Exchange 2013 OWA IM to federated users

Similar Messages

• Exchange 2013 owa integration with ADFS and cooexistance with exchange 2007

  Team,
  I have successfully integrated adfs 3.0 and Exchange 2013 owa and ecp.  However, we have a coexistence environment with exchange 2007.  When you access owa, which then redirects you to adfs, sign-in, and then get redirected back to owa. If your
  mailbox is still within exchange 2007, you get a blank login page.  If you mailbox is in exchange 2013 then you successfully get the owa page for 2013.  The problem is that all exchange 2007 mailbox users get blank pages at login. So I have determined
  that exchange 2013 cas is not doing the service location lookup on the mailbox to determine if a redirect to the legacy owa address is needed.  Is there a configuration setting that I might be missing? Or does the integration with adfs and owa not support
  the much needed mailbox lookup for a coexistance environment?  A side note: if we enable FBA with owa, both login scenarios work just fine (legacy and new 2013). The legacy namespace has been created, and applied to the exchange 2007 urls.  

  Hi,
  Try using AD FS claims-based authentication with Outlook Web App and EAC
  http://technet.microsoft.com/en-us/library/dn635116(v=exchg.150).aspx
  Thanks,
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Simon Wu
  TechNet Community Support

• Exchange 2013 OWA internal only

  Hi all,
  Does anyone know how to restrict Exchange 2013 OWA for internal only, but can't impact Exchange ActiveSync service?
  I guess IP Address and Domain Restrictions can make it, but it may impact ActiveSync.
  Any good solution?
  Thank,
  Ian

  Hi,
  Based on my research, we can install the CAS and Mailbox roles in separate two servers. Then we can create new website with a unique IP and only adding ActiveSync to that website. That would give us a website hosted on the box that served the ActiveSync
  devices but nothing else, leaving the OWA open for internal access. The firewall would point to this website/IP on the CAS. We could also create a virtual directory under there for /OWA and /Exchange which would serve up the generic ““this service is no longer
  available, please contact the help desk” message as the default webpage
  http://blogs.technet.com/b/messaging_with_communications/archive/2011/05/02/how-to-block-owa-for-external-users.aspx
  Thanks,
  Angela Shi
  TechNet Community Support

• Publish Exchange 2013 OWA + Active Sync + Outlook Anywhere using TMG 2010

  We plan to publish our new Exchange 2013 SP1 servers (3 in DAG) outside corporate network using TMG 2010. I am looking for some guide how to do it in the proper way. What I found is little old and does not take into consideration Exchange 2013
  SP1
  http://blogs.technet.com/b/exchange/archive/2012/11/21/publishing-exchange-server-2013-using-tmg.aspx
  Any advice how to publish Exchange 2013 OWA using form-based authentication and how to use Kerberos Constrained Delegation?

  Hi,
  The blog below describes some scenarios about publishing Exchange. You could have a look the Scenario 2.
  Exchange publishing after TMG/UAG
  http://dizdarevic.ba/ddamirblog/?p=168
  Note: Microsoft provides third-party contact information to help you find technical support. This contact
  information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information
  Best Regards,
  Joyce
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• How to configure Exchange 2013 OWA with Single Sign On

  Hi All ,
  How to configure Exchange 2013 OWA with Single Sign On ?
  Thanks .

  Hi,
  From your description, I am not quite sure what you really want to achieve. Could you explain it furthermore? If you need to set up Exchange 2013 OWA single sign on with Exchange 2010, here is a helpful thread for your reference.
  Exchange 2013 OWA Single Sign on with Exchange 2010
  https://social.technet.microsoft.com/Forums/en-US/2899ebfc-8622-4cdc-8d77-d76b607618f7/exchange-2013-owa-single-sign-on-with-exchange-2010?forum=exchangesvrdeploy
  If that is not your case, please feel free to tell me.
  Best regards,
  If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Amy Wang
  TechNet Community Support

