Monday, September 12, 2016

Deploying Exchange 2016 into an Exchange 2013 Organisation with MAPI over HTTPS Enabled

This issue may be encountered when migrating to Exchange 2016 from Exchange 2013 when MAPI over HTTPS is enabled.  The default Exchange 2013 MAPI over HTTPS authentication settings set IIS and Internal Authentication methods as Negotiate and External as null.  This is shown below:


The Default Exchange 2016 MAPI over HTTPS authentication settings are configured as "Ntlm, OAuth and Negotiate"


Proxying MAPI over HTTPS connections between Exchange 2016 and Exchange 2013 requires NTLM be enabled.  The default Exchange 2013 MAPI over HTTPS authentication settings will cause Outlook connectivity issues when both Exchange 2016 and Exchange 2013 are in the same Active Directory site.

The error which is generated by the Exchange Remote Connectivity Analyzer in this configuration is as follows:
 
https://testconnectivity.microsoft.com/Images/Error.png
 
 
Testing the MAPI Mail Store endpoint on the Exchange server.
 
An error occurred while testing the Mail Store.
 
https://testconnectivity.microsoft.com/Images/Minus.gif
Additional Details
 
Elapsed Time: 1243 ms.
 
https://testconnectivity.microsoft.com/Images/Minus.gif
Test Steps
 
https://testconnectivity.microsoft.com/Images/Error.png
Attempting to log on to the Mailbox.
 
An error occurred while logging on to the Mailbox.
 
https://testconnectivity.microsoft.com/Images/Minus.gif
Additional Details
 
A protocol layer error occured. MapiHttpServiceCode: 1722
FailureLID: 56412
FailureInfo:

###### REQUEST [2016-08-28T13:10:48.4483314Z] ######

POST /mapi/emsmdb/?mailboxId=a9888e6b-81d6-4495-b4b0-bcda772e782f@avantgardetechnologies.com.au HTTP/1.1
Content-Type: application/octet-stream
User-Agent: MapiHttpClient
X-RequestId: 0d3ddde1-1147-4cbe-a50b-ee75d2d1319d:2
X-ClientInfo: dfba427f-ffa7-4003-981f-a676bced12eb:1
X-ClientApplication: MapiHttpClient/15.0.4420.1017
X-RequestType: Execute
Authorization: Negotiate [truncated]
Host: mail.avantgardetechnologies.com.au
Cookie: ClientId=PAVTTKRDEJLCYBAF9MA; MapiContext=MAPIAAAAAOms6aTto+TJjNSX3/zO/s/51OTc8cP72+rY4tPh2+ragKOSpJSilaWUoZWn7QEAAAAAAAA=; MapiSequence=0-WbZNDg==; X-BackEndCookie=a9888e6b-81d6-4495-b4b0-bcda772e782f=u56Lnp2ejJqBy5nGz8vMz8/SysyaxtLLysqd0p3Jz5vSyMzKzpqbzJ2ancicgYHNz87J0s/G0s3Iq87Mxc7Pxc7G
Content-Length: 172

--- REQUEST BODY [+0.128] ---
..[BODY SIZE: 172]

