Exchange Federation Free/Busy drops the SOAP Header

When setting up a new Organization Relationship between Exchange 2013 CU3 and Exchange 2010 SP3 RU0, I found that the Test-OrganizationRelationship cmdlet was failing on the Autodiscover call. For a reminder, here is the format for the cmdlet:

    Test-OrganizationRelationship –UserIdentity user1@localdomain.com –Identity “Name of the OrgRel Object”

ERROR

The key error revealed itself with the Verbose switch enabled.

VERBOSE: [15:40:01.209 GMT] Test-OrganizationRelationship : The Client will call the Microsoft Exchange Autodiscover service using the following URL: https://autodiscover.contoso.com/autodiscover/autodiscover.svc/WSSecurity.
VERBOSE: [15:40:06.333 GMT] Test-OrganizationRelationship : The Microsoft Exchange Autodiscover service failed to be called at ‘https://autodiscover.contoso.com/autodiscover/autodiscover.svc/WSSecurity’ because the following error occurred: SoapException.Code =http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd:InvalidSecurity
Exception: System.Web.Services.Protocols.SoapHeaderException: An error occurred when verifying security for the message.

SOLUTION

After some research, I discovered a KB article published that looked similar (http://support.microsoft.com/kb/2752387). Sure enough, I checked the IIS on the targeted Exchange system and found the 500 response to the Autodiscover request from my Exchange server.

The resolution states that the EWS & Autodiscover virtual directories must be configured to allow WSSecurity Authentication. However, my Exchange 2010 server was already defined as True for WSSecurity.

Since everything appeared set correctly, I continued my testing and troubleshooting. I eventually ran out of ideas, so I decided to set the WSSecurity manually and reset IIS (for good measure). The Cmdlets used to set the required authentication:

    Get-WebServicesVirtualDirectory | Set-WebServicesVirtualDirectory -WSSecurityAuthentication $True

    Get-AutodiscoverVirtualDirectory | Set-AutodiscoverVirtualDirectory -WSSecurityAuthentication $True

To my surprise, the free/busy exchange of information began working.

    031114_1812_ExchangeFre4

Now, for Exchange 2010, the output of the Test-OrganizationRelationship will be blank. No summary of successful completion is presented, but the Verbose option will state that the steps completed successfully.

 031114_1812_ExchangeFre5

From Exchange 2013, you receive more information during the test.

 031114_1812_ExchangeFre6

SUMMARY

Don’t be afraid to set a parameter even though it appears to be configured already. Exchange does some behind the scenes setup to finalize the configuration.

Advertisements

3 thoughts on “Exchange Federation Free/Busy drops the SOAP Header

  1. Chander says:

    Thanks Chris, I was experiencing exactly same behaviour and it works after setting up auth value again to $true.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s