Exchange 2010 SP3 OWA with certificate based authentication

Similar Messages

• ActiveSync with Certificate-Based Authentication

  We are trying to setup ActiveSync with certificate-based authentication against Exchange 2010 SP2, but with no luck.
  What has been done so far:
  OWA over https works fine. A public, trusted certificate is in place.
  Setup ActiveSync against this Exchange server: works fine, using user name/password.
  Issued a user cert, signed with an internal CA, CA-cert successfully imported into al client devices.
  Created a new OWA-site with cert-based authentication (just to make sure it works), imported user certificate into a mac, visit this OWA site - cert-based authentication works fine.
  Now, with the configuration utility, created configuration profile with that user cert and an ActiveSync account, left password blank and chose the imported cert (p12) as authentication means.
  After installing that last profile the device keeps asking for a password and refuses to synchronize. Logs on the server show error 401.2, so I assume iPhone is ignoring the cert and is trying to use password-authentication instead.
  The devices tested were iPhone 3G with IOS 4 and iPad 2 with IOS 5.
  Any help will be greatly appreciated.
  Roman.

  No-one with this experience?
  We've done some network analysis (as much as was possible to decrypt) and could see, that the server sends an SSL-Alert (rejection?) to the client after the client presents the certificate.
  That explains why the client falls back to password-authentication, but it does not tell us why the server rejects the cert (that is accepted perfectly when accessed from a browser) in first place.

• MfE with Certificate Based Authentication on E6

  Hello,
  I've been trying to setup MfE on my E6 but I can't find a way to configure it to use a personal certificate, I even tried using "Nokia Configuration Tool" but it tells me that my device does not support MfE with Certificate Based Authentication, I get "Invalid Credentials" when using a username & password.
  I get the same error on both Anna and Belle.
  Any help would be appreciated.
  Thanks

  Better give the MfE configuration in detail.
  Also please advise the if the server is a real Microsoft Exchange Server or a third-party mail service such as Gmail or Live.
  bbao
  * If this post helped you, please click the white Kudo star.
  * If this post has solved your issue, please click Accept as Solution.

• Exchange 2013 - How to configure Outlook Anywhere with certificate based authentication?

  Hello,
  is it possible to secure Outlook Anywhere in Exchange 2013 with certficate based authentication?
  I found documentation to configure CBA for OWA and ActiveSync, but not for Outlook Anywhere.
  We would like to secure external access to the mailboxes via Outlook by using CBA.
  Thanks a lot in advance!
  Regards,
  André

  Hi,
  Let’s begin with the answer in the following thread:
  http://social.technet.microsoft.com/Forums/en-US/e4b44ff0-4416-44e6-aa78-be4c1c03f433/twofactor-authentication-outlook-anywhere-2010?forum=exchange2010
  Based on my experience, Outlook client only has the following three authentication methods:Basic, NTML, Negotiate. And for more information about Security for Outlook Anywhere, you can refer to the following article:
  http://technet.microsoft.com/en-us/library/bb430792(v=exchg.141).aspx
  If you have any question, please feel free to let me know.
  Thanks,
  If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Angela Shi
  TechNet Community Support

• IOS 6.0.1 - Problems with certificate based authentication on wireless access point

