FIM Warning - Cannot Access Exchange Web Service

Hi,

 I'm using FIM to create AD users and mailboxes. Exchange email notifications and distribution group management is not being used.

I'm running Exchange 2010 SP 2 (ht,cas and mbx on a single server) with FIM 2010 R2 (both Exchange and FIM are running on Windows 2008 R2).

The problem I have is that FIM is logging warnings in the event log (Cannot connect to Exchange web service).

On Exchange I've configured integrated windows and forms based authentication with SSL (these settings are required to publish OWA via TMG and allow users to change their password).

The FIM service account has a mailbox, which it can logon to. 

In Microsoft.ResourceManagement.Service.config.exe I have the mailserver key configured as:

<appsettings>
< add key="mailServer" value="https://email.contoso.com/ews/exchange.asmx" />
<add key="isExchange" value="1" />
<add key="SendAsAddress" value="svc-fim@contoso.com" />
<add key="synchronizationServerName" value="SvrFIM01" />
</appsettings>

On the FIM server, if I open IE by performing a runas using the FIM service account and browse to https://email.contoso.com/ews/exchange.asmx I'm prompted for logon credentials - once I've entered I and accepted the IE warning to "show all content" I'm presented with the Exchange XML information.

1. Is there a way to stop this warning from being logged? Presumably I would need to re-configure the OWA authentication settings (something I'm not keen to do).
2. If I'm not using email notifications, what impact does a failure to contact Exchange web services have?

Thanks 


  • Edited by Aetius2012 Monday, January 26, 2015 11:50 AM
January 26th, 2015 2:46pm

Are you able to provision mailboxes successfully??

Is anything failing, besides the log noise?

Free Windows Admin Tool Kit Click here and download it now
January 26th, 2015 6:15pm

Mailboxes are successfully created and nothing is failing, so yes, it just seems to be log noise.

I'm wondering how many people have similar issues when publishing OWA

January 26th, 2015 7:20pm

These errors are, indeed, very common.  So here is what I suggest you do.

1. Check if the Exchange Certificate has been installed, try the link https://email.contoso.com/ews/exchange.asmx logged as FIM Service account.

If you get certificate error, install it in Trusted People Store of this service account. 

2. Make sure the name of the CAS Server or alias matches the one of given in the Cert.

Free Windows Admin Tool Kit Click here and download it now
January 26th, 2015 7:28pm

The Exchange cert has been installed and is trusted. The issue I'm getting when I try to browse using IE is that IE prompts for a login (even if iexplore.exe is running as the FIM service account). The certificate SAN matches.

The only IE related warning I'm receiving isn't certificate related (see below)


  • Edited by Aetius2012 Monday, January 26, 2015 5:05 PM
January 26th, 2015 8:04pm

there is no SSO and you have to provide creds always.
Free Windows Admin Tool Kit Click here and download it now
January 26th, 2015 8:13pm

That's just not true, you should be able to browse to https://email.contoso.com/ews/exchange.asmx and be presented with the relevant XML by Exchange without requiring a logon (I've tested in a second FIM environment and it works)
January 27th, 2015 12:05pm

I was referring to OWA, not the asmx page.
Free Windows Admin Tool Kit Click here and download it now
January 27th, 2015 7:45pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics