If you published your Exchange 2010 services (OWA, Outlook Anywhere, EAS…) using ForeFront Unified Access Gateway (ForeFront UAG), you may have trouble with Outlook Anywhere after you deployed the Service Pack 1 for Exchange.
Indeed, Exchange Web Services and Autodiscover Service may not work anymore when connected remotely.
The first thing is to check if Basic authentication is enabled Autodiscover virtual directory.
- get-autodiscovervirtualdirectory | fl >>> BasicAuthentication : True
Don’t change the settings for EWS; the authentication providers enabled should be BasicAuthentication and WindowsAuthentication. If you disable WindowsAuthentication for EWS, you will experiment some issue with OWA.
The second thing is new with Exchange 2010 SP1.
You have to check if EWS and Outlook is enabled at the Organization Level; by default, these attributes are not set, even if you already have configured the associated services.
- get-organizationconfig | fl
EwsEnabled :
EwsAllowOutlook :
EwsAllowMacOutlook :
EwsAllowEntourage :
EwsApplicationAccessPolicy :
EwsAllowList :
EwsBlockList :
To set these attributes, you have to run the set-organizationconfig –<attribute> <value> where <attribute> has to be changed with the related name and <value> with the accepted value:
Attribute | Description | Value |
EWSAllowEntourage | Specifies whether to allow or disallow Entourage 2008 for Mac, Web Services Edition to access Exchange Web Services for the user. Note that Entourage 2008 uses EWS exclusively, so this parameter can be used to block Entourage 2008 | $True or $False |
EWSAllowList | Specifies the applications as identified by user agent strings that can access Exchange Web Services when the EWSApplicationAccessPolicy parameter is set to EnforceAllowList | |
EWSAllowMacOutlook | Specifies whether to allow or disallow Outlook for Mac to access Exchange using EWS. Future versions of Outlook for Mac will use EWS exclusively | $True or $False |
EWSAllowOutlook | Specifies whether to allow or disallow Outlook 2007 to access Exchange Web Services for the user. Outlook uses Exchange Web Services for free/busy, OOF, and calendar sharing | $True or $False |
EWSApplicationAccessPolicy | Specifies which applications other than Entourage, Outlook for Mac 2011 and Outlook can access Exchange Web Services. If set to EnforceAllowList, only applications specified in the EWSAllowList parameter are allowed access to Exchange Web Services. If set to EnforceBlockList, every application is allowed access to Exchange Web Services except the ones specified in the EwsBlockList parameter | EnforceAllowList EWSAllowList EnforceBlockList |
EWSBlockList | Specifies the applications (user agent strings) that can’t access Exchange Web Services when the EWSApplicationAccessPolicy parameter is set to EnforceBlockList | |
EWSEnabled |
Specifies whether to globally enable or disable Exchange Web Services access for a user, regardless of which application is making the request. When the EWSEnabled parameter is set to $false, Exchange Web Services access is turned off regardless of the values of the EWSAllowEntourage parameter |
$True or $False |