EWS proxying requests fail after you run Availability Service requests in a CAS to CAS proxying scenario in Exchange Server 2007

Consider the following scenario:

• You have Microsoft Exchange Server 2007 servers that are deployed in a Client Access Server (CAS) proxying scenario.
• You have a Microsoft Exchange Web Service (EWS) application that runs in a CAS to CAS proxying scenario.
• The CAS Server uses un-trusted certificates, such as self-signed certificates.
• You run the Availability Service requests, such as the Test-OutlookWebServices request.

In this scenario, the EWS proxying requests fail. Additionally, events that resemble the following may be logged in the Application log.

Event Type: Error
Event Source: MSExchange Web Services
Event Category: Core
Event ID: 17
Description:
CAS server <server name> attempted to proxy EWS traffic to CAS server <CAS server where the request come from>. This failed because the registry key "HKLM/System/CurrentControlSet/Services/MSExchange OWA/AllowInternalUntrustedCerts" is set to "0", but no certificate trusted by <server name> was available for the SSL encryption of the proxy connection.

Event Type: Error
Event Source: MSExchange Web Services
Event Category: Core
Event ID: 11
Description:
CAS server <server name> failed to proxy EWS to AD site <site name where the mailbox locate in> because none of the CAS servers in this site are responding. Please check the configuration and status of the servers in site <site name where the mailbox locate in>

Note If this problem occurs, and you then run the following command:
Test-WebServicesConnectivity -ClientAccessServer <CAS server name in site one> -TrustAnySSLCertificate:$true -MailboxCredential $cred
you may receive the following error message:

However, the error will not occur if you run the same command before you run the Availability service proxying request.
$cred is the credential of a mailbox user in the back end site and the credential is from the return of the Get-Credential command.

This problem occurs because EWS use a certificate validation mechanism which sets a static property of the certificate in a proxying scenario. However, the Availability Service uses a different validation mechanism to validate certificates. This different validation mechanism overwrites the static property of the certificate. Therefore, later EWS certificate validations fail.

To resolve this problem, install the following update rollup:

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

For more information about Proxying for Exchange Web Services, visit the following Microsoft Web site:
For more information about Availability service issues , visit the following Microsoft Web site:
For more information about the Test-WebServicesConnectivity command, visit the following Microsoft Web site:
For more information about the Get-Credential command, visit the following Microsoft Web site: