Hi
I have an Exchange 2013 CU8 server (Win2012R2) in hybrid mode sitting behind a proxy server. Free busy info of online mailboxes is not working from on-premise mailboxes. I have chased the problem to EWS not appearing to use the proxy.
I have set the IE proxy. I have set the WinHTTP proxy. I have set the InternetWebProxy.
A WireShark trace also shows the token request coming directly from the server, bypassing any proxy set.
I have also tried to set the proxy directly in the web.config file of EWS, but that has no affect either.
This is really strange. Any thoughts?
Test-OAuthConnectivity -Service EWS -TargetUri https://outlook.office365.com/ews/exchange.asmx
-Mailbox onpremiseaccount@domainname.org -Verbose | fl
Produces the following output:
RunspaceId : d3d36eec-38d7-4371-8fd9-720b86ce2d1c
Task : Checking EWS API Call Under Oauth
Detail : The configuration was last successfully loaded at 06/07/2015 09:28:13 UTC. This was 49 minutes ago.
The token cache is being cleared because "use cached token" was set to false.
Exchange Outbound Oauth Log:
Client request ID: ab8fed2b-321a-4100-ae01-152bb9552aa0
Information:[OAuthCredentials:Authenticate] entering
Information:[OAuthCredentials:Authenticate] challenge from
'https://outlook.office365.com/ews/Exchange.asmx' received: Bearer
client_id="00000002-0000-0ff1-ce00-000000000000",
trusted_issuers="00000001-0000-0000-c000-000000000000@*", token_types="app_asserted_user_v1",
authorization_uri="https://login.windows.net/common/oauth2/authorize",Basic Realm=""
Information:[OAuthCredentials:GetToken] client-id: '00000002-0000-0ff1-ce00-000000000000', realm: '',
trusted_issuer:
'00000001-0000-0000-c000-000000000000@*'
Information:[OAuthCredentials:GetToken] start building a token for the user domain 'domain.org'
Information:[OAuthTokenBuilder:GetAppToken] start building the apptoken
Information:[OAuthTokenBuilder:GetAppToken] checking enabled auth servers
Information:[OAuthTokenBuilder:GetAppToken] trusted_issuer includes the auth server 'ACS':
00000001-0000-0000-c000-000000000000@9cdffd99-a391-4492-8b8b-03b8ef1da48c,
Information:[OAuthTokenBuilder:GetAppToken] updating the tenant id with the auth server realm; current
tenant id value is '', new value is '9cdffd99-a391-4492-8b8b-03b8ef1da48c'
Information:[OAuthTokenBuilder:GetAppToken] trying to get the apptoken from the auth server 'ACS' for
resource
'00000002-0000-0ff1-ce00-000000000000/outlook.office365.com@9cdffd99-a391-4492-8b8b-03b8ef1da48c'
Information:[ACSTokenCache:GetActorToken] Each key and its counts are L:00000002-0000-0ff1-ce00-000000000
000-AS:00000001-0000-0000-c000-000000000000@9cdffd99-a391-4492-8b8b-03b8ef1da48c, 0
Information:[ACSTokenCache:GetActorToken] cache size is 0
Information:[ACSTokenCache:GetActorToken] try to get a new ACS token synchronously
Information:[ACSTokenBuildRequest:BuildToken] started
Information:[ACSTokenBuildRequest:GetActorTokenFromAuthServer] Sending token request to
'https://accounts.accesscontrol.windows.net/9cdffd99-a391-4492-8b8b-03b8ef1da48c/tokens/OAuth/2' for the
resource
'00000002-0000-0ff1-ce00-000000000000/outlook.office365.com@9cdffd99-a391-4492-8b8b-03b8ef1da48c' with
token: {"typ":"JWT","alg":"RS256","x5t":"vGeyUPR3l9gDmgp4W4cFO5EhqHk"}.{"iss":"00000002-0000-0ff1-ce00-00
0000000000@9cdffd99-a391-4492-8b8b-03b8ef1da48c","aud":"00000001-0000-0000-c000-000000000000/accounts.acc
esscontrol.windows.net@9cdffd99-a391-4492-8b8b-03b8ef1da48c","nbf":1436177871,"exp":1436178471}
Error:[ACSTokenBuildRequest:GetActorTokenFromAuthServer] Unable to get the token from auth server
'https://accounts.accesscontrol.windows.net/9cdffd99-a391-4492-8b8b-03b8ef1da48c/tokens/OAuth/2'. The
request has token {"typ":"JWT","alg":"RS256","x5t":"vGeyUPR3l9gDmgp4W4cFO5EhqHk"}.{"iss":"00000002-0000-0
ff1-ce00-000000000000@9cdffd99-a391-4492-8b8b-03b8ef1da48c","aud":"00000001-0000-0000-c000-000000000000/a
ccounts.accesscontrol.windows.net@9cdffd99-a391-4492-8b8b-03b8ef1da48c","nbf":1436177871,"exp":1436178471
}, the error from ACS is , the exception is System.Net.WebException: Unable to connect to the remote
server ---> System.Net.Sockets.SocketException: A connection attempt failed because the connected party
did not properly respond after a period of time, or established connection failed because connected host
has failed to respond 191.235.135.222:443
at System.Net.Sockets.Socket.EndConnect(IAsyncResult asyncResult)
at System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure, Socket s4, Socket s6,
Socket& socket, IPAddress& address, ConnectSocketState state, IAsyncResult asyncResult, Exception&
exception)
--- End of inner exception stack trace ---
at System.Net.HttpWebRequest.EndGetRequestStream(IAsyncResult asyncResult, TransportContext& context)
at System.Net.HttpWebRequest.EndGetRequestStream(IAsyncResult asyncResult)
at Microsoft.Exchange.Security.OAuth.ACSTokenBuildRequest.GetActorTokenFromAuthServer(Boolean
throwOnError)
Error:[ACSTokenBuildRequest:GetActorTokenFromAuthServer] the inner exception is
System.Net.Sockets.SocketException (0x80004005): A connection attempt failed because the connected party
did not properly respond after a period of time, or established connection failed because connected host
has failed to respond 191.235.135.222:443
at System.Net.Sockets.Socket.EndConnect(IAsyncResult asyncResult)
at System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure, Socket s4, Socket s6,
Socket& socket, IPAddress& address, ConnectSocketState state, IAsyncResult asyncResult, Exception&
exception)
Error:Unable to get token from Auth Server. Error code: ''. Description: ''.
