared calendar.

Also please enter the EWS URL, logging in and see what's going on.

Best regards,
Lou

If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.