Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Tuesday, June 23, 2020 2:13 AM
I have a server running Server 2016 and Exchange 2016.
Users are accessing their email ok via Outlook, but we have an issue with mobile phone sync that brough the issue to our attention.
Digging further ECP, OWA return HTTP 403 Forbidden when an attempt to access them either using the FQDN/OWA, FQDN/ECP localhost or server IP.
Get-ServerHealthReport
Server State HealthSet AlertValue LastTransitionTime MonitorCount
SErver2018 NotApplicable Network Unhealthy 19/06/2020 7:01:57 PM 9
SErver2018 NotApplicable Compliance Unhealthy 23/06/2020 12:00:49 AM 43
SErver2018 NotApplicable OutlookMapiHttp Unhealthy 22/06/2020 3:58:10 PM 1
While I dont think DNS is the issue, the Network Health set refers to DNS forwarders. I updated the forwarders and tested them IN dns and they work ok, but the HealthSet still says there is a problem. I cant find a support article to dig deeper into this one.
Where to next? Exchange 2013/2016 have been incredibly reliable for me so my troublshooting skills are rusty.
All replies (15)
Tuesday, June 23, 2020 4:18 AM
Hi,
Use Test Connectivity tool from Microsoft to see the issues in connecting the Exchange server from outside world (Mobile clients)
https://testconnectivity.microsoft.com/tests/exchange
Regards From: Exchange Online | World of Cloud Computing
Tuesday, June 23, 2020 12:01 PM
Thanks Manu, it told me what I already knew about what was and, wasn't working.
Tuesday, June 23, 2020 6:53 PM
Please post the test report from connectivity analyzer so that we can see what's wrong on the settings
Regards From: Exchange Online | World of Cloud Computing
Wednesday, June 24, 2020 3:27 AM
Summary or Outlook connectivity test
Attempting to ping RPC proxy remote.ABC.org.au.RPC Proxy can't be pinged.
Additional Details
An unexpected network-level exception was encountered. Exception details: Message: The remote server returned an error: (404) Not Found. Type: Microsoft.Exchange.Tools.ExRca.Extensions.MapiTransportException Stack trace: at Microsoft.Exchange.Tools.ExRca.Extensions.MapiRpcTestClient.PingProtocolProxy(String endpointIdentifier) at Microsoft.Exchange.Tools.ExRca.Tests.MapiPingProxyTest.PerformTestReally() Exception details: Message: The remote server returned an error: (404) Not Found. Type: System.Net.WebException Stack trace: at System.Net.HttpWebRequest.GetResponse() at RpcPingLib.RpcPing.PingProxy(String internalServerFqdn, String endpoint) at Microsoft.Exchange.Tools.ExRca.Extensions.MapiRpcTestClient.PingProtocolProxy(String endpointIdentifier)
Active Sync tests OK
Wednesday, June 24, 2020 4:18 AM
Hi,
Have you enabled IpV6 in Exchange server? Please disable it and test again. Check if the test is success
Regards From: Exchange Online | World of Cloud Computing
Wednesday, June 24, 2020 7:33 AM
Checked and IP V6 is disabled.
If I type into the browser on the server http://internal-ipaddress/ecp the 404 error presents
Wednesday, June 24, 2020 8:12 AM
Hi MBKITMGR,
Did you do anything before the issue? Please note that if you make any changes to IIS, please run iisreset in CMD running as administrator.
1. According to the error HTTP 403 Forbidden, this problem may be caused by a computer object is added to a group that is denied the ms-Exch-EPI-Token-Serialization user right. Please check the restricted group, if the computer object is in one of these groups, remove the computer object from the restricted group.
For more information you could refer to:Error message in EMS, EAC, ECP, OWA, or Outlook on the Web in Exchange Server 2013 or Exchange Server 2016.
2. If you have made changes to the virtual directory, please follow the default configuration to restore the changes and run iisreset, then see if the problem is resolved.
About default settings for Exchange virtual directories:Default settings for Exchange virtual directories.
3. If none of the above methods succeed, please try to remove and re-create the ActiveSync/ECP/OWA virtual directory by running:
Remove-OwaVirtualDirectory -Identity<>
New-OwaVirtualDirectory -WebSiteName "Default Web Site" -ExternalUrl <> -InternalUrl <>
Remove-EcpVirtualDirectory -Identity<>
New-OEcpVirtualDirectory -WebSiteName "Default Web Site" -ExternalUrl <> -InternalUrl <>
Remove-ActiveSyncVirtualDirectory -Identity
New-ActiveSyncVirtualDirectory -WebSiteName "Default Web Site" -ExternalUrl <> -InternalUrl <>
Then run iisreset.
4. According to the information provided by the Outlook connection test. Please make sure your used namespaces are added in your Exchange certificate, and run the following code to confirm that the configuration of Outlook anywhere is correct.
Get-OutlookAnywhere | fl
Regards,
Lucas Liu
Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact [email protected].
Wednesday, June 24, 2020 11:21 AM
Hi Lucas,
No activities performed on the server, a user reported their email sync wasnt working since the 14th of this month and reported it to me on the 21st.
One update installed itself for Windows server 2016 on the 19th.
I'll check these when I get the ok to proceed from the client
Thursday, June 25, 2020 9:13 AM
Hi MBKITMGR,
Will there be an error if you type https://FQDN/ECP, https://FQDN/owa into brower?
Regards,
Joy Zhang
Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact [email protected].
Monday, June 29, 2020 9:39 AM
Hi MBKITMGR,
I am looking forward to your feedback.
If you have any questions or needed further help on this issue, please feel free to post back.
Regards,
Lucas Liu
Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact [email protected].
Monday, June 29, 2020 10:10 PM
Hi MBKITMGR,
Will there be an error if you type https://FQDN/ECP, https://FQDN/owa into brower?
Regards,
Joy Zhang
Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact [email protected].
Hi Joy, yes "Digging further ECP, OWA return HTTP 403 Forbidden" when accessed from a browser.
Wednesday, July 1, 2020 9:48 AM
Hi MBKITMGR,
Will the problem still appear after trying the above steps?
If you have any questions or need further help on this issue, please feel free to post back.
Regards,
Lucas Liu
Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact [email protected].
Friday, July 3, 2020 8:52 AM
Hi MBKITMGR,
I am writing here to confirm with you how thing going now? If the above suggestion helps, please be free to mark it as an answer for helping more people.
Thanks for your understanding.
Regards,
Lucas Liu
Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact [email protected].
Thursday, July 16, 2020 1:40 AM
Hi Lucas,
Removing and recreating the Virtual Directories has fixed access to ECP, OWA and Activesync. Thanks for your guidance
Thursday, July 16, 2020 9:25 AM
Hi MBKITMGR,
Iām pleased to know that the information is helpful to you.
If there is no issue, please remember to mark helpful reply as answer to close the thread. Your action would be helpful to other users who encounter the same issue and read this thread.
Thanks for your understanding.
This Exchange Server 2016 ā Administration Forum will be migrating to a new home on Microsoft Q&A, please refer to this sticky post** for more details.**
Regards,
Lucas Liu
Exchange Server 2016 ā Administration forum will be migrating to a new home on Microsoft Q&A! We invite you to post new questions in the new forum.
For more information, please refer to the sticky post.