Test-OutlookWebServices - EWS Error 1013, 401 unauthrorized
When I run the Test-OutlookWebServices, I get errors when testing the exteranl EWS url, but not the interal one. If I go to
https://internaldomain.local/EWS, I get the username/password prompt and it brings me to the XML file. When I go to
https://externaldomain.org/ews, I get the following error message from IE:
This error (HTTP 403 Forbidden) means that Internet Explorer was able to connect to the website, but it does not have permission to view the webpage. I checked the EWS vDir and it has integrated authentication set. I'm using a domain joined PC
so that shouldn't be a problem, right?
Here's the error message output from Test-OutlookWebServices
Id : 1013
Type : Error
Message : When contacting
https://externaldomain.org/EWS/Exchange.asmx received the error The request failed with HTTP status 401: Unauthorized.
Id : 1016
Type : Error
Message : [EXPR]-Error when contacting the AS service at
https://externaldomain.org/EWS/Exchange.asmx. The elapsed time was 15 milliseconds.
Any help would be appreciated.
April 7th, 2011 11:29am
Can you check the NTFS permissions on the EWS directory and see if Authenticated users are in there and have read writes?
C:\Program Files\Microsoft\Exchange Server\ClientAccess\exchweb\EWSJames Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com
Free Windows Admin Tool Kit Click here and download it now
April 7th, 2011 11:45am
I see Authenticated Users with read access...does it require write access as well?
April 7th, 2011 12:25pm
No write. From inside the network if you type
https://externaldomain.org/ews/exchange.asmx are you getting the xml output? Did you get prompted for credentials or it let you right in?James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com
Free Windows Admin Tool Kit Click here and download it now
April 7th, 2011 2:12pm
If I try to access https://externaldomain.org/ews/exchange.asmx from the internal or external network, I get the 401 Unauthorized message. I can access
https://internaldomain.local/ews/exchange.asmx internally and that goes through fine.
April 7th, 2011 2:48pm
Are you using any proxy ISA, UAG, TMG? If so you need to set basic on authentication on the EWS virtual directory. Also what version of Exchange 2007 or 2010?James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com
Free Windows Admin Tool Kit Click here and download it now
April 7th, 2011 3:21pm
It's Exchange 2007 and we are using TMG. However, I'm not the one that administered TMG. I'll try basic authentication, but can you explain as to why I need to set basic authentication for this to work when using TMG?
April 7th, 2011 4:23pm
If you're using TMG you're likely doing basic authentication delegation. The TMG does the FBA and does basic delgation to your CAS virtual directories. You can check by looking at the publishing rule in TMG.James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com
Free Windows Admin Tool Kit Click here and download it now
April 7th, 2011 5:47pm
Hi pham0329:
If James helps you to solve the problem, please mark his answer.Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
April 8th, 2011 4:06am
I just tested EWS again using the Remote Connectivity Tool and the EWS test got green checkmarks! Good. However, running Test-OutlookWebServices still returns the same error. Any idea why I was able to pass the Remote Connectivity Analyzer test
but not the Test-OutlookWebServices?
EDIT: Nvm, found the solution. If I disable the loopback check, the test passes. I renabled the loopback check and it failed. Guess I'll just live with the above errors as it's not affecting anything.
Free Windows Admin Tool Kit Click here and download it now
April 8th, 2011 1:56pm