Exchange your Mind

"La connaissance ne vaut que si elle est partagée" / "An effective Knowledge is a shared one"

Lync 2013 Client : Certificat error when starting a PowerPoint presentation & sorry we ran into a problem displaying the presentation

Posted by Teruin laurent le mai 16, 2014


Hello All

I ve got an issue today when i try to launch a Powerpoint presentation the Lync 2013 client display that there is an certificate error . It is important to take in account that the used workstation is a non-domain joined workstation running windows 8.1 who approve the Internal Ca.


So I immediately check these points

  • From the workstation where the Lync client is executed I can use correctly from the browser the discovery url without any certificate Issue! (https://officeWebapp01.company.xxx/Hosting/discovery)
  • The discovery url is equal to the discovery url that I have declared in the topology.
  • On the Lync FE server I observe the event ID 41032 on the Lync server. So Lync discover the officewebapp server

  • The OfficeWebApp Farm is correctly configured and running

  • The certificate is well positioned on the website and have the correct friendly name which correspond in the farm definition ("office")

  • Everybody approve the internal CA. My workstation too
  • The Officewebapp and the lync server are on the same Vlan
  • I can ping and telnet from my workstation the IIS of Owapp on 443 .

So What is wrong ?

My certificate on the Officewebapp01 is a San. Hummm …

  1. Let remove it and just put a non San certificate
  2. If you use IIS "create certificate request" to make a certificate request, the program don’t put a friendly name in the request … (Windows 2012 Server US version) so you will not be able to link the certificate to the OfficeWebFarm. You can use the MMC Certificat Snapin. If you do this, don’t forget that the Country field only accept two letters. If you put USA or France you will get an error from the Internal Ca who will precise that the subject name is incorrect!. Or Create domain certificate which is easiest.
  3. I created the new certificate binded it to IIS Website for 443 and use set-officewebfarm –certificatename to reprecise the certificate friendly name.
  4. Restart the server and test again
  5. From the Lync Worsktation I could open without any certificate issue the discovery url so now check with Lync 2013 client

  6. Restarting the Lync 2013 client version 15.0.4615.1000. And same issue! Hummm weird !!!!! let inspect the Lync 2013 client logs

  7. Form the log side I can see that my client use the correct url

  8. And in the log I found this: The certificate presented by the WAC Server or Proxy could not be validated."; hummmm Why why why why.. I don’t know ;-)


  9. I decided to modify the iE settings and clear the certificate check close Lync client and restart.

  10. So now the issue is quite different. We are in progress ;-) the error message is very helpful no?

  11. Let’s check the Owapp server Log. For information it is running on windows 2012 standard server with 8 Go of ram and one vcpu (Vmware) and I can observe that
    not really helpful I think. But this appear at each time I try to start the Powerpoint presentation. Let return to the Lync 2013 client
  12. I tried to use a Lync 2010 client on a domain joined workstation (running windows Xp) and… the PowerPoint Prestation works !!!! what is wrong in my kingdom???? It should not be a server side issue? Well let check the owapp version

  13. When typing the error message "sorry we ran into a problem displaying the presentation" I found this link:
    http://blogs.technet.com/b/rischwen/archive/2013/12/03/lync-2013-wac-powerpoint-sharing-broken-windows-8-1-ie11.aspx. Which is .. resolved nice! .
  14. Installing this patch on OWAPP server

  15. Now the Officewebapp run this version
    But the problem is still the same….

 

 

 


 

Posted in 2- LYNC-2013, Lync 2013-Office Web APP | Leave a Comment »

Kemp Exchange 2013 : Comment ça balance ???

Posted by Teruin laurent le mai 14, 2014


Bonjour à tous !

Nous organisons un webinar sur le thème de la répartition de charge autour des solutions Kemp. Les sujets abordés tirés d’infrastructures déployées évoqueront les problématiques spécifiques à l’environnement exchange et les conséquences de la mise en place de répartiteur de charges. Une formation en 50 Minutes !

Venez nombreux !

Pour vous inscrire :
https://www2.gotomeeting.com/register/125981218

Posted in Non classé | Leave a Comment »

Kemp : Mise à jour sécurité pour les HLB

Posted by Teruin laurent le mai 7, 2014



Bonjour à tous

Nos amis de Kemp technologies viennent de publier une mise à jour de leurs firmware pour contrer la menace Heart bleed. A passer rapidement donc

http://forums.kemptechnologies.com/index.php?p=/discussion/20730/heartbleed-vulnerability-patch-available/p1

Cordialement
Laurent Teruin

 

 


 

Posted in EXCHANGE 2013, Lync 2013 - Reverse Proxy | Leave a Comment »

Exchange 2013: Microsoft Connectivity analyzer : weird!

Posted by Teruin laurent le avril 30, 2014


HI All

Today i would like to be certain that my new exchange 2013 infrastructure is well configured. So I started deep checks on all services. From outside I started a new outlook 2013 client, validate the correct auto configuration of Outlook RpcOverHttps. (Outlook Anywhere). Checked the Webservices, the OOF, the Oab the synchronization process etc.. Etc..

All works well. So because I would like to be sure a 100% I used the Microsoft Connectivity Analyzers and with the same account I’ve got this result. Grrr. Could I have a bad result when all functionality are working perfectly? I prefer that than the contrary. ;-). I tried with my corporate hybrid 0365 account. Another issue! but all works fine with outlook with this account too!

 

Well to be certain I used a pure O365 account and the result is ….. LOL ! . Well conclusion: how can I trust this tools!

Posted in EXCHANGE 2013, Exchange 2013 Issues | Leave a Comment »

Exchange 2013: ASP.NET 4.0.30319.0 MapiExceptionIllegalCrossServerConnection

Posted by Teruin laurent le avril 30, 2014


HI all

After fixing the ASPnet Error to give the possibility to my customer to use ECP and OWA (see old post). The Asp.net continue to fault as you can see.
We don’t have any explanation and no more time to spend to fix what I consider as a bug.

Regards
Laurent Teruin

Log Name: Application
Source: ASP.NET 4.0.30319.0
Date: 4/30/2014 8:39:05 AM
Event ID: 1309
Task Category: Web Event
Level: Warning
Exception information:
Exception type: MapiExceptionIllegalCrossServerConnection
Exception message: MapiExceptionIllegalCrossServerConnection: Monitoring mailbox [] with application ID [Client=OWA] is not allowed to make cross-server calls from [SRVEXC01.xxxx.loc] to [SRVEXC02.xxx.loc] at Microsoft.Mapi.CrossServerDiagnostics.BlockCrossServerCall(ExRpcConnectionInfo connectionInfo, String mailboxDescription)

Posted in EXCHANGE 2013, Exchange 2013 Issues | Leave a Comment »

Outlook 2013: OOF no traffic from External (through Kemp) [SOLVED]

Posted by Teruin laurent le avril 24, 2014


HI all

This morning i have to cope with a strange Behavior With outlook 2013. From outside Outlook refuse to connect to OOF Web services.

Well the A record exist the port is listening but the weird behavior is that outlook don’t try to connect to OOF. I use Wireshark to capture all the frames and I can’t see any tentative from my workstation to address the expected public address of the published Webservices. I can see the traffic of RpcOverHttp but absolutely no oof traffic which is published on another IP Address.


The Outlook reaction is very fast to display that OOF is not accessible… Weird. I don’t think for the moment that it is a web services configuration problem.

I try to use another profile to another account (Office 365) and OOF Works.

I have supposed that Outlook 2013 verify when he start if he can access to EWS.

Well after searching and searching I find a tools who records all URL accessed by your workstation. (Proximotron) by using it and indicate in the IE the proxy as localhost 8080. I was able to see what Url is accessed by the Outlook. And in my big surprise. The outlook use from external the internal URL address of Webservices. Intexweb.xxx.aero should be extexweb.xxx.aero.


Don’t ask me why. When I check the autoconfiguration option with Outlook client the result are these one which is not correct.


But when I ask to the Ews configuration internally I can see that the configuration is correct


I decided to change the internal value of these InternalUrl and set the same as external and yes it works.

So Kemp is not in fault. The real question is why the internal urls is used instead of external while using HTTP connection !!

