Exchange 2013 Hybrid EWS not using proxy

Hi

I have an Exchange 2013 CU8 server (Win2012R2) in hybrid mode sitting behind a proxy server. Free busy info of online mailboxes is not working from on-premise mailboxes. I have chased the problem to EWS not appearing to use the proxy.

I have set the IE proxy. I have set the WinHTTP proxy. I have set the InternetWebProxy.

A WireShark trace also shows the token request coming directly from the server, bypassing any proxy set.

I have also tried to set the proxy directly in the web.config file of EWS, but that has no affect either.

This is really strange. Any thoughts?

Test-OAuthConnectivity -Service EWS -TargetUri https://outlook.office365.com/ews/exchange.asmx
-Mailbox onpremiseaccount@domainname.org -Verbose | fl

Produces the following output:

RunspaceId  : d3d36eec-38d7-4371-8fd9-720b86ce2d1c
Task        : Checking EWS API Call Under Oauth
Detail      : The configuration was last successfully loaded at 06/07/2015 09:28:13 UTC. This was 49 minutes ago.
              The token cache is being cleared because "use cached token" was set to false.
              Exchange Outbound Oauth Log:
              Client request ID: ab8fed2b-321a-4100-ae01-152bb9552aa0
              Information:[OAuthCredentials:Authenticate] entering
              Information:[OAuthCredentials:Authenticate] challenge from
              'https://outlook.office365.com/ews/Exchange.asmx' received: Bearer
              client_id="00000002-0000-0ff1-ce00-000000000000",
              trusted_issuers="00000001-0000-0000-c000-000000000000@*", token_types="app_asserted_user_v1",
              authorization_uri="https://login.windows.net/common/oauth2/authorize",Basic Realm=""
              Information:[OAuthCredentials:GetToken] client-id: '00000002-0000-0ff1-ce00-000000000000', realm: '',
              trusted_issuer: '00000001-0000-0000-c000-000000000000@*'
              Information:[OAuthCredentials:GetToken] start building a token for the user domain 'domain.org'
              Information:[OAuthTokenBuilder:GetAppToken] start building the apptoken
              Information:[OAuthTokenBuilder:GetAppToken] checking enabled auth servers
              Information:[OAuthTokenBuilder:GetAppToken] trusted_issuer includes the auth server 'ACS':
              00000001-0000-0000-c000-000000000000@9cdffd99-a391-4492-8b8b-03b8ef1da48c,
              Information:[OAuthTokenBuilder:GetAppToken] updating the tenant id with the auth server realm; current
              tenant id value is '', new value is '9cdffd99-a391-4492-8b8b-03b8ef1da48c'
              Information:[OAuthTokenBuilder:GetAppToken] trying to get the apptoken from the auth server 'ACS' for
              resource
              '00000002-0000-0ff1-ce00-000000000000/outlook.office365.com@9cdffd99-a391-4492-8b8b-03b8ef1da48c'
              Information:[ACSTokenCache:GetActorToken] Each key and its counts are L:00000002-0000-0ff1-ce00-000000000
              000-AS:00000001-0000-0000-c000-000000000000@9cdffd99-a391-4492-8b8b-03b8ef1da48c, 0
              Information:[ACSTokenCache:GetActorToken] cache size is 0
              Information:[ACSTokenCache:GetActorToken] try to get a new ACS token synchronously
              Information:[ACSTokenBuildRequest:BuildToken] started
              Information:[ACSTokenBuildRequest:GetActorTokenFromAuthServer] Sending token request to
              'https://accounts.accesscontrol.windows.net/9cdffd99-a391-4492-8b8b-03b8ef1da48c/tokens/OAuth/2' for the
              resource
              '00000002-0000-0ff1-ce00-000000000000/outlook.office365.com@9cdffd99-a391-4492-8b8b-03b8ef1da48c' with
              token: {"typ":"JWT","alg":"RS256","x5t":"vGeyUPR3l9gDmgp4W4cFO5EhqHk"}.{"iss":"00000002-0000-0ff1-ce00-00
              0000000000@9cdffd99-a391-4492-8b8b-03b8ef1da48c","aud":"00000001-0000-0000-c000-000000000000/accounts.acc
              esscontrol.windows.net@9cdffd99-a391-4492-8b8b-03b8ef1da48c","nbf":1436177871,"exp":1436178471}
              Error:[ACSTokenBuildRequest:GetActorTokenFromAuthServer] Unable to get the token from auth server
              'https://accounts.accesscontrol.windows.net/9cdffd99-a391-4492-8b8b-03b8ef1da48c/tokens/OAuth/2'. The
              request has token {"typ":"JWT","alg":"RS256","x5t":"vGeyUPR3l9gDmgp4W4cFO5EhqHk"}.{"iss":"00000002-0000-0
              ff1-ce00-000000000000@9cdffd99-a391-4492-8b8b-03b8ef1da48c","aud":"00000001-0000-0000-c000-000000000000/a
              ccounts.accesscontrol.windows.net@9cdffd99-a391-4492-8b8b-03b8ef1da48c","nbf":1436177871,"exp":1436178471
              }, the error from ACS is , the exception is System.Net.WebException: Unable to connect to the remote
              server ---> System.Net.Sockets.SocketException: A connection attempt failed because the connected party
              did not properly respond after a period of time, or established connection failed because connected host
              has failed to respond 191.235.135.222:443
                 at System.Net.Sockets.Socket.EndConnect(IAsyncResult asyncResult)
                 at System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure, Socket s4, Socket s6,
              Socket& socket, IPAddress& address, ConnectSocketState state, IAsyncResult asyncResult, Exception&
              exception)
                 --- End of inner exception stack trace ---
                 at System.Net.HttpWebRequest.EndGetRequestStream(IAsyncResult asyncResult, TransportContext& context)
                 at System.Net.HttpWebRequest.EndGetRequestStream(IAsyncResult asyncResult)
                 at Microsoft.Exchange.Security.OAuth.ACSTokenBuildRequest.GetActorTokenFromAuthServer(Boolean
              throwOnError)
              Error:[ACSTokenBuildRequest:GetActorTokenFromAuthServer] the inner exception is
              System.Net.Sockets.SocketException (0x80004005): A connection attempt failed because the connected party
              did not properly respond after a period of time, or established connection failed because connected host
              has failed to respond 191.235.135.222:443
                 at System.Net.Sockets.Socket.EndConnect(IAsyncResult asyncResult)
                 at System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure, Socket s4, Socket s6,
              Socket& socket, IPAddress& address, ConnectSocketState state, IAsyncResult asyncResult, Exception&
              exception)
              Error:Unable to get token from Auth Server. Error code: ''. Description: ''.

