none
Exchange Bypass Proxy for FreeBusy RRS feed

  • Question

  • Hi All

    Im stuck as i've tried all possible options (in my point of view) so i hope some one of you have a trick left in the pocket ;-).

    I have to establish a Free Busy Federation between two exchange environments.

    Source (This users tries to get the data displayed) = Exchange 2013 (customer partner environment)
    Target (Mailbox where i want to query Free Busy data from) = Exchange 2019 (my enviornment)

    We both use the Microsoft Federation Gateway as our FederationTrust endpoint and therefore have set the the InternetWebProxy setting on every Exchange Server. 

    Set-ExchangeServer -InternetWebProxy "http://proxy:port/" -InternetWebProxyBypassList


    I, on the Exchange 2019 can easly define the bypass list with the InternetWebProxyBypassList.. but this is not possible for the partner environment with their Exchange 2013.

    as this is the first time i had to configure the the InternetWebProxy on an Exchange 2013, I just asumed it will use the netsh winhttp proxy settings, so we defined the proxy and bypass list with

    netsh winhttp set proxy proxy-server="proxy:port" bypass-list="domain1;domain2;etc."

    we restarted iis as well as the exchange server.

    As we have multiple exchange servers as source, we only did this settings on one exchange server - the one the test user (source) is hosted (the mailboxdatabase is mounted on this server we try to bypass the proxy).

    as did not worked..  - we still see the autodiscover requests hitting the proxy server.. i found the following:

    https://docs.microsoft.com/de-de/archive/blogs/appssrv/proxying-cas-http-cross-forest-availability-requests

    so I instructed the partner to update the two web.config files in

    • ..\Program Files\Microsoft\Exchange Server\ClientAccess\exchweb\ews
    • ..\Program Files\Microsoft\Exchange Server\ClientAccess\Autodiscover

    with the following

        <system.net>  
            <defaultProxy>  
                <proxy  
                    usesystemdefault = "false"  
                    proxyaddress = "http://proxy:port"  
                    bypassonlocal = "true"  
                />  
                <bypasslist>  
                    <add address=".*\.domain1\.com" />  
                    <add address=".*\.domain2\.com" />
                    <add address=".*\.domain3\.com" />
                    <add address=".*\.domain4\.com" />
                    <add address=".*\.(com|org)\.domain5\.com" />
                </bypasslist>  
            </defaultProxy>  
        </system.net>  

    rebooted the server but still we see the traffic going to the proxy.

    so, if any one knows where exchange 2013 needs his proxy bypass list configured.. please let me know as i dont know more places to add it


    Please remember to mark the replies as answers if they helped.


    • Edited by Proed Friday, June 12, 2020 8:57 PM
    Friday, June 12, 2020 8:56 PM

Answers

  • Sorry for my late response, was very busy the last weeks.

    We managed to work our way throught by bringing the routing and firewall rules in place so the exchange was able to connect with the configured internetwebproxy.

    i also came to the conclusion, that there isn't any whay to teach exchange 2013 how to bypass the configured internetwebproxy - as the internetwebproxybypass setting first apeard in exchange 2016 CU6? or so.

    with that said, it works now.

    as an additional hint for the next who maybe stumble upon some issues while have to use a webproxy. We also had to disable the certificate validations - as they didn't wanted to add the internal CA chain as well as issues to verify the crl (- as here would be another connection issue ;-))


    Please remember to mark the replies as answers if they helped.

    • Marked as answer by Proed Friday, July 10, 2020 5:06 PM
    Friday, July 10, 2020 5:06 PM

All replies

  • Hi Proed,

    Was the command Set-ExchangeServer -InternetWebProxy successful in Exchange 2013?

    Check the value via Get-ExchangeServer | format-list please.

    I just wonder if you have typed "*.contoso.com" rather than "contoso.com" when setting bypasslist of winhttp proxy.

