Exchange error 403

Exchange Guide is a complete encyclopedia describing MS Exchange Server 2013, 2010 & 2007 encountered errors, concepts, tips and solutions

The Remote Server Returned an Error (403) Forbidden Exchange 2010

In this article, I am going to discuss «The remote server returned an error (403) forbidden in Exchange Server 2010». Generally, Exchange Administrator faces this issue when they try to migrate Exchange server 2010 mailbox data into Office 365 user account.

The Remote Server Returned an Error (403) Forbidden Exchange 2010

Problem Definition

At the time to Migration of Microsoft Exchange Server 2010 to Office 365 with Hybrid deployment of server. During the migration operation fails, the error message you get that ‘the remote server returned an error (403) forbidden Exchange’ or ‘the connection to the server «mail.mailtest.com» could not be completed’.

The first error message you get while performing the migration using PowerShell commands and the second error message we get when performing the migration with the help of Exchange Admin Center.

Cause of Error 403

The problem occurs, if the mailbox replication proxy (MRS Proxy) service is disabled on hybrid server within EWS Virtual directory. There could be some reasons cause of which the error could occur:

  1. MRSProxy might be in disabled state
    Run below mentioned command in EMS.

    Get-WebServicesVirtualDirectory "ABCServerNameEWS (Default_Website)" |FL Server, MRSProxyEnabled

    if you get MRSProxyEnable:False then it the actual cause of Error 403

  2. Another reason could be that on the hybrid server, MRSProxy is showing Enabled but while running the Get-WebServicesVirtualDirectory command, it is actually disabled.
    After running the above command, if you get True then look for the Exception message in 1309 Web Event. You will see that over there Exception Message is «MRS Proxy service is disabled»

Solution to fix Error 403

The remote server returned error 403 could be resolved can be resolved by two ways. The first way to fix error 403 is by enabling MRSProxy or by first disabling and then enabling MRSProxy.

Enable MRSProxy

To enable MRSProxy for fixing Error 403, first run below command and then restart IIS using iisreset command:

Set-WebServicesVirtualDirectory "ABCServerNameEWS (Default_Website)" -MRSProxyEnabled $true

First Disable and then Re-enable MRSProxy

Run below command to firstly disable and then re-enable MRSProxy:
Disable: Set-WebServicesVirtualDirectory "ABCServerNameEWS (Default_Website)" -MRSProxyEnabled $false
Enable: Set-WebServicesVirtualDirectory "ABCServerNameEWS (Default_Website)" -MRSProxyEnabled $true
Now, restart the Microsoft IIS with the help of iisreset command.

Exception Case

If the above discussed solution is not working in your case then for migration of Exchange 2010 mailboxes, you can export Exchange mailboxes to PST files first and then import those mailboxes into Office 365.

Conclusion

This article is written for providing the information regarding fixing «the remote server returned error 403» or «the connection to the server ‘mail.mailtest.com’ could not be completed». We discussed the multiple cause of error occurrence and what could be the possible way for resolving Error 403 in Exchange server 2010.

Источник

403. Ошибка «Запрещено» при попытке просмотреть сведения о доступности и доступности для всей организации в Exchange

Исходный номер базы знаний: 3082946

Аннотация

При попытке просмотреть сведения о доступности и доступности для всей организации попытка завершается ошибкой 403: Запрещено .

Например, у вас есть лес A на сервере с Microsoft Exchange 2007 и лесом B на сервере под управлением Exchange Server 2013 или Exchange Server 2010. В этом случае пользователь в лесу A не может видеть сведения о доступности пользователя в лесу B. Кроме того, следующее событие регистрируется в журнале событий на исходном сервере:

На целевом сервере следующую запись регистрируется в журнале СЛУЖБ IIS в каталоге W3SVC1:

На сервере, на котором выполняется Exchange Server 2013, в журнал HTTPProxy регистрируется следующую запись:

На сервере почтовых ящиков в журнале IIS в каталоге W3SVC2 регистрируется следующую запись:

На сервере почтовых ящиков в журнале EWS регистрируется следующую запись:

Причина

Эта проблема возникает из-за блокировки EWS в лесу B на уровне организации. Лес Б разрешает доступ к EWS только выбранным приложениям. EWS не допускается для запросов, свободных и занятых между лесами.