  Hi all
  We are using iPad 2 as order terminals in our shops for about 5 months. Some of the iPads (the first who entered the field) started to cause problems now. These iPads are no longer able to keep long-term connection to the wireless access point in our stores. After selecting the SSID a successful authentication using the stored EAP-TLS certificate is performed (this can be seen in the log files of our wireless controller and by the IP adress that is given by DHCP). But within seconds the affected iPads opening up a captive portal page (empty, without contents) and separates the connection to the SSID after a short time again.
  Affected are currently only iPads 2 with iOS 6.0.1, which were staged about 5 months ago. The newer devices with iOS 6.1+ connect without problems and open no captive portal page. The first cases occurred on the last Wednesday. Before that everything worked without difficulty. No modifications took place on the security structure.  The numbers of affected devices increased until all iOS 6.0.1 were affected.
  Access to other SSIDs (without use of certificates, by entering a key) for the devices is still possible (the devices does not open an captive portal page). The DHCP scope is not used up, so there are enough IP addresses available.
  "Newer iPads" with an iOS of 6.1+ are are showing no problems on the same wireless access point, where the older devices are rejected. New and old devices use the same certificates and authentication mechanisms.
  In the analysis of the issue, it turned out that  the problem can be solved by an update to iOS 6.1.3. Subsequently, the iPads will be able to rebuild a connection with the access point, without a captive portal page.
  Since the bandwidth is very narrow dimensioned in our stores, the communication of the iPads was severely restricted. Thus, the iPads are for exampleare accessible for the APNS but can not find iOS updates or check for their availability.
  A comprehensive update to iOS 6.1.3 is currently excluded.
  Does anyone knows this issue? What else can be done (except from updating)?

  I will answer my own question in case it helps anyone else.
  It would "seem" the ios 6 devices try the proxy and if that is not working they resort to the def gateway.
  To Fix I did the following:
  Brocade WIFI network has IPS and Advanced Firewall rules that seemed to be tthwarting some traffic, the iphones would then try the default gateway and be blocked at the FW. 
  I disabled the IPS and the Advanced Firewall Settings on the wifi as they are redundant to our main IPS and firewall that all traffic flows through anyway.  I will tune it later, but when the CEO is demanding a fix "**** the security, full speed ahead"
  Created some rues on the firewall to allow...
  - IMAP-SSL (port993) outbound
  - SMTPS (port 465) to yahoo servers outbound
  - tcp port 587 to yahoo servers outbound
  - https to akamai servers
  Most http and https goes through the proxy as it should, BUT...
  It seems that the akamai traffic allways ignores the wifi proxy settings and just heads straight for the default gateway.  I suspect there is a bug in the icloud app? 
  Hope this helps someone else.
  -Bo

• OWA and ActiveSync certificate based authentication

  I have Exchange 2013 CU3 installed and want to activate the certificate based authentication for ActiveSync and OWA. But I want to have the login without certificate as well for users without a certificate.
  I already found some information how to do that on Exchange 2010 and I already did all steps to activate it.
  But at one point I cant find anything to configure in Exchange 2013. So I have activated the AD certificate based authentication in ISS and configured the OWA folder in IIS to accept client certificates. This seems to work as I get asked to use the certificate
  when I open the OWA page. But then I am landing on the OWA login page where I have to enter username and password.
  So it seems that I am missing something. In the tutorials for Exchange 2010 they activate the certificate based authentication in the Management console. But I cant find anything in ECP to activate.
  Can anyone help me?

  Hi,
  We can create an additional Web Site in IIS to configure additional OWA and ECP virtual directory for external access. And configuring the Default Web Site for internal access.
  Then we can configure internal one with Integrated Windows authentication and Basic authentication while the external one configured for forms-based authentication of Domain\user name format. For more information about
  Configuring Multiple OWA/ECP Virtual Directories, we can refer to:
  https://blogs.technet.com/b/exchange/archive/2011/01/17/configuring-multiple-owa-ecp-virtual-directories-on-exchange-2010-client-access-server.aspx
  Thanks,
  Winnie Liang
  TechNet Community Support

• Exchange 2010 SP3 RU 5 - Event id 4999

  We have Exchange 2010 SP3 RU5 with four CAS/HT and five mailbox servers. We get tons of event 4999 on the four CAS/HT during the last weeks:
  Watson report about to be sent for process id: 6456, with parameters: E12, c-RTL-AMD64, 14.03.0178.000, AirSync, MSExchange ActiveSync, Microsoft.Exchange.Data.Storage.GlobalObjectId.IsForeignUid, UnexpectedCondition:NullReferenceException, 54b1, 14.03.0178.000.
  ErrorReportingEnabled: False
  We have 10000+ mailboxes and no problem with activesync has been reported. I increased diagnostic logging of activesync to "expert" without getting more details about this. I have also restarted all four CAS/HT servers but event 4999 is
  still there.
  Any ideas?