Regards
Laurent Teruin

 

Posted in EXCHANGE 2013, Exchange 2013 Issues | Leave a Comment »

Exchange 2013 SP1: new-TestCasConnectivityUser.ps1 is not working [SOLVED]

Posted by Teruin laurent le avril 23, 2014


HI all

Today I try to launch this script to be able to test webservices and… I have this error. My password was . motdepasse.2014. But my policy password for the domain are this one.


PS] C:\Program Files\Microsoft\Exchange Server\V15\Scripts>.\new-TestCasConnectivityUser.ps1

Please enter a temporary secure password for creating test users. For security purposes, the password will be changed regularly and automatically by the system.
Enter password: ***************
Create test user on: SRVEXC01.company.loc
click CTRL+Break to quit or click Enter to continue. createTestUser : Mailbox could not be created. Verify that OU ( Users ) exists and that password meets complexity requirements.
t C:\Program Files\Microsoft\Exchange Server\V15\Scripts\new-TestCasConnectivityUser.ps1:267 char:17
$result = CreateTestUser $exchangeServer $mailboxServer $securePassword $O …
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException
+ FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,CreateTestUser

I try to change to these one


Same issue. Edit the script and replace the OU = user by you domainefqd/users as follow and it works. Exchange 2013…. A fresh product !


Posted in Exchange 2013 Issues | Leave a Comment »

Test-ActiveSyncConnectivity : FolderSync Failure

Posted by Teruin laurent le avril 22, 2014


HI all

This morning my HLB don’t want to recognize that exchange ActiveSync Is up. To be sure I wanted to check with the Test cmdlet. By using this cmd let I ve got a Folder Sync Error.

Test-ActiveSyncConnectivity -ClientAccessServer srvexc01 -TrustAnySSLCertificate -MailboxCredential (Get-credential) –Verbose

VERBOSE: [15:48:37.599 GMT] Test-ActiveSyncConnectivity : Runspace context: Executing user:
company.loc/company/Users/Admin/ADM-xxx, Executing user organization: , Current organization: , RBAC-enabled:Enabled.
VERBOSE: [15:48:37.615 GMT] Test-ActiveSyncConnectivity : Active Directory session settings for ‘Test-ActiveSyncConnectivity’ are:
iew Entire Forest: ‘False’, Default Scope: ‘company.loc’, Configuration Domain
Controller: ‘SrvDC01.company.loc’, Preferred Global Catalog: ‘SrvDC02.company.loc’, Preferred Domain Controllers: ‘{SrvDC02.company.loc }’
VERBOSE: [15:48:37.615 GMT] Test-ActiveSyncConnectivity : Beginning processing Test-ActiveSyncConnectivity
VERBOSE: [15:48:37.615 GMT] Test-ActiveSyncConnectivity : Instantiating handler with index 0 for cmdlet extension agent "Admin Audit Log Agent".
VERBOSE: [15:48:37.646 GMT] Test-ActiveSyncConnectivity : Current Scope Set is: { Recipient Read Scope: {{, }},Recipient Write Scopes: {{, }}, Configuration Read Scope: {{, }}, Configuration Write Scope(s): {{, }, }, Exclusive Recipient Scope(s): {}, Exclusive Configuration Scope(s): {} }
VERBOSE: The TrustAnySSLCertificate flag has been set. The task won’t verify that the server certificate is valid before sending the user requests and credentials to this server. User credentials will be used for the following user: company\adm-xxx.
Do you want to test Exchange ActiveSync connectivity on Client Access server SRVEXC01.company.loc?
VERBOSE: [15:48:37.739 GMT] Test-ActiveSyncConnectivity : Resolved current organization: .
CasServer LocalSite Scenario Result Latency(MS) Error
——— ——— ——– —— ———– —–
srvexc01 FR-Mysite Options Success &Log=PrxFrom:10.100.2…
srvexc01 FR-Mysite FolderSync Failure [System.Net.WebExcept...
VERBOSE: [15:48:38.176 GMT] Test-ActiveSyncConnectivity : Admin Audit Log: Entered Handler:OnComplete.
VERBOSE: [15:48:38.176 GMT] Test-ActiveSyncConnectivity : Ending processing Test-ActiveSyncConnectivity

I try from outside with a fresh created account quiet the same issue

Additional Details

 

HTTP Response Headers:
Allow: OPTIONS,POST
request-id: beaef73b-b57b-431e-85bd-0b84645fd576
X-CalculatedBETarget: srvexc01.mrsaero.loc
MS-Server-ActiveSync: 15.0
MS-ASProtocolVersions: 2.0,2.1,2.5,12.0,12.1,14.0,14.1
MS-ASProtocolCommands: Sync,SendMail,SmartForward,SmartReply,GetAttachment,GetHierarchy,CreateCollection,DeleteCollection,MoveCollection,FolderSync,FolderCreate,FolderDelete,FolderUpdate,MoveItems,GetItemEstimate,MeetingResponse,Search,Settings,Ping,ItemOperations,Provision,ResolveRecipients,ValidateCert
Public: OPTIONS,POST
X-MS-BackOffDuration: L/-230
X-DiagInfo: SRVEXC01
X-BEServer: SRVEXC01
X-FEServer: SRVEXC02
Content-Length: 0
Cache-Control: private
Content-Type: application/vnd.ms-sync.wbxml
Date: Tue, 22 Apr 2014 12:44:05 GMT
Set-Cookie: X-BackEndCookie=S-1-5-21-2772383364-1376662479-776174872
202=u56Lnp2ejJqBnZzNzZ7Lmp7Smp2cy9LLz8aZ0p3Gnp7SysvIy53Gz8fKmsjNgYHPytDNzdDNz87L387NxcvLxc/K; expires=Thu, 22-May-2014 10:44:05 GMT; path=/Microsoft-Server-ActiveSync; secure; HttpOnly
Server: Microsoft-IIS/8.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Elapsed Time: 560 ms.

Attempting the FolderSync command on the Exchange ActiveSync session.
The test of the FolderSync command failed.
    Additional Details
    Exception details:
Message: The operation has timed out
Type: System.Net.WebException
Stack trace:
at System.Net.HttpWebRequest.GetResponse()
at Microsoft.Exchange.Tools.ExRca.Extensions.RcaHttpRequest.GetResponse()
Elapsed Time: 100037 ms.

Let see what result we have with the same new account internally. Hum…. very weird it is working internally which fundamentally is good ;-)

[PS] C:\Windows\system32>Test-ActiveSyncConnectivity -ClientAccessServer srvexc01 -TrustAnySSLCertificate -MailboxCredential (Get-credential) –Verbose
cmdlet Get-Credential at command pipeline position 1
Supply values for the following parameters: Credential
VERBOSE: [12:51:43.495 GMT] Test-ActiveSyncConnectivity : Runspace context: Executing user: company.loc/company/Users/Admin/ADM-Teruin, Executing user organization: , Current organization: , RBAC-enabled:
Enabled.VERBOSE: [12:51:43.495 GMT] Test-ActiveSyncConnectivity : Initializing Active Directory server settings for the remote
Windows PowerShell session.
VERBOSE: [12:51:43.510 GMT] Test-ActiveSyncConnectivity : Active Directory session settings for ‘Test-ActiveSyncConnectivity’ are: View Entire Forest: ‘False’, Default Scope: ‘company.loc’, Configuration DomainController: ‘SrvDC01.company.loc’, Preferred Global Catalog: ‘SrvDC02.company.loc’, Preferred Domain Controllers: ‘{SrvDC02.company.loc }’
VERBOSE: [12:51:43.510 GMT] Test-ActiveSyncConnectivity : Beginning processing Test-ActiveSyncConnectivity
VERBOSE: [12:51:43.542 GMT] Test-ActiveSyncConnectivity : Instantiating handler with index 0 for cmdlet extension agent "Admin Audit Log Agent".
VERBOSE: [12:51:44.587 GMT] Test-ActiveSyncConnectivity : Current ScopeSet is: { Recipient Read Scope: {{, }}, Recipient Write Scopes: {{, }}, Configuration Read Scope: {{, }}, Configuration Write Scope(s): {{, }, }, Exclusive Recipient Scope(s): {}, Exclusive Configuration Scope(s): {} }
VERBOSE: The TrustAnySSLCertificate flag has been set. The task won’t verify that the server certificate is validbefore sending the user requests and credentials to this server. User credentials will be used for the following user: company\cader Do you want to test Exchange ActiveSync connectivity on Client Access server SRVEXC01.company.loc?
VERBOSE: [12:51:44.743 GMT] Test-ActiveSyncConnectivity : Resolved current organization: .