Чтобы проверить конфигурацию организации, выполните следующую команду:

Решение

Чтобы включить запросы между лесами на уровне организации, необходимо добавить агент пользователя в список разрешений EWS. Например, в ситуации, описанной в разделе «Сводка», добавьте следующий путь к агенту пользователя.

Эти сведения взяты из журналов IIS на целевом сервере.

Источник

Ошибка 403 Sorry Access denied when a user tries to sign in to Outlook Web App Microsoft 365

Исходный номер базы знаний: 2988732

Симптомы

Когда пользователь пытается войти в Outlook Web App Microsoft 365, он получает сообщение об ошибке, похожее на следующее:

Возможно, страница недоступна или у вас нет разрешения на ее открытие. За необходимыми учетными данными обратитесь к администратору. Чтобы новые учетные данные вступает в силу, необходимо закрыть это окно и снова войти в систему.

Причина

Эта проблема может возникнуть, если роль пользователя MyBaseOptions не включена в политике назначения ролей по умолчанию.

Решение

Чтобы устранить эту проблему, выполните следующие действия.

  1. Войдите на портал Microsoft 365.
  2. Выберите Администратор, а затем выберите Exchange, чтобы открыть Центр администрирования Exchange.
  3. Выберите разрешения, а затем выберите роли пользователей.
  4. Дважды щелкните политику назначения ролей по умолчанию.
  5. В окне политики назначения ролей по умолчанию установите флажок MyBaseOptions в разделе «Другие роли», а затем нажмите кнопку «Сохранить».

Дополнительные сведения

Дополнительные сведения о разрешениях в Exchange Online см. в Exchange Online.

Требуется дополнительная помощь? Зайдите на сайт сообщества Майкрософт.

Источник

HTTP error 403 when you start Exchange Management Shell on an Exchange Server 2010 Client Access server

Original KB number: В 2276957

Symptoms

When you try to open EMS on an Exchange Server 2010 Client Access server, you receive the following error message in EMS:

[ ] Connecting to remote server failed with the following error message: The WinRM client received an HTTP status code of 403 from the remote WS-Management service. For more information, see the about_Remote_Troubleshooting Help topic.

+ CategoryInfo : OpenError: (System.Manageme. RemoteRunspace:RemoteRunspace) [], PSRemotingTransportException

Failed to connect to any Exchange Server in the current site.

Please enter the Server FQDN where you want to connect:

Cause

This problem occurs because the Require SSL option on the PowerShell virtual directory in Internet Information Services (IIS) Manager is enabled. However, this option setting is not needed because Exchange Server 2010 uses Kerberos authentication.

Resolution

To resolve this problem, follow these steps:

  1. On the Exchange Server 2010 Client Access server, open IIS Manager.
  2. Locate the PowerShell virtual directory under Default Web Site, and then click SSL Settings in the details pane.
  3. Double-click SSL Settings and then clear the Require SSL option.
  4. In the details pane, click Apply to save the settings in IIS Manager.
  5. Restart IIS.
  6. Close EMS, and then reopen it.

Status

Microsoft has confirmed that this is a problem.

Источник

Ошибка HTTP 403 при запуске командной консоли Exchange на сервере клиентского доступа Exchange Server 2010

Исходный номер базы знаний: 2276957

Симптомы

При попытке открыть EMS на сервере клиентского доступа Exchange Server 2010 вы получаете следующее сообщение об ошибке в EMS:

[ ] Не удалось подключиться к удаленному серверу со следующим сообщением об ошибке: клиент WinRM получил код состояния HTTP 403 от удаленной службы WS-Management. Дополнительные сведения см. в разделе about_Remote_Troubleshooting справки.

+ CategoryInfo : OpenError: (System.Manageme. RemoteRunspace:RemoteRunspace) [], PSRemotingTransportException

Не удалось подключиться к Exchange Server на текущем сайте.

Введите полное доменное имя сервера, к которому вы хотите подключиться:

Причина

Эта проблема возникает из-за включения параметра Require SSL (Требовать SSL) в виртуальном каталоге PowerShell в диспетчере СЛУЖБ IIS. Однако этот параметр не требуется, так как Exchange Server 2010 использует проверку подлинности Kerberos.