  Thanks for your reply Willard Martin
  This event is also from MSExchange Common and the process id 6456 referred to in the event text is w3wp.exe.
  I also checked both your links but they are not similar to my problem. The first of your links is about  "System.IndexOutOfRangeException" and doesn't seem to have anything to do with ActiveSync. The second is about ActiveSync but with another kind
  of error: "UnexpectedCondition:ArgumentNullException". 
  My error text is "UnexpectedCondition:NullReferenceException"

• Does Outlook "Connection Status" Show Rollup Updates on Exchange 2010 SP3

  Hi all,
  I've looked for this answer everywhere, and can't seem to find it. When you CTRL right-click on the Outlook taskbar icon, and select "Connection Status", one of the pieces of information displayed is the Version number of the connected Exchange
  server.
  Does this build number include installed rollup updates, or does it show only the installed Service Pack. For example, if it's an Exchange 2010 SP3 server with RU6 installed, will I see 14.3.195.1
  or just 14.3.123.4 (the SP3 build number)? I'm trying to use this information to troubleshoot
  client issues, and it'd be helpful to quickly see if certain updates are installed on the Exchange server or not. 
  Thanks!

  Hi,
  Just as what mentioned above, connection status displays the Exchange version number.
  Start Outlook and connect to the Exchange server if this isn’t done automatically already.
  Hold CTRL while clicking on the Outlook icon in the Notification Area
  (located in the right bottom area near the time; expand the Notification Area first if the Outlook icon does not show).
  From the context menu that pops-up choose: Connection Status…
  Scroll the horizontal scrollbar to the right to see the Version column.
  (if the dialog is empty, then you are not connected to Exchange)
  Here you’ll see a version number.
  Best regards,
  Belinda Ma
  TechNet Community Support

• Problems with OWA after installing Exchange 2010 SP3

  Hi,
  I just installed Exchange 2010 SP3 on a SBS 2011 machine. The installation completed successfully, but after the installation OWA isn't working anymore. When I browse to OWA I get the following message:
  I did a reset for the OWA vritual directory, but nothing helps..
  Stack Trace: 
  [NullReferenceException: Object reference not set to an instance of an object.]
  Microsoft.Exchange.Clients.Owa.Core.Logon..ctor() +28
  ASP.auth_logon_aspx..ctor() +17
  __ASP.FastObjectFactory_app_web_9ficbu1h.Create_ASP_auth_logon_aspx() +30
  System.Web.Compilation.BuildManager.CreateInstanceFromVirtualPath(VirtualPath virtualPath, Type requiredBaseType, HttpContext context, Boolean allowCrossApp, Boolean noAssert) +137
  System.Web.UI.PageHandlerFactory.GetHandlerHelper(HttpContext context, String requestType, VirtualPath virtualPath, String physicalPath) +49
  System.Web.MaterializeHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +424
  System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +262

  Hi Alelieveld,
  When you reset a virtual directory, the virtual directory is removed and a new virtual directory with default settings is created.
  After you reset the VD, did you restart IIS?
  For more information, please see:
  Reset Client Access Virtual Directories
  http://technet.microsoft.com/en-us/library/ff629372(v=exchg.141).aspx
  Frank Wang
  TechNet Community Support

• After Exchange 2010 SP3 upgrade, UAG publised OWA is throwing a "You do not have permissions to view this folder or page" error

  Hi,
  We have an issue with our OWA page.  We are currently publishing OWA via UAG.
  We recently upgraded to Exchange 2010 SP3 and then SP3 Rollup7.  Since the upgrade, we are keep getting the following error after entering our credentials on the login page.  I've tried with every possible browser. 
  You do not have permissions to view this folder or page
  Strangely enough, the mobile phones are sending and receiving emails just fine, the phones use the same OWA link, so it's not an authentication issue, the phones login into the UAG servers with no issues.  I can see this on the Active Sessions screen
  on Web Monitor. 
  I've attempted to connect to the OWA by bypassing the UAG server, so putting in the local OWA address of one of my Exchange servers, it works... so the OWA page is up and running. 
  No error logs get generated on Web Monitor when we receive the permission error, I think this is because it's past authentication, it's on the Exchange layer. 
  Any insight would be helpful?  I'm assuming something changed on the Exchange side after the upgrade.
  Just in case, I've upgraded the UAG and TMG servers to the latest SP and Rollup packets.
  UAG > SP4
  TMG > SP2 Rollup 5

  I've found a solution; UAG requires Basic Authentication over OWA.  For some reason Integrated Windows Authentication got turned on after the SP3 upgrade.
  http://technet.microsoft.com/en-us/library/ee921443.aspx
  Turning Integrated Windows Authentication off via the Client Access OWA settings resolved the issue.  Though beware, you
  have do this on all your Client Access servers.  

• Exchange 2013 Sp1 Coexistence with Exchange 2010 SP3 CU5 HTTP 500

  I`m trying to make working OWA coexistence between Exchange 2013 SP1 and Exchange 2010 SP3 CU5.
  When user login in to OWA where his mailbox is located  on Exchange 2013 server it logon successful and owa opened. When i try to login to the same url with user whose mailbox is located on Exchange 2010 server  i get Error http 50
  The website cannot display the page :   HTTP 500   »https://URLEXCHANGE2013/owa/auth.owa«
  The same is, when i use https:// URLEXCHANGE2013/ecp?ExchClientVer=14
  URL on Exchange 2013 are different  as fro Exchange 2010.
  I even tried to setup Internal URL for Exchange 2010 to bi set to »null ,Saem error
  Exchange server 2013 Sp1 is installed on Windows server 2012 R2.

  Assumption  is correct. I have even  enable verbose logging, and i can see MSExchange Front End HTTP Proxy , that successfully connect to Exchange 2010 server.
  But remember Exchange 2013 is fresh installation on  Windows server 2012 R2.
  IIS LOG
  2014-03-04 08:52:53 fe80::99d1:f542:a4d3:b469%12 RPC_IN_DATA /rpc/rpcproxy.dll [email protected]:6001&CorrelationID=<empty>;&RequestId=391fd8b3-2b98-494a-8812-d38feda2e5a0&cafeReqId=391fd8b3-2b98-494a-8812-d38feda2e5a0;
  443 companyNT\SM_9c071c4922fd420fb fe80::99d1:f542:a4d3:b469%12 MSRPC - 200 0 0 5484
  2014-03-04 08:52:53 fe80::99d1:f542:a4d3:b469%12 RPC_IN_DATA /rpc/rpcproxy.dll [email protected]:6001&CorrelationID=<empty>;&RequestId=27cfafa2-8224-4563-918b-0b228c6ee8d4&cafeReqId=27cfafa2-8224-4563-918b-0b228c6ee8d4;
  443 - fe80::99d1:f542:a4d3:b469%12 MSRPC - 401 1 2148074254 0
  2014-03-04 08:52:53 fe80::99d1:f542:a4d3:b469%12 RPC_OUT_DATA /rpc/rpcproxy.dll [email protected]:6001&CorrelationID=<empty>;&RequestId=6d930bcd-7bbc-415a-a25a-8d6488e91401&cafeReqId=6d930bcd-7bbc-415a-a25a-8d6488e91401;
  443 - fe80::99d1:f542:a4d3:b469%12 MSRPC - 401 1 2148074254 15
  2014-03-04 08:52:55 10.1.0.36 GET /owa/ &CorrelationID=<empty>;&cafeReqId=551cfdd9-18ac-42d8-aea3-cbb546c9d9fb; 443 - 10.1.0.36 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+6.3;+WOW64;+Trident/7.0;+.NET4.0E;+.NET4.0C) https://OWA.company.com/
  302 0 0 9937
  2014-03-04 08:52:56 10.1.0.36 GET /owa/auth/logon.aspx url=https%3a%2f%2fOWA.company.com%2fowa%2f&reason=0&CorrelationID=<empty>;&cafeReqId=c1b97df9-ec56-4906-b2f5-965551b720ae; 443 - 10.1.0.36 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+6.3;+WOW64;+Trident/7.0;+.NET4.0E;+.NET4.0C)
  https://OWA.company.com/ 200 0 0 1015
  2014-03-04 08:52:56 10.1.0.36 GET /owa/auth/logon.aspx replaceCurrent=1&url=https%3a%2f%2fOWA.company.com%2fowa%2f&CorrelationID=<empty>;&cafeReqId=b92ca682-04f4-4d4f-931e-9a95680ab9ea; 443 - 10.1.0.36 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+6.3;+WOW64;+Trident/7.0;+.NET4.0E;+.NET4.0C)
