I have a single exchange 2010 server that was migrated from 2003. Everything works fine .. except testing on remote analyzer. I can connect remotely from Outlook 2007/2001; owa works .. etc. EWS is failing though as i am unable to connect via Apple Mail. I have rebuilt all VD's in IIS, removed & readded the CAS role .. nothing seems to rid this error. The mailbox used for testing is new and has never been logged into, so therefore contains nothing. I have verified the IIS permissions against 3 other working exchange 2010 servers. (not in this domain) Ensuring that the test mailbox folder is empty and accessible. ExRCA couldn't confirm that the folder is accessible and empty. Additional Details Exception details: Message: The request failed. The remote server returned an error: (403) Forbidden. Type: Microsoft.Exchange.WebServices.Data.ServiceRequestException Stack trace: at Microsoft.Exchange.WebServices.Data.ServiceRequestBase.GetEwsHttpWebResponse(IEwsHttpWebRequest request) at Microsoft.Exchange.WebServices.Data.MultiResponseServiceRequest`1.Execute() at Microsoft.Exchange.WebServices.Data.ExchangeService.BindToFolder[TFolder](FolderId folderId, PropertySet propertySet) at Microsoft.Exchange.Tools.ExRca.Tests.EnsureEmptyFolderTest.PerformTestReally() Exception details: Message: The remote server returned an error: (403) Forbidden. Type: System.Net.WebException Stack trace: at System.Net.HttpWebRequest.GetResponse() at Microsoft.Exchange.WebServices.Data.EwsHttpWebRequest.Microsoft.Exchange.WebServices.Data.IEwsHttpWebRequest.GetResponse() at Microsoft.Exchange.WebServices.Data.ServiceRequestBase.GetEwsHttpWebResponse(IEwsHttpWebRequest request) [PS] C:\Windows\system32>Test-OutlookWebServices |fl RunspaceId : c07a4fb9-8a44-4c78-9909-ca610646ab9f Id : 1013 Type : Error Message : When contacting https://exch01.elcofnwflorida.org/EWS/Exchange.asmx received the error The request failed with HTTP status 403: Forbidden. RunspaceId : c07a4fb9-8a44-4c78-9909-ca610646ab9f Id : 1025 Type : Error Message : [EXCH] Error contacting the AS service at https://exch01.elcofnwflorida.org/EWS/Exchange.asmx. Elapsed tim e was 724 milliseconds. RunspaceId : c07a4fb9-8a44-4c78-9909-ca610646ab9f Id : 1026 Type : Success Message : [EXCH] Successfully contacted the UM service at https://exch01.elcofnwflorida.org/EWS/Exchange.asmx. The e lapsed time was 15 milliseconds. RunspaceId : c07a4fb9-8a44-4c78-9909-ca610646ab9f Id : 1013 Type : Error Message : When contacting https://mail.elcnwf.org/ews/exchange.asmx received the error The request failed with HTTP status 403: Forbidden. RunspaceId : c07a4fb9-8a44-4c78-9909-ca610646ab9f Id : 1025 Type : Error Message : [EXPR] Error contacting the AS service at https://mail.elcnwf.org/ews/exchange.asmx. Elapsed time was 31 m illiseconds. RunspaceId : c07a4fb9-8a44-4c78-9909-ca610646ab9f Id : 1026 Type : Success Message : [EXPR] Successfully contacted the UM service at https://mail.elcnwf.org/ews/exchange.asmx. The elapsed tim e was 0 milliseconds. RunspaceId : c07a4fb9-8a44-4c78-9909-ca610646ab9f Id : 1113 Type : Error Message : When contacting https://exch01.elcofnwflorida.org/ews/exchange.asmx received the error The request failed with HTTP status 403: Forbidden. RunspaceId : c07a4fb9-8a44-4c78-9909-ca610646ab9f Id : 1125 Type : Error Message : [Server] Error contacting the AS service at https://exch01.elcofnwflorida.org/ews/exchange.asmx. Elapsed t ime was 15 milliseconds. RunspaceId : c07a4fb9-8a44-4c78-9909-ca610646ab9f Id : 1126 Type : Success Message : [Server] Successfully contacted the UM service at https://exch01.elcofnwflorida.org/ews/exchange.asmx. The elapsed time was 0 milliseconds. -- Jeremy McSpadden Flux Labs