Решение

Чтобы устранить эту неполадку, выполните следующие действия:

  1. На сервере Exchange Server клиентского доступа 2010 откройте диспетчер IIS.
  2. Найдите виртуальный каталог PowerShell в разделе «Веб-сайт по умолчанию «, а затем щелкните » Параметры SSL » в области сведений.
  3. Дважды щелкните параметры SSL и снимите флажок Require SSL (Требовать SSL ).
  4. В области сведений нажмите кнопку «Применить «, чтобы сохранить параметры в диспетчере IIS.
  5. Перезапустите IIS
  6. Закройте EMS и снова откройте ее.

Состояние

Корпорация Майкрософт подтвердила, что это проблема.

Источник

403: Forbidden error when you try to view organization-wide free/busy information in Exchange

Original KB number: В 3082946

Summary

When you try to view organization-wide free/busy information, the attempt fails and generates a 403: Forbidden error.

For example, you have Forest A on a server that’s running Microsoft Exchange 2007 and Forest B on a server that’s running Exchange Server 2013 or Exchange Server 2010. In this situation, a user in Forest A can’t see the free/busy information of a user in Forest B. Additionally, the following event is logged in the event log on the source server:

On the destination server, the following entry is logged in the Internet Information Service (IIS) log, under the W3SVC1 directory:

On the server that is running Exchange Server 2013, the following entry is logged in the HTTPProxy log:

On the Mailbox server, the following entry is logged in the IIS log, under the W3SVC2 directory:

On the Mailbox server, the following entry is logged in the EWS log:

Cause

This problem occurs because EWS is blocked on Forest B at the organization level. Forest B allows only selected applications to access EWS. EWS isn’t allowed for cross-forest free/busy requests.

To check the organization configuration, run the following command:

Resolution

To enable cross-forest free/busy requests at the organization level, you have to add the User agent to the EWS Allow list. For example, in the situation that’s described in the «Summary» section, add the following User agent path.

This information is taken from IIS logs on the destination server.

Источник

Источник

Image of derrickbrasslett

on

April 22, 2005, 8:32 AM PDT

Investigate the ‘HTTP 403 (Forbidden)’ messages in OWA

If your OWA users are receiving the «HTTP 403 (Forbidden)» error, several things could be the culprit. Here’s one slightly less common cause of this particular error message.

Delivered each Monday,
TechRepublic’s free E-mail Administration NetNote provides tips, articles, and
other resources to help you manage your Exchange server and other e-mail
systems. Automatically
sign up today!

E-mail administrators must be prepared to troubleshoot the
problems that users face on a daily basis. See if you can identify the
following problem and solution. Here’s the scenario: Your Outlook Web Access
(OWA) users complain that they’ve received the following error message:

HTTP 403 (Forbidden)

You are not authorized to view this page

First, you examine permissions and authentication, but they
both look OK. Then you investigate connectivity, but it also appears to be fine.
Do you know anything else that could cause this particular error message?

Before you start pulling out your hair, there’s one slightly
less common cause of the HTTP 403 error that you should consider. If directory
browsing is turned off in the Exchange HTTP virtual directory, you’ll see the
symptoms listed above. Follow these steps to check it out:

  1. Open
    the Exchange System Manager, and navigate to the OWA server.
  2. Expand
    Protocols, expand HTTP, and then expand Exchange Virtual Server.
  3. Right-click
    Exchange, and then select Properties.
  4. Click
    the Access tab, and make sure the Directory Browsing check box is
    selected. If it isn’t, select the box, and then click OK.

Directory Browsing is turned on by default, so if the check
box wasn’t selected, someone must have turned it off. Make sure that you follow
up on this issue by having a little talk with your fellow administrators.

  • Software

Источник

Problem

You’ve downloaded the latest SecurEnvoy Version 9.1.501 package as of May 2018 from:

https://www.securenvoy.com/support/downloads.shtm

Then used the following guide to configure your on-premise Exchange 2016 OWA access for 2FA:

Microsoft Outlook Web Access 2013 — SecurEnvoy
https://www.securenvoy.com/IntegrationGuides/Microsoft/Outlook-Web-Access-2013.pdf

… but receive the following error when attempting to access the Outlook Web App page after enabling SecurEnvoy 2FA:

HTTP Error 403.18 — Forbidden
The specified request cannot be processed in the application pool that is configured for this resource on the Web server.
Most likely causes:

· An ISAPI filter or custom module changed the URL to run in a different application pool than the original URL.

