none
EWS API 2.0 - Issues with impersonation on Exchange 2007SP1 servers RRS feed

  • Question

  • I am working with the EWSAPI 2.0 on a VB.NET application which essentially collects stats on mailboxes on Exchange servers.  My code seems to work fine with Exchange 2010 and 2013 servers, but I cannot seem to get it to work with Exchange 2007SP1 servers.  On Exchange 2007SP1, it seems that the API is not passing on the impersonation account credentials. 

    Here are IIS logs from the Exchange 2007SP1 server (running on Windows 2003 SP2):
    2013-12-05 19:38:54 W3SVC1 169.254.64.50 POST /ews/exchange.asmx - 443 - 169.254.64.50 ExchangeServicesClient/15.00.0516.014 401 2 2148074254
    2013-12-05 19:38:54 W3SVC1 169.254.64.50 POST /ews/exchange.asmx - 443 - 169.254.64.50 ExchangeServicesClient/15.00.0516.014 401 1 0
    2013-12-05 19:38:54 W3SVC1 169.254.64.50 POST /ews/exchange.asmx - 443 - 169.254.64.50 ExchangeServicesClient/15.00.0516.014 401 1 0
    2013-12-05 19:38:55 W3SVC1 169.254.64.50 POST /ews/exchange.asmx - 443 - 169.254.64.50 ExchangeServicesClient/15.00.0516.014 401 2 2148074254

    Logs from Exchange 2010 on Windows 2008 R2:
    2013-12-05 19:25:05 192.168.200.30 POST /ews/exchange.asmx - 443 EVEXAMPLE\emaproxy 192.168.200.31 ExchangeServicesClient/15.00.0516.014 200 0 0 13
    2013-12-05 19:25:05 192.168.200.30 POST /ews/exchange.asmx - 443 - 192.168.200.31 ExchangeServicesClient/15.00.0516.014 401 0 0 1
    2013-12-05 19:25:05 192.168.200.30 POST /ews/exchange.asmx - 443 EVEXAMPLE\emaproxy 192.168.200.31 ExchangeServicesClient/15.00.0516.014 200 0 0 15
    2013-12-05 19:25:06 192.168.200.30 POST /ews/exchange.asmx - 443 - 192.168.200.31 ExchangeServicesClient/15.00.0516.014 401 0 0 0
    2013-12-05 19:25:06 192.168.200.30 POST /ews/exchange.asmx - 443 EVEXAMPLE\emaproxy 192.168.200.31 ExchangeServicesClient/15.00.0516.014 200 0 0 13
    2013-12-05 19:25:06 192.168.200.30 POST /ews/exchange.asmx - 443 - 192.168.200.31 ExchangeServicesClient/15.00.0516.014 401 0 0 1

    Exchange 2013:
    2013-12-05 18:25:44 198.178.166.60 POST /ews/exchange.asmx - 443 VISTA\ewsproxy 198.178.166.150 ExchangeServicesClient/15.00.0516.014 - 200 0 0 62
    2013-12-05 18:25:44 198.178.166.60 POST /ews/exchange.asmx - 443 - 198.178.166.150 ExchangeServicesClient/15.00.0516.014 - 401 0 0 15
    2013-12-05 18:25:44 198.178.166.60 POST /ews/exchange.asmx - 443 VISTA\ewsproxy 198.178.166.150 ExchangeServicesClient/15.00.0516.014 - 200 0 0 218
    2013-12-05 18:25:44 198.178.166.60 POST /ews/exchange.asmx - 443 - 198.178.166.150 ExchangeServicesClient/15.00.0516.014 - 401 0 0 31
    2013-12-05 18:25:44 198.178.166.60 POST /ews/exchange.asmx - 443 VISTA\ewsproxy 198.178.166.150 ExchangeServicesClient/15.00.0516.014 - 200 0 0 15
    2013-12-05 18:25:44 198.178.166.60 POST /ews/exchange.asmx - 443 - 198.178.166.150 ExchangeServicesClient/15.00.0516.014 - 401 0 0 0

    Note how the Exchange 2010 and 2013 IIS logs show the impersonation account while Exchange 2007 does not.  Here is a snippet of the code that I am using:
     Dim oService As ExchangeService
            If shortVersion = 11 Then ' 2007 sp1
                oService = New ExchangeService(ExchangeVersion.Exchange2007_SP1)
            ElseIf shortVersion = 20 Then ' 2010
                oService = New ExchangeService(ExchangeVersion.Exchange2010)
            ElseIf shortVersion = 21 Then ' 2010 sp1
                oService = New ExchangeService(ExchangeVersion.Exchange2010_SP1)
            ElseIf shortVersion = 22 Then ' 2010 sp2
                oService = New ExchangeService(ExchangeVersion.Exchange2010_SP2)
            ElseIf shortVersion = 30 Then ' 2013
                oService = New ExchangeService(ExchangeVersion.Exchange2013)
            Else
                sCError = "Exchange version not set!"
                Return False
            End If

            'URI
            Dim sServerURI As String = ""
            If bUseSSL = False Then
                sServerURI = "http://" & msCASServer & "/ews/exchange.asmx"
            ElseIf bUseSSL = True Then
                sServerURI = "https://" & msCASServer & "/ews/exchange.asmx"
            End If
            Dim oURL As New Uri(sServerURI)
            oService.Url = oURL

            oService.Credentials = New NetworkCredential(sUserName, sUserPassword, sDomain)
            TrustAllCertificatePolicy.OverrideCertificateValidation()
            oService.ImpersonatedUserId = New ImpersonatedUserId(ConnectingIdType.SmtpAddress, sEmail)

            'connect to root folder
            Dim oRoot As Folder

            Try
                oRoot = Folder.Bind(oService, WellKnownFolderName.MsgFolderRoot)
            Catch ex As Exception
                sCError = ex.Message
                MsgBox("Error while accessing CAS for " & msExchServer & ":  " & ex.Message & " - Check to make sure that the CAS URL is correct and that the user specified has impersonation rights on the Exchange server.  URL: " & oService.Url.ToString)
                Return False
            End Try

    The 401 error occurs when trying to bind to the root folder of the mailbox.  I have following the directions on setting up impersonation for Exchange 2007SP1 here:

    http://msdn.microsoft.com/en-us/library/bb204095%28EXCHG.80%29.aspx

    http://calendarservermigration.blogspot.in/2007/08/exchange-2007-impersonation-debugging.html

    Any suggestions on what to check would be greatly appreciated.

    Thursday, December 5, 2013 7:51 PM