CasServer LocalSite Scenario Result Latency(MS) Error
——— ——— ——– —— ———– —–
srvexc01 FR-Site Options Success &Log=PrxFrom:fe80%3a%…
srvexc01 FR-Site FolderSync Success &Log=PrxFrom:fe80%3a%…
srvexc01 FR-Site First Sync Success &Log=PrxFrom:fe80%3a%…
srvexc01 FR-Site GetItemEstimate Success &Log=PrxFrom:fe80%3a%…
srvexc01 FR-Site Sync Data Success &Log=PrxFrom:fe80%3a%…
srvexc01 FR-Site Ping Success &Log=PrxFrom:fe80%3a%…
srvexc01 FR-Site Sync Test Item Success &Log=PrxFrom:fe80%3a%…
VERBOSE: [12:52:01.996 GMT] Test-ActiveSyncConnectivity : Admin Audit Log: Entered Handler:OnComplete.
VERBOSE: [12:52:02.012 GMT] Test-ActiveSyncConnectivity : Ending processing Test-ActiveSyncConnectivity

 

By using the https://testconnectivity.microsoft.com I ve got an issue but with my Android S4 from outside it works well. So … I don’t remember is https://testconnectivity.microsoft.com is ready for Exchange 2013 SP1. Not sure?
The first account who generate an error was domain Admin.

 

 

 

 

Posted in Exchange 2013 Issues | Leave a Comment »

Exchange 2013 SP1: Unable to log on to ECP ASP.NET 4.0.30319.0 unhandled exception …..[SOLVED]

Posted by Teruin laurent le avril 22, 2014


HI

Same player shoot again. Today this is the ECP directory who refuse all connections. OWA now work but not the ECP . Why? .. don’t ask me please !

Let enable Logs with these commands on my 2 Exchange servers :

set-eventloglevel -identity "MSExchange Control Panel\General" -level expert
set-eventloglevel -identity "MSExchange Control Panel\Performance" -level expert
set-eventloglevel -identity "MSExchange Control Panel\Redirect" -level expert
set-eventloglevel -identity "MSExchange OWA\Core"-level expert
set-eventloglevel -identity "MSExchange OWA\Configuration" -level expert
set-eventloglevel -identity "MSExchange OWA\Themes" -level expert
set-eventloglevel -identity "MSExchange OWA\SmallIcons" -level expert
set-eventloglevel -identity "MSExchange OWA\Proxy" -level expert
set-eventloglevel -identity "MSExchange OWA\Transcoding" -level expertµ
set-eventloglevel -identity "MSExchange OWA\ADNotifications" -level expert
set-eventloglevel -identity "MSExchange OWA\InstantMessage" -level exp

Resetting all external Url to $null for Ecpvirtualdirectory
My both Ecp virtualdirectory on each cas server look like this

[PS] C:\Windows\system32>Get-EcpVirtualDirectory -Server srvexc02 | fl identity,internalurl,externalurl
Creating a new session for implicit remoting of "Get-EcpVirtualDirectory" command…
Identity : SRVEXC02\ecp (Default Web Site)
InternalUrl : https://srvexc02.company.loc/ecp
ExternalUrl :

Identity : SRVEXC02\ecp (ExchangeBasic)
InternalUrl :
ExternalUrl :

IISreset clearing all the eventviewer log and test again

And now ! A Well know friend of mine! ASP.NET 4.0.30319.0 unhandled exception!


Log Name: Application
Source: ASP.NET 4.0.30319.0
Date: 4/22/2014 10:30:44 AM
Event ID: 1309
Task Category: Web Eventµ
Level: Warning
Keywords: Classic
User: N/A
Computer: SrvExc02.company.loc
Description:
Event code: 3005
Event message: An unhandled exception has occurred.
Event time: 4/22/2014 10:30:44 AM
Event time (UTC): 4/22/2014 8:30:44 AM
Event ID: 40677d0459d84302974496a0d6feea05
Event sequence: 12
Event occurrence: 11
Event detail code: 0
Application information:
Application domain: /LM/W3SVC/2/ROOT/owa-3-130426287673269311
Trust level: Full
Application Virtual Path: /owa
Application Path: C:\Program Files\Microsoft\Exchange Server\V15\ClientAccess\owa\
Machine name: SRVEXC02
Process information:
Process ID: 9504
Process name: w3wp.exe
Account name: NT AUTHORITY\SYSTEM
Exception information:
Exception type: MapiExceptionIllegalCrossServerConnection
Exception message: MapiExceptionIllegalCrossServerConnection: Monitoring mailbox [] with application ID [Client=OWA] is not allowed to make cross-server calls from [SRVEXC02.company.loc] to [SRVEXC01.company.loc] at Microsoft.Mapi.CrossServerDiagnostics.BlockCrossServerCall(ExRpcConnectionInfo connectionInfo, String mailboxDescription)

