question

EvandroBoaSemedo-7272 avatar image
0 Votes"
EvandroBoaSemedo-7272 asked EvandroBoaSemedo-7272 edited

Anonymous Calendar Sharing URL in Exchange is not working between Exchange 2016/2019 coexistence

Hi guys,



(Scenery)

I have 4 Exchange Servers 2016 CU22 Frontend; Only CAS Function | CAS Role

I have 6 Exchange Servers 2019 CU11 Backend; Only MBX Function | MBX Role


(Flow)

Internet ==> HLB (Hardware Load Balancer) ==> CAS ==> MBX

PS: Exchange Server 2016 CU22 is kept as CAS Role to maintain compatibility with older email clients.
PS: I applied the Security Updates for both versions as well, but I tried it before without applying it and it didn't work either.



All users when accessing shared calendar settings get this error <HTTP ERROR 500> below using Exchange Server 2016 CU22 with proxy function.

144476-143025-print-1.png


But. if i access directly through an Exchange Server 2019 CU11 using my file host by VPN to test the feature works perfectly.

144477-143101-print-2.png


Follow the configuration:

143054-print-3.png

143055-print-4.png


Source: https://techcommunity.microsoft.com/t5/exchange-team-blog/how-to-publish-anonymous-calendar-sharing-url-in-exchange-online/ba-p/586924


office-exchange-server-administrationoffice-exchange-online-itpro
print-3.png (21.1 KiB)
print-4.png (133.1 KiB)
143025-print-1.png (49.5 KiB)
143101-print-2.png (62.1 KiB)
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @EvandroBoaSemedo-7272

Are the affected mailboxes hosted by Exchange 2016 or Exchange 2019?

Have you done some changes before this issue occurs? Or it never works correctly in your environment?

0 Votes 0 ·

Hi @KaelYao-MSFT

Yes, all mailboxes are affected on Exchange Server 2019.

No changes. Apparently this feature shouldn't be working since coexistence, as only now users have been complaining.


The 4 Exchange Servers 2016 CU22 Frontend are only CAS Role, no mailboxes hosted.

The 6 Exchange Servers 2019 CU11 Backend are only Mailbox Role, all mailboxes are hosted this servers. But. If i access directly through using a VPN anyone Exchange Server 2019 the feature works perfectly via my hosts file.

Which folder are the calendar crash logs published on the internet?

Thanks anyway!

0 Votes 0 ·
EvandroBoaSemedo-7272 avatar image
1 Vote"
EvandroBoaSemedo-7272 answered KaelYao-MSFT commented

There is a bug in url rewrite, somehow it's not being imported correctly causing some code failure. If you create any rule that is, invalid or valid and apply it, it will work again. If you delete the rule, however invalid it may be, it also works again, as the web.config structure ends up being corrected in some way.

C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\owa\web.config

vDIR Export Rules

cd "C:\Windows\System32\inetsrv"
appcmd list config "Default Web Site/owa" -section:system.webServer/rewrite/rules -xml > P:\owarewriterules13-10-2021.xml

vDIR Import Rules

cd "C:\Windows\System32\inetsrv"
appcmd set config "Default Web Site/owa" -in < P:\owarewriterules13-10-2021.xml

I can say that I managed to solve my problem this way, because the failure was in the structure of the web.config imported from the backup xml by the cmd prompt itself.

But, looks like a bug.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Many thinks for the sharing!

0 Votes 0 ·
AndyDavid avatar image
0 Votes"
AndyDavid answered EvandroBoaSemedo-7272 commented

This doesnt make sense honestly:
Internet ==> HLB (Hardware Load Balancer) ==> CAS ==> MBX


Also, there is no such thing as a CAS or MBX only role in 2016/2019

"Exchange Server 2016 CU22 is kept as CAS Role to maintain compatibility with older email clients" Which clients are these?


Both the 2016 and 2019 server should be in the load balancer with all the same URLs for all the client virtual directories

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hello,

The Exchange servers 2016 are the frontends.

The Exchange servers 2019 are the backends.

The legacy clients are Outlook 2007 SP4, 2010 SP2.

