Microsoft Exchange Client Access server “%1” attempted to proxy Outlook Web Access traffic to Client Access server “%2”. This failed because one of these configuration problems was encountered:1. “%2” has been set to use “http://” (not using SSL) instead of “https://” (using SSL). You can modify this by setting the InternalUrl parameter of the Outlook Web Access virtual directory this proxy traffic is going to. You can set that parameter using the Set-OwaVirtualDirectory cmdlet in the Exchange Management Shell.2. The destination virtual directory returned an HTTP 403 error code. This usually means it is not configured to accept SSL access. You can change this configuration by using Internet Services Manager on the Client Access server “%2”.If you do not want this proxy connection to use SSL, you need to set the registry key “AllowProxyingWithoutSSL” on this Client Access server and set the InternalUrl and SSL settings for the Outlook Web Access virtual directory this proxy traffic is going to accordingly.

Details
Product: Exchange
Event ID: 42
Source: MSExchange OWA
Version: 8.0
Symbolic Name: ProxyErrorSslConnection
Message: Microsoft Exchange Client Access server “%1” attempted to proxy Outlook Web Access traffic to Client Access server “%2”. This failed because one of these configuration problems was encountered:1. “%2” has been set to use “http://” (not using SSL) instead of “https://” (using SSL). You can modify this by setting the InternalUrl parameter of the Outlook Web Access virtual directory this proxy traffic is going to. You can set that parameter using the Set-OwaVirtualDirectory cmdlet in the Exchange Management Shell.2. The destination virtual directory returned an HTTP 403 error code. This usually means it is not configured to accept SSL access. You can change this configuration by using Internet Services Manager on the Client Access server “%2”.If you do not want this proxy connection to use SSL, you need to set the registry key “AllowProxyingWithoutSSL” on this Client Access server and set the InternalUrl and SSL settings for the Outlook Web Access virtual directory this proxy traffic is going to accordingly.
   
Explanation

This Error event indicates the computer that is running the Client Access server role could not proxy a Microsoft Office Outlook Web Access request from one Client Access server to a Client Access server that is located in a different Active Directory site. A symptom of this error is that the user referenced in the event description could not use Outlook Web Access to log on to their mailbox through the Client Access server in a different site. This event may be caused by one or more of the following:

  • The Outlook Web Access virtual directory InternalURL of the target Client Access server does not use HTTPS as the prefix for the address.

  • HTTP 403 status code was returned by the Internet Information Services (IIS) of the target Client Access server.

For more information about this and other IIS status codes, see Microsoft Knowledge Base article 318380, IIS Status Codes.

For more information about Outlook Web Access proxying and redirection, see Understanding Proxying and Redirection.

   
User Action

To resolve this error, take one or more of these steps:

  • Make sure that the InternalUrl address matches the fully qualified domain name (FQDN) of the Client Access server. For example, if you are using HTTPS, the InternalUrl should be in the format https://<InternalFQDN>/owa.

  • Make sure that you have correctly configured the prefix of the InternalUrl. For example, if the Client Access server is configured to proxy the traffic using HTTPS, make sure that the InternalUrl of the Outlook Web Access virtual directory starts with the prefix HTTPS. If the Client Access server is configured to proxy the traffic using HTTP, configure the InternalUrl to use HTTP as the address prefix.

  • Make sure that the Outlook Web Access virtual directory of the target Client Access server is configured to allow the incoming request to InternalUrl. You configure this setting using Internet Information Services (IIS).

    Note   It is highly recommended that you proxy the traffic between Client Access servers by using secure HTTPS. HTTPS is the default setting.

To proxy traffic using unsecured HTTP, do the following:

Incorrectly editing the registry can cause serious problems that may require you to reinstall your operating system. Problems resulting from editing the registry incorrectly may not be able to be resolved. Before editing the registry, back up any valuable data.

  1. In Registry editor, locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchange OWA.

  2. On the Edit menu, point to New, and then click Dword Value.

  3. Type AllowProxyingWithoutSsl, and then press Enter.

  4. Double-click AllowProxyingWithoutSsl.

  5. Under Value data, type 1.

  6. Under Base, click Decimal.

  7. Close Registry Editor.

  8. Restart Internet Information Services (IIS) by using the command iisreset/noforce.

For information about how to modify the properties of Outlook Web Access virtual directories using the Set-OwaVirtual Directory cmdlet, see Set-OwaVirtualDirectory.

Related:

Leave a Reply