none
[E2007][EWS 1.0][C#] Autodiscover 401 Error RRS feed

  • Question

  • I am having problems using Autodiscover on an Exchange 2007 environment to discover the URL to connect to a given mailbox with my C# code.  This is code that is working just fine at many customer sites running Exchange 2007 (as well as Exchange 2010).  This seems to be a problem that only is happening within one of my internal development environments.  Here's the particulars about my Exchange 2007 dev world:

    • Server 2008 R2 running as the DC for the internal test domain (name is:  rwj2007.local)
    • Server 2008 R2 running the CAS and HUB Transport roles.
    • Server 2008 R2 running the Mailbox role.
    • Exchange 2007 SP3 (version is 8.3 - Build 83.6) running on the CAS/HUB and the Mailbox servers.

    The Autodiscover URL returned to me is:  https://RWJ2007-HUB.rwj2007.local/Autodiscover/Autodiscover.xml.

     

    I have researched this error (401 - Unauthorized) extensively and can find nothing that is wrong in my dev environment, yet I cannnot establish a connection.  Test-OutlookWebServices also fails with this error.  Note that I am able to successfully establish an OWA connection with mailboxes within this world with no trouble.  I am logged into the domain with the domain admin account (also has full privileges in the Exchange world).

     

    Before I give up and burn an MSDN help call, I thought I'd try posting here and see if anyone might have any thoughts / suggestions as to what in the world is going on here.  Could it be that even though I'm running SP3 of Exchange, it just doesn't work properly with Server 2008 R2?

     

    Thanks in advance for any help / advice...

     

    Rob

     

    Tuesday, January 18, 2011 11:26 PM

Answers

  • Thought I would followup with the solution to this problem.  I finally gave in and burned an MSDN subscription incident and called Microsoft.  After several excruciating hours, the solution turned out to be simple:

    1. Delete the Autodiscover Virtual Directory and the EWS Virtual Directory (both on the CAS machine).
    2. Re-create both virtual directories.

     

    That was it!

     

    Rob

    • Marked as answer by Rob Jones Monday, April 4, 2011 3:15 PM
    Monday, April 4, 2011 3:15 PM

All replies

  • Hello Rob,

    First off, thank you for reading the forum guide.

    I don't have an idea (well, I do have one, just one) about what might be causing your error. The only thing that comes to mind is that there may be a setting on the domain admin account or a security group that is limiting access (based on this). Is your domain admin account mail-enabled? Could you also try using another mail-enabled account and see if you have access with it?

    And while we are here, reasons to not mail-enable a domain admin account (Rob, I understand that this is your dev environment but I just want to make sure I call this out)

    With regards,


    Michael | Microsoft Exchange SDK

    The Exchange Development Forum Guide has useful information for using the Exchange Development Forum.

    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Wednesday, January 19, 2011 12:06 AM
    Moderator
  • Michael,

     

    Thanks for your reply.  Unfortunately, I am unable to find any security settings associated with any account ('normal' user or my domain admin account) that would appear to be inhibiting my ability to use Autodiscover.

    As I mentioned, I do have a correctly working Exchange 2010 world, so I thought I'd try a test.  I installed EWS  Editor on the machine in my Exchange 2007 world that I've been using for this test, and also in a machine in my Exchange 2010 world that I know is able to run my software correctly - i.e., it successfully 'finds' Autodiscover and can use it to retrieve the connection URLs for a given mailbox.  When I told EWS Editor to try to use Autodiscover to connect to a mailbox, it failed in the Exchange 2007 world (as I expected) and was successful in the Exchange 2010 world.  I then examined the chatter log on each instance of the EWS Editor, looking for differences - here's what I found. The first six log entries are essentially the same (obviously the domain names are different).  But with the seventh entry, something interesting occurs - below are the two entries:

     

    Exchange 2007

    <EwsLogEntry EntryKind="AutodiscoverConfiguration" ThreadId="1" Timestamp="1/17/2011 2:15:14 PM">Host returned enabled endpoint flags: Legacy</EwsLogEntry>

     

    Exchange 2010

    p.p1 {margin: 0.0px 0.0px 0.0px 0.0px; font: 12.0px Helvetica}

    <EwsLogEntry EntryKind="AutodiscoverConfiguration" ThreadId="1" Timestamp="1/18/2011 1:20:22 PM">Host returned enabled endpoint flags: Legacy, Soap, WsSecurity</EwsLogEntry>

     

    Notice that the functioning world returns three endpoints (Legacy, Soap, and WsSecurity) while the non-functioning request only returned a Legacy endpoint.  Do you suppose this could be the source of my problem?  (I have tried to determine how I would change this setting, but as of yet, I have no idea how I can configure these endpoints).

     

    Thanks again, Michael for taking the time to help.

     

    Rob

     

    Wednesday, January 19, 2011 4:29 PM
  • Hello Rob,

    No, I don't believe that to be the source of your problem. That is expected. The legacy Autodiscover endpoint is available in 2007/2010 while the SOAP Autodiscover service is only available in 2010.

    Interesting. Using the same account, can you use either Outlook 2007 or Outlook 2010 to Autodiscover the endpoint? Outlook uses the legacy Autodiscover endpoint.

    1. Ctrl+rt-click on the Outlook icon in the system tray.
    2. lt-click on Test E-mail Autoconfiguration.
    3. Check the Use Autodiscover checkbox.
    4. Click the Test button.

