none
MsExchange BackEndRehydration event id 3002

    Question

  • Hi, I have exchange 2016. My EWS url link works when I copy and past it from EAC into a browser. But when I go to IIS on the exchange server and select the EWS and then its url link there it doesnt load the page. Then in event viewer I get the following error -

    Protocol /EWS failed to process request from identity DOMAIN\Administrator. Exception: Microsoft.Exchange.Security.Authentication.BackendRehydrationException: Rehydration failed. Reason: Source server 'DOMAIN\Administrator' does not have token serialization permission.
       at Microsoft.Exchange.Security.Authentication.BackendRehydrationModule.TryGetCommonAccessToken(HttpContext httpContext, Stopwatch stopwatch, CommonAccessToken& token)
       at Microsoft.Exchange.Security.Authentication.BackendRehydrationModule.ProcessRequest(HttpContext httpContext)
       at Microsoft.Exchange.Security.Authentication.BackendRehydrationModule.OnAuthenticateRequest(Object source, EventArgs args).

    I have googled and found the following article - https://social.technet.microsoft.com/Forums/office/en-US/567586d7-e414-4235-bb13-64d2a1d86c8e/exchange-2013-ews-error-msexchange-backendrehydration-event-id-3002?forum=exchangesvrclients

    This does not resolve the issue for me, as when I run the command it says-

    WARNING: The appropriate access control entry is already present on the object "CN=SERVER01,CN=Se
    Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=DOMAIMN,CN=Microsoft
    Exchange,CN=Services,CN=Configuration,DC=DOMAIN,DC=com" for account "DOMAIN\Administrator".

    Wednesday, February 14, 2018 4:21 PM

Answers

  • Hi,

    When we access to EWS URL from IIS Manager, it will access to //localhost/EWS. However, our EWS URL is "//domain.com/EWS/Exchange.asmx".  It will display "HTTP 500" by "//localhost/EWS", thus it's fine.
    However, for your error message, please double check the member of below Restricted Groups:
    Domain Admins, Schema Admins, Enterprise Admins, Organization Management

    If there're any suspicious members in this group, remove it and test it again.

    Best Regards,
    Allen Wang


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    • Marked as answer by Hendry5 Thursday, February 15, 2018 10:12 AM
    Thursday, February 15, 2018 9:13 AM
    Moderator

All replies

  • Hi,

    When we access to EWS URL from IIS Manager, it will access to //localhost/EWS. However, our EWS URL is "//domain.com/EWS/Exchange.asmx".  It will display "HTTP 500" by "//localhost/EWS", thus it's fine.
    However, for your error message, please double check the member of below Restricted Groups:
    Domain Admins, Schema Admins, Enterprise Admins, Organization Management

    If there're any suspicious members in this group, remove it and test it again.

    Best Regards,
    Allen Wang


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    • Marked as answer by Hendry5 Thursday, February 15, 2018 10:12 AM
    Thursday, February 15, 2018 9:13 AM
    Moderator
  • Hmmm looks like CU12 has broken a few things no matter what I do (no dodgy permissions) I keep receiving the following when making EWS Calls using impersonation or real creds get the same errors....

    Does MSFT really test things before deploying CU's... just seems recently the quality from MSFT has been shabby at best!

    Protocol /EWS failed to process request from identity domain\user. Exception: Microsoft.Exchange.Security.Authentication.BackendRehydrationException: Rehydration failed. Reason: Source server 'domain\user' does not have token serialization permission. 
       at Microsoft.Exchange.Security.Authentication.BackendRehydrationModule.TryGetCommonAccessToken(HttpContext httpContext, Stopwatch stopwatch, CommonAccessToken& token)
       at Microsoft.Exchange.Security.Authentication.BackendRehydrationModule.ProcessRequest(HttpContext httpContext)
       at Microsoft.Exchange.Security.Authentication.BackendRehydrationModule.OnAuthenticateRequest(Object source, EventArgs args).
    Tuesday, May 21, 2019 9:01 AM