none
[Exchange-Online] [EWS] EWS returns "Too many concurrent connections opened" when using OAuth RRS feed

  • Question

  • When executing a couple of requests to EWS Exchange Online and using OAuth, EWS starts returning:

    <m:MessageText>Too many concurrent connections opened., Cannot open mailbox.</m:MessageText>
    <m:ResponseCode>ErrorTooManyObjectsOpened</m:ResponseCode>
    

    I am familiar with the throttling limits (https://docs.microsoft.com/en-us/exchange/client-developer/exchange-web-services/ews-throttling-in-exchange?redirectedfrom=MSDN#throttling-policies-that-affect-ews) but I don’t think this is the case because the problem comes even when making 7-8 requests one after another and there isn’t any other client which is accessing the mailbox.

    The other observation is that this error comes only when using OAuth. It cannot be reproduced with Basic Authentication.

    In addition to that making calls with Basic Authentication is many times faster then using OAuth. For example getting an item by id takes around 70 ms with Basic Authentication and from 300 to 1300 ms with OAuth.

    It is easy to reproduce the problem by making several requests to get an item by id.
    For example start making POST requests with a similar body several times one after another. Use OAuth, so provide Authorization header with a token:

    <?xml version="1.0" encoding="utf-8"?>
    <soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
                   xmlns:m="http://schemas.microsoft.com/exchange/services/2006/messages" 
                   xmlns:t="http://schemas.microsoft.com/exchange/services/2006/types" 
                   xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
      <soap:Header>
        <t:RequestServerVersion Version="Exchange2016" />
    	<t:ExchangeImpersonation>
            <t:ConnectingSID>
              <t:SmtpAddress>test@test.onmicrosoft.com</t:SmtpAddress>
            </t:ConnectingSID>
        </t:ExchangeImpersonation>
      </soap:Header>
      <soap:Body>
        <m:GetItem>
          <m:ItemShape>
            <t:BaseShape>IdOnly</t:BaseShape>
            <t:AdditionalProperties>
              <t:FieldURI FieldURI="item:Subject" />
            </t:AdditionalProperties>
          </m:ItemShape>
          <m:ItemIds>
            <t:ItemId Id="AAMkAGQ5M..." />
          </m:ItemIds>
        </m:GetItem>
      </soap:Body>
    </soap:Envelope>
    

    The first several requests are successful and after about 10 requests EWS would start returning that error.

    With Basic Authentication the same request could be made 1000 times, with 20 request in parallel without a problem.

    Has anybody experienced this?

    Thanks!
    Monday, December 2, 2019 8:13 PM

Answers

  • The solution to the problem is always to set the 'X-AnchorMailbox' header for ALL requests when using impersonation. The value of this header should be the same as the impersonated mailbox.

    Setting this header greatly increases the performance, there are no throttling errors and the response time for getting item by Id is around 70ms.

    More information about the importance of this header could be found here:

    https://blogs.msdn.microsoft.com/mstehle/2013/07/25/managing-affinity-for-ews-impersonation-in-exchange-2013-and-exchange-online-w15
     
    https://blogs.msdn.microsoft.com/webdav_101/2018/06/16/best-practices-important-and-critical-headers-for-ews/
     
    https://blogs.msdn.microsoft.com/webdav_101/2015/05/11/best-practices-ews-authentication-and-access-issues/

    • Marked as answer by vladimir.kanev Monday, December 23, 2019 3:47 PM
    Monday, December 23, 2019 3:47 PM

All replies

  • We're experiencing the same problem, although we haven't tried the "Basic Authentication".

    We're currently running messages through a service bus and adding two attendees to the meeting we received from the service bus. Messages are far between maybe 1 or 2 pr. 2-3 minutes.

    The temporary fix we've made is to set a two minute sleep between every succeeded message but that's isn't scalable, so were currently looking into other fixes.

    So we figured it might be a bug or there's a way to get around this.

    Hope we find a solution :)

    Wednesday, December 4, 2019 10:29 AM
  • The other observation we have seen is that the problem comes only when using OAuth and impersonation.

    OAuth without impersonation works OK, also the response speed is similar to the one when using Basic Authentication.

    Wednesday, December 4, 2019 2:04 PM
  • The solution to the problem is always to set the 'X-AnchorMailbox' header for ALL requests when using impersonation. The value of this header should be the same as the impersonated mailbox.

    Setting this header greatly increases the performance, there are no throttling errors and the response time for getting item by Id is around 70ms.

    More information about the importance of this header could be found here:

    https://blogs.msdn.microsoft.com/mstehle/2013/07/25/managing-affinity-for-ews-impersonation-in-exchange-2013-and-exchange-online-w15
     
    https://blogs.msdn.microsoft.com/webdav_101/2018/06/16/best-practices-important-and-critical-headers-for-ews/
     
    https://blogs.msdn.microsoft.com/webdav_101/2015/05/11/best-practices-ews-authentication-and-access-issues/

    • Marked as answer by vladimir.kanev Monday, December 23, 2019 3:47 PM
    Monday, December 23, 2019 3:47 PM