Check for Firewall Rules - Exceptions Set

Windows Firewall is disabled.-- Jeremy McSpadden Flux Labs

Hi Jeremy, From the test outcome, the internal URL of Availability service is not available. Error code 403 might be caused by various factors (See http://support.microsoft.com/kb/943891). I would suggest you test the URL in internal client via IE and then check the IIS log for the detailed error code. Besides, verify the permission and the certificate should be helpful. Refer to: http://blogs.technet.com/b/exchange/archive/2010/09/23/3411146.aspx. Fiona Liao TechNet Community Support

Hi Jeremy, From the test outcome, the internal URL of Availability service is not available. Error code 403 might be caused by various factors (See http://support.microsoft.com/kb/943891). I would suggest you test the URL in internal client via IE and then check the IIS log for the detailed error code. Besides, verify the permission and the certificate should be helpful. Refer to: http://blogs.technet.com/b/exchange/archive/2010/09/23/3411146.aspx. Thanks for the reply .. I have looked at these, and everything matches up. The only 403 errors I am seeing in IIS are: 2011-12-23 19:12:29 10.0.0.231 POST /ews/exchange.asmx ;RC:34ac99aa-dd97-4659-a00e-fcb60bfad427;Init>>Conn:0,HangingConn:0,AD:30000/30000/0%,CAS:54000/54000/0%,AB:30000/30000/0%,RPC:36000/36000/0%,FC:1000/0,Policy:DefaultThrottlingPolicy_b69f82d3-7945-4e12-ba00-a6354ac7c108,Norm,Sub:5000/0;NoAccess.SoapAction=m:GetFolder;Version=1;RpcC=0;RpcL=0;LdapC=0;LdapL=0;End(0ms)>>Conn:1,HangingConn:0,AD:30000/30000/0%,CAS:54000/54000/0%,AB:30000/30000/0%,RPC:36000/36000/0%,FC:1000/0,Policy:DefaultThrottlingPolicy_b69f82d3-7945-4e12-ba00-a6354ac7c108,Norm,Sub:5000/0; 443 ELC\blank 207.46.14.52 ExchangeServicesClient/15.00.0224.000 403 0 0 148 POST /ews/exchange.asmx ;RC:31533194-a7e1-4475-9c2b-a3e6a9b2918a;Init>>Conn:0,HangingConn:0,AD:30000/30000/0%,CAS:54000/54000/0%,AB:30000/30000/0%,RPC:36000/36000/0%,FC:1000/0,Policy:[Fallback],Norm,Sub:5000/0;NoAccess.End(0ms)>>Conn:1,HangingConn:0,AD:30000/30000/0%,CAS:54000/54000/0%,AB:30000/30000/0%,RPC:36000/36000/0%,FC:1000/0,Policy:[Fallback],Norm,Sub:5000/0; 443 ELC\EXCH01$ ::1 Mozilla/4.0+(compatible;+MSIE+6.0;+MS+Web+Services+Client+Protocol+2.0.50727.5448) 403 0 0 0 The line that worries me is : ELC\EXCH01$ ::1 Mozilla/4.0+(compatible;+MSIE+6.0;+MS+Web+Services+Client+Protocol+2.0.50727.5448) 403 0 0 0 Not sure why the computer account is getting a 403. I have reset the computer account and cannot see any errors in system logs regarding authentication to the domain.-- Jeremy McSpadden Flux Labs

Hi, What authentication methods do you have configured for EWS? Check with Get-WebServicesVirtualDirectory | fl Identity,*auth*Martina Miskovic - http://www.nic2012.com/

Hi, What authentication methods do you have configured for EWS? Check with Get-WebServicesVirtualDirectory | fl Identity,*auth* Martina Miskovic - http://www.nic2012.com/ [PS] C:\Windows\system32>Get-WebServicesVirtualDirectory | fl Identity,*auth* Identity : EXCH02\EWS (Default Web Site) CertificateAuthentication : InternalAuthenticationMethods : {Ntlm, WindowsIntegrated, WSSecurity} ExternalAuthenticationMethods : {Ntlm, WindowsIntegrated, WSSecurity} LiveIdSpNegoAuthentication : False WSSecurityAuthentication : True LiveIdBasicAuthentication : False BasicAuthentication : False DigestAuthentication : False WindowsAuthentication : True Identity : EXCH01\EWS (Default Web Site) CertificateAuthentication : InternalAuthenticationMethods : {Ntlm, WindowsIntegrated, WSSecurity} ExternalAuthenticationMethods : {Ntlm, WindowsIntegrated, WSSecurity} LiveIdSpNegoAuthentication : False WSSecurityAuthentication : True LiveIdBasicAuthentication : False BasicAuthentication : False DigestAuthentication : False WindowsAuthentication : True -- Jeremy McSpadden Flux Labs