• Exchange 2013 OWA user must change password at next logon not working

  Hi,
  I have installed Exchange 2013 on Windows 2012 Server. I create users in ECP and select "user must change password at next logon" option. When newly created user logs in, the OWA page doesn't prompt for password change and just throws error "The
  user name or password you entered isn't correct. Try entering it again"
  I have enabled Change Password feature in CAS server, but still not working.
  Any answers, suggestions would be great help
  Regards
  Sunil

  Hi Sunil,
  Have you tried as Martina said and does it work?
  If not, please try to set the Minimum Password Age to 1 according to link below. I found some threads which are similar to yours and were solved by this way in Exchange 2013 environment.
  http://support.microsoft.com/kb/827614
  And for further troubleshooting, please create a new user with "user must change password at next logon" option checked and see if he can log on domain-joined PC.
  In addition, please check the event log to see if there is any related error message.
  Regards,
  Rebecca

• 404 can't find page Error when logging into Exchange 2013 OWA, after a refresh, login works

  Hi,
  I've upgrade two of my customers to Exchange 2013.
  On of them was coming from 2007, and the other was already running 2010.
  Migration from both of the servers went good.
  However with the customer which upgraded from 2010 to 2013 i'm experiencing strange OWA behavior:
  When I login to OWA on https://owa.contoso.com/owa, and input my credentials and click sign in: I receive this error:
  404
  can't find page :-(
  The page you're looking for couldn't be found on the server.
  X-FEServer: JVBMAIL01
  Date: 11-6-2014 11:54:48
  Fewer details..
  -> Refresh the page
  In the addressbar, the following URL is displayed: https://owa.contoso.com/owa/auth/errorFE.aspx?httpCode=404
  But... when I click: "Refresh the page" of just hit F5, the login proceeds, and my OWA is displayed and working fine.
  This behavior only happens with my customer which was upgraded from 2010 to 2013.
  The customer which i've upgraded from 2007 to 2013 doesn't experience this problem.
  I've matched the IIS settings and redirect/ssl options on both servers. They are the same.
  I've tried other users and i've experienced that on one user, the error message didn't appear.
  When I try to delete the Exchange atributes from the user, (after exporting the mail to a PST file) and re-add the Exchange attributes, the message is gone. This isn't a solotuion however, since i've got 166 users, and about 150 of them, get the error message.
  New users don't get the error.
  Anybody got any clues?

  Hi,
  From your description, I would like to verify the following thing for troubleshooting:
  Please make sure that the authentication is set to Basic Authentication and Forms Authentication is disabled on OWA and ECP virtual directly in IIS. After the above settings, please restart IIS by running IISReset /noforce command.
  Hope it helps.
  Best regards,
  Amy Wang
  TechNet Community Support

• Exchange 2013 - OWA "Something Went Wrong", Out of office in Outlook "Server unavailable"

  Hi,
  We have a new deployment of Exchange 2013 CU2 V2 running on a Windows 2012 server.  Everything has been running without issues and then without any real clue to why, we are now getting an issue where OWA says "Something Went Wrong" after processing
  your login, (it appears to process the login as if I type in incorrect details it tells me the password/username is wrong).
  At the same time we have also lost the ability to run the Out Of Office in Outlook which comes back saying the server is not available and we can't seem to share calendars correctly either.  (Can set Out Of Office via the Management Shell without issues).
  When running a Get-Serverhealth on the OWA.Protocol it tells me the OWASelfTestMonitor is unhealthy.
  I've tried re-creating the OWA, EWS Virtual Directorys and also the autodiscover but with no effect.  I've also restarted the server. 
  Outlook 2013 and mobile phones are working fine on the server and the Exchange Admin Centre is also working without issues.
  I am getting tempted to apply CU2 again to see if this sorts it but don't really like doing this on a server with 50 live users on it...
  In the eventlog I can see lots of the 2 errors listed below which seems to line up.  (System Log and Application Log seem to be clear of other errors or warnings.)
  Event code: 3005
  Event message: An unhandled exception has occurred.
  Event time: 04/11/2013 11:25:00
  Event time (UTC): 04/11/2013 11:25:00
  Event ID: 2fcdb9112c794b63a9ea9577a23e4603
  Event sequence: 2
  Event occurrence: 1
  Event detail code: 0
  Application information:
      Application domain: /LM/W3SVC/2/ROOT/owa-411-130280378905273269
      Trust level: Full
      Application Virtual Path: /owa
      Application Path: C:\Program Files\Microsoft\Exchange Server\V15\ClientAccess\owa\
      Machine name: SERVERNAME (I altered this for post) 
  Process information:
      Process ID: 9648
      Process name: w3wp.exe
      Account name: NT AUTHORITY\SYSTEM
  Exception information:
      Exception type: HttpException
      Exception message: '.', hexadecimal value 0x00, is an invalid character. Line 1, position 1.
  Lots more code.......
  AND
  Event code: 3005
  Event message: An unhandled exception has occurred.
  Event time: 04/11/2013 11:24:24
  Event time (UTC): 04/11/2013 11:24:24
  Event ID: 2586a044b2d74b97a1095aec478bf4ae
  Event sequence: 2
  Event occurrence: 1
  Event detail code: 0
  Application information:
      Application domain: /LM/W3SVC/2/ROOT/EWS-668-130280378564324526
      Trust level: Full
      Application Virtual Path: /EWS
      Application Path: C:\Program Files\Microsoft\Exchange Server\V15\ClientAccess\exchweb\EWS\
      Machine name: SERVERNAME (I have changed this for post) 
  Process information:
      Process ID: 9840
      Process name: w3wp.exe
      Account name: NT AUTHORITY\SYSTEM
  Exception information:
      Exception type: HttpException
  Exception message: '.', hexadecimal value 0x00, is an invalid character. Line 1, position 1.
  lots more data...

  Hi Angela,
  I can't see any re-directions on the website and have certainly not set any intentionally.  I did try installing the Remote Web Gateway on the server and then found that it doesn't work on an exchange box and removed it but the server was working after
  this.
  The HTTP Redirect in Default Web Site is not showing anything set and the same for the Back End.
  The bindings on the default site all look normal with;
  http     80   127.0.0.1
  https   443  127.0.0.1
  http     80    *
  http    443   *
  The same is mirrored in the Exchange Back End site but with ports 81 and 444.
  Running the Outlook auto configure just using Autodiscover all looks good with the URLs listed all pointing to (http)://mail.mydomain.co.uk/whatever...  and the log says Autodiscover to (https)://mail.mydomain.co.uk/Autodiscover/Autodiscover.xml Suceeded
  (0x00000000)
  But, if I type in the OOF address of (https)://mail.mydomain.co.uk/EWS/exchange.asmx I get a login prompt but once user details are entered I then get;
  '.', hexadecimal value 0x00, is an invalid character. Line 1, position 1.
    Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
   Exception Details: System.Xml.XmlException: '.', hexadecimal value 0x00, is an invalid character. Line 1, position 1.
  Source Error:
   An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below. 
  Stack Trace:
  [XmlException: '.', hexadecimal value 0x00, is an invalid character. Line 1, position 1.]
     System.Xml.XmlTextReaderImpl.Throw(String res, String[] args) +163
     System.Xml.XmlTextReaderImpl.ParseRootLevelWhitespace() +7572550
     System.Xml.XmlTextReaderImpl.ParseDocumentContent() +62
     System.Xml.XmlReader.ReadToFollowing(String name) +112
     Microsoft.Exchange.Data.ApplicationLogic.Extension.KillBitHelper.ReadKillBitXmlContent(XmlReader reader, Int32& refreshRate) +185
     Microsoft.Exchange.Data.ApplicationLogic.Extension.KillBitHelper.TryReadKillBitFile(Int32& refreshRate, DateTime& lastModifiedTime) +710
     Microsoft.Exchange.Data.ApplicationLogic.Extension.KillBitTimer.Start() +202
     Microsoft.Exchange.Services.Global.Application_Start(Object sender, EventArgs e) +975
  [HttpException (0x80004005): '.', hexadecimal value 0x00, is an invalid character. Line 1, position 1.]
     System.Web.HttpApplicationFactory.EnsureAppStartCalledForIntegratedMode(HttpContext context, HttpApplication app) +12864205
     System.Web.HttpApplication.RegisterEventSubscriptionsWithIIS(IntPtr appContext, HttpContext context, MethodInfo[] handlers) +175
     System.Web.HttpApplication.InitSpecial(HttpApplicationState state, MethodInfo[] handlers, IntPtr appContext, HttpContext context) +304
     System.Web.HttpApplicationFactory.GetSpecialApplicationInstance(IntPtr appContext, HttpContext context) +404
     System.Web.Hosting.PipelineRuntime.InitializeApplication(IntPtr appContext) +475
  [HttpException (0x80004005): '.', hexadecimal value 0x00, is an invalid character. Line 1, position 1.]
     System.Web.HttpRuntime.FirstRequestInit(HttpContext context) +12880948
     System.Web.HttpRuntime.EnsureFirstRequestInit(HttpContext context) +159
     System.Web.HttpRuntime.ProcessRequestNotificationPrivate(IIS7WorkerRequest wr, HttpContext context) +12722137
  Really wishing I had installed Exchange 2010 at this point!!  Just can't see why its not working :(

