Saturday, April 14, 2012

Test insertion: 401 or 500 error resolution protocol

Suppose you're testing your permissions and get either a ‘500’ or a ‘401’ error.

Use the following table to sort those issues out.

Most Likely Issue
The "test user" does not exist in Exchange 
is not mailbox enabled
Verify account exists in the domain, it is enabled, a mailbox user  (try to access the account in OWA using the service account credentials)
The "SERVICE ACCOUNT" cannot impersonate the "test user"
Verity  there is a management_role assignment "ApplicationImpersonation" (Ex10) or ExtendedRights:"ms-Exch-EPI-Impersonation","ms-Exch-EPI-May-Impersonate" (ex07) for the SERVICE ACCOUNT that is applied to the server or the user you are attempting to test.
BASIC authentication is not enabled for the EWS virtual directory in IIS
Set Basic authentication in IIS;  remember to restart IIS
The "SERVICE ACCOUNT" is not authorized to submit requests to the CAS Server
Is this the account you granted impersonate rights to? Are the creds correct?  Paste the "ews url" into a browser.  Enter the service account creds, when prompted.  Do you see an EWS WSDL page?

Start with IIS Basic authentication on the EWSvirtual directory.  It’s the easiest to see / fix.

Thursday, April 12, 2012

Hotmail to Windows Live @ Edu in Japan

We don't migrate email because so many other folks do and it's not that technically challenging or difficult.

Except in some instances.

You should be aware of the following  case out of Japan with a Hotmail to Live@edu migration.

My bet is that a little bit of the kind of planning, preparation, and testing that we're rabid advocates of could have avoided this.