Exchange EWS applications continuously disconnect and reconnect

Scenario:  Users are reporting that their Mac Mail and Outlook for Mac email clients continuously disconnect and then reconnect making their mail client unreliable and unstable.  EWS is the only mail protocol that is affected, all other protocols are fine.

Troubleshooting:  We noticed the following (the timing for each item found was at the same time or really close together):

Event Viewer: We found the following events in the Application logs that tied together errors with ASP.Net and the crashing/restarting of the  MSExchange Web Services app pool:

  • EventID:  1325   –  Source: ASP.NET 4.0.30319.0 – Application ID: /LM/W3SVC/2/ROOT/EWS Message: Missing signing certificate
  • EventID: 2 – The Exchange Web Services started successfully.

Wireshark: We saw connection Resets (RST) being issued from the server to the client, meaning it was the server that was the cause of disconnecting clients to the server. Wireshark Filter:  (ip.dst==10.1.1.2 or ip.src==10.1.1.2) and tcp.flags.reset ==1

AuthConfig: Troubleshooting the ASP.NET error and the message: missing signing certificate, we realized that the certificate currently being used for server authentication was expired.  (ExPowershell: Get-authconfig)

Solution:  ASP.NET was breaking as a result of the certificate used for AuthConfig. When ASP.NET broke, so did EWS. We created/deployed a new certificate and this fixed our issue.

We created a new certificate:

New-ExchangeCertificate -KeySize 2048 -PrivateKeyExportable $true -SubjectName “cn=Microsoft Exchange Server Auth Certificate” -FriendlyName “Microsoft Exchange Server Auth Certificate” -DomainName “contoso.com”

Then we exported the new cert  and imported to each Ex Server:

Export-ExchangeCertificate -Thumbprint E5AAEBA3DCB406331949D3FB5E108FC7EF3B0B62 -FileName “\ExSrv1C$authcert.pfx” -BinaryEncoded -Password (ConvertTo-SecureString -String ‘password’ -AsPlainText -Force)

$Servers = get-exchangeserver
$servers.name | %{
    “$_”
    Import-ExchangeCertificate -Server $_ -FileName “\ExSrv1C$authcert.pfx” -Password (ConvertTo-SecureString -String ‘password’ -AsPlainText -Force)
}

Next we set the AuthConfig to the new certificate:

Set-AuthConfig -NewCertificateThumbprint E5AAEBA3DCB406331949D3FB5E108FC7EF3B0B62 -NewCertificateEffectiveDate (Get-Date)

Next we Published the Cert:

Set-AuthConfig –PublishCertificate

Since this issue was a result of ASP.NET errors, this made the errors go right away.  I followed up with  Restarting the Web App Pools for the following just in case:

Restart-WebAppPool MSExchangeOWAAppPool
Restart-WebAppPool MSExchangeECPAppPool
Restart-WebAppPool MSexchangeServicesAppPool

 

 

 

 

Advertisement

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

%d bloggers like this: