Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

Event ID 41 when a user tries to use a proxy to access OWA in Exchange Server 2010


View products that this article applies to.

Symptoms

Consider the following scenario:
  • You deploy Microsoft Exchange Server 2010 in multiple Active Directory Domain Services (AD DS) sites.
  • AD DS Site A is Internet-facing.
  • AD DS Site B is not Internet-facing.
  • Microsoft Outlook Web App (OWA) is published in Site A.
  • Windows Integrated Authentication is enabled on the Client Access server (CAS) in Site B.
  • A user in Site B tries to log on to OWA.
In this scenario, the user may receive an error message that resembles the following:
Outlook Web App isn't available. If the problem continues, please contact your help desk.
Additionally, an error message that resembles the following is logged in the Application log on the CAS in Site A:

Source: MSExchange OWA
Event ID: 41
Task Category: Proxy
Level: Error

Description:
The Client Access server "https://mail.contoso.com/owa" attempted to proxy Outlook Web App traffic for mailbox <UserDN>. This failed because no Client Access server with an Outlook Web App virtual directory configured for Kerberos authentication could be found in the Active Directory site of the mailbox. The simplest way to configure an Outlook Web App virtual directory for Kerberos authentication is to set it to use Integrated Windows authentication by using the Set-OwaVirtualDirectory cmdlet in the Exchange Management Shell, or by using the Exchange Management Console. If you already have a Client Access server deployed in the target Active Directory site with an Outlook Web App virtual directory configured for Kerberos authentication, the proxying Client Access server may not be finding that target Client Access server because it does not have an internalUrl parameter configured. You can configure the internalUrl parameter for the Outlook Web App virtual directory on the Client Access server in the target Active Directory site by using the Set-OwaVirtualDirectory cmdlet.


↑ Back to the top


Cause

This issue can occur if the OWA version in Site B is incompatible with the version of OWA in Site A.

Note This issue can also occur if the authentication method was changed, and the change has not replicated to all AD DS sites.

↑ Back to the top


Resolution

To resolve this issue, verify that the OWA version on the Internet-facing AD DS site is the same or a later version than the OWA version on the site that is not Internet-facing. To verify the OWA version, follow these steps:
  1. Start IIS Manager on the CAS in the Internet-facing AD DS site.
  2. Expand the server that you want, expand Sites, expand Default Web Site, and then expand OWA.
  3. Note the highest OWA version number.
  4. Repeat steps 1 through 3 on the CAS in the AD DS site that is not Internet-facing.
  5. If the OWA version is a later version on the CAS server in the AD DS site that is not Internet-facing, update the Exchange Server 2010 installation on the CAS in the AD DS site that is Internet-facing

↑ Back to the top


More information

As a best practice, we recommend that you update any CAS servers in Internet-facing AD DS sites before you update the CAS servers in AD DS sites that are not Internet-facing.

↑ Back to the top


Keywords: KB2712097, kbprb, kbtshoot, kbsurveynew

↑ Back to the top

Article Info
Article ID : 2712097
Revision : 2
Created on : 8/27/2012
Published on : 8/27/2012
Exists online : False
Views : 294