--- REQUEST SENT [+0.128] ---

###### RESPONSE [+0.416] ######

HTTP/1.1 200 OK
Transfer-Encoding: chunked
request-id: 7f93a99a-4a53-4866-a978-8de3671a1dd7
X-CalculatedBETarget: leeming-exch.at.local
X-ServerApplication: Exchange/15.00.1210.002
X-RequestId: 0d3ddde1-1147-4cbe-a50b-ee75d2d1319d:2
X-ClientInfo: dfba427f-ffa7-4003-981f-a676bced12eb:1
X-RequestType: Execute
X-PendingPeriod: 30000
X-ExpirationInfo: 900000
X-ResponseCode: 0
X-DiagInfo: LEEMING-EXCH
X-BEServer: LEEMING-EXCH
Cache-Control: private
Content-Type: application/octet-stream
Set-Cookie: MapiSequence=1-S1NbMA==; path=/mapi/emsmdb; secure; HttpOnly,MapiContext=MAPIAAAAAOms6aTto+TJjNSX3/zO/s/51OTc8cP72+rY4tPh2+ragKOSpJSilaWUoZWn7QEAAAAAAAA=; path=/mapi/emsmdb; secure; HttpOnly,X-BackEndCookie=a9888e6b-81d6-4495-b4b0-bcda772e782f=u56Lnp2ejJqBy5nGz8vMz8/SysyaxtLLysqd0p3Jz5vSyMzKzpqbzJ2ancicgYHNz87J0s/G0s3Iq87Mxc7Pxc7G; expires=Tue, 27-Sep-2016 13:10:19 GMT; path=/mapi; secure; HttpOnly
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
Persistent-Auth: true
X-Powered-By: ASP.NET
X-FEServer: LEEMING-EXCH
Date: Sun, 28 Aug 2016 13:10:19 GMT

--- RESPONSE BODY [+0.416] ---
..[BODY SIZE: 4195]
PROCESSING [@2016-08-28T13:10:48.8643314Z]
DONE [+00:00:00]
X-StartTime: Sun, 28 Aug 2016 13:10:19 GMT
X-ElapsedTime: 16

..[DATA SIZE: 4112]