  - 200 0 0 671
  2014-03-04 08:52:58 10.1.0.36 GET /ecp/ &CorrelationID=<empty>;&cafeReqId=093bd01a-de59-4519-80f6-067484122091; 443 - 10.1.0.36 Mozilla/4.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+MSEXCHMON;+ACTIVEMONITORING) - 302 0 0 0
  2014-03-04 08:52:58 10.1.0.36 GET /owa/auth/logon.aspx url=https%3a%2f%2fEXCH2013%2fecp%2f&reason=0&CorrelationID=<empty>;&cafeReqId=c2f7565d-ee6a-48f8-8d86-16d5d3ca65c1; 443 - 10.1.0.36 Mozilla/4.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+MSEXCHMON;+ACTIVEMONITORING)
  - 200 0 0 0
  2014-03-04 08:52:58 10.1.0.36 GET /ecp/ &CorrelationID=<empty>;&cafeReqId=ba633030-2376-4bad-a32f-8f160bd87bd4; 443 - 10.1.0.36 Mozilla/4.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+MSEXCHMON;+ACTIVEMONITORING) - 302 0 0 0
  2014-03-04 08:52:58 10.1.0.36 GET /owa/auth/logon.aspx url=https%3a%2f%2fEXCH2013%2fecp%2f&reason=0&CorrelationID=<empty>;&cafeReqId=5e94172c-d97c-46a9-a602-6030d6f7da2c; 443 - 10.1.0.36 Mozilla/4.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+MSEXCHMON;+ACTIVEMONITORING)
  - 200 0 0 0
  2014-03-04 08:52:58 10.1.0.36 GET /owa/auth/logon.aspx replaceCurrent=1&url=https%3a%2f%2fEXCH2013%2fecp%2f&CorrelationID=<empty>;&cafeReqId=9ba2caf3-2a03-44a2-8477-2724689e139c; 443 - 10.1.0.36 Mozilla/4.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+MSEXCHMON;+ACTIVEMONITORING)
  - 200 0 0 46
  2014-03-04 08:52:58 10.1.0.36 GET /owa/auth/15.0.847/scripts/premium/flogon.js &CorrelationID=<empty>;&cafeReqId=62bb4655-3bfa-4e07-aa62-27c93e7e8b4d; 443 - 10.1.0.36 Mozilla/4.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+MSEXCHMON;+ACTIVEMONITORING)
  - 200 0 0 0
  2014-03-04 08:52:59 10.1.0.36 POST /owa/auth.owa &CorrelationID=<empty>;&cafeReqId=9d52ec1a-2ee1-4954-85e6-89e7e5df407a; 443 [email protected] 10.1.0.36 Mozilla/4.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+MSEXCHMON;+ACTIVEMONITORING)
  - 302 0 0 812
  2014-03-04 08:52:59 ::1 GET /OWA/Calendar/[email protected]/calendar/calendar.html &CorrelationID=<empty>;&cafeReqId=4ea66475-9a47-41a4-81cb-6b569715d0d6; 443 - ::1 AMProbe/Local/ClientAccess - 200 0 0 8859
  2014-03-04 08:53:01 10.1.0.36 POST /owa/auth.owa &CorrelationID=<empty>;&cafeReqId=b3db7480-2192-436c-b01d-29d0e528cfec; 443 UseronEX2010 10.1.0.36 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+6.3;+WOW64;+Trident/7.0;+.NET4.0E;+.NET4.0C) https://OWA.company.com/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fOWA.company.com%2fowa%2f
  500 0 0 187
  2014-03-04 08:53:04 127.0.0.1 GET /Microsoft-Server-ActiveSync/default.eas &CorrelationID=<empty>;&cafeReqId=2e2a655b-00b9-42ae-8789-1e452e6579c3; 443 [email protected] 127.0.0.1 AMProbe/Local/ClientAccess
  - 200 0 0 8265
  2014-03-04 08:53:14 10.1.0.36 GET /ecp/ &CorrelationID=<empty>;&cafeReqId=8741886f-b9b1-46f9-8c15-baf35809a12c; 443 [email protected] 10.1.0.36 Mozilla/4.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+MSEXCHMON;+ACTIVEMONITORING)