• LYNC 2013, Exchange 2013 / OWA presence not updating from calendar entries

  Have a test environment of LYNC 2013 and EXCHANGE 2013.
  No software clients - pure OWA access.
  IM works within OWA and I can manually set availability which is seen correctly by other users.  What does not happen is any calendar entries - they do not update the presence status (ie. does not go to busy when in a meeting ).
  I did install Lync client 2013 and that did work ( and updated OWA ) - but I want a pure web environment without the need for additional software based clients.
  Can this work?  If so is there anything that can be checked to see where the issue is?
  Thanks in advance.

  Hi,
  Maybe it's my misunderstanding. Did you mean you don’t want additional software based clients (including Lync client 2013)?
  If you don’t install a Lync client on user workstations, you cannot see presence of Lync users from OWA.
  What’s more, for Lync side, if you do not install Lync client software the only way to use Lync is Lync Web App (a browser-based meeting client). Lync Web App only support to join Lync Meetings. However, Lync meeting cannot schedule by Lync Web App and OWA.
  Here is a link about Lync Web App may help you:
  http://office.microsoft.com/en-in/lync-help/what-is-lync-web-app-HA103699740.aspx
  If you want to create Lync Meetings but don’t have Microsoft Outlook you can use Lync Web Scheduler (a web-based program)
  More details:
  http://office.microsoft.com/en-in/lync-help/lync-web-scheduler-HA103466460.aspx?CTT=5&origin=HA103699740
  Best Regards,
  Eason Huang
  Eason Huang
  TechNet Community Support

• Exchange 2013 OWA is not auto formatting hyperlinks when forwarding a message

  I have 2 sales managers in a company that receive sales leads via email from our website. The email is formatted in HTML with a table containing the name and email address of the customer and the url of the product they're interested in from our website.
  The managers then forward this email to the next available sales associate to contact the potential customer.
  The first sales manager uses Outlook and receives the sales lead email with active hyperlinks intact for the email address of the customer and url of the product. When you inspect the email, there is no href code in the source, so outlook is recognizing
  the types 'email address' and 'url' to make the text active. He then forwards the email to sales with active hyperlinks in the source. (they prefer this)
  The second sales manager uses OWA. when he receives the email, the email address and url are plain text (which is how its coded) so when he forwards the email to sales there are no hyperlinks.
  Is it possible to set OWA (for exchange 2013) to auto format (recognize then format) email addresses and url's from an email when forwarding it that didn't have the href code in the source to begin with? ...like Outlook does?

