Share via


Inbound Federated free/busy request failing, after you recreated EWS virtual directory?

This is a quick tip / reminder in case you run into this issue. 

When an exchange related virtual directory has issue or become corrupted, most likely one of the troubleshooting steps is to Remove - X Virtual Directory and then New - X Virtual Directory to re-create it.  The External URL is the only value you need to re-populate in most case, unless you have Federation Trust setup with the Microsoft Federation Gateway. 

When you setup the trust the WSSecurityAuthentication property is change for the EWS and Autodiscover Virtual Directory from False to True.  When you just re-created the new virtual directory the default is False.

When external organization attempt to contact you Autodiscover or EWS URL, they use https://yourCASExtURL/ews/exchange.asmx/WSSecurity if the WSSecurityAuthentication is set to false IIS will just return HTTP 401 Unauthorized.

If you are having problem with other company not seeing your company’s free/busy run the follow command in Exchange Management Shell to verify if WSSecurityAuthentication is set to True.

                Get-AutodiscoverVirtualDirectory | fl Iden*,WSS*

                Get-WebServicesVirtualDirectory | fl Iden*,WSS*

Example result:

Identity                 : CLT-E2010-CAS01\EWS (Default Web Site)

WSSecurityAuthentication : True

 

Identity                 : CLT-E2010-CAS02\EWS (Default Web Site)

WSSecurityAuthentication : False

 

If you do see one of your server is set to False and the server external requests are load balanced to that server you should change that to true. 

                Get-WebServicesVirtualDirectory -server clt-e2010-cas02 | Set-WebServicesVirtualDirectory -WSSecurityAuthentication $true

It is always helpful to have result of the Get- X Virtual Directory | fl before you remove the old virtual directory so you can re-create it with the same Authentication method and URL that was previously set on the Virtual Directory.

Here are a few helpful links that can help you setup / troubleshot federation issues:

Cross Org Availability using Federation Trust and Organization Relationship

https://blogs.technet.com/b/exchange/archive/2011/06/28/cross-org-availability-using-federation-trust-and-organization-relationship.aspx

Understanding Federation

https://technet.microsoft.com/en-us/library/dd335047.aspx

 

Thanks,

John

Comments

  • Anonymous
    March 05, 2015
    Hi

    Great tip, WSSecurityAuthentication was set to false for WebServicesVirtualDirectory, changing it to true solved it.
    On premise calendars can now be reviewed by cloud users.