Both the 2016 and 2019 server use the same URLs for all the client virtual directories.

We can't to use the Exchange servers 2019 how frontends in the moment because of these versions.

0 Votes 0 ·
AndyDavid avatar image
0 Votes"
AndyDavid answered EvandroBoaSemedo-7272 commented

Well, Outlook 2007 isnt supported for Exch 2016 neither :)

https://docs.microsoft.com/en-us/exchange/plan-and-deploy/supportability-matrix?view=exchserver-2019#clients


Are you sure this isnt a load balancer or firewall issue?

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

So,

This problem occur with any Outlook version, 2007, 2010, 2013, 2016 and Outlook Microsoft 365.

About your question bellow:

Are you sure this isnt a load balancer or firewall issue?

R: If i access directly through using a VPN anyone Exchange Server 2019 the feature works perfectly via my hosts file.

R: If i access directly through using a VPN anyone Exchange Server 2016 the feature is not works.

0 Votes 0 ·
AndyDavid avatar image
0 Votes"
AndyDavid answered KaelYao-MSFT edited

Did you enable the correct settings on the 2016 server?
https://docs.microsoft.com/en-us/exchange/create-a-sharing-policy-exchange-2013-help

143533-image.png



image.png (55.4 KiB)
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

OK,

Follow my tests:

Step 1:

143500-image.png


Step 2:

143490-image.png


Step 3:

143581-image.png


Step 4:

143591-image.png


Step 5: PS: I isolated one CAS to test.

143582-image.png


Step 6:

144389-143544-image.png


My configurations:

143585-image.png


143527-image.png


143586-image.png


No success too.


0 Votes 0 ·
image.png (7.7 KiB)
143544-image.png (12.5 KiB)
AndyDavid avatar image
0 Votes"
AndyDavid answered EvandroBoaSemedo-7272 commented

Anything interesting in the proxy logs on the 2016 server?

C:\Program Files\Microsoft\Exchange Server\V15\Logging\HttpProxy

or in the event logs?


Another thought: Is TLS 1.2 enforced on the 2016 server? ( It will be on 2019)

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

My TLS on Exchange Servers:

Exchange Server 2016 TLS 1.2, 1.1 and 1.0.

Exchange Server 2019 TLS 1.2.


On Exchange Server 2016/2019, only mailbox health records.

C:\Program Files\Microsoft\Exchange Server\V15\Logging\HttpProxy\OwaCalendar

143479-image.png



C:\Program Files\Microsoft\Exchange Server\V15\Logging\HttpProxy\Owa #No erros




0 Votes 0 ·
image.png (123.5 KiB)
AndyDavid avatar image
0 Votes"
AndyDavid answered

Ok, you cant enforce TLS 1.2 if you are using those older clients unfortunately

The logs you have there only show healthMailboces.
How about the failures? Do you see those - check the EWS proxy logs as well.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

EvandroBoaSemedo-7272 avatar image
0 Votes"
EvandroBoaSemedo-7272 answered EvandroBoaSemedo-7272 edited

@AndyDavid,

I isolated an Exchange Server 2016 Frontend (Example SRVCAS001) to use only TLS 1.2. Only I am accessing this front end server.

143833-image.png


143871-image.png
143759-image.png
143760-image.png
143830-image.png
143862-image.png
143819-image.png