    I'm interested to find out whether it returns the AUtodiscover information. If Autodiscover information is returned, then it leads me to believe that there is something wrong with the EWS Managed API or we are missing something in your use of the EWS Managed API. If Autodiscover information is not returned, then it will lead me to look into the configuration of Autodiscover.

    Did you try using Autodiscover with a normal mailbox in addition to the domain admin?

    WIth regards,


    Michael | Microsoft Exchange SDK

    The Exchange Development Forum Guide has useful information for using the Exchange Development Forum.

    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Wednesday, January 19, 2011 5:44 PM
    Moderator
  • To do the Outlook test you requested, I did this:

    Created a new Windows 7 Pro x64 VM, and joined it to my RWJ2007 domain.

    Logged in to the Win7 machine with my administrator's credentials (these are the credentials I've been using during the failed Test-OutlookWebServices).

    Installed Office 2010.

    Ran Outlook 2010, and let it drag me through the initial setup to connect to my Exchange 2007 world.  This worked flawlessly.

     

    While Outlook 2010 was running, I rt-clicked on the System Tray icon and ran the Test E-mail Autoconfiguration test, providing the mailbox credentials (same admin credentials as always) and checking only the Use Autodiscover checkbox (unchecked the other two).  This test appeared to be successful.  Below are the results:

     

    Results Tab

    Autoconfiguration has started, this may take up to a minute

    Autoconfiguration found the following settings:

    Display Name: Administrator

    Internal OWA URL: https://rwj2007-hub.rwj2007.local/owa

    Protocol:  Exchange RPC

    Server: RWJ2007-MB1.rwj2007.local

    Login Name: Administrator

    Availability Service: URL: https://rwj2007.hub.rwj2007.local/EWS/Exchange.asmx

    OOF URL: https://rwj2007-hub.rwj2007.local/EWS/Exchange.asmx

    OAB URL: https://rwj2007-hub.rwj2007.local/OAB/48845534-04d0-45a0-af66-7657cfc79b49/

    Unified Message Service URL: https://rwj2007-hub.rwj2007.local/UnifiedMessaging/Service.asmx

    Auth Package: Unspecified

     

     

    XML Tab

    <?xml version="1.0" encoding="utf-8"?>

    <Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">

      <Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">

        <User>

          <DisplayName>Administrator</DisplayName>

          <LegacyDN>/o=RWJ Dev 2007/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=Administrator</LegacyDN>

          <DeploymentId>f5c158d3-cb70-4d57-a7b5-f62ef2c20bc8</DeploymentId>

        </User>

        <Account>

          <AccountType>email</AccountType>

          <Action>settings</Action>

          <Protocol>

            <Type>EXCH</Type>

            <Server>RWJ2007-MB1.rwj2007.local</Server>

            <ServerDN>/o=RWJ Dev 2007/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=RWJ2007-MB1</ServerDN>

            <ServerVersion>72038053</ServerVersion>

            <MdbDN>/o=RWJ Dev 2007/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=RWJ2007-MB1/cn=Microsoft Private MDB</MdbDN>

            <AD>RWJ2007-DC.rwj2007.local</AD>

            <ASUrl>https://rwj2007-hub.rwj2007.local/EWS/Exchange.asmx</ASUrl>

            <EwsUrl>https://rwj2007-hub.rwj2007.local/EWS/Exchange.asmx</EwsUrl>

            <OOFUrl>https://rwj2007-hub.rwj2007.local/EWS/Exchange.asmx</OOFUrl>

            <UMUrl>https://rwj2007-hub.rwj2007.local/UnifiedMessaging/Service.asmx</UMUrl>

            <OABUrl>http://rwj2007-hub.rwj2007.local/OAB/48845534-04d0-45a0-af66-7657cfc79b49/</OABUrl>

          </Protocol>

          <Protocol>

            <Type>WEB</Type>

            <Internal>

              <OWAUrl AuthenticationMethod="Basic, Ntlm, WindowsIntegrated">https://rwj2007-hub.rwj2007.local/owa</OWAUrl>

              <Protocol>

                <Type>EXCH</Type>

                <ASUrl>https://rwj2007-hub.rwj2007.local/EWS/Exchange.asmx</ASUrl>

              </Protocol>

            </Internal>

          </Protocol>

        </Account>

      </Response>

    </Autodiscover>

     

     

    Log Tab

    Attempting URL https://RWJ2007-HUB.rwj2007.local/Autodiscover/Autodiscover.xml found through SCP

    Autodiscover to https://RWJ2007-HUB.rwj2007.local/Autodiscover/Autodiscover.xml starting

    Autodiscover to https://RWJ2007-HUB.rwj2007.local/Autodiscover/Autodiscover.xml Succeeded (0x00000000)

     

     

    I should also tell you that my code is NOT using the EWS Managed API.  I wrote my code before that API became available; all I had for a guide was the most excellent book "Inside Microsoft Exchange Server 2007 Web Services".

     

    Thanks again for your help, Michael!

     

    Rob

    Wednesday, January 19, 2011 8:21 PM
  • Thought I would followup with the solution to this problem.  I finally gave in and burned an MSDN subscription incident and called Microsoft.  After several excruciating hours, the solution turned out to be simple:

    1. Delete the Autodiscover Virtual Directory and the EWS Virtual Directory (both on the CAS machine).
    2. Re-create both virtual directories.

     

    That was it!

     

    Rob

    • Marked as answer by Rob Jones Monday, April 4, 2011 3:15 PM
    Monday, April 4, 2011 3:15 PM