· An ISAPI extension (or custom module) used ExecuteURL (or ExecuteRequest) to run in a different application pool than the original URL.

· You have a custom error page that is located in one application pool but is referenced by a Web site in another application pool. When the URL is processed, it is determined by IIS that that it should have been processed in the first application pool, not the other pool.

· The Web site has multiple applications configured. The application this request is configured to run in is set to run in an application pool that does not exist.

Things you can try:

· If you have an application that is trying to process a URL in another application pool (such as trying to process a custom error), ensure that they both run in the same application pool if appropriate.

· If you are trying to process a custom error URL that is located in another application pool, enable the custom errors Redirect feature.

· Verify that the application pool for the application exists.

· Create a tracing rule to track failed requests for this HTTP status code and see if ExecuteURL is being called. For more information about creating a tracing rule for failed requests, click here.

Detailed Error Information:

Module

   IIS Web Core

Notification

   BeginRequest

Handler

   SecurEnvoy MS Server Agent

Error Code

   0x00000000

Requested URL

   https://<webmailURL>:443/securenvoyauth/webauth.exe?action=auth&dir=WEBAUTHTEMPLATE&ip=7C91BFF7D8EBAB9B9879278A1F44F11D92&redirect=https://tmrbmexmb02/owa/

Physical Path

   C:Program Files (x86)SecurEnvoyMicrosoft Server AgentWEBwebauth.exe

Logon Method

   Not yet determined

Logon User

   Not yet determined
More Information:

This error occurs if the application pool for the request does not exist, or if an ISAPI filter, ISAPI extension or HTTP module calls the ExecuteURL server support function (or ExecuteRequest) with a URL that is configured in a different application pool. Due to security reasons, a Web site in one application pool cannot make ExecuteURL requests against a URL in another application pool. If you have an application that is trying to process a URL in another application pool, ensure that they both run in the same application pool if appropriate.

View more information »

image

Server Error

403 — Forbidden: Access is denied.

You do not have permission to view this directory or page using the credentials that you supplied.

image

Solution

One of the possible causes of this error is if the MSExchangeOWAAppPool for the IIS server on the Exchange 2016 server is configured incorrectly. I’ve only configured SecurEnvoy 2FA with OWA 2016 once so I am unsure as to whether this is a common issue because the deployment guide (https://www.securenvoy.com/IntegrationGuides/Microsoft/Outlook-Web-Access-2013.pdf) does indicate this as a requirement but it is labeled as a note:

image

To verify that the parameter is configured correctly, launch the Internet Information (IIS) Manager on the Exchange server, navigate to the SecurEnvoyAuth virtual directory:

image

Right click on the SecurEnvoyAuth node, navigate to Manage Application and then select Advance Settings…:

image

If the Application Pool is configured as DefaultAppPool then change it to MSExchangeOWAAppPool:

image

imageimageimage

The page should now load with the SecurEnvoy customizations:

image

Note that the above screenshot shows that the images are missing, which is another issue I will blog about in another post.

Источник
  • Remove From My Forums

locked

EWS code return Error : Request failed. The remote server returned an error: (403) Forbidden OR (401) Unauthorized

  • Question

  • Hi,

    To, MSFT.

    I am quite unhappy with the limited documentation on EWS.  There should be many useful examples showing the power of EWS and not

    just how to call a function.  Also when technology is new , there should be many Videos/Writeup on troubleshooting with EWS with Steps and snapshots.

    Now I am getting the following Error message and i could not find any resource which can direct me to a solution. 