              Exchange Response Details:
              HTTP response message:
              Exception:
              System.Net.WebException: The request was aborted: The request was canceled. --->
              Microsoft.Exchange.Security.OAuth.OAuthTokenRequestFailedException: Unable to get token from Auth
              Server. Error code: ''. Description: ''. ---> System.Net.WebException: Unable to connect to the remote
              server ---> System.Net.Sockets.SocketException: A connection attempt failed because the connected party
              did not properly respond after a period of time, or established connection failed because connected host
              has failed to respond 191.235.135.222:443
                 at System.Net.Sockets.Socket.EndConnect(IAsyncResult asyncResult)
                 at System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure, Socket s4, Socket s6,
              Socket& socket, IPAddress& address, ConnectSocketState state, IAsyncResult asyncResult, Exception&
              exception)
                 --- End of inner exception stack trace ---
                 at System.Net.HttpWebRequest.EndGetRequestStream(IAsyncResult asyncResult, TransportContext& context)
                 at System.Net.HttpWebRequest.EndGetRequestStream(IAsyncResult asyncResult)
                 at Microsoft.Exchange.Security.OAuth.ACSTokenBuildRequest.GetActorTokenFromAuthServer(Boolean
              throwOnError)
                 --- End of inner exception stack trace ---
                 at Microsoft.Exchange.Security.OAuth.ACSTokenBuildRequest.GetActorTokenFromAuthServer(Boolean
              throwOnError)
                 at Microsoft.Exchange.Security.OAuth.ACSTokenBuildRequest.BuildToken(Boolean throwOnError)
                 at Microsoft.Exchange.Security.OAuth.ACSTokenCache.GetActorToken(ACSTokenBuildRequest
              tokenBuildRequest, IOutboundTracer tracer, Nullable`1 clientRequestId)
                 at Microsoft.Exchange.Security.OAuth.OAuthTokenBuilder.GetAppToken(String applicationId, String
              destinationHost, String realmFromChallenge, IssuerMetadata[] trustedIssuersFromChallenge, String
              userDomain)
                 at Microsoft.Exchange.Security.OAuth.OAuthTokenBuilder.GetAppWithUserToken(String applicationId,
              String destinationHost, String realmFromChallenge, IssuerMetadata[] trustedIssuersFromChallenge, String
              userDomain, ClaimProvider claimProvider)
                 at Microsoft.Exchange.Security.OAuth.OAuthCredentials.GetToken(WebRequest webRequest,
              HttpAuthenticationChallenge challengeObject)
                 at Microsoft.Exchange.Security.OAuth.OAuthCredentials.Authenticate(String challengeString, WebRequest
              webRequest, Boolean preAuthenticate)
                 at Microsoft.Exchange.Security.OAuth.OAuthCredentials.OAuthAuthenticationModule.Authenticate(String
              challenge, WebRequest request, ICredentials credentials)
                 at System.Net.AuthenticationManager.Authenticate(String challenge, WebRequest request, ICredentials
              credentials)
                 at System.Net.AuthenticationState.AttemptAuthenticate(HttpWebRequest httpWebRequest, ICredentials
              authInfo)
                 at System.Net.HttpWebRequest.CheckResubmitForAuth()
                 at System.Net.HttpWebRequest.CheckResubmit(Exception& e, Boolean& disableUpload)
                 at System.Net.HttpWebRequest.DoSubmitRequestProcessing(Exception& exception)
                 at System.Net.HttpWebRequest.ProcessResponse()
                 at System.Net.HttpWebRequest.SetResponse(CoreResponseData coreResponseData)
                 --- End of inner exception stack trace ---
                 at System.Net.HttpWebRequest.GetResponse()
                 at Microsoft.Exchange.Monitoring.TestOAuthConnectivityHelper.SendExchangeOAuthRequest(ADUser user,
              String orgDomain, Uri targetUri, String& diagnosticMessage, Boolean appOnly, Boolean useCachedToken,
              Boolean reloadConfig)

ResultType  : Error
Identity    : Microsoft.Exchange.Security.OAuth.ValidationResultNodeId
IsValid     : True
ObjectState : New


  • Edited by agvonline 16 hours 31 minutes ago More info...
July 6th, 2015 10:44am

Hi agvline,

Thank you for your question.

We could refer to the following steps to troubleshoot:

  1.        Make sure Anonymous, Basic and Windows Authentication were already enabled on EWS.
  2.        Then check if there are old pubic folder associated with mailbox databases, if that we could delete the reference using ADSIEDIT.

If there are any questions regarding this issue, please be free to let me know.

Best Regard,

Jim

Free Windows Admin Tool Kit Click here and download it now
July 7th, 2015 2:39am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics