Featured Post

How the Sumatra Double-Booking cmdlet works

First: you can always get help at the PowerShell prompt with: get-help Get-suDoubleBookedMeetings Let's say that we have the followin...

Saturday, April 14, 2012

Test insertion: 401 or 500 error resolution protocol

Suppose you're testing your permissions and get either a ‘500’ or a ‘401’ error.

Use the following table to sort those issues out.

Most Likely Issue
The "test user" does not exist in Exchange 
is not mailbox enabled
Verify account exists in the domain, it is enabled, a mailbox user  (try to access the account in OWA using the service account credentials)
The "SERVICE ACCOUNT" cannot impersonate the "test user"
Verity  there is a management_role assignment "ApplicationImpersonation" (Ex10) or ExtendedRights:"ms-Exch-EPI-Impersonation","ms-Exch-EPI-May-Impersonate" (ex07) for the SERVICE ACCOUNT that is applied to the server or the user you are attempting to test.
BASIC authentication is not enabled for the EWS virtual directory in IIS
Set Basic authentication in IIS;  remember to restart IIS
The "SERVICE ACCOUNT" is not authorized to submit requests to the CAS Server
Is this the account you granted impersonate rights to? Are the creds correct?  Paste the "ews url" into a browser.  Enter the service account creds, when prompted.  Do you see an EWS WSDL page?

Start with IIS Basic authentication on the EWSvirtual directory.  It’s the easiest to see / fix.

No comments: