none
EWS Managed API doesn't work OK on IIS RRS feed

  • Question

  • Hi All,

    I faced a question. I develop a website which using EWS Managed API 1.1 to access the emails.

    It works ok on Visual Studio 2010. But when I deploy it on IIS, it doesn't work OK.

    THe error message is "The Autodiscover service couldn't be located"

    Can anyone help me how to fix the error?

    Should I configure something on IIS?

    (I use "http" to deploy my website, not "https". Will it course the error?)

    Sunday, April 17, 2011 3:48 AM

Answers

  • Tee Han,

    Is the role of the "website visitor" anonymous? If so, why is the web site visitor anonymous (or undefined)? I believe that the organizer of a meeting must have a mailbox.  
    What triggers the change in organizer from "website visitor" to who actually organized the meeting?

    This sounds similar to the scenario where a class will be offered but the teacher of the class is undefined and is to be determined later.

    The organizer property is read-only.

    You won't be able to use SMTP to perform this task.

    As I understand it, I don't think the scenario you have specified will work (since Organizer is read-only). The best work around will be to make an account that does the scheduling and then update the Subject and/or Body properties with the organizers information.

    With regards,


    Michael | Microsoft Exchange SDK

    The Exchange Development Forum Guide has useful information for using the Exchange Development Forum.

    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    • Marked as answer by Tee Han Wednesday, May 18, 2011 3:05 AM
    Monday, May 16, 2011 6:05 PM
    Moderator

All replies

  • That error means that the security context the code is running under doesn't have rights to make the Autodiscover query make sure you specify the credentials before you do the autodiscover.

    Cheers
    Glen

    Tuesday, April 19, 2011 10:05 AM
  • Hi Glen,

    The website is Windows Intergrated, the AD loggedon user should use this website to book a meeting room. After he finishes the booking, the system will send a meeting request on behalf of the loggedon user.

    So I just set "service.UseDefaultCredentials = true;"  It doesn't work on IIS. It will have an error message: 401 Unauthorized.

    Is it possible to transfer the defaultCredential from the web server to Exchange Server via IIS? How to do this?

     

    I failed to solve the problem, abut find another two ways to set permission on a specified account. One is delegate, another is impersonate. But both of them need to set permission via Exchange Management Console. And the permission is on user, if a new account created, we need to set the permission on it. It's inconvenient.

    Could you help me to give me some advice?

     

    Best regards,

    Tee Han

    Thursday, May 12, 2011 6:48 PM
  • Tee Han,

    The security context that you described is the service account that is running the web site. So, "service.UseDefaultCredential = true;" indicates that default credentials of the account that is running the web site is used to make the Autodiscover request. I imagine that the 1) the service account does not have access to the Exchange Server, and 2) that it does not have the Exchange Impersonation privileges to make the query on behalf of ('as') the user. If you perform a search of this forum, you should find more information on your scenario.

    Here are similar posts:

    http://social.technet.microsoft.com/Forums/en-US/exchangesvrdevelopment/thread/4ab42ee6-29be-4349-9b10-38526a4bc912
    http://social.technet.microsoft.com/Forums/en-US/exchangesvrdevelopment/thread/8bcc0322-cd6a-49df-8342-24828135d0d3

    Here is a search of the forums for other useful posts:

    http://social.technet.microsoft.com/Search/en-US/?query=web%20site%20service%20account&rq=meta:Search.MSForums.ForumID(9d18fb17-7824-4a44-a58d-42928bc3a451)+site:microsoft.com&rn=Development+Forum

    With regards,


    Michael | Microsoft Exchange SDK

    The Exchange Development Forum Guide has useful information for using the Exchange Development Forum.

    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Thursday, May 12, 2011 8:05 PM
    Moderator
  • Hi Michael,

    The Exhcange Impersonation privileges are created on the user. It means that if a new account created in the domain, we need to add the Exchange Impersonation privileges before he visits the web site. It's inconvenient for the customer to manage the privileges. And there are 2000 accounts in the company, it means we would create 2000 pieces of Exchange Impersonation privileges.

    Is there any convenient way to achieve the function?

     

    Best regards,

    Tee Han

    Friday, May 13, 2011 12:07 AM
  • Hello Tee Han,

    You can scope Exchange Impersonation to security groups instead of individual users. That way, you create a single Exchange Impersonation privilege and it is applied to all users in the security group. This applies to Exchange 2010. What version of Exchange are you using?

    http://msdn.microsoft.com/en-us/library/bb204095(v=EXCHG.140).aspx

    With regards,


    Michael | Microsoft Exchange SDK

    The Exchange Development Forum Guide has useful information for using the Exchange Development Forum.

    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Friday, May 13, 2011 3:40 PM
    Moderator
  • Customer Environment is Exchange 2007 SP1.

    Can this apply to Exchange Server 2007 Sp1?

     

    Thank you so much.

