Deploying Exchange 2016 into an Exchange 2013 Organisation with MAPI over HTTPS Enabled

This issue may be encountered when migrating to Exchange 2016 from Exchange 2013 when MAPI over HTTPS is enabled.  The default Exchange 2013 MAPI over HTTPS authentication settings set IIS and Internal Authentication methods as Negotiate and External as null.  This is shown below:


The Default Exchange 2016 MAPI over HTTPS authentication settings are configured as "Ntlm, OAuth and Negotiate"


Proxying MAPI over HTTPS connections between Exchange 2016 and Exchange 2013 requires NTLM be enabled.  The default Exchange 2013 MAPI over HTTPS authentication settings will cause Outlook connectivity issues when both Exchange 2016 and Exchange 2013 are in the same Active Directory site.

The error which is generated by the Exchange Remote Connectivity Analyzer in this configuration is as follows:
 
https://testconnectivity.microsoft.com/Images/Error.png
 
 
Testing the MAPI Mail Store endpoint on the Exchange server.
 
An error occurred while testing the Mail Store.
 
https://testconnectivity.microsoft.com/Images/Minus.gif
Additional Details
 
Elapsed Time: 1243 ms.
 
https://testconnectivity.microsoft.com/Images/Minus.gif
Test Steps
 
https://testconnectivity.microsoft.com/Images/Error.png
Attempting to log on to the Mailbox.
 
An error occurred while logging on to the Mailbox.
 
https://testconnectivity.microsoft.com/Images/Minus.gif
Additional Details
 
A protocol layer error occured. MapiHttpServiceCode: 1722
FailureLID: 56412
FailureInfo:

###### REQUEST [2016-08-28T13:10:48.4483314Z] ######

POST /mapi/emsmdb/?mailboxId=a9888e6b-81d6-4495-b4b0-bcda772e782f@avantgardetechnologies.com.au HTTP/1.1
Content-Type: application/octet-stream
User-Agent: MapiHttpClient
X-RequestId: 0d3ddde1-1147-4cbe-a50b-ee75d2d1319d:2
X-ClientInfo: dfba427f-ffa7-4003-981f-a676bced12eb:1
X-ClientApplication: MapiHttpClient/15.0.4420.1017
X-RequestType: Execute
Authorization: Negotiate [truncated]
Host: mail.avantgardetechnologies.com.au
Cookie: ClientId=PAVTTKRDEJLCYBAF9MA; MapiContext=MAPIAAAAAOms6aTto+TJjNSX3/zO/s/51OTc8cP72+rY4tPh2+ragKOSpJSilaWUoZWn7QEAAAAAAAA=; MapiSequence=0-WbZNDg==; X-BackEndCookie=a9888e6b-81d6-4495-b4b0-bcda772e782f=u56Lnp2ejJqBy5nGz8vMz8/SysyaxtLLysqd0p3Jz5vSyMzKzpqbzJ2ancicgYHNz87J0s/G0s3Iq87Mxc7Pxc7G
Content-Length: 172

--- REQUEST BODY [+0.128] ---
..[BODY SIZE: 172]

--- REQUEST SENT [+0.128] ---

###### RESPONSE [+0.416] ######

HTTP/1.1 200 OK
Transfer-Encoding: chunked
request-id: 7f93a99a-4a53-4866-a978-8de3671a1dd7
X-CalculatedBETarget: leeming-exch.at.local
X-ServerApplication: Exchange/15.00.1210.002
X-RequestId: 0d3ddde1-1147-4cbe-a50b-ee75d2d1319d:2
X-ClientInfo: dfba427f-ffa7-4003-981f-a676bced12eb:1
X-RequestType: Execute
X-PendingPeriod: 30000
X-ExpirationInfo: 900000
X-ResponseCode: 0
X-DiagInfo: LEEMING-EXCH
X-BEServer: LEEMING-EXCH
Cache-Control: private
Content-Type: application/octet-stream
Set-Cookie: MapiSequence=1-S1NbMA==; path=/mapi/emsmdb; secure; HttpOnly,MapiContext=MAPIAAAAAOms6aTto+TJjNSX3/zO/s/51OTc8cP72+rY4tPh2+ragKOSpJSilaWUoZWn7QEAAAAAAAA=; path=/mapi/emsmdb; secure; HttpOnly,X-BackEndCookie=a9888e6b-81d6-4495-b4b0-bcda772e782f=u56Lnp2ejJqBy5nGz8vMz8/SysyaxtLLysqd0p3Jz5vSyMzKzpqbzJ2ancicgYHNz87J0s/G0s3Iq87Mxc7Pxc7G; expires=Tue, 27-Sep-2016 13:10:19 GMT; path=/mapi; secure; HttpOnly
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
Persistent-Auth: true
X-Powered-By: ASP.NET
X-FEServer: LEEMING-EXCH
Date: Sun, 28 Aug 2016 13:10:19 GMT

--- RESPONSE BODY [+0.416] ---
..[BODY SIZE: 4195]
PROCESSING [@2016-08-28T13:10:48.8643314Z]
DONE [+00:00:00]
X-StartTime: Sun, 28 Aug 2016 13:10:19 GMT
X-ElapsedTime: 16

..[DATA SIZE: 4112]

--- RESPONSE DONE [+0.418] ---

###### REMOTE-EXCEPTION-INFO ######

Microsoft.Exchange.Rpc.RpcException: Connection must be re-established ---> Microsoft.Exchange.RpcClientAccess.ServerUnavailableException: Connection must be re-established ---> Microsoft.Exchange.RpcClientAccess.SessionDeadException: The primary owner logon has failed. Dropping a connection. ---> Microsoft.Exchange.Data.Storage.TooManyObjectsOpenedException: Cannot open mailbox /o=AT/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=Clint Boessenaa7. ---> Microsoft.Mapi.MapiExceptionSessionLimit: MapiExceptionSessionLimit: Unable to open message store. (hr=0x80040112, ec=1246) Diagnostic context: Lid: 55847 EMSMDBPOOL.EcPoolSessionDoRpc called [length=502] Lid: 43559 EMSMDBPOOL.EcPoolSessionDoRpc returned [ec=0x0][length=256][latency=0] Lid: 52176 ClientVersion: 15.0.1210.3 Lid: 50032 ServerVersion: 15.0.1210.6003 Lid: 23226 --- ROP Parse Start --- Lid: 27962 ROP: ropLogon [254] Lid: 17082 ROP Error: 0x4DE Lid: 26937 Lid: 21921 StoreEc: 0x4DE Lid: 27962 ROP: ropExtendedError [250] Lid: 1494 ---- Remote Context Beg ---- Lid: 47536 Lid: 57936 dwParam: 0x20 Msg: MoMT Lid: 33360 dwParam: 0x21 Lid: 57384 StoreEc: 0x4DE Lid: 56872 dwParam: 0xFE Lid: 42712 StoreEc: 0x4DE Lid: 10786 dwParam: 0x0 Msg: 15.00.1210.000:Leeming-EXCH Lid: 1750 ---- Remote Context End ---- Lid: 26849 Lid: 21817 ROP Failure: 0x4DE Lid: 26297 Lid: 16585 StoreEc: 0x4DE Lid: 32441 Lid: 1706 StoreEc: 0x4DE Lid: 24761 Lid: 20665 StoreEc: 0x4DE Lid: 25785 Lid: 29881 StoreEc: 0x4DE
at Microsoft.Mapi.MapiExceptionHelper.InternalThrowIfErrorOrWarning(String message, Int32 hresult, Boolean allowWarnings, Int32 ec, DiagnosticContext diagCtx, Exception innerException)
at Microsoft.Mapi.ExRpcConnection.OpenMsgStore(OpenStoreFlag storeFlags, String mailboxDn, Guid mailboxGuid, Guid mdbGuid, String& correctServerDn, ClientIdentityInfo clientIdentityAs, String userDnAs, Boolean unifiedLogon, String applicationId, Byte[] tenantHint, CultureInfo cultureInfo)
at Microsoft.Mapi.MapiStore.OpenMapiStore(String serverDn, String userDn, String mailboxDn, Guid guidMailbox, Guid guidMdb, String userName, String domainName, String password, String httpProxyServerName, ConnectFlag connectFlags, OpenStoreFlag storeFlags, CultureInfo cultureInfo, Boolean wantRedirect, String& correctServerDN, ClientIdentityInfo clientIdentity, Boolean unifiedLogon, String applicationId, Client xropClient, Boolean wantWebServices, Byte[] clientSessionInfo, TimeSpan connectionTimeout, TimeSpan callTimeout, Byte[] tenantHint)
