We are running an Exchange 2013 server with CU9. When I access https://xxx/ews, it returns a HTTP 500. https://xxx/ews/services.wsdl returns the WSDL.
In the eventvwr I find at the same time as the HTTP 500 errors such as (Event ID 3003):
Protocol /EWS failed to perform token rehydration because source identity DOMAINNAME\USERNAME does not have token serialization permission.
and Event ID 3002:
Protocol /EWS failed to process request from identity DOMAINNAME\USERNAME. Exception: Microsoft.Exchange.Security.Authentication.BackendRehydrationException: Rehydration failed. Reason: Source server 'DOMAINNAME\USERNAME' does not have token serialization
permission.
at Microsoft.Exchange.Security.Authentication.BackendRehydrationModule.TryGetCommonAccessToken(HttpContext httpContext, Stopwatch stopwatch, CommonAccessToken& token)
at Microsoft.Exchange.Security.Authentication.BackendRehydrationModule.ProcessRequest(HttpContext httpContext)
at Microsoft.Exchange.Security.Authentication.BackendRehydrationModule.OnAuthenticateRequest(Object source, EventArgs args).
Depending on the user previously authorised in /owa, you will get different usernames. The users are not a member direct or indirect of a group like Domain Admins.
OWA works fine. But the following returns a failure:
Source ServiceEndpoint Scenario Result Latency
(MS)
------ --------------- -------- ------ -------
ws131.IVE.LOCAL ws131.ive.local Autodiscover: SOAP Provider Failure 49
ws131.IVE.LOCAL ws131.ive.local EWS: GetFolder Failure 2
How can I analyse / solve this problem? We would like to use /ews to develop Office Add-ins, but that is not possible now.
- Edited by Guido Leenders 13 hours 31 minutes ago Added text