Let’s go again to delete and recreate the Ecp virtualdiretory on both servers … exchange 2013 SP1 a finished product?

Trying to reopen the case on Microsoft Support but no answer since last week. .. grrr….

Action on the second server

remove-ecpvirtualdirectory -identity "SRVEXC02\ecp (Default Web Site)"
iisreset
new-ecpvirtualdirectory -websitename "Default Web Site"
set-ecpvirtualdirectory -identity "SRVEXC02\ecp (Default Web Site)" -internalurl "https://srvexc02.company.loc/ecp" -externalurl $null

Action on the first server

remove-ecpvirtualdirectory -identity "SRVEXC01\ecp (Default Web Site)"
iisreset
new-ecpvirtualdirectory -websitename "Default Web Site" -server srvexc01
set-ecpvirtualdirectory -identity "SRVEXC01\ecp (Default Web Site)" -internalurl "https://srvexc01.company.loc/ecp" -externalurl $null

And now when you try to log on Srvexc01 you’ve got this! We made some progress no?


Whaou in the second server srvexc02….

I ve got this now; Not real progress. Let’s reboot all these Exchange servers…


Let’s try after reboot…

After the reboot the server srvec02 is well presenting the page but no possibility to log on. Server error in /Ecp is no more present. (in the doubt .. reboot still works )

Reboot the first one./ Same issue enable to log on to ECP/ owa works not ecp . And stil have the fuc…. ASP.NET 4.0.30319.0 unhandled exception!

Let try now to set the FBA authentication on Ecp just in case of…. The Fba is activated by default on ECP … weird. I just compared the Authentication option on OWA and ECP on both servers.. they are the same.

After performing a Get-serverhealth

I can see that as a result but I will not give me more information except the fact that ECP is not working!

RunspaceId : bbc64357-cfb9-42cb-89ab-f6f3138a0674
Server : srvexc01
CurrentHealthSetState : NotApplicable
Name : EacCtpMonitor
TargetResource :
HealthSetName : ECP
HealthGroupName : CustomerTouchPoints
AlertValue : Unhealthy
FirstAlertObservedTime : 4/22/2014 12:01:54 PM
Description : µ
IsHaImpacting : False
RecurranceInterval : 720
DefinitionCreatedTime : 4/22/2014 11:28:11 AM
HealthSetDescription :
ServerComponentName : None
LastTransitionTime : 4/22/2014 11:25:41 AM
LastExecutionTime : 4/22/2014 12:01:54 PM
LastExecutionResult : Succeeded
ResultId : 12375674
WorkItemId : 44
IsStale : False
Error :
Exception :
IsNotified : False
LastFailedProbeId : 379
LastFailedProbeResultId : 7015930
ServicePriority : 2
Identity : ECP\EacCtpMonitor\
IsValid : True
ObjectState : New

I will try to remove the second ecp website using for Basic authentication needed for Kemp

After looking on the website. I saw that on the default website the Ip Addresse has been fixed. I decided to put to set the value like this


After retrying a connection the ECP website invite me to login with basic authentication. And I can access to the ECP Website!.
I decided to put the form authentication on the ecp virtualdirectory and retry.

PS] C:\Windows\system32>Get-EcpVirtualDirectory -Identity "SRVEXC02\ecp (Default Web Site)" | Set-EcpVirtualDirectory FormsAuthentication $true

Running IISRESET after that and ….

It works !!