  Hi,
  Does this issue happen on all the OWA users or on specific user?
  Does this issue happen when sending emails by HTML format?
  Thanks,
  Simon Wu
  TechNet Community Support

• Exchange 2013 OWA HTTP 500 error when opening another mailbox

  We have an Windows Server 2012 Exchange 2013 server with OWA. 
  All users can login fine, but when I open another mailbox with my Admin account, having enabled access to that user's mailbox, the URL redirects to /owa/auth/errorfe.aspx?httpCode=500 and shows: 
  something went wrong
  Sorry, we can't get that information right now. Please try again later. If the problem continues, contact your helpdesk
  Google won't help me in this instance. Where in the eventlog are OWA events logged?

  Hello,
  I am joining to the thread opener, however, we do not use exchange server. we are using the Cloud services through Microsoft and as far as I know, the version is 2013 wave 15 (again, through Microsoft's cloud).
  when I open the outlook, I can see the shared mailbox just fine.
  when I open the office web access, and I search the mailbox through the 'add another mailbox..' It finds it however when I press the add button I get the HTTP 500 error.
  when I tried to open a different mailbox (another shared mailbox I gave myself permissions for), it opens just fine.
  it seems (from what I can tell) it is this specific shared mailbox that I cannot open through OWA while others I can.
  when I try to open the mailbox in question through a different internet browser (Chrome) I get this Error:
  NegotiateSecurityContext failed with for host 'db3pr04mb138.eurprd04.prod.outlook.com' with status'LogonDenied'
  the error seems to be persistent on this specific mailbox only regardless to what browser I am trying to access with.
  I can only assume that the solutions you (Winnie) offered isn't relevant in my case.
  thanks in advance for any attempt to help me with this issue.

• Exchange 2013 OWA/ECP HTTP 500 Internal Server Error

  So I know there are a lot of these threads, so I'll list what I've done and what I've tried so far.
  The setup is a pair of multirole servers with a DAG.  We have a root domain and sub domain.
  I've created 4 databases associated with the DAG, I successfully removed the default database on the 2nd mail server, then migrated the arbitration/system/discovery etc... mailboxes to one of the DAG databases.  I then removed the 1st mail server's default
  database after killing it's healthmailbox.  Rebooted the pair of servers and after that the ECP/OWA were inaccessible.
  To run tests I installed .NET 3.5 SP1 so I could run the ExBPA which really didn't get me anywhere.
  I can access the logon screen for both, but when I enter my username and password, I get the http 500 internal server error.
  I have used: Get-OwaVirtualDirectory -Server <server name> | fl *auth*
  To verify that basic and forms based auth are enabled, and they are.
  I've verified all services have started.
  I've tried to remove and re-add the app pools and the ecp virtual directories.
  http://social.technet.microsoft.com/Forums/ie/en-US/bb148ccb-a75e-4571-bfc7-76950f8e638e/exchange-2013-cu2-cant-access-ecp-unexpected-error-500?forum=exchangesvrgeneral
  I've tried to use ADSI Edit to purge the Canary Data.
  http://social.technet.microsoft.com/Forums/exchange/en-US/777b51ee-330d-43cc-a56e-4614d44aed7b/unable-to-access-owa-or-ecp-something-went-wrong-or-500-unexpected-error?forum=exchangesvrclients
  I've tried to run test-ecpconnectivity but stated that the test user wasn't available.
  So I tried to use the powershell script to create a new test user, but it doesn't seem to work either I think it's related to the exchange machine not being a member of the root domain, but not sure on that one.
  I seem to be able to manage everything with command-line still.  Create and remove mailboxes etc.
  As far as errors/warnings go exchange wise I get an ASP.NET 4.0 warning Event ID 1309 stating that an unhandled exception occurred, which seems to coincide with the logon attempt.  I'm sure this has something to do with it, but not real sure what yet.
   Nothing I can see within the logon attempt from IIS or anything else really.
  I think that's about all I have.

