Troubleshooting Exchange
We do Exchange discovery look-ups in four ways:
- LDAP
- SCP
- EWS
- autodiscover
Troubleshooting all that can be challenging.
Contents |
LDAP Browser
http://www.ldapbrowser.com/download.htm
This is just a browser so is safe to use, it can't change anything. The thing is to log in using the credentials you gave Retain, if you can do that it will work for an archive job. But in real life it will be more difficult than that. Log in as the Administrator user to find the actual credentials and path of the ApplicationImpersonation account. Then go back and figure out how to log in to AD with them and see all of the tree. Then make sure Retain is set with those properties and use the EWSEditor Log Viewer Tool to find how it works or fails.
EWSEditor
http://ewseditor.codeplex.com/ A more dangerous tool since it can change entries. Log in as the Impersonation user to the Impersonation Mailbox Use the Autodiscover Viewer Tool to attempt to access other mailboxes on the system and
MS Remote Connectivity Tester
https://testconnectivity.microsoft.com/ An online tool that can be helpful to narrow down issues.
Exchange Management Shell
In the Exchange Management Shell, not the regular powershell, on the Exchange server run the following command:
Get-WebServicesVirtualDirectory | fl >C:\ews.txt
The results should look something like this:
RunspaceId : d446f9af-4c01-45f2-b0a8-86d53c08288f
CertificateAuthentication :
InternalNLBBypassUrl :
GzipLevel : Low
MRSProxyEnabled : False
Name : EWS (Default Web Site)
InternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated, WSSecurity, OAuth}
ExternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated, WSSecurity, OAuth}
LiveIdNegotiateAuthentication :
WSSecurityAuthentication : True
LiveIdBasicAuthentication : False
BasicAuthentication : True
DigestAuthentication : False
WindowsAuthentication : True
OAuthAuthentication : True
AdfsAuthentication : False
MetabasePath : IIS://MAIL.ad.sol.net/W3SVC/1/ROOT/EWS
Path : C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\EWS
ExtendedProtectionTokenChecking : None
ExtendedProtectionFlags : {}
ExtendedProtectionSPNList : {}
AdminDisplayVersion : Version 15.0 (Build 847.32)
Server : MAIL
InternalUrl : https://mail.ad.sol.net/EWS/Exchange.asmx
ExternalUrl :
AdminDisplayName :
ExchangeVersion : 0.10 (14.0.100.0)
DistinguishedName : CN=EWS (Default Web Site),CN=HTTP,CN=Protocols,CN=MAIL,CN=Servers,CN=Exchange
Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=sol,CN=Microsoft
Exchange,CN=Services,CN=Configuration,DC=ad,DC=sol,DC=net
Identity : MAIL\EWS (Default Web Site)
Guid : c2fff449-1522-469b-bc62-a605b914a317
ObjectCategory : ad.sol.net/Configuration/Schema/ms-Exch-Web-Services-Virtual-Directory
ObjectClass : {top, msExchVirtualDirectory, msExchWebServicesVirtualDirectory}
WhenChanged : 7/31/2014 5:25:12 PM
WhenCreated : 7/31/2014 5:25:12 PM
WhenChangedUTC : 7/31/2014 11:25:12 PM
WhenCreatedUTC : 7/31/2014 11:25:12 PM
OrganizationId :
OriginatingServer : MAIL.ad.sol.net
IsValid : True
ObjectState : Changed
This is a quick report of the systems settings. The important thing to check is that BasicAuthentication is set to True.