Regards

Laurent

 

 

 

 

 

 

 

 

 

 

 

Posted in Exchange 2013 Issues | Leave a Comment »

Exchange 2013 SP1: Unable to connect to OWA MSEXCHMON;+ACTIVEMONITORING;+OWACTP) – 401 2 5 0

Posted by Teruin laurent le avril 18, 2014


HI all

After recreating the OWA opened a case resolve the recreation of OWA virtual directory and reboot the Exchange 2013 server. Im unable to connect to OWA

The symptom is this one. If you use another client access it works well with the same credential


After enabling the Eventlog level at expert mode

Set-eventloglevel "MsExchange OWA\FormsRegistry" -Level expert
Set-eventloglevel "MSExchange OWA\Core" -Level expert
Set-eventloglevel "MSExchange OWA\Configuration" -level expert
Set-eventloglevel "MSExchange OWA\Themes" -level expert
Set-eventloglevel "MSExchange OWA\SmallIcons" -level expert
Set-eventloglevel "MSExchange OWA\Proxy" -Level expert
Set-eventloglevel "MSExchange OWA\Transcoding" -Level expert
Set-eventloglevel "MSExchange OWA\ADNotifications" -level expert
Set-eventloglevel "MSExchange OWA\InstantMessage" -level expert

And saw nothing on the event viewer
After comparing the Parameters on Srvexc01 Owa directory and SrvExc02 Owa Directory (Same value same Authentification parameter)
After looking for the IIS Site

I saw this error

014-04-18 12:48:24 10.100.20.12 GET /owa/auth/logon.aspx url=https://10.100.20.12/owa&reason=0&CorrelationID=<empty>;&cafeReqId=46871b88-5561-46ac-9e8c-d8eadcf649fc; 443 – 10.100.20.13 Mozilla/5.0+(compatible;+MSIE+10.0;+Windows+NT+6.2;+WOW64;+Trident/6.0) – 200 0 64 19061

2014-04-18 12:48:24 127.0.0.1 GET /owa/auth/logon.aspx url=https://localhost/owa/&reason=0&CorrelationID=<empty>;&cafeReqId=1f786e68-8e60-4d3c-a8cc-72dbb94f57be; 443 – 127.0.0.1 Mozilla/4.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+MSEXCHMON;+ACTIVEMONITORING;+OWACTP) – 200 0 0 18468

2014-04-18 12:48:24 127.0.0.1 GET /owa/ &CorrelationID=<empty>;&cafeReqId=97632903-7187-4232-b7fe-7106ae5bfbe6; 443 – 127.0.0.1 Mozilla/4.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+MSEXCHMON;+ACTIVEMONITORING;+OWACTP) – 401 2 5 15

2014-04-18 12:48:25 127.0.0.1 GET /owa/auth/logon.aspx url=https://localhost/owa/&reason=0&CorrelationID=<empty>;&cafeReqId=f69ad3f7-8f6d-40da-a7ff-4d022b00c0c7; 443 – 127.0.0.1 Mozilla/4.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+MSEXCHMON;+ACTIVEMONITORING;+OWACTP) – 200 0 0 0

2014-04-18 12:48:25 127.0.0.1 GET /owa/auth/logon.aspx replaceCurrent=1&url=https%3a%2f%2flocalhost%2fowa%2f&CorrelationID=<empty>;&cafeReqId=a245546b-729b-40e6-9e5b-bc6f76136455; 443 – 127.0.0.1 Mozilla/4.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+MSEXCHMON;+ACTIVEMONITORING;+OWACTP) – 200 0 0 31

2014-04-18 12:48:25 127.0.0.1 POST /owa/auth.owa &CorrelationID=<empty>;&cafeReqId=13364688-e17c-4c10-a977-fccd84e880ec; 443 – 127.0.0.1 Mozilla/4.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+MSEXCHMON;+ACTIVEMONITORING;+OWACTP) – 401 2 5 0

2014-04-18 12:48:25 127.0.0.1 GET /owa/auth/15.0.847/scripts/premium/flogon.js &CorrelationID=<empty>;&cafeReqId=b9ef5b25-d666-4637-b7fc-8b261fe37468; 443 – 127.0.0.1 Mozilla/4.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+MSEXCHMON;+ACTIVEMONITORING;+OWACTP) – 200 0 0 171

Because I suspected an issue relative to Cas Proxy. I changed the owa Internal Url to have a correct FQDN who correspond to the certificate name. From the Server2 it try to open from IE the https://srvexc01.mrsaero.Loc/owa and it works. The contrary too. So the Cas proxy is working but I have still the same issue.