  Hi,
  Please check on the Application Pools to view whether OWA and ECP Application Pool is running on .NET Framework v4.0. It maybe the incompletely installation of Framework that causes this error.
  If so, We can try to run the following command as Administrator:
  %windir%\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe -i
  Or change the MSExchangeECPAppPool from .NET Framework from v4.0 to v2.0. Then restart IIS to have a try.
  Regards,
  Winnie Liang
  TechNet Community Support

• Exchange 2013 OWA: Cannot set auto reply in shared mailbox

  We use Exchange 2013 and Outlook 2010. We have 3 users tha connect to a shared mailbox. We would like to have an auto-reply on this mailbox but cannot set it with the OWA. We get the following error:
  Client Information
  User Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; InfoPath.3)
  CPU Class: x86
  Platform: Win32
  System Language: nl-NL
  User Language: nl-NL
  CookieEnabled: true
  Exception Details
  Date: Fri Jul 11 11:31:40 UTC+0200 2014
  Message: Kan de eigenschap _events van een niet-gedefinieerde verwijzing of een verwijzing naar een lege waarde niet ophalen
  Url:
  https://owa.'domainname'.nl/ecp/15.0.712.22/scripts/microsoftajax.js
  Line: 5
  Call Stack
  Dump Event
   errorMessage = Kan de eigenschap _events van een niet-gedefinieerde verwijzing of een verwijzing naar een lege waarde niet ophalen
   errorUrl =
  https://owa.'domainname'.nl/ecp/15.0.712.22/scripts/microsoftajax.js
   errorLine = 5
   errorCharacter = 57312
   errorCode = 0
   actionURL =
   altKey = false
   altLeft = false
   behaviorCookie = 0
   behaviorPart = 0
   bookmarks = null
   boundElements = [object HTMLCollection]
   button = 0
   buttonID = 0
   cancelBubble = false
   clientX = 1187
   clientY = 72
   contentOverflow = false
   ctrlKey = false
   ctrlLeft = false
   data =
   dataFld =
   dataTransfer = null
   fromElement = null
   keyCode = 0
   nextPage =
   offsetX = 0
   offsetY = 0
   origin =
   propertyName =
   qualifier =
   reason = 0
   recordset = null
   repeat = false
   returnValue = true
   screenX = 2373
   screenY = 343
   shiftKey = false
   shiftLeft = false
   source = null
   srcElement = null
   srcFilter = null
   srcUrn =
   toElement = null
   type = error
   url =
   wheelDelta = 0
   x = 0
   y = 0
   getAttribute =
  function getAttribute() {
      [native code]
   removeAttribute =
  function removeAttribute() {
      [native code]
   setAttribute =
  function setAttribute() {
      [native code]
  Detailed Call Stack

  Hi,
  Error information is quite important. In order to solve your issue effectively, please take your time to describe the error in English for my research.
  Best regards,
  Amy Wang
  TechNet Community Support

• Exchange 2013 OWA Intergration - More than 1 CAS - not working?

  Hello,
  Not sure why I can't get this working properly in my test lab. My admin user is unable to sign in through OWA to Lync but the actual client works fine. I get the "there is an error, contact your system administrator." I followed the TechNet article
  here http://technet.microsoft.com/en-us/library/jj688098.aspx. Here is my configs
  PS C:\Users\Administrator.R5A> get-cspartnerapplication
  Identity : Exchange
  AuthToken : Value=https://autodiscover.domain.tld/autodis
  cover/metadata/json/1
  Name : Exchange
  ApplicationIdentifier : 00000002-0000-0ff1-ce00-000000000000
  Realm : domain.tld
  ApplicationTrustLevel : Full
  AcceptSecurityIdentifierInformation : False
  Enabled : True
  PS C:\Users\Administrator.R5A> get-csoauthconfiguration
  Identity : Global
  PartnerApplications : {Name=Exchange;ApplicationIdentifier=00000
  002-0000-0ff1-ce00-000000000000;Realm=DOMAIN.
  TLD;ApplicationTrustLevel=Full;AcceptSecuri
  tyIdentifierInformation=False;Enabled=True
  OAuthServers : {}
  Realm :
  ServiceName : 00000004-0000-0ff1-ce00-000000000000
  ExchangeAutodiscoverUrl : https://autodiscover.domain.tld/autodiscover/a
  utodiscover.svc
  ExchangeAutodiscoverAllowedDomains :
  PS C:\Users\Administrator.R5A> get-cstrustedapplication
  Identity : torsv-excas01.domain.tld/urn:application:outlook
  webapp
  ComputerGruus : {torsv-excas01.domain.tld sip:[email protected];gruu;opaque=srvr:outlookweba
  pp:ybjGB5gixFCrsTQrQHNQHAAA}
  ServiceGruu : sip:[email protected];gruu;o
  paque=srvr:outlookwebapp:ybjGB5gixFCrsTQrQHNQHAAA
  Protocol : Mtls
  ApplicationId : urn:application:outlookwebapp
  TrustedApplicationPoolFqdn : torsv-excas01.domain.tld
  Port : 5199
  LegacyApplicationName : outlookwebapp
  Identity : torsv-excas02.domain.tld/urn:application:outlook
  webapp
  ComputerGruus : {torsv-excas02.domain.tld sip:[email protected];gruu;opaque=srvr:outlookweba
  pp:NVWngwaX91yyXJLGooUVkwAA}
  ServiceGruu : sip:[email protected];gruu;o
  paque=srvr:outlookwebapp:NVWngwaX91yyXJLGooUVkwAA
  Protocol : Mtls
  ApplicationId : urn:application:outlookwebapp
  TrustedApplicationPoolFqdn : torsv-excas02.domain.tld
  Port : 5199
  LegacyApplicationName : outlookwebapp
  PS C:\Users\Administrator.R5A> get-CsTrustedApplicationPool
  Identity : TrustedApplicationPool:torsv-excas01.domain.tld
  Registrar : Registrar:sip.domain.tld
  FileStore :
  ThrottleAsServer : True
  TreatAsAuthenticated : True
  OutboundOnly : False
  RequiresReplication : False
  AudioPortStart :
  AudioPortCount : 0
  AppSharingPortStart :
  AppSharingPortCount : 0
  VideoPortStart :
  VideoPortCount : 0
  Applications : {urn:application:outlookwebapp}
  DependentServiceList : {}
  ServiceId : 1-ExternalServer-1
  SiteId : Site:MySite
  PoolFqdn : torsv-excas01.domain.tld
  Version : 6
  Role : TrustedApplicationPool
  Identity : TrustedApplicationPool:torsv-excas02.domain.tld
  Registrar : Registrar:sip.domain.tld
  FileStore :
  ThrottleAsServer : True
  TreatAsAuthenticated : True
  OutboundOnly : False
  RequiresReplication : False
  AudioPortStart :
  AudioPortCount : 0
  AppSharingPortStart :
  AppSharingPortCount : 0
  VideoPortStart :
  VideoPortCount : 0
  Applications : {urn:application:outlookwebapp}
  DependentServiceList : {}
  ServiceId : 1-ExternalServer-2
  SiteId : Site:MySite
  PoolFqdn : torsv-excas02.domain.tld
  Version : 6
  Role : TrustedApplicationPool
   Test-CsExStorageConnectivity works fine.
  What's weird is when I try testing OWA IM login and use the SIP debugger I see this entry.
  Start-Line: NEGOTIATE sip:127.0.0.1:5061 SIP/2.0
  FROM: <sip:sip.domain.tld>;ms-fe=torsv-lync01.domain.tld
  TO: <sip:sip.domain.tld>
  CALL-ID: 4a017cf0e45a4bd7b1a78bdd83821277
  CSEQ: 1 NEGOTIATE
  VIA: SIP/2.0/TLS 192.168.1.9:65137
  MAX-FORWARDS: 0
  CONTENT-LENGTH: 0
  SUPPORTED: NewNegotiate
  SUPPORTED: ECC
  REQUIRE: ms-feature-info
  SERVER: RTC/5.0
  $$end_record
  Why are the TO and From fields showing the same thing? What am I missing
  Exchange CAS 1 and CAS 2 running Exchange 2013 SP1 on Server 2008 R2
  Lync 2013 with latest windows updates.

  For anyone that finds this in Google and has separated Exchange 2013 roles or had this issue I resolved it with the help of Microsoft.
  First issue
  - Web.config edits on MBX servers instead of CAS. You do NOT do any web.config edits on the CAS server. The reason is the CAS server proxies the request to Mailbox servers and the actual server connecting to Lync is your mailbox servers.
  - Verify that your IIS port 443 binding on your mailbox server for both backend / default website the certificate matches and has all the names in it. 
  - Thumbprint that you put in your web.config file should be the cert thumbprint currently equipped on your Mailbox server.
  Second issue I had was the Lync config wasnt correct. We deleted all the trusted application servers and recreated the trusted application server by creating new multi trusted app. added in the two CAS servers. then recreated the New-CsTrustedApplication
  to tie with the newly created application server pool.
  iisreset on all the servers and then the issue was resolved!
  The reason why the SIP request was malformed was due to not having the web.config edits done properly. 

• Exchange 2013 OWA,Async,And OA error MsExchange BackEndRehydration event id 3002

  Hi team,
  I had issue in My Exchange system.
  I had two Exchange 2013 muli role with CAS and MBX
  Server A had no problem connection when client access OWA directly (https://servernamefqdn/owa)
  but, theres issue when I pointing to server B OWA (https://serverBfqdn/owa). its same when outlook connect (using OA ),and Aysnc connection.
  when I failed to connect OWA, theres event id 3002 MsExchange BackEndRehydration event id 3002.
  the error show at Server A ( server at a good condition )
  heres the error
  Thanks

  Hello Team,
  I have a similar issue with Event ID 3002 filling up the App log on both Mailbox servers.  Here is a snippet of the error.  Any help is greatly appreciated.  Thank you.
  "Protocol /EWS failed to process request from identity DOMAIN\CASServer. Exception: Microsoft.Exchange.Security.OAuth.InvalidOAuthTokenException: The user specified by the user-context in the token is ambiguous.
     at Microsoft.Exchange.Security.OAuth.OAuthActAsUser.InternalCreateFromAttributes(OrganizationId organizationId, Boolean calledAtFrontEnd, Dictionary`2 rawAttributes, Dictionary`2 verifiedAttributes)
     at Microsoft.Exchange.Security.Authentication.BackendAuthenticator.OAuthAuthenticator.ExtractActAsUser(OrganizationId organizationId, CommonAccessToken token)
     at Microsoft.Exchange.Security.Authentication.BackendAuthenticator.OAuthAuthenticator.InternalRehydrate(CommonAccessToken token, Boolean wantAuthIdentifier, String& authIdentifier, IPrincipal& principal)
     at Microsoft.Exchange.Security.Authentication.BackendAuthenticator.Rehydrate(CommonAccessToken token, BackendAuthenticator& authenticator, Boolean wantAuthIdentifier, String& authIdentifier, IPrincipal& principal, IAccountValidationContext&
  accountValidationContext)
     at Microsoft.Exchange.Security.Authentication.BackendRehydrationModule.ProcessRequest(HttpContext httpContext)
     at Microsoft.Exchange.Security.Authentication.BackendRehydrationModule.OnAuthenticateRequest(Object source, EventArgs args).