Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

EWS proxying requests fail after you run Availability Service requests in a CAS to CAS proxying scenario in Exchange Server 2007


View products that this article applies to.

Symptoms

Consider the following scenario:
  • You have Microsoft Exchange Server 2007 servers that are deployed in a Client Access Server (CAS) proxying scenario.
  • You have a Microsoft Exchange Web Service (EWS) application that runs in a CAS to CAS proxying scenario.
  • The CAS Server uses un-trusted certificates, such as self-signed certificates.
  • You run the Availability Service requests, such as the Test-OutlookWebServices request.
In this scenario, the EWS proxying requests fail. Additionally, events that resemble the following may be logged in the Application log.


Event Type: Error
Event Source: MSExchange Web Services
Event Category: Core
Event ID: 17
Description:
CAS server <server name> attempted to proxy EWS traffic to CAS server <CAS server where the request come from>. This failed because the registry key "HKLM/System/CurrentControlSet/Services/MSExchange OWA/AllowInternalUntrustedCerts" is set to "0", but no certificate trusted by <server name> was available for the SSL encryption of the proxy connection.


Event Type: Error
Event Source: MSExchange Web Services
Event Category: Core
Event ID: 11
Description:
CAS server <server name> failed to proxy EWS to AD site <site name where the mailbox locate in> because none of the CAS servers in this site are responding. Please check the configuration and status of the servers in site <site name where the mailbox locate in>


Note If this problem occurs, and you then run the following command:
Test-WebServicesConnectivity -ClientAccessServer <CAS server name in site one> -TrustAnySSLCertificate:$true -MailboxCredential $cred
you may receive the following error message:
[System.Web.Services.Protocols.SoapException]: An internal server error occurred. The operation failed.

However, the error will not occur if you run the same command before you run the Availability service proxying request.
$cred is the credential of a mailbox user in the back end site and the credential is from the return of the Get-Credential command.

↑ Back to the top


Cause

This problem occurs because EWS use a certificate validation mechanism which sets a static property of the certificate in a proxying scenario. However, the Availability Service uses a different validation mechanism to validate certificates. This different validation mechanism overwrites the static property of the certificate. Therefore, later EWS certificate validations fail.

↑ Back to the top


Resolution

To resolve this problem, install the following update rollup:
972076 Description of Update Rollup 2 for Exchange Server 2007 Service Pack 2

↑ Back to the top


Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

↑ Back to the top


More information

For more information about Proxying for Exchange Web Services, visit the following Microsoft Web site:
For more information about Availability service issues , visit the following Microsoft Web site:
For more information about the Test-WebServicesConnectivity command, visit the following Microsoft Web site:
For more information about the Get-Credential command, visit the following Microsoft Web site:

↑ Back to the top


Keywords: KB975165, kbhotfixrollup, kbqfe, kbfix, kbexpertiseinter, kbsurveynew

↑ Back to the top

Article Info
Article ID : 975165
Revision : 1
Created on : 1/22/2010
Published on : 1/22/2010
Exists online : False
Views : 386