    Microsoft.Exchange.WebServices.Data.ServiceRequestException was unhandled
      Message=»Request failed. The remote server returned an error: (403) Forbidden.»
      Source=»Microsoft.Exchange.WebServices»
      StackTrace:
           at Microsoft.Exchange.WebServices.Data.ServiceRequestBase.InternalExecute()
           at Microsoft.Exchange.WebServices.Data.MultiResponseServiceRequest`1.Execute()
           at Microsoft.Exchange.WebServices.Data.ExchangeService.InternalFindFolders(IEnumerable`1 parentFolderIds, SearchFilter searchFilter, FolderView view, ServiceErrorHandling errorHandlingMode)
           at Microsoft.Exchange.WebServices.Data.ExchangeService.FindFolders(FolderId parentFolderId, FolderView view)
           at Microsoft.Exchange.WebServices.Data.ExchangeService.FindFolders(WellKnownFolderName parentFolderName, FolderView view)
           at EWSTest1.Form1.button1_Click(Object sender, EventArgs e) in c:tempEWSEWSTest1EWSTest1Form1.cs:line 41
           at System.Windows.Forms.Control.OnClick(EventArgs e)
           at System.Windows.Forms.Button.OnClick(EventArgs e)
           at System.Windows.Forms.Button.OnMouseUp(MouseEventArgs mevent)
           at System.Windows.Forms.Control.WmMouseUp(Message& m, MouseButtons button, Int32 clicks)
           at System.Windows.Forms.Control.WndProc(Message& m)
           at System.Windows.Forms.ButtonBase.WndProc(Message& m)
           at System.Windows.Forms.Button.WndProc(Message& m)
           at System.Windows.Forms.Control.ControlNativeWindow.OnMessage(Message& m)
           at System.Windows.Forms.Control.ControlNativeWindow.WndProc(Message& m)
           at System.Windows.Forms.NativeWindow.DebuggableCallback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)
           at System.Windows.Forms.UnsafeNativeMethods.DispatchMessageW(MSG& msg)
           at System.Windows.Forms.Application.ComponentManager.System.Windows.Forms.UnsafeNativeMethods.IMsoComponentManager.FPushMessageLoop(Int32 dwComponentID, Int32 reason, Int32 pvLoopData)
           at System.Windows.Forms.Application.ThreadContext.RunMessageLoopInner(Int32 reason, ApplicationContext context)
           at System.Windows.Forms.Application.ThreadContext.RunMessageLoop(Int32 reason, ApplicationContext context)
           at System.Windows.Forms.Application.Run(Form mainForm)
           at EWSTest1.Program.Main() in c:tempEWSEWSTest1EWSTest1Program.cs:line 18
           at System.AppDomain._nExecuteAssembly(Assembly assembly, String[] args)
           at System.AppDomain.ExecuteAssembly(String assemblyFile, Evidence assemblySecurity, String[] args)
           at Microsoft.VisualStudio.HostingProcess.HostProc.RunUsersAssembly()
           at System.Threading.ThreadHelper.ThreadStart_Context(Object state)
           at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
           at System.Threading.ThreadHelper.ThreadStart()
      InnerException: System.Net.WebException
           Message=»The remote server returned an error: (403) Forbidden.»
           Source=»System»
           StackTrace:
                at System.Net.HttpWebRequest.GetResponse()
                at Microsoft.Exchange.WebServices.Data.ServiceRequestBase.Emit()
                at Microsoft.Exchange.WebServices.Data.ServiceRequestBase.InternalExecute()
           InnerException:

    Following is my code.

     ExchangeService service = new ExchangeService(ExchangeVersion.Exchange2007_SP1);

   service.TraceEnabled = true;

   service.Credentials = new WebCredentials("xx@xx.com", "xxxx123");

   service.Url = new Uri("https://mail.xxxxxx.com/EWS/Exchange.asmx");

   FolderView v = new FolderView(5);



   ServicePointManager.ServerCertificateValidationCallback = RemoteCertificateValidationCallback;



   service.FindFolders(WellKnownFolderName.Inbox, v);

   //Error on above line.

     I tried changing the code line as below and I get another Error ….

    service.Credentials = new NetworkCredential("xx@xx.com", "xx","xxxxxxxx");

    «The remote server returned an error: (401) Unauthorized.»

    How do i resolve.   and what is difference between NetworkCredential and WebCredentials ?

Answers

  • This is Resolved.

    I figure out that the problem was in code line

    service.Credentials = new NetworkCredential(«xx@xx.com»,
    «xx»,«xxxxxxxx»);

    Instead of xx@xx.com  it should be just username ‘xx’.     That Solved.

    Phew!!

    Regards

    • Marked as answer by

      Thursday, July 15, 2010 11:12 AM

Источник

Понравилась статья? Поделить с друзьями:
  • Exchange ecp error 400
  • Exchange activesync returned an http 500 response internal server error
  • Exchange 500 непредвиденная ошибка
  • Exchange 2019 ecp http error 500
  • Exchange 2016 ecp error 500