    Tee Han

    Friday, May 13, 2011 5:12 PM
  • Tee han,

    Exchange 2007 doesn't allow you the option to set impersonation on security groups. Instructions for setting on users and databases are here:

    http://msdn.microsoft.com/en-us/library/bb204095(v=EXCHG.80).aspx

    Here is a good post on options for Exchange Impersonation:

    http://social.technet.microsoft.com/Forums/en-US/exchangesvradmin/thread/99468d36-e997-456e-93da-db896d3ba2d9

    With regards,


    Michael | Microsoft Exchange SDK

    The Exchange Development Forum Guide has useful information for using the Exchange Development Forum.

    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Friday, May 13, 2011 5:29 PM
    Moderator
  • Hi Michael,

    Thanks for your apply.

    It means that the impersonation cannot set on security groups, and must set on users and databases. But if a new user created in the AD, and it needs to add the impersonate privillege manually. It seems inconvenient.

    My orginal requirement is that:  I develop a meeting room booking system, each website vistor can book a meeting room via the system. After he finished the room booking, the system will send a meeting request, and the meeting organizer is the vistor.

    Is it possible to achieve this function?

    Customer Company has 2000+ employees, and they thinks that impersonate privillege is set on each user, so it will create 2000+ pieces of impersonate privillege, and if a new employee come into their company, we need to add the impersonate privillege on the new user account. It seems terrible. They cannot let a person to do this job.

    So, is it possible to achieve this function? If impersonation cannot work, any other ways can achieve this function, such as delegation?

     

    Best regards,

    Tee Han

     

    Friday, May 13, 2011 6:25 PM
  • Hi Michael,

    Is that Ok to change the organizer of the Meeting Request? It means whether I can configure a credential with specified account and password, then change the organizer of the meeting request.

    If I can do this, it will also achieve the function.

    But how to do this then? Is it possible?

     

    Best regards,

    Tee Han

    Sunday, May 15, 2011 4:24 PM
  • Hello Tee Han,

    When you state that the "meeting organizer is the visitor", do you mean that they are an attendee? If so, since the person that is requesting the meeting does not need to be the organizer, then create a room mailbox (assuming your rooms have mailboxes) that has the web site service account as a delegate (or use impersonation). That way it doesn't matter who the user is and then you don't need to worry about whether they exist in a database that has impersonation privileges.  The user that requests the meeting on the web site is included as an attendee. 

    With regards, 


    Michael | Microsoft Exchange SDK

    The Exchange Development Forum Guide has useful information for using the Exchange Development Forum.

    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Monday, May 16, 2011 2:57 PM
    Moderator
  • Hello Michael,

    Thank you for your reply. Maybe I'm not clearly to express my requirements.

    The "website vistor" open the "Meeting Room Booking System", then he will book a meeting room (choose time, location, attendees, write the subject, body, attachment, etc). After he finishes the actions, the website will send a meeting request which the organizer is the "website visitor".

    All the actions and effects just like when we book a meeting room via our outlook. Finially, the visitor will be the organizer.

     

    I think if the EWS cannot do this, is there any other ways to achieve this requirement?

    Is it OK to send a meeting request via SMTP not web service, and let the web site service account on behalf of the requester?

     

    I know when we send a normal email via SMTP, we can set the "FROM" of "MailMessage". 

     

    Could you give me some advice?

     

    THank you very much.

     

    Best regards,

    Tee Han

    Monday, May 16, 2011 4:56 PM
  • Tee Han,

    Is the role of the "website visitor" anonymous? If so, why is the web site visitor anonymous (or undefined)? I believe that the organizer of a meeting must have a mailbox.  
    What triggers the change in organizer from "website visitor" to who actually organized the meeting?

    This sounds similar to the scenario where a class will be offered but the teacher of the class is undefined and is to be determined later.

    The organizer property is read-only.

    You won't be able to use SMTP to perform this task.

    As I understand it, I don't think the scenario you have specified will work (since Organizer is read-only). The best work around will be to make an account that does the scheduling and then update the Subject and/or Body properties with the organizers information.

    With regards,


    Michael | Microsoft Exchange SDK

    The Exchange Development Forum Guide has useful information for using the Exchange Development Forum.

    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    • Marked as answer by Tee Han Wednesday, May 18, 2011 3:05 AM
    Monday, May 16, 2011 6:05 PM
    Moderator
  • Hi Michael,

    The website is Windows Integrated, and not anonymous. Each vistor is an AD account, and has mailbox.

    I know organizer property is read-only.

    As you said, the best work around will be to make an account that does the scheduling. But can I change the organizer displayed in the meeting request?

    Because I saw a website can send the meeting request by a service account, and the organizer of the meeting request is the mail address of "website visitor" who create the meeting request via the website.

    P.S. I asked some information about that website which I described right now. It sends the meeting request via SMTP, not web service. But I cannot get the code.

    Best regards,

    Tee Han

     

     


    Monday, May 16, 2011 6:21 PM
  • Hi Michael,

    I solve the problem by using smtp to send the meeting request.

    Thank you for your great help in these days.

     

    Best regards,

    Tee Han

    Wednesday, May 18, 2011 3:06 AM
  • It seems like a good workaround, but not the actual solution. I am still waiting for response for my post related to similar issue. I guess the problem lies within the trust between the ASP.Net app and IIS and has nothing to do with the permissions or impersonation at the Exchange Server side


    Saturday, January 25, 2014 1:36 AM