none
Connection to the backend server failed. Error: (0x80072ef1). OWA with Claim through WAP and ADFS RRS feed

  • Question

  • We are seeing this error when connecting to OWA (Exchange 2013 SP1 with Claims Based Auth enabled) through Windows Server 2012 WAP configured for ADFS (v3.) Now I have seen this discussion on WAP (Here) articles and they seem to lay the blame the OWA server, which is why I am posting here.

    The user sees this error: "This method or property is not supported after HttpRequest.Form, Files, InputStream, or BinaryRead has been invoked." which goes away after the browser is refreshed. This is an intermittent issue.

    WAP reports this error:

    Connection to the backend server failed. Error: (0x80072ef1).

    Details:

    Transaction ID: {---}

    Session ID: {---}

    Published Application Name: OWA

    Published Application ID: 9ABCB3E7-AF7F-CCEE-F282-7528AF9E0306

    Published Application External URL: https://webmail.westminster.org.uk/owa/

    Published Backend URL: https://webmail.westminster.org.uk/owa/

    User: [UserName]@westminster.org.uk

    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:28.0) Gecko/20100101 Firefox/28.0

    Device ID: <Not Applicable>

    Token State: NotFound

    Cookie State: OK

    Client Request URL: https://webmail.westminster.org.uk/owa/ev.owa2?ns=PendingRequest&ev=PendingNotificationRequest&UA=0&cid=af31207c-4fff-423c-a102-9da7b9b7c54e&X-OWA-CANARY=JTEnu1OJJUG0fnzYGACHOxFCMyb0MNEIbLGjM1u9TDu6BhbBje3M-3NPBSQ5VT7RROofPbYlBk8.&n=gf

    Backend Request URL: https://webmail.westminster.org.uk/owa/ev.owa2?ns=PendingRequest&ev=PendingNotificationRequest&UA=0&cid=af31207c-4fff-423c-a102-9da7b9b7c54e&X-OWA-CANARY=JTEnu1OJJUG0fnzYGACHOxFCMyb0MNEIbLGjM1u9TDu6BhbBje3M-3NPBSQ5VT7RROofPbYlBk8.&n=gf

    Preauthentication Flow: PreAuthBrowser

    Backend Server Authentication Mode: PassThrough

    State Machine State: FEBodyWriting

    Response Code to Client: 200

    Response Message to Client: OK

    Client Certificate Issuer: <Not Found>


    Anthony Sheehy - MCP, MCITP

    Monday, April 28, 2014 1:21 PM

Answers

  • Okay. We have found a work around, which, happily enough, works because our internal URLs match our external ones. We used the following commands on our ECP and OWA Applications in WAP:

    Get-WebApplicationProxyApplication [app name] | SetWebApplicationProxyApplication -DisableTranslateUrlInRequestHeaders -DisableTranslateUrlInResponseHeaders

    Will not help if you have different internal vs external URLs. So this appears to be a bug in WAP's URL Translation process.


    Anthony Sheehy - MCP, MCITP

    • Marked as answer by ACSheehy Thursday, May 15, 2014 1:23 PM
    Thursday, May 15, 2014 1:23 PM

All replies

  • Hi,

    Thanks for your question.

    I am trying to involve someone familiar with this topic to further look at this issue.

     

    Thanks

    Mavis

    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com


    Mavis Huang
    TechNet Community Support

    Wednesday, April 30, 2014 5:54 AM
    Moderator
  • Hi,

    We need to do WAP tracing, WinHTTP tracing with Netmon. I suggest we contact Microsoft support for assistance:

    https://support.microsoft.com/ContactUs/TechnicalSupport

     

    Thanks,

     

    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com


    Simon Wu
    TechNet Community Support

    Wednesday, May 7, 2014 2:28 AM
    Moderator
  • Cool I understand. I know that's going to take an age...

    As an addition to this post, just in case it jogs a thought, we have noticed something that might be relevant. The final redirection URL to the authentication server looks mangled (not URL encoded) when passed through WAP:

    https://fs.westminster.org.uk/adfs/ls/?wa=wsignin1.0&wtrealm=https://webmail.westminster.org.uk/owa/&wctx=rm=0&id=passive&ru=%2fowa%2f%3fbO%3d1&wct=2014-05-07T20:59:38Z

    Where as if we go direct to the CAS server, it looks like this:

    https://fs.westminster.org.uk/adfs/ls/?wa=wsignin1.0&wtrealm=https%3a%2f%2fwebmail.westminster.org.uk%2fowa%2f&wctx=rm%3d0%26id%3dpassive%26ru%3d%252fowa%252f%253fbO%253d1&wct=2014-05-07T21%3a08%3a26Z


    Anthony Sheehy - MCP, MCITP


    • Edited by ACSheehy Thursday, May 8, 2014 9:14 AM
    Thursday, May 8, 2014 9:14 AM
  • Okay. We have found a work around, which, happily enough, works because our internal URLs match our external ones. We used the following commands on our ECP and OWA Applications in WAP:

    Get-WebApplicationProxyApplication [app name] | SetWebApplicationProxyApplication -DisableTranslateUrlInRequestHeaders -DisableTranslateUrlInResponseHeaders

    Will not help if you have different internal vs external URLs. So this appears to be a bug in WAP's URL Translation process.


    Anthony Sheehy - MCP, MCITP

    • Marked as answer by ACSheehy Thursday, May 15, 2014 1:23 PM
    Thursday, May 15, 2014 1:23 PM
  • works like a charm! thank you very much

    Friday, June 6, 2014 1:28 PM
  • Two years after, I can tell you that it does work on environments with different External URL and Backend Server URL too!

    Thursday, August 4, 2016 11:20 AM
  • I'm also getting similar events till now all WAP Servers.

    DisableTranslateUrlInRequestHeaders & DisableTranslateUrlInResponseHeaders should be set to True or false.

    Internal & External OWA URL Same.

    Sunday, May 31, 2020 8:23 AM