  - 200 0 0 15265
  2014-03-04 08:53:14 127.0.0.1 GET /OWA/auth.owa &CorrelationID=<empty>;&cafeReqId=8ad938fb-f2c3-42bf-8718-da62b122422c; 443 - 127.0.0.1 AMProbe/Local/ClientAccess - 302 0 0 15
  HTTPERR  LOG :
  2014-03-04 08:51:48 10.1.0.36 13937 10.1.0.36 444 HTTP/1.1 RPC_IN_DATA /rpc/rpcproxy.dll?EXCH2013.companyNT.local:6001 400 2 BadRequest MSExchangeRpcProxyAppPool
  2014-03-04 08:51:48 fe80::99d1:f542:a4d3:b469%12 13872 fe80::99d1:f542:a4d3:b469%12 444 HTTP/1.1 RPC_IN_DATA /rpc/rpcproxy.dll?EXCH2013.companyNT.local:6001 400 2 BadRequest MSExchangeRpcProxyAppPool
  2014-03-04 08:52:25 10.1.0.36 13937 10.1.0.36 444 HTTP/1.1 RPC_IN_DATA /rpc/rpcproxy.dll?EXCH2013.companyNT.local:6001 400 2 Connection_Dropped MSExchangeRpcProxyAppPool
  2014-03-04 08:52:25 fe80::99d1:f542:a4d3:b469%12 13872 fe80::99d1:f542:a4d3:b469%12 444 HTTP/1.1 RPC_IN_DATA /rpc/rpcproxy.dll?EXCH2013.companyNT.local:6001 400 2 Connection_Dropped MSExchangeRpcProxyAppPool
  2014-03-04 08:52:30 127.0.0.1 14122 127.0.0.1 443 HTTP/1.1 GET /RPC/[email protected] 404 - NotFound -
  2014-03-04 08:52:30 ::1%0 14121 ::1%0 443 HTTP/1.1 GET /ecp/ReportingWebService/ 404 - NotFound -
  2014-03-04 08:54:42 ::1%0 14117 ::1%0 444 - - - - - Timer_ConnectionIdle -
  2014-03-04 08:54:48 10.1.0.36 14211 10.1.0.36 444 HTTP/1.1 RPC_IN_DATA /rpc/rpcproxy.dll?EXCH2013.companyNT.local:6001 400 2 BadRequest MSExchangeRpcProxyAppPool
  2014-03-04 08:54:48 fe80::99d1:f542:a4d3:b469%12 14285 fe80::99d1:f542:a4d3:b469%12 444 HTTP/1.1 RPC_IN_DATA /rpc/rpcproxy.dll?EXCH2013.companyNT.local:6001 400 2 BadRequest MSExchangeRpcProxyAppPool
  2014-03-04 08:55:35 10.1.0.36 14211 10.1.0.36 444 HTTP/1.1 RPC_IN_DATA /rpc/rpcproxy.dll?EXCH2013.companyNT.local:6001 400 2 Connection_Dropped MSExchangeRpcProxyAppPool
  2014-03-04 08:55:35 fe80::99d1:f542:a4d3:b469%12 14285 fe80::99d1:f542:a4d3:b469%12 444 HTTP/1.1 RPC_IN_DATA /rpc/rpcproxy.dll?EXCH2013.companyNT.local:6001 400 2 Connection_Dropped MSExchangeRpcProxyAppPool
  Trace login, ok it is xml,  so print is..
  -Request Summary  
  Site
  1 
  Process
  8232 
  Failure Reason
  STATUS_CODE 
  Trigger Status
  500 
  Final Status
  500 
  Time Taken
  500 msec 
  Url
  http://EXCH2013.companyNT.local:80/powershell?clientApplication=ActiveMonitor;PSVersion=4.0&sessionID=Version_15.0_(Build_846.0)=rJqNiZqNgZuQkpqT0pqH0ZuQkpqTkYvRk5CcnpOBzsbLzsbGyczJyIHPzNDPy9DNz87L38/Gxc/KxcrJ 
  App Pool
  MSExchangePowerShellFrontEndAppPool 
  Authentication
  Kerberos 
  User from token
  companyNT\SM_9c071c4922fd420fb 
  Activity ID
  {8000134C-0001-E300-B63F-84710C7967BB} 
  -Errors & Warnings  
  No.↓ 
  Severity  
  Event  
  Module Name  
  157. view trace 
  Warning 
  -MODULE_SET_RESPONSE_ERROR_STATUS 
  ModuleName
  ManagedPipelineHandler 
  Notification
  EXECUTE_REQUEST_HANDLER 
  HttpStatus
  500 
  HttpReason
  Request Failed 
  HttpSubStatus
  0 
  ErrorCode
  The operation completed successfully.
   (0x0) 
  ConfigExceptionInfo
   ManagedPipelineHandler 
   See all events for the request 