It try to remove all internal urls and external urls form both server owa site

Set-OwaVirtualDirectory -identity "SRVEXC02\owa (Default Web Site)" -externalurl $null
Set-OwaVirtualDirectory -identity "SRVEXC01\owa (Default Web Site)" -externalurl $null
Set-OwaVirtualDirectory -identity "SRVEXC02\owa (Default Web Site)" -internalurl $null
Set-OwaVirtualDirectory -identity "SRVEXC01\owa (Default Web Site)" -internalurl $null

And iisreset for all IIS Server

Well Same issue it is probably not linked to the URL on owa .

After searching. When I try to access from the srvexc02 to srvexc01 (Cas Proxy) I saw each time I try to logon this event on srvexc01

Event code: 3005

Event message: An unhandled exception has occurred.

Event time: 4/18/2014 4:06:52 PM

Event time (UTC): 4/18/2014 2:06:52 PM

Event ID: 4f0a1def3cf649209b3666fa2eafdc10

Event sequence: 52

Event occurrence: 51

Event detail code: 0

 

Application information:

Application domain: /LM/W3SVC/2/ROOT/owa-3-130423021260996772

Trust level: Full

Application Virtual Path: /owa

Application Path: C:\Program Files\Microsoft\Exchange Server\V15\ClientAccess\owa\

Machine name: SRVEXC01

 

Process information:

Process ID: 4712

Process name: w3wp.exe

Account name: NT AUTHORITY\SYSTEM

 

I will try to delete the owa directory from srvexc01 and recreate it (Boring !!!)

 

[PS] C:\Windows\system32>Remove-OwaVirtualDirectory -Identity "srvexc01\owa (Default Web Site)"

Confirm

Are you sure you want to perform this action?

Outlook Web App virtual directory "srvexc01\owa (Default Web Site)" is being removed.

[Y] Yes [A] Yes to All [N] No [L] No to All [?] Help (default is "Y"): A

[PS] C:\Windows\system32>

 

[PS] C:\Windows\system32>New-OwaVirtualDirectory -WebSiteName "Default Web Site" -Server srvexc01
Name Server OwaVersion
—- —— ———-
owa (Default Web Site) SRVEXC01 Exchange2013

Put the authentication form on it

[PS] C:\Windows\system32>Set-OwaVirtualDirectory -FormsAuthentication $true -Identity "srvexc01\owa (Default Web Site)"
[PS] C:\Windows\system32>iisreset
Attempting stop…
Internet services successfully stopped
Attempting start…
Internet services successfully restarted
[PS] C:\Windows\system32>

After recreation I saw that in the event log : Grrrr


I decide to delete again the owa directory and clean the IIS Metabase

Removing the OWA on srvexc01 and installing iis resource kit / Checking with Adsiedit if the directrory is correctly deleted



Deleted correctly
Launching IIS Metabase


The OWA is correctly removed by the remove-virtualdirectory All seems correct!

OK IISReset and try to recreate the owa directory. Just creating the directory and saw that:


Reboot the server Srvech01

Repositioning this url

Set-OwaVirtualDirectory -identity "SRVEXC01\owa (Default Web Site)" -externalurl $null -internalurl https://srvexc01.mrsaero.loc/owa -FormsAuthentication $true
Set-ecpVirtualDirectory -identity "SRVEXC01\ecp (Default Web Site)" -internalurl https://srvexc01.mrsaero.loc/ecp

Set-OwaVirtualDirectory -identity "SRVEXC02\owa (Default Web Site)" -externalurl $null -internalurl https://srvexc02.mrsaero.loc/owa -FormsAuthentication $true
Set-ecpVirtualDirectory -identity "SRVEXC02\ecp (Default Web Site)" -internalurl https://srvexc02.mrsaero.loc/ecp

And it works ..why ? don’t ask me please

Laurent Teruin

 

 

 

 

 


 

Posted in Non classé | Leave a Comment »

 
Suivre

Recevez les nouvelles publications par mail.

Rejoignez 223 autres abonnés