at Microsoft.Mapi.MapiStore.OpenMailbox(String serverDn, String userDn, Guid guidMailbox, Guid guidMdb, String userName, String domainName, String password, ConnectFlag connectFlags, OpenStoreFlag storeFlags, CultureInfo cultureInfo, ClientIdentityInfo clientIdentity, String applicationId, Byte[] tenantPartitionHint, Boolean unifiedLogon)
at Microsoft.Exchange.Data.Storage.MailboxSession.ForceOpen(MapiStore linkedStore, Boolean unifiedSession)
--- End of inner exception stack trace ---
at Microsoft.Exchange.Data.Storage.MailboxSession.ForceOpen(MapiStore linkedStore, Boolean unifiedSession)
at Microsoft.Exchange.Data.Storage.MailboxSession.Initialize(MapiStore linkedStore, LogonType logonType, IExchangePrincipal owner, DelegateLogonUser delegateUser, Object identity, OpenMailboxSessionFlags flags, GenericIdentity auxiliaryIdentity, Boolean unifiedSession)
at Microsoft.Exchange.Data.Storage.MailboxSession.<>c__DisplayClass1c.b__1a(MailboxSession mailboxSession)
at Microsoft.Exchange.Data.Storage.MailboxSession.InternalCreateMailboxSession(LogonType logonType, IExchangePrincipal owner, DelegateLogonUser delegatedUser, CultureInfo cultureInfo, String clientInfoString, IBudget budget, Action`1 initializeMailboxSession, InitializeMailboxSessionFailure initializeMailboxSessio
HTTP Response Headers:
Transfer-Encoding: chunked
request-id: 7f93a99a-4a53-4866-a978-8de3671a1dd7
X-CalculatedBETarget: leeming-exch.at.local
X-ServerApplication: Exchange/15.00.1210.002
X-RequestId: 0d3ddde1-1147-4cbe-a50b-ee75d2d1319d:2
X-ClientInfo: dfba427f-ffa7-4003-981f-a676bced12eb:1
X-RequestType: Execute
X-PendingPeriod: 30000
X-ExpirationInfo: 900000
X-ResponseCode: 0
X-DiagInfo: LEEMING-EXCH
X-BEServer: LEEMING-EXCH
Cache-Control: private
Content-Type: application/octet-stream
Set-Cookie: MapiSequence=1-S1NbMA==; path=/mapi/emsmdb; secure; HttpOnly,MapiContext=MAPIAAAAAOms6aTto+TJjNSX3/zO/s/51OTc8cP72+rY4tPh2+ragKOSpJSilaWUoZWn7QEAAAAAAAA=; path=/mapi/emsmdb; secure; HttpOnly,X-BackEndCookie=a9888e6b-81d6-4495-b4b0-bcda772e782f=u56Lnp2ejJqBy5nGz8vMz8/SysyaxtLLysqd0p3Jz5vSyMzKzpqbzJ2ancicgYHNz87J0s/G0s3Iq87Mxc7Pxc7G; expires=Tue, 27-Sep-2016 13:10:19 GMT; path=/mapi; secure; HttpOnly
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
Persistent-Auth: true
X-Powered-By: ASP.NET
X-FEServer: LEEMING-EXCH
Date: Sun, 28 Aug 2016 13:10:19 GMT
ServiceCode: 1722 Unavailable
Elapsed Time: 1243 ms.

To ensure all servers are configured correctly to proxy connections between Exchange 2013 and Exchange 2016, run the following PowerShell command:

Get-MapiVirtualDirectory | Set-MAPIVirtualDirectory -IISAuthenticationMethods Ntlm, OAuth, Negotiate


Hope this post has been helpful.

If you need IT Support in Perth, contact Avantgarde Technologies today.
 
Previous
Next Post »