Scroll Top
Evotec Services sp. z o.o., ul. Drozdów 6, Mikołów, 43-190, Poland

Exchange 2013 integration with SharePoint doesn’t work

The steps to integrate new Microsoft Exchange 2013 with SharePoint 2013 are fairly simple. You just need to follow Microsoft Configure site mailboxes in SharePoint Server 2013 recommendations and you're done. As life turns out it's not always the case.

Problem Description

Generally to integrate Exchange 2013 with SharePoint an Exchange administrator has to run just one command:

.\Configure-EnterprisePartnerApplication.ps1 -ApplicationType Sharepoint -AuthMetadataUrl https://<SP_FQDN>/_layouts/15/metadata/json/1

It looks fairly simple, and looks quite error free

[PS] C:\Program Files\Microsoft\Exchange Server\V15\Scripts>.\Configure-EnterprisePartnerApplication.ps1 -AuthMetaDataUrl https://sharepoint.evotec.pl/_layouts/15/metadata/json/1 -ApplicationType SharePoint

Creating a new session for implicit remoting of "Get-User" command... 
Creating User <SharePointEnterprise-ApplicationAccount> for Partner Application.
Created User <DOMAIN.GLOBAL/GLOBAL/Gliwice/Users-Unsorted/SharePointEnterprise-ApplicationAccount> for Partner Application.

Assigning role <UserApplication> to Application User <DOMAIN.GLOBAL/GLOBAL/Gliwice/Users-Unsorted/SharePointEnterprise-ApplicationAccount>.
Assigning role <LegalHoldApplication> to Application User <DOMAIN.GLOBAL/GLOBAL/Gliwice/Users-Unsorted/SharePointEnterprise-ApplicationAccount>.
Assigning role <Mailbox Search> to Application User <DOMAIN.GLOBAL/GLOBAL/Gliwice/Users-Unsorted/SharePointEnterprise-ApplicationAccount>.
Assigning role <TeamMailboxLifecycleApplication> to Application User <DOMAIN.GLOBAL/GLOBAL/Gliwice/Users-Unsorted/SharePointEnterprise-ApplicationAccount>.
Assigning role <Legal Hold> to Application User <DOMAIN.GLOBAL/GLOBAL/Gliwice/Users-Unsorted/SharePointEnterprise-ApplicationAccount>.

Creating Partner Application <SharePointEnterprise-8b1f06018ad64178ad1f578ea4f346fb> using metadata <https://sharepoint.evotec.pl/_layouts/15/metadata/json/1> with linked account <DOMAIN.GLOBAL/GLOBAL/Gliwice/Users-Unsorted/SharePointEnterprise-ApplicationAccount>.
Created Partner Application <SharePointEnterprise-8b1f06018ad64178ad1f578ea4f346fb>.
THE CONFIGURATION HAS SUCCEEDED.

You can even verify if it registred properly

[PS] C:\Program Files\Microsoft\Exchange Server\V15\Scripts>Get-PartnerApplication

Name                                                        ApplicationIdentifier
----                                                        ---------------------
Exchange Online                                             00000002-0000-0ff1-ce00-000000000000
SharePointEnterprise-8b1f06018ad64178ad1f578ea4f346fb       00000003-0000-0ff1-ce00-000000000000

So while at this moment Exchange administrator is fairly happy there's actually one more thing to verify that most people forget – certificates.

If it's a wrong certificate you will most likely get very general error like below:

SharePoint-2013-IntegrationWithExchange2013-Error1

And if you run it on the Exchange 2013 server itself (or do the suggested web.config change):

SharePoint-2013-IntegrationWithExchange2013-Error2

Full text error will look something like this:

Server Error in ‘/Autodiscover' Application.
Could not find any resources appropriate for the specified culture or the neutral culture. Make sure “Microsoft.Exchange.HttpProxy.Strings.resources” was correctly embedded or linked into assembly “Microsoft.Exchange.FrontEndHttpProxy” at compile time, or that all the satellite assemblies required are loadable and fully signed.

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.Resources.MissingManifestResourceException: Could not find any resources appropriate for the specified culture or the neutral culture. Make sure “Microsoft.Exchange.HttpProxy.Strings.resources” was correctly embedded or linked into assembly “Microsoft.Exchange.FrontEndHttpProxy” at compile time, or that all the satellite assemblies required are loadable and fully signed.

Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:

[MissingManifestResourceException: Could not find any resources appropriate for the specified culture or the neutral culture.  Make sure “Microsoft.Exchange.HttpProxy.Strings.resources” was correctly embedded or linked into assembly “Microsoft.Exchange.FrontEndHttpProxy” at compile time, or that all the satellite assemblies required are loadable and fully signed.]

System.Resources.ManifestBasedResourceGroveler.HandleResourceStreamMissing(String fileName) +5454890

System.Resources.ManifestBasedResourceGroveler.GrovelForResourceSet(CultureInfo culture, Dictionary`2 localResourceSets, Boolean tryParents, Boolean createIfNotExists, StackCrawlMark& stackMark) +1173

System.Resources.ResourceManager.InternalGetResourceSet(CultureInfo requestedCulture, Boolean createIfNotExists, Boolean tryParents, StackCrawlMark& stackMark) +809

System.Resources.ResourceManager.InternalGetResourceSet(CultureInfo culture, Boolean createIfNotExists, Boolean tryParents) +35

System.Resources.ResourceManager.GetString(String name, CultureInfo culture) +572

Microsoft.Exchange.Data.Common.ExchangeResourceManager.GetStringInternal(String name, CultureInfo culture) +92

Microsoft.Exchange.Data.Common.ExchangeResourceManager.GetString(String name, CultureInfo culture) +179

Microsoft.Exchange.Data.Common.LocalizedString.System.IFormattable.ToString(String format, IFormatProvider formatProvider) +204

Microsoft.Exchange.HttpProxy.AuthMetadataHttpHandler.ReportBuilderException(HttpResponse response, AuthMetadataBuilderException ex, Boolean logCallStack, HttpStatusCode httpStatusCode, Nullable`1 overridingError) +1700

Microsoft.Exchange.HttpProxy.AuthMetadataHttpHandler.HandleBuilderExceptions(HttpResponse response, AuthMetadataBuilderException ex) +723

Microsoft.Exchange.HttpProxy.AuthMetadataHttpHandler.InternalProcessRequest(HttpContext context) +579

Microsoft.Exchange.HttpProxy.AuthMetadataHttpHandler.ProcessRequest(HttpContext context) +455

System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +913

System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +165

Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.0.30319.34248

As you may imagine it doesn't actually tell much information what's going on.

Solution

To fix the error you simply check current certificate

Get-authConfig | fl *Certificate*

CurrentCertificateThumbprint  : 445C52F5D260233FBE7EFD49044749BD72E99C71
PreviousCertificateThumbprint : 
NextCertificateThumbprint     :
NextCertificateEffectiveDate  :

You compare it with proper certificate installed on Exchange server for your OWA or other services

[PS] C:\>Get-ExchangeCertificate | ft Thumbprint, Status, Services -a

Thumbprint                                               Status  Services
----------                                               ------  --------
76F45F21ADB630FA8257EF520297144423253DCD RevocationCheckFailure IMAP, POP
27176174AAC97E11C19CA3079028B7D630E56A10 RevocationCheckFailure IMAP, POP
0EFBA9399F2D1BC978B9761A19002806CC823778                  Valid IIS, SMTP

And then you simply use the Valid Thumbprint

Set-AuthConfig -NewCertificateThumbprint 0efba9399f2d1bc978b9761a19002806cc823778 -NewCertificateEffectiveDate "2015-06-14 14:50"

Confirm
The new certificate effective date is not at least "48" hours in the future and may not be deployed on all necessary servers. 
Do you wish to continue?
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [?] Help (default is "Y"): y

Since I wanted it to happen pretty fast I set it 5 minutes ahead, but for larger environments you may want to set something higher into the future. After you confirm the change, you just need one final step

Set-AuthConfig -PublishCertificate

And you're done. When the right time comes, everything should start working now. You can also verify the change did happen and your certificate was replaced

[PS] C:\Program Files\Microsoft\Exchange Server\V15\Logging\HttpProxy\Autodiscover>Get-authConfig | fl *Certificate*

CurrentCertificateThumbprint  : 0efba9399f2d1bc978b9761a19002806cc823778
PreviousCertificateThumbprint : 445C52F5D260233FBE7EFD49044749BD72E99C71
NextCertificateThumbprint     :
NextCertificateEffectiveDate  :

Related Posts

Leave a comment

You must be logged in to post a comment.