I have just upgraded to CUPS 8.6.4, which resolves the Subject Alternative Name" Certificate issue, and am trying to get Calendar Integration working with Presence. When I look at the Presence Engine logs, It is sending the email address as the log on credentials to OWA. I need it to send domain\username. Is that possible?
Thanks, in advance,
There is no configuration where we can change the way CUPS performs EWS queries.
Is there any error message you see in the PE logs with the following syntax in the logs:
Also if you can tell me that if the impersonation account formatted as "
Is the Exchange 2010 running with AD 2003 or 2008?
When I look at the PE logs, I see :
11:47:55.550 |system.pe.pa.owa.backend 1241894 INFO received SUBSCRIBE response for firstname.lastname@example.org: 401 Unauthorized
HTTP/1.1 401 Unauthorized
date: Wed, 23 May 2012 16:47:54 GMT
set-cookie: exchangecookie=895f546a4d8d43f1bd481f052f4e43e7; expires=Thu, 23-May-2013 16:47:55 GMT; path=/; HttpOnly
www-authenticate: Negotiate, NTLM, Basic realm="webmail.epl.net"
11:47:55.550 |system.pe.pa.owa.backend 1241894 DEBUG <----QMS::SUBSCRIBE email@example.com
11:47:55.550 |system.pe.pa.owa.backend 1241894 DEBUG -->SessionManager::setConnected: webmail.epl.net:443 0
11:47:55.550 |system.pe.pa.owa.backend 1241894 DEBUG <--SessionManager::setConnected 0
11:47:55.550 |system.pe.pa.owa.backend 1241894 ERROR -->EWSSubscription::initiateRecovery: firstname.lastname@example.org POST 3 Authentication failure on server; Could not authenticate to server: ignoring empty Negotiate continuation, rejected NTLM challenge, rejected Basic challenge
11:47:55.550 |system.pe.pa.owa.backend 1241894 DEBUG <--EWSSubscription::clearResubscribe
11:47:55.550 |system.pe.pa.owa.backend 1241894 DEBUG <--EWSSubscription::scheduleResubscribe - interval (secs): 1080
11:47:55.550 |system.pe.pa.owa.backend 1241894 DEBUG <--EWSSubscription::initiateRecovery: POST
11:47:55.550 |system.pe.pa.owa.backend 1241894 DEBUG <--EWSSubscription::processSubscribeRequest
11:47:55.550 |system.pe.pa.owa.backend 1241894 DEBUG <--QMS::SUBSCRIBE
The account in the Exchange gateway is domain\ExCalendar.
We are running AD 2003.
Was there ever a work around to get this working, I've got the exact same problem with Exchange 2010 EWS and on Win2008.
The AD configured email address doesn't match the actual internal address used in Exchange, e.g. email@example.com is configured in the AD End User information.
However the real Exchange address is firstname.lastname@example.org
Jasmeet, what impact does the format of the impersonation account have?
I have entered our impersonation account for the gateway as domain\cupimacc
So your 'mail' attribute in CUCM has email@example.com, or firstname.lastname@example.org?
The format of the imp account in the CUPS config should usually be as you have it - domain\username. That's the default format for OWA/EWS and isn't usually changed.
The CUCM mail attribute is email@example.com, this is sync'ed from AD. Our example user id is jdoe16.
The Exchange guys tell me internally to Exchange all the email accounts are @domain.internal, somehow they these two email addresses map to the same user.
Exchange EWS requires the CUP server to subscribe as domain\userid, but debugs are showing firstname.lastname@example.org not domain\userid
Is there a parameter that will allow me to configure the domain\username for the Exchange EWS?
When we log in to Jabber the we use userid and password, the jabber domain is domain.com.au, which is configured in the CUP server.
i have also a problem with calendar status. Looks like yours. See here the PE log:
10:29:13.288 |system.pe.pa.owa.backend 1244158 ERROR -->EWSSubscription::initiateRecovery:
POST 3 Authentication failure on server; Could not authenticate to server: ignoring empty Negotiate continuation, rejected Basic challenge
AD proxy adress for users is -> SMTP:
Impersonation User configuration in CUPS -> domain\user
How could i simply verify impersonation user have the right permissions?
Any suggestions how to fix?
It's normal to see auth fails, usually followed by another connection where CUPS sends the credentials - it's a bit like when you browse to something password protected; you see the auth dialog in internet explorer as a result of receiving a permissions error, the retry with permissions.
You can use a free SOAP tool to test your impersonation permissions :
Thx for the Tool. Great. :-)
There was also a problem with impersonate user but i have still a problem with status. I have make a detailed trace now:
14:53:05.723 |system.pe.pa.owa.backend 1243654 INFO received FINDITEM response for
HTTP/1.1 401 Unauthorized
date: Mon, 11 Feb 2013 13:52:17 GMT
www-authenticate: Negotiate, NTLM, Basic realm="
This is what i got often in the log.
So I take it the tool can impersonate this user OK?
Did you specify the same username format that you used in CUPS admin? And did you use basic auth with the test tool?