Sent Items Update troubleshooting

Problem:

The Sent Items Update service (SIU) in CodeTwo Exchange Rules family software, including CodeTwo Exchange Rules Pro 2.x, cannot properly connect with Exchange Web Services (EWS). As a result, signatures are not being included in the Sent Items folder.