    And whether you configured the bypasslist in the last command, here is an example:

    https://docs.microsoft.com/en-us/dotnet/framework/configure-apps/file-schema/network/bypasslist-element-network-settings#example

    Regards,

    Eric Yin


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Monday, June 15, 2020 7:55 AM
  • yes, the command was successfully -> as i see traffic on the proxy.

    to be honest, we tried both (hostnames and wildcards) - adding the autodiscover.domain.com aswell as *.domain.com.

    your example is valid with mine posted bypass config.

    therefore i don't see a miss configuration on the server / exchange side - as the InternetWebProxyBypassList does not exist in exchange 2013 and i'm looking for the a working configuration to bypass the configured InternetWebProxy for a some specific domain names.


    Please remember to mark the replies as answers if they helped.

    Monday, June 15, 2020 11:00 PM
  • Hi Proed,

    I just review the official docs and found the value not applied to Exchange 2013:

    Found some links related links, I'm assuming that is it needed to configure it in IE settings:

    http://techgenix.com/using-hybrid-configuration-wizard-exchange-server-2013-part1/

    Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

    Regards,

    Eric Yin


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Tuesday, June 16, 2020 9:32 AM
  • HI Eric

    Yes, thats why i posting this question - as the parameter does not exist in exchange 2013, and i have made the settings in ie / netsh winhttp but exchange is still using the configured InternetWebProxy server to get the free busy information of the partner organization.

    And the partner organization is not reachable through internet / and by design of the proxy environment - not reachable from the proxy (vpn links etc. multiple routing issues).

    Therefore i tried to set / define the bypass list in a way exchange 2013 can still connect to the MFG (ms fed gateway) through the web proxy and bypass the proxy configuration for the only internal reachable partner exchange.


    Please remember to mark the replies as answers if they helped.

    Tuesday, June 16, 2020 12:45 PM
  • Hi,

    How about remove the InternetWebProxy for EX2013:

     Set-ExchangeServer -InternetWebProxy $Null
    Check if this link helps:https://johannepgenblog.wordpress.com/2017/02/07/hybrid-exchange-2013-freebusy-issue/

    Regards,

    Eric Yin


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Thursday, June 18, 2020 9:42 AM
  • this would help, but we then have to allow the exchange servers to directly connect to the microsoft federation gateway and this is something the partner organization is currently not allowing to do (in other words, company policy require all traffic to the internet to go through a webproxy).

    Please remember to mark the replies as answers if they helped.

    Saturday, June 20, 2020 12:52 PM
  • Hi,

    Found several threads having tried to do the same thing, all got failed, I'm afraid Exchange2013 cannot perform so well as Exchange2016 does.

    Regards, 

    Eric Yin


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Monday, June 22, 2020 9:27 AM
  • Hi,

    I'm here to confirm with you if your issue has been resolved. If the problem is successfully solved, you can share your solution and mark them or the helpful reply as answer, this will make answer searching in the forum easier and be beneficial to other community members as well.

    Regards,

    Eric Yin


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Friday, June 26, 2020 8:38 AM
  • Sorry for my late response, was very busy the last weeks.

    We managed to work our way throught by bringing the routing and firewall rules in place so the exchange was able to connect with the configured internetwebproxy.

    i also came to the conclusion, that there isn't any whay to teach exchange 2013 how to bypass the configured internetwebproxy - as the internetwebproxybypass setting first apeard in exchange 2016 CU6? or so.

    with that said, it works now.

    as an additional hint for the next who maybe stumble upon some issues while have to use a webproxy. We also had to disable the certificate validations - as they didn't wanted to add the internal CA chain as well as issues to verify the crl (- as here would be another connection issue ;-))


    Please remember to mark the replies as answers if they helped.

    • Marked as answer by Proed Friday, July 10, 2020 5:06 PM
    Friday, July 10, 2020 5:06 PM
  • Hi Proed,

    Thanks for you sharing. 

    Glad that "InternetWebProxyBypassList" is working in Exchange 2016 and later versions so that users of them don't need those rules when meeting same situaltion.

    Regards,

    Eric Yin


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Monday, July 13, 2020 6:59 AM