"Http
server returned Forbidden exception" error appears in Dynamics 365 mailbox
Symptom
When you click the Test
& Enable Mailbox button on a mailbox record in Dynamics 365, the test
results section shows Failure and the following alert is logged:
"The
email message "Your mailbox is now connected to Dynamics 365" cannot
be sent because an error occurred while establishing a secure connection to the
email server. Mailbox [Mailbox Name] didn't synchronize. The owner of the email
server profile Microsoft Exchange Online has been notified.
Email
Server Error Code: Http server returned Forbidden exception."
If you click Details, the
following additional details are shown:
"Error
: System.Net.WebException: The request failed with HTTP status 403: Forbidden.
at
System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage
message, WebResponse response, Stream responseStream, Boolean asyncCall)
at
System.Web.Services.Protocols.SoapHttpClientProtocol.EndInvoke(IAsyncResult
asyncResult)
at
Microsoft.Crm.Asynchronous.EmailConnector.ExchangeServiceBinding.EndCreateItem(IAsyncResult
asyncResult)
at
Microsoft.Crm.Asynchronous.EmailConnector.ExchangeOutgoingEmailProvider.EndCreateItem()"
Cause
Dynamics 365 communicates
with Microsoft Exchange using Exchange Web Services (EWS) requests. If EWS is
disabled, this error will occur. The following are some potential ways EWS
may be disabled or restricted in Exchange:
1.
EWS is disabled for the mailbox
2.
EWS is disabled for the entire organization
3.
The EwsApplicationAccessPolicy is set to EnforceAllowList and
the EwsAllowList does not allow access from Dynamics 365 (CRM).
4.
The EwsApplicationAccessPolicy is set to EnforceBlockList and
the EwsBlockList includes Dynamics 365 (CRM).
Resolution
If the
issue only occurs for some mailboxes, check if EWS is disabled for the mailbox:
1.
First check to see if EWS has been disabled for the mailbox. Use
the following PowerShell command:
Get-CASMailbox <mailbox-alias> | ft EwsEnabled
2.
If EwsEnabled is set to False, use the following PowerShell
command to enable Exchange Web Services (EWS) for the mailbox:
Set-CASMailbox <mailbox-alias> -EwsEnabled $True
IMPORTANT: After
running this command, it may take up to 120 minutes before the setting change
takes effect.
If the
issue occurs for all mailboxes, check if EWS is disabled at the organization
level or if the EwsAllowList is being used to limit what EWS traffic is
allowed.
1.
Use the following PowerShell command to see if any of the EWS
settings are configured:
Get-OrganizationConfig |ft Name,
EwsEnabled,EwsApplicationAccessPolicy,EwsBlockList,EwsAllowList
2.
Verify that EwsEnabled is
not set to False. The following
command can be used to set EwsEnabled to True if it is currently set to False:
Set-OrganizationConfig -EwsEnabled $True
IMPORTANT: After
running this command, it may take up to 120 minutes before the setting change
takes effect.
3.
If EwsApplicationAccessPolicy is set to EnforceAllowList and
the EwsAllowList does not contain a value for CRM (Example: CRM/*), this would
prevent Dynamics 365 (CRM) from being able to communicate with Exchange. Use
the following command to update the list to include CRM/* and whatever other
applications you want to allow (<PreviousAllowList> in the following
example):
Set-OrganizationConfig
-EwsApplicationAccessPolicy:EnforceAllowList -EwsAllowList:CRM/*,<PreviousAllowedList>
IMPORTANT: After
running this command, it may take up to 120 minutes before the setting change
takes effect.
4.
If EwsApplicationAccessPolicy is set to EnforceBlockList and
the EwsAllowList contains
a value for CRM (Example: CRM/*), this would prevent Dynamics 365 (CRM) from
being able to communicate with Exchange. Use the following command to update
the list to no longer include CRM:
Set-OrganizationConfig -EwsApplicationAccessPolicy:EnforceBlockList
-EwsBlockList:<PreviousBlockList WITH CRM REMOVED>
IMPORTANT: After
running this command, it may take up to 120 minutes before the setting change
takes effect.
More
Information
See the following
articles for additional information about changing Exchange settings using
PowerShell and controlling access to EWS:
Exchange
Server PowerShell (Exchange Management Shell)
https://docs.microsoft.com/powershell/exchange/exchange-server/exchange-management-shell?view=exchange-ps
Connect
to Exchange Online PowerShell
https://docs.microsoft.com/powershell/exchange/exchange-online/connect-to-exchange-online-powershell/connect-to-exchange-online-powershell?view=exchange-ps
Control
access to EWS in Exchange
https://docs.microsoft.com/exchange/client-developer/exchange-web-services/how-to-control-access-to-ews-in-exchange
Set-CASMailbox
https://docs.microsoft.com/powershell/module/exchange/client-access/set-casmailbox?view=exchange-ps
No comments:
Post a Comment