143853-image.png
143835-image.png


2021-10-26T14:43:17.630Z,1eb4ef7b-1dfd-481b-8cf6-ddfebfbbb91e,15,2,986,9,Unknown,skysfb001/16074dce-4675-4419-856a-aac1152e3fed/[4201777466],Bearer,true,evandro*.br,.br,LYNC/6.0.9319.534/Storage,Target=None;Req=Exchange2013/Exchange2013;,192.168.SRV007,CAS001..BR,GetImItemList,200,883,,,evandro..br,,,67edec1a0be5444faadab692b9265cf6,0f90c229-94d8-46fc-b443-defac3c20e1e,PrimaryServer,LocalTask,0,0,0,0,0,,,,,,,,,,,,,,,,,,,,[C],0,0,17,18,3,,9,5,,66,86,24,111,,,SKU=Unknown;App_BeginReq_Start=0;App_BeginReq_End=0;GetHandler_Start=1;RequestHandler=Wcf;GetHandler_End=2;BackEndAuthenticator=OAuthAuthenticator;TotalBERehydrationModuleLatency=0;SkipMailboxRead=False;ADIdentityCache=Miss;AuthzFlags=AuthzSkipTokenGroups;CSCMissLatency=1;SkipMailboxRead=False;AuthzFlags=AuthzSkipTokenGroups;CSCMissLatency=2;CARB=1;ImGroupCount=6;PersonaCount=4;ContactCount=5;cpn=RUM_ABR/RUM_ABRC/ABR/APAR/EWS_CE/EWS_CEC/APSRH/APRHE/RUM_AER/RUM_AERC/AER/AERC/;cpv=0/0/0/1/86/110/111/111/111/111/111/111/;MailboxTypeCacheSize=427815;S:AspDispatchLatency.BeginRequest=0;S:ADRS.InclI=1;S:AspDispatchLatency.EndRequest=0;S:ADRS.Check=00;S:ServiceTaskMetadata.WatsonReportCount=0;S:WLM.Bal=299964.2;S:ServiceTaskMetadata.ServiceCommandBegin=86;S:ServiceTaskMetadata.ServiceCommandEnd=110;S:ActivityStandardMetadata.Component=Ews;S:WLM.BT=Ews;S:EwsMetadata.HttpHandlerGetterLatency=0;Dbl:WLM.TS=111;Dbl:CCpu.T[CMD]=15.625;I32:ADR.C[DC003]=1;F:ADR.ALDC003]=1.6082;I32:ADS.CDC003]=1;F:ADS.AL[DC003]=3.547;I32:ATE.C[DC004..br]=1;F:ATE.AL[DC004.br]=0;Dbl:BudgUse.T[]=23.8950996398926;I32:ATE.C[DC003..br]=2;F:ATE.AL[DC003..br]=30;Dbl:MAPI.T[SRV007.bb0ca4b9-b87d-4bf9-9451-da291c193021]=19;I32:ADR.C[DC001]=1;F:ADR.AL[DC001]=1.5382;I32:MAPI.C[SRV007.bb0ca4b9-b87d-4bf9-9451-da291c193021]=51;I32:ROP.C[SRV007.bb0ca4b9-b87d-4bf9-9451-da291c193021]=734443387;Dbl:RPC.T[SKYSRV007.bb0ca4b9-b87d-4bf9-9451-da291c193021]=19;I32:RPC.C[SRV007.bb0ca4b9-b87d-4bf9-9451-da291c193021]=17;I32:ATE.C[DC001..br]=1;F:ATE.AL[DC001.*.br]=0;Dbl:VCGS.T[SKYSRV007]=0;I32:VCGS.C[SRV007]=2;Dbl:EXR.T[SRV007.bb0ca4b9-b87d-4bf9-9451-da291c193021]=8;Dbl:ST.T[SRV007.bb0ca4b9-b87d-4bf9-9451-da291c193021]=4;I32:MB.C[SRV007.bb0ca4b9-b87d-4bf9-9451-da291c193021]=17;F:MB.AL[SRV007.bb0ca4b9-b87d-4bf9-9451-da291c193021]=1.117647;I32:ADS.C[DC004]=1;F:ADS.AL[DC004]=2.5858,,,,2021-10-26T14:43:17.511Z,15432,,644263248,652711840,564906_71837_2978,564907_71837_2978,,,,,,,,,,,,


My mailbox is hosted on Exchange Mailbox 2019 backend using only TLS 1.2.

