When you use a single server in your organization, but wish to publish Free/Busy for Exchange users from another organization (using the Add-AvailabilityAddressSpace cmdlet and InterOrg replication or third party solutions), it is important to remember the following:
DAV requests made by the Availability Service to the Schedule+ Free/Busy Public Folder in your organization are sent using HTTP, not HTTPS, to the /public virtual directory.
By default, when you install the Client Access Server role on a computer, the virtual directories are configured to require SSL. In a single server environment, this will prevent the Availability Service from retrieving the Free/Busy information from Public Folders.
In this scenario:
- You use the Add-AvailabilityAddressSpace cmdlet to define the access method and associated credentials that are used to publish and view free/busy information across organizations.
- Replication tools or scripts are typically used to create the disabled users/contacts and Free/Busy data in your organization.
After this is done, when Outlook users try to look up Free/Busy data for the users in the target organization, you begin to see events like the following in your Application Event Log:
Event Type: Error
Event Source: MSExchange Availability
Event Category: Availability Service
Event ID: 4003
Process 4204[w3wp.exe:/LM/W3SVC/1/ROOT/EWS-1-128632060327053920]: Microsoft.Exchange.InfoWorker.Common.Availability.PublicFolderRequest failed. The exception returned is Microsoft.Exchange.InfoWorker.Common.Availability.PublicFolderRequestProcessingException: The remote server returned an error: (403) Forbidden.. The request information is http://mail.domainname.com/public/?Cmd=freebusy&start=2008-08-04T12:00:00Z&end=2008-09-03T12:00:00Zemail@example.com.. The Availability service could not successfully retrieve Schedule+ free/busy data for one or more legacy Exchange mailboxes. To find the root cause of this error, increase the diagnostic logging level of the MSExchange Availability service.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
There are three workarounds for this scenario:
1. Move the Client Access Server role to another server.
2. Disable "Require SSL" for the /public virtual directory in the IIS manager.
**You will likely wish to close port 80 for Internet access in to this server for security reasons.
Using this method will allow external clients to successfully connect and use HTTPS, and will not lessen the security of the connections. Just because SSL is not required does not mean that it cannot be used.
3. A workaround that will allow ONLY Outlook 2007 clients to retrieve Free/Busy data (Outlook Web Access will still fail for these replicated users) could be to introduce the registry value below. This will force the clients to retrieve and publish Free/Busy data to a Public Folders folder - bypassing the Availability Service. The value is:
The value choices for this key are:
0 (or not present) = default behavior of using the Availability Service
1 = Use public folder free/busy information
It is important to remember that if the UseLegacyFB registry value is used, only Outlook users will be able to access Free/Busy data for the external users you have replicated!
- Will Duff