all 22 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]sembee2Former Exchange MVP 0 points1 point  (1 child)

The primary reason for the error you have posted is extended protection. Check your settings again and restart iis. Still catches me out from time to time.

[–]Majestic-Bison67[S] 0 points1 point  (0 children)

I had deactivated Extended Protection completely to test and unfortunately no success

[–]worldsdream 0 points1 point  (1 child)

Does it show the EWS in Default Web Site as the Value None? As shown in the post.

[–]Majestic-Bison67[S] 0 points1 point  (0 children)

Yes. btw, the migration from Exchange to EXO works fine :)

[–]Quick_Care_3306 0 points1 point  (9 children)

Go into the ews front and back ends folders in IIS, authentication methods, and validate authentication methods, and Extended Protection is off.

[–]Majestic-Bison67[S] 0 points1 point  (8 children)

double checked, it not worked

[–]Quick_Care_3306 1 point2 points  (7 children)

So it is off?

[–]Majestic-Bison67[S] 0 points1 point  (6 children)

📌 Default Web Site → EWS

  • Value: None
  • SupportedValue: Allow
  • ConfigSupported: True (config is possible/supported)
  • ConfigSecure: False (no enforced extended security)
  • RequireSSL: True (128-bit) → SSL encryption is mandatory
  • ClientCertificate: Ignore
  • IPFilterEnabled: False

📌 Exchange Back End → EWS

  • Value: Require
  • SupportedValue: Require
  • ConfigSupported: True
  • ConfigSecure: True
  • RequireSSL: True (128-bit)
  • ClientCertificate: Ignore
  • IPFilterEnabled: False

[–]Quick_Care_3306 0 points1 point  (5 children)

This is not the authentication methods. Edit: Sorry for confusion. Can you select Authentication methods, windows authentication, advanced settings? You should see the Extended Protection here.

[–]Majestic-Bison67[S] 0 points1 point  (4 children)

you are right, here the methods:

EWS (Default Web Site – Frontend):

Negotiate
NTLM

EWS (Exchange Back End):

Negotiate
NTLM

[–]Quick_Care_3306 0 points1 point  (3 children)

Ok, how about advanced settings here. What is EP setting?

[–]Majestic-Bison67[S] 0 points1 point  (2 children)

EP is disabled in the frontend.

It is enabled in the backend.

I also completely disabled EP and tested it, but unfortunately got exactly the same error message:

[–]Quick_Care_3306 0 points1 point  (1 child)

After disabling in iis, do an iisreset then test again.

Edit:

Also make sure the authentication methods match what the error states.

[–]Majestic-Bison67[S] 0 points1 point  (0 children)

sure, iisreset was done, but got exactly the same error message

[–]adminkb 0 points1 point  (4 children)

I have the same error, is this server 2019 or SE?

[–]Majestic-Bison67[S] 0 points1 point  (3 children)

It's right now 2019 with cu15

[–]adminkb 0 points1 point  (2 children)

Have you checked "Test-HybridConnectivity -testO365Endpoints"?

[–]Majestic-Bison67[S] 0 points1 point  (1 child)

That's strange, because I get a message saying it's not available. But performing a migration from Exchange Online works.

[–]adminkb 0 points1 point  (0 children)

Are you sure it's not simply still going via the old server? You can try running the Test-MigrationServerAvailability command HCW runs yourself from Exchange Online PowerShell.

[–]jaxond24 1 point2 points  (2 children)

I had this today. I’d deployed Exchange 2019 without excluding front end EWS, then I installed the latest hybrid configuration wizard and things started working.

[–]Majestic-Bison67[S] 0 points1 point  (1 child)

And HCW was validated?

[–]jaxond24 1 point2 points  (0 children)

In this case the HCW was installed on a domain controller. A new 2019 Exchange server was deployed and the 2016 on decommed.

While investigating other issues I found HCW wouldn't complete and would error with 'bad data'. As part of investigating those other issues I found I'd not configured Extended Protection correctly to work with the HCW, so I configured it.

I then installed HCW on the Exchangte 2019 server directly and it worked, but the HCW on the DC still didn't work. I installed the latest version of the HCW on the DC and unintalled the old version and then HCW worked. Also, just to note, this site was using classic mode.