143779-image.png
143881-image.png


C:\Program Files\Microsoft\Exchange Server\V15\Logging\HttpProxy\Owa #No errors found
C:\Program Files\Microsoft\Exchange Server\V15\Logging\HttpProxy\OwaCalendar #No errors found
C:\Program Files\Microsoft\Exchange Server\V15\Logging\Ews #No errors found
C:\Program Files\Microsoft\Exchange Server\V15\Logging\HttpProxy\Ews #No errors found
C:\Program Files\Microsoft\Exchange Server\V15\Logging\OWAAnonymous #No errors found
C:\Program Files\Microsoft\Exchange Server\V15\Logging\CalendarAssistantsLogs #No errors found
C:\Program Files\Microsoft\Exchange Server\V15\Logging\Calendar Repair Assistant #No errors found


Outlook event logs:

O Outlook carregou o(s) seguinte(s) suplemento(s):


Nome: Microsoft Exchange Add-in
Descrição: Exchange support for Unified Messaging, e-mail permission rules, and calendar availability.
ProgID: UmOutlookAddin.FormRegionAddin
GUID: {F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}
Comportamento do Carregamento: 3
HKLM: 1
Local: C:\Program Files\Microsoft Office\root\Office16\ADDINS\UmOutlookAddin.dll
Tempo de Inicialização (milissegundos): 16

Nome: Microsoft Teams Meeting Add-in for Microsoft Office
Descrição: Microsoft Teams Meeting Add-in for Microsoft Office
ProgID: TeamsAddin.FastConnect
GUID: {19A6E644-14E6-4A60-B8D7-DD20610A871D}
Comportamento do Carregamento: 3
HKLM: 0
Local: C:\Users\Evandro\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.21161.4\x64\Microsoft.Teams.AddinLoader.dll
Tempo de Inicialização (milissegundos): 0

Nome: Outlook Social Connector 2016
Descrição: Connects to social networking sites and provides people, activity, and status information.
ProgID: OscAddin.Connect
GUID: {2163EB1F-3FD9-4212-A41F-81D1F933597F}
Comportamento do Carregamento: 3
HKLM: 1
Local: C:\Program Files\Microsoft Office\root\Office16\SOCIALCONNECTOR.DLL
Tempo de Inicialização (milissegundos): 15

Nome: Microsoft SharePoint Server Colleague Import Add-in
Descrição: The Add-in allows Microsoft SharePoint Server to import colleague suggestions based on your Outlook content
ProgID: ColleagueImport.ColleagueImportAddin
GUID: {EFEF7FDB-0CED-4FB6-B3BB-3C50D39F4120}
Comportamento do Carregamento: 3
HKLM: 0
Local: C:\Program Files\Microsoft Office\root\Office16\ADDINS\ColleagueImport.dll
Tempo de Inicialização (milissegundos): 0

Êxito na solicitação do serviço Web do Exchange GetAppManifests.

The error persists even forcing TLS 1.2 between the 2 servers.

143786-image.png



image.png (6.2 KiB)
image.png (31.4 KiB)
image.png (34.6 KiB)
image.png (8.8 KiB)
image.png (8.7 KiB)
image.png (8.6 KiB)
image.png (8.6 KiB)
image.png (8.9 KiB)
image.png (8.8 KiB)
image.png (13.4 KiB)
image.png (12.8 KiB)
image.png (29.3 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

EvandroBoaSemedo-7272 avatar image
0 Votes"
EvandroBoaSemedo-7272 answered KaelYao-MSFT edited

PS:

I created a test database on Exchange Server 2016 CAS (Does not have mailbox) and moved an account to test functionality and the issue persisted.

Then I moved this same account to an Exchange Server 2019 MBX and it worked accessing directly through an Exchange Server 2019 CU11 using my file host by VPN to test the feature works perfectly.

144428-143797-image.png

The problem must be in Exchange Server 2016 CU22. I'm testing localhost using 127.0.0.1 webapp.domain.br, the same error on loopback.



image.png (68.2 KiB)
143797-image.png (26.1 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

AndyDavid avatar image
0 Votes"
AndyDavid answered

interesting that someone is reporting something similar for 2019 CU11:
https://docs.microsoft.com/en-us/answers/questions/606253/exchange-2019-internet-calendar-sharing-doesn39t-w.html

Maybe open a ticket with Microsoft Support?

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

EvandroBoaSemedo-7272 avatar image
0 Votes"
EvandroBoaSemedo-7272 answered EvandroBoaSemedo-7272 edited

Between yesterday and today, I created a lab with the following machines:

1 Domain controller 2019 (Domain/Forest | level 2016);
1 Exchange Server 2016 CU18; (My previous version before CU22)
1 Exchange Server 2019 CU10; (My previous version before CU11)

It worked normally.

I applied the Exchange Server 2016 CU22 update.

It worked normally.

I applied the Exchange Server 2016 SU22 update.

It worked normally.

I promoted a new Exchange Server 2019 CU10 in the same forest.

It worked normally.

I applied the Exchange Server 2019 CU11 update.

It worked normally.

I applied the Exchange Server 2019 SU11 update.

It worked normally.

144603-image.png
144593-image.png
144632-image.png

2021-10-28T13:25:56.852Z,97212d3c-bf04-489e-b6b9-8766fe84516a,15,1,2375,12,Unknown,{62487524-ED82-4856-8A3A-5C76A8E8732A},Negotiate,true,NETBIOS\sharefolders,,Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.14326; Pro),Target=None;Req=/Exchange2007;,168.0.134.15,CAS001,CAS001.DOMAIN.LOCAL,,500,426,,ErrorInvalidRequest,,,,80bb4180a22043d696c3db37c6169646,640aada8-5c07-4dc4-8d94-d6bf4cbe223f,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,7,,,SKU=Unknown;App_BeginReq_Start=0;App_BeginReq_End=0;GetHandler_Start=1;RequestHandler=Wcf;GetHandler_End=4;cpn=RUM_ABR/RUM_ABRC/ABR/APAR/APSRH/APRHE/RUM_AER/RUM_AERC/AER/AERC/;cpv=0/0/0/1/7/7/7/7/7/7/;MailboxTypeCacheSize=0;S:AspDispatchLatency.BeginRequest=0;S:AspDispatchLatency.EndRequest=0;S:EwsMetadata.HttpHandlerGetterLatency=3;Dbl:WLM.TS=7,,FaultInnerException=Microsoft.Exchange.Services.Core.Types.ErrorInvalidServerVersionException: The specified server version is invalid. at Microsoft.Exchange.Services.Wcf.MessageEncoderWithXmlDeclaration.SniffRequestForVersionAndMethodNameAndWSSecurityTokenHash(Stream stream Int32 maxSizeOfHeaders String& methodName String& methodNamespace IExchangeVersion& requestVersion String& wsSecurityTokenHash) at Microsoft.Exchange.Services.Wcf.MessageEncoderWithXmlDeclaration.<>c_DisplayClass27_0.<ReadMessage>b_0();FaultInnerException=Microsoft.Exchange.Services.Core.Types.ErrorInvalidRequestException: The request is invalid. at Microsoft.Exchange.Services.Wcf.DispatchByBodyElementOperationSelector.SelectOperation(Message& message) at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.CustomDemuxer.GetOperation(Message& request) at System.ServiceModel.Dispatcher.ChannelHandler.DispatchAndReleasePump(RequestContext request Boolean cleanThread OperationContext currentOperationContext);ExceptionHandlerBase_ProvideFault_Error=Microsoft.Exchange.Services.Core.Types.ErrorInvalidRequestException: The request is invalid. at Microsoft.Exchange.Services.Wcf.DispatchByBodyElementOperationSelector.SelectOperation(Message& message) at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.CustomDemuxer.GetOperation(Message& request) at System.ServiceModel.Dispatcher.ChannelHandler.DispatchAndReleasePump(RequestContext request Boolean cleanThread OperationContext currentOperationContext);,,2021-10-28T13:25:56.842Z,24220,,167504656,167999792,87_17_7,87_17_7,,,,,,,,,,,,

Reset IIS

Process w3wp.exe (OWA) (PID=20584). Failed to receive invalidation message from port 9050, exception got: A blocking operation was interrupted by a call to WSACancelBlockingCall.

Process w3wp.exe (OWA) (PID=20584). Failed to receive invalidation message from port 9050, exception got: A blocking operation was interrupted by a call to WSACancelBlockingCall.


It looks like it might be something inherited from some previous Security Updated that might have broken something of that function, as in my lab I applied these newer SUs not coming from previous CUs and SUs.



image.png (7.0 KiB)
image.png (47.8 KiB)
image.png (11.8 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.