Exchange 2013 to 2007 Outlook Anywhere Proxy Issue

Two weeks ago was a big step in our Exchange 2013 deployment as we cut over client connectivity to our Exchange 2013 CAS servers. As step in the process of installing Exchange 2013 is to cut over client access to proxy your 2007 or 2010 environment through 2013. This will pass traffic from your 2013 virtual directories to the legacy URL you create on your legacy exchange environment. For a more detailed understanding of this process a good place to start is Ross Smith’s article here. It was a long night and most of everything worked but Outlook Anywhere for users whose mailbox was hosted on Exchange 2007. Our first step in validation was to run the remote connectivity analyzer externally. This must have tool can be found at https://testconnectivity.microsoft.com/.

When running our first set of tests, we received the following error:

Attempting to ping RPC proxy oa.domain.com.

 RPC Proxy can’t be pinged.

    Additional Details

  A Web exception occurred because an HTTP 400 – BadRequest response was received from Unknown.

Headers received:

Transfer-Encoding: chunked

request-id: fc24649c-e3f5-43ea-b84f-dca01c1bc8b2

X-CalculatedBETarget: Exchange 2007 CAS FQDN

Persistent-Auth: true

X-FEServer: Exchange 2013 CAS FQDN

Cache-Control: private

Content-Type: text/html; charset=us-ascii

Date: Thu, 21 Nov 2013 13:04:13 GMT

Server: Microsoft-IIS/8.0

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Elapsed Time: 541 ms. 

We then tried creating an outlook profile externally and while it worked for 2013, 2007 users could not. With my 2013 profile opened, I added my 2013 mailbox and watched the connection status in outlook and you could see the server attempt a connection on the 2007 MBX servers then drop for a minute and then retry again. This just made a long night longer.

We checked authentication settings on 2013 and 2007 and everything was set to the documented settings. With a team of 5 including my Microsoft PFE on the bridge, we couldn’t figure it out.

Premier Support Time!

Yes, it was time to call Premier and they actually assisted us in resolving the issue rather quickly. Let me say, what you are about to learn is not documented and should be added to the deployment process for all 2007 to 2013 coexistence implementation.

To determine the issue, we first went to the Httperr Logs on the 2013 CAS and found the below error.

400 1 BadRequest MSExchangeRpcProxyAppPool

 We then looked at the Failed-Request log files. There is a good article on troubleshooint failed requests using IIS7 here.

C:\inetpub\logs\FailedReqLogFiles\W3SVC1

In the FR*.xml file, we saw this error.

failedrequest

The next step was to look at the Httperr Logs on a 2007 CAS server and this is where we found our issue.

 Buffer=”<!DOCTYPE HTML PUBLIC “-//W3C//DTD HTML 4.01//EN””http://www.w3.org/TR/html4/strict.dtd“>

<HTML><HEAD><TITLE>Bad Request</TITLE>

<META HTTP-EQUIV=”Content-Type” Content=”text/html; charset=us-ascii”></HEAD>

<BODY><h2>Bad Request – Request Too Long</h2>

<hr><p>HTTP Error 400. The size of the request headers is too long.</p>

</BODY></HTML>

The HTTP Error references a header that is too long for 2007 to accept.

When you install a 2013 Mailbox or MultiRole server, exchange adds two registry items:

 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP\Parameters]

“MaxFieldLength”=dword:00010000

“MaxRequestBytes”=dword:00010000

But on 2007 CAS, we do not see the same entries and therefore the proxied requests are not making it through 2007 CAS.

The fix is to simply add the same keys and then reboot the server or at a minimum, restart the HTTP and iisadmin service.

Here is a script to add the keys for you.

$keyPath = “HKLM:\System\CurrentControlSet\Services\HTTP\Parameters”;

if (!(Get-Item $keyPath -ErrorAction SilentlyContinue)) { New-Item $keyPath -Force }

set-itemproperty -path $keyPath -Name “MaxFieldLength” -Value 65536 -Type DWORD -Force;

set-itemproperty -path $keyPath -Name “MaxRequestBytes” -Value 65536 -Type DWORD -Force;

It is my hope that these changes will find themselves in a future CU for Exchange 2007.

Lastly, let me send a big thanks to Phillip Denton, Senior Support Escalation Engineer at Microsoft who deserves all the credit for helping us resolve this issue.

3 thoughts on “Exchange 2013 to 2007 Outlook Anywhere Proxy Issue

  1. Pingback: http://wp.me/p41puw-18 | JC's Blog-O-Gibberish
  2. Pingback: The UC Architects » Episode 32: Special Guest Jamie Stark of Microsoft

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s