--- RESPONSE DONE [+0.418] ---

###### REMOTE-EXCEPTION-INFO ######

Microsoft.Exchange.Rpc.RpcException: Connection must be re-established ---> Microsoft.Exchange.RpcClientAccess.ServerUnavailableException: Connection must be re-established ---> Microsoft.Exchange.RpcClientAccess.SessionDeadException: The primary owner logon has failed. Dropping a connection. ---> Microsoft.Exchange.Data.Storage.TooManyObjectsOpenedException: Cannot open mailbox /o=AT/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=Clint Boessenaa7. ---> Microsoft.Mapi.MapiExceptionSessionLimit: MapiExceptionSessionLimit: Unable to open message store. (hr=0x80040112, ec=1246) Diagnostic context: Lid: 55847 EMSMDBPOOL.EcPoolSessionDoRpc called [length=502] Lid: 43559 EMSMDBPOOL.EcPoolSessionDoRpc returned [ec=0x0][length=256][latency=0] Lid: 52176 ClientVersion: 15.0.1210.3 Lid: 50032 ServerVersion: 15.0.1210.6003 Lid: 23226 --- ROP Parse Start --- Lid: 27962 ROP: ropLogon [254] Lid: 17082 ROP Error: 0x4DE Lid: 26937 Lid: 21921 StoreEc: 0x4DE Lid: 27962 ROP: ropExtendedError [250] Lid: 1494 ---- Remote Context Beg ---- Lid: 47536 Lid: 57936 dwParam: 0x20 Msg: MoMT Lid: 33360 dwParam: 0x21 Lid: 57384 StoreEc: 0x4DE Lid: 56872 dwParam: 0xFE Lid: 42712 StoreEc: 0x4DE Lid: 10786 dwParam: 0x0 Msg: 15.00.1210.000:Leeming-EXCH Lid: 1750 ---- Remote Context End ---- Lid: 26849 Lid: 21817 ROP Failure: 0x4DE Lid: 26297 Lid: 16585 StoreEc: 0x4DE Lid: 32441 Lid: 1706 StoreEc: 0x4DE Lid: 24761 Lid: 20665 StoreEc: 0x4DE Lid: 25785 Lid: 29881 StoreEc: 0x4DE
at Microsoft.Mapi.MapiExceptionHelper.InternalThrowIfErrorOrWarning(String message, Int32 hresult, Boolean allowWarnings, Int32 ec, DiagnosticContext diagCtx, Exception innerException)
at Microsoft.Mapi.ExRpcConnection.OpenMsgStore(OpenStoreFlag storeFlags, String mailboxDn, Guid mailboxGuid, Guid mdbGuid, String& correctServerDn, ClientIdentityInfo clientIdentityAs, String userDnAs, Boolean unifiedLogon, String applicationId, Byte[] tenantHint, CultureInfo cultureInfo)
at Microsoft.Mapi.MapiStore.OpenMapiStore(String serverDn, String userDn, String mailboxDn, Guid guidMailbox, Guid guidMdb, String userName, String domainName, String password, String httpProxyServerName, ConnectFlag connectFlags, OpenStoreFlag storeFlags, CultureInfo cultureInfo, Boolean wantRedirect, String& correctServerDN, ClientIdentityInfo clientIdentity, Boolean unifiedLogon, String applicationId, Client xropClient, Boolean wantWebServices, Byte[] clientSessionInfo, TimeSpan connectionTimeout, TimeSpan callTimeout, Byte[] tenantHint)
at Microsoft.Mapi.MapiStore.OpenMailbox(String serverDn, String userDn, Guid guidMailbox, Guid guidMdb, String userName, String domainName, String password, ConnectFlag connectFlags, OpenStoreFlag storeFlags, CultureInfo cultureInfo, ClientIdentityInfo clientIdentity, String applicationId, Byte[] tenantPartitionHint, Boolean unifiedLogon)
at Microsoft.Exchange.Data.Storage.MailboxSession.ForceOpen(MapiStore linkedStore, Boolean unifiedSession)
--- End of inner exception stack trace ---
at Microsoft.Exchange.Data.Storage.MailboxSession.ForceOpen(MapiStore linkedStore, Boolean unifiedSession)
at Microsoft.Exchange.Data.Storage.MailboxSession.Initialize(MapiStore linkedStore, LogonType logonType, IExchangePrincipal owner, DelegateLogonUser delegateUser, Object identity, OpenMailboxSessionFlags flags, GenericIdentity auxiliaryIdentity, Boolean unifiedSession)
at Microsoft.Exchange.Data.Storage.MailboxSession.<>c__DisplayClass1c.b__1a(MailboxSession mailboxSession)
at Microsoft.Exchange.Data.Storage.MailboxSession.InternalCreateMailboxSession(LogonType logonType, IExchangePrincipal owner, DelegateLogonUser delegatedUser, CultureInfo cultureInfo, String clientInfoString, IBudget budget, Action`1 initializeMailboxSession, InitializeMailboxSessionFailure initializeMailboxSessio
HTTP Response Headers:
Transfer-Encoding: chunked
request-id: 7f93a99a-4a53-4866-a978-8de3671a1dd7
X-CalculatedBETarget: leeming-exch.at.local
X-ServerApplication: Exchange/15.00.1210.002
X-RequestId: 0d3ddde1-1147-4cbe-a50b-ee75d2d1319d:2
X-ClientInfo: dfba427f-ffa7-4003-981f-a676bced12eb:1
X-RequestType: Execute
X-PendingPeriod: 30000
X-ExpirationInfo: 900000
X-ResponseCode: 0
X-DiagInfo: LEEMING-EXCH
X-BEServer: LEEMING-EXCH
Cache-Control: private
Content-Type: application/octet-stream
Set-Cookie: MapiSequence=1-S1NbMA==; path=/mapi/emsmdb; secure; HttpOnly,MapiContext=MAPIAAAAAOms6aTto+TJjNSX3/zO/s/51OTc8cP72+rY4tPh2+ragKOSpJSilaWUoZWn7QEAAAAAAAA=; path=/mapi/emsmdb; secure; HttpOnly,X-BackEndCookie=a9888e6b-81d6-4495-b4b0-bcda772e782f=u56Lnp2ejJqBy5nGz8vMz8/SysyaxtLLysqd0p3Jz5vSyMzKzpqbzJ2ancicgYHNz87J0s/G0s3Iq87Mxc7Pxc7G; expires=Tue, 27-Sep-2016 13:10:19 GMT; path=/mapi; secure; HttpOnly
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
Persistent-Auth: true
X-Powered-By: ASP.NET
X-FEServer: LEEMING-EXCH
Date: Sun, 28 Aug 2016 13:10:19 GMT
ServiceCode: 1722 Unavailable
Elapsed Time: 1243 ms.