Exchange Response Details:
HTTP response message:
Exception:
System.Net.WebException: The request was aborted: The request was canceled. --->
Microsoft.Exchange.Security.OAuth.OAuthTokenRequestFailedException: Unable to get token from Auth
Server. Error code: ''. Description: ''. ---> System.Net.WebException: Unable to connect to the remote
server ---> System.Net.Sockets.SocketException: A connection attempt failed because the connected party
did not properly respond after a period of time, or established connection failed because connected host
has failed to respond 191.235.135.222:443
at System.Net.Sockets.Socket.EndConnect(IAsyncResult asyncResult)
at System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure, Socket s4, Socket s6,
Socket& socket, IPAddress& address, ConnectSocketState state, IAsyncResult asyncResult, Exception&
exception)
--- End of inner exception stack trace ---
at System.Net.HttpWebRequest.EndGetRequestStream(IAsyncResult asyncResult, TransportContext& context)
at System.Net.HttpWebRequest.EndGetRequestStream(IAsyncResult asyncResult)
at Microsoft.Exchange.Security.OAuth.ACSTokenBuildRequest.GetActorTokenFromAuthServer(Boolean
throwOnError)
--- End of inner exception stack trace ---
at Microsoft.Exchange.Security.OAuth.ACSTokenBuildRequest.GetActorTokenFromAuthServer(Boolean
throwOnError)
at Microsoft.Exchange.Security.OAuth.ACSTokenBuildRequest.BuildToken(Boolean throwOnError)
at Microsoft.Exchange.Security.OAuth.ACSTokenCache.GetActorToken(ACSTokenBuildRequest
tokenBuildRequest, IOutboundTracer tracer, Nullable`1 clientRequestId)
at Microsoft.Exchange.Security.OAuth.OAuthTokenBuilder.GetAppToken(String applicationId, String
destinationHost, String realmFromChallenge, IssuerMetadata[] trustedIssuersFromChallenge, String
userDomain)
at Microsoft.Exchange.Security.OAuth.OAuthTokenBuilder.GetAppWithUserToken(String applicationId,
String destinationHost, String realmFromChallenge, IssuerMetadata[] trustedIssuersFromChallenge, String
userDomain, ClaimProvider claimProvider)
at Microsoft.Exchange.Security.OAuth.OAuthCredentials.GetToken(WebRequest webRequest,
HttpAuthenticationChallenge challengeObject)
at Microsoft.Exchange.Security.OAuth.OAuthCredentials.Authenticate(String challengeString, WebRequest
webRequest, Boolean preAuthenticate)
at Microsoft.Exchange.Security.OAuth.OAuthCredentials.OAuthAuthenticationModule.Authenticate(String
challenge, WebRequest request, ICredentials credentials)
at System.Net.AuthenticationManager.Authenticate(String challenge, WebRequest request, ICredentials
credentials)
at System.Net.AuthenticationState.AttemptAuthenticate(HttpWebRequest httpWebRequest, ICredentials
authInfo)
at System.Net.HttpWebRequest.CheckResubmitForAuth()
at System.Net.HttpWebRequest.CheckResubmit(Exception& e, Boolean& disableUpload)
at System.Net.HttpWebRequest.DoSubmitRequestProcessing(Exception& exception)
at System.Net.HttpWebRequest.ProcessResponse()
at System.Net.HttpWebRequest.SetResponse(CoreResponseData coreResponseData)
--- End of inner exception stack trace ---
at System.Net.HttpWebRequest.GetResponse()
at Microsoft.Exchange.Monitoring.TestOAuthConnectivityHelper.SendExchangeOAuthRequest(ADUser user,
String orgDomain, Uri targetUri, String& diagnosticMessage, Boolean appOnly, Boolean useCachedToken,
Boolean reloadConfig)
ResultType : Error
Identity : Microsoft.Exchange.Security.OAuth.ValidationResultNodeId
IsValid : True
ObjectState : New
- Edited by agvonline 16 hours 31 minutes ago More info...
Other recent topics