• Certificate based authentication for Exchange ActiveSync in Windows 8.* Mail app

  I have a Surface Pro and want to setup access to my company's Exchange server that accepts only Exchange ActiveSync certificate-based authentication.
  I've installed server certificates to trusted pool and my certificate as personal.
  Then I can connect thru Internet Explorer, but this is not comfortable to use.
  I don't have a password because of security politics of our company. When I'm setting up this account on my Android phone I'm using any digit for password and it works perfectly.
  Can someone help to setup Windows 8 metro-style Mail application? Does it supports this type of auth? When I'm trying to add account with type Outlook, entering server name, domain name, username, 1 as a password then I've got a message like "Can't
  connect. Check your settings."
  Is there any plans to implement this feature?

  For what it's worth we have CBA working with Windows 8.1 Pro.  In our case we have a MobileIron Sentry server acting as an ActiveSync reverse-proxy, so it verifies the client cert then uses Kerberos Constrained Delegation back to the Exchange CAS, however
  it should work exactly the same to the Exchange server directly.  I just used the CA to issue a User Certificate, exported the cert, private key and root CA cert, copied to the WinPro8.1 device and into the Personal Store.  Configured the Mail app
  to point at the ActiveSync gateway, Mail asked if I would like to allow it access the certificate (it chose it automatically) and mail synced down immediately...
  So it definitely works with Windows Pro 8.1.

• Exchange 2010 SP3 Update Rollup 6 breaks first OWA login (timezone selection) on SBS 2011

  The Exchange 2010 SP3 Update Rollup 6 broke the OWA for Users who access OWA for the first time and have to set a timezone. They get this error:
  Request
  Url: https://xxxxx:443/owa/languageselection.aspx
  User: xxxxxx
  EX Address: /o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=xxxxx
  SMTP Address: xxxxxx
  OWA version: 14.3.195.1
  Exception
  Exception type: System.ArgumentNullException
  Exception message: Value cannot be null. Parameter name: value
  Call stack
  Microsoft.Exchange.Clients.Owa.Core.Utilities.RenderDirectionEnhancedValue(TextWriter output, String value, Boolean isRtl)
  Microsoft.Exchange.Clients.Owa.Core.LanguageSelection.RenderTimeZoneSelection()
  ASP.languageselection_aspx.__Render__control1(HtmlTextWriter __w, Control parameterContainer)
  System.Web.UI.Control.RenderChildrenInternal(HtmlTextWriter writer, ICollection children)
  System.Web.UI.Page.Render(HtmlTextWriter writer)
  System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
  This Server is an SBS2011.
  The update broke nothing on a "normal" 2008R2 with exchange 2010.
  Uninstalling RU6 helped but thats obviously not the desired way.
  Removing the RenderTimeZoneSelection() call from languageselection.aspx obviously helped but then there is no timezone dropdown displayed anymore. The timezone dropdown is working normaly in other places like ecp. Afaik this error occours only in the languageselection.aspx
  file which is displayed for "new" OWA users. (Users without a timezone set)
  my workaround was to set the language and timezone for these mailboxes via exchange shell.