To ensure all servers are configured correctly to proxy connections between Exchange 2013 and Exchange 2016, run the following PowerShell command:

Get-MapiVirtualDirectory | Set-MAPIVirtualDirectory -IISAuthenticationMethods Ntlm, OAuth, Negotiate


Hope this post has been helpful.

If you need IT Support in Perth, contact Avantgarde Technologies today.
 

2 comments:

  1. Real love Spell to Get your ex back very fast online!
    My name is Claire Griffiths from UK, When my husband breakup with me, I was so frustrated and i could not know what next to do again, I love my husband so much but he was cheating on me with another woman and this makes him break up with me so that he can be able to get marred to the other lady and this lady i think use witchcraft on my husband to make him hate me and my kids and this was so critical and uncalled-for,I cry all day and night for God to send me a helper to get back my man until i went to London to see a friend and who was having the same problem with me but she latter got her husband back and i asked her how she was able to get her husband back and she told me that their was a powerful spell caster called Dr.Unity that he help with love spell in getting back lost lover back, and i decided to contact the same Dr.Unity and he told me what is needed to be done for me to have my man back and i did it although i doubted it but i did it and the Dr told me that i will get the result after 28hours, and he told me that my husband was going to call me and i still doubted his word, to my surprise my husband really called me and told me that he miss me so much, Oh My God! i was so happy, and today i am happy with my man again and we are joyfully living together as one big family and i thank the powerful spell caster Dr.Unity of Unityspelltemple@gmail.com, he is so powerful and i decided to share my story on the internet that Dr.Unity is best spell caster online who i will always pray to live long to help his children in the time of trouble, if you are there and your lover is turning you down, or your husband moved to another woman, do not cry anymore, contact this powerful spell caster Dr.Unity on his email: Unityspelltemple@gmail.com or Add him up on Whats-app: +2348071622464,
    visit his website for more details:http://unityspelltemple.yolasite.com .

    ReplyDelete
  2. BEST SPELL CASTER ONLINE TO GET YOUR EX LOVER BACK,contact Dr.Unity of Unityspelltemple@gmail.com


    I've been married to my husband for 13yrs.A very big problem occurred in my Marriage seven months ago, between me and my husband. so terrible that he took the case to court for a divorce. he said that he never wanted to stay with me again,and that he didn't love me anymore.So he packed out of the house and made me and my children passed through severe pain. I tried all my possible means to get him back,after much begging,but all to no avail.and he confirmed it that he has made his decision,and he never wanted to see me again. So on one evening,as i was coming back from work,i met an old friend of mine who asked of my husband .So i explained every thing to him,so he told me that the only way i can get my husband back,is to visit a spell caster,because it has really worked for him too.So i never believed in spell,but i had no other choice,than to follow his advice. Then he gave me the email address of the spell caster whom he visited.[ Unityspelltemple@gmail.com ]. So the next morning,i sent a mail to the address he gave to me,and the spell caster assured me that i will get my husband back the next day. What an amazing statement!! I never believed,so he spoke with me, and told me everything that i need to do. Then the next morning, So surprisingly, my husband who didn't call me for the past 7 months, gave me a call to inform me that he was coming back. So Amazing!! So that was how he came back that same day,with lots of love and joy,and he apologized for his mistake,and for the pain he caused me and my children. Then from that day,our relationship was now stronger than how it were before,by the help of a spell caster. So, i will advice you out there if you have any problem contact Dr.Unity, I give you 100% guarantee that he will help you.Email him at:Unityspelltemple@gmail.com ,you can also call or Add him on Whats-app: +2348071622464 , visit his website for more details:http://unityspelltemple.yolasite.com .

    ReplyDelete