Configuring Interorg Free/Busy in a single server Exchange Server 2007 organization


When you use a single server in your organization, but wish to publish Free/Busy for Exchange users from another organization (using the Add-AvailabilityAddressSpace cmdlet and InterOrg replication or third party solutions), it is important to remember the following:

DAV requests made by the Availability Service to the Schedule+ Free/Busy Public Folder in your organization are sent using HTTP, not HTTPS, to the /public virtual directory. 
By default, when you install the Client Access Server role on a computer, the virtual directories are configured to require SSL.   In a single server environment, this will prevent the Availability Service from retrieving the Free/Busy information from Public Folders.

In this scenario:

  • You use the Add-AvailabilityAddressSpace cmdlet to define the access method and associated credentials that are used to publish and view free/busy information across organizations. 
  • Replication tools or scripts are typically used to create the disabled users/contacts and Free/Busy data in your organization. 

After this is done, when Outlook users try to look up Free/Busy data for the users in the target organization, you begin to see events like the following in your Application Event Log:

Event Type:     Error
Event Source:   MSExchange Availability
Event Category: Availability Service
Event ID:       4003
Description:
Process 4204[w3wp.exe:/LM/W3SVC/1/ROOT/EWS-1-128632060327053920]: Microsoft.Exchange.InfoWorker.Common.Availability.PublicFolderRequest failed. The exception returned is Microsoft.Exchange.InfoWorker.Common.Availability.PublicFolderRequestProcessingException: The remote server returned an error: (403) Forbidden.. The request information is http://mail.domainname.com/public/?Cmd=freebusy&start=2008-08-04T12:00:00Z&end=2008-09-03T12:00:00Z&interval=30&u=user.name@domainname.com.. The Availability service could not successfully retrieve Schedule+ free/busy data for one or more legacy Exchange mailboxes. To find the root cause of this error, increase the diagnostic logging level of the MSExchange Availability service.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

There are three workarounds for this scenario:

1.  Move the Client Access Server role to another server. 

2. Disable "Require SSL" for the /public virtual directory in the IIS manager.

**You will likely wish to close port 80 for Internet access in to this server for security reasons.

Using this method will allow external clients to successfully connect and use HTTPS, and will not lessen the security of the connections.  Just because SSL is not required does not mean that it cannot be used.

3. A workaround that will allow ONLY Outlook 2007 clients to retrieve Free/Busy data (Outlook Web Access will still fail for these replicated users) could be to introduce the registry value below.  This will force the clients to retrieve and publish Free/Busy data to a Public Folders folder - bypassing the Availability Service.  The value is:

Key:     HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\Options\Calendar
DWORD:   UseLegacyFB
Value:   1

The value choices for this key are:
0 (or not present) = default behavior of using the Availability Service
1 = Use public folder free/busy information

It is important to remember that if the UseLegacyFB registry value is used, only Outlook users will be able to access Free/Busy data for the external users you have replicated!

References:

http://technet.microsoft.com/en-us/library/bb124122(EXCHG.80).aspx

- Will Duff


Share this post :


Comments (1)
  1. Eric says:

    Hi,

    We are having an issue with Free/Busy or Availability Service in an environment with untrusted multi-Forests but sharing the same Email address space.  Please see http://forums.microsoft.com/TechNet/ShowPost.aspx?PostID=4214728&SiteID=17.

    Is there a way to resolve this issue?  Had Exchange Team considered this kind of scenario when designing Exchange 2007 and its Availability Service or not?  If the answers are yes, we will create a support call to have this issue resolved.

    Could you please kindly to let us know?

    Thanks in advance,

    Eric

Comments are closed.

Skip to main content