  Hello,
  Thank you for your post.
  This is a quick note to let you know that we are performing research on this issue.
  If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Simon Wu
  TechNet Community Support

• Exchange 2010 SP3 Update 7 breaks OWA for some IE11 users

  I had issues earlier with OWA on some clients running Internet Explorer 11 (as
  documented in this thread), and managed to resolve it by disabling compatiblity mode in IE11.
  After SP3 Update Rollup 7 the issue came back, and no tinkering with the compatibility mode will solve it.
  Have anyone encountered this issue before? The issue only appears on certain machines in their own AD OU as well as own subnets.

  Hi,
  I haven't heard that Exchange 2010 SP3 Update Rollup 7 has this issue so far. In your case, I would like to verify if you remove all interim updates for Exchange 2010 SP3 before installing Rollup 7. If no, remove it and check the result.
  Here is a kb for your reference.
  Update Rollup 7 for Exchange Server 2010 Service Pack 3
  http://support.microsoft.com/kb/2961522
  Hope this can be helpful to you.
  Best regards,
  Amy Wang
  TechNet Community Support

• Opportunistic TLS between our Exchange 2010 SP3 on Premise (WIth Edge) and Exchange Online Protection.

  Hi,
  We would like to configure Opportunistic TLS between our Exchange 2010 SP3 On Premise Systems (with Edge) and EOP.
  I can see that Opportunist TLS is enabled on both the send and receive connectors in EOP. SO I think no change required here.
  The On premise Send Connector (Configured by EdgeSync) does not have the option for Opportunistic TLS. Under "Configure Smart Host Authentication Settings" it is currently set to "None". I have the option for "Basic Authentication
  over TLS" but this requires a Username and Password. No option for Opportunistic TLS. When I look at the properties of the send connector (get-sendconnector "sendconnector_name" | fl) I
  can see that the IgnoreSTARTTLS parameter is set to FALSE - so I think that means it is enabled. So I think no changes required here- right?
  The receive connector on the Edge Server has the TLS option on the Authentication tab - so I guess I just check that option right?
  The Edge servers also run TMG and the two are integrated. I don't think this changes anything but thought I would include it in case it does.
  Anything I have missed?
  Thanks very much.
  Geoff
  ilmuro69

  Hi,
  We would like to configure Opportunistic TLS between our Exchange 2010 SP3 On Premise Systems (with Edge) and EOP.
  I can see that Opportunist TLS is enabled on both the send and receive connectors in EOP. SO I think no change required here.
  The On premise Send Connector (Configured by EdgeSync) does not have the option for Opportunistic TLS. Under "Configure Smart Host Authentication Settings" it is currently set to "None". I have the option for "Basic Authentication
  over TLS" but this requires a Username and Password. No option for Opportunistic TLS. When I look at the properties of the send connector (get-sendconnector "sendconnector_name" | fl) I
  can see that the IgnoreSTARTTLS parameter is set to FALSE - so I think that means it is enabled. So I think no changes required here- right?
  The receive connector on the Edge Server has the TLS option on the Authentication tab - so I guess I just check that option right?
  The Edge servers also run TMG and the two are integrated. I don't think this changes anything but thought I would include it in case it does.
  Anything I have missed?
  Thanks very much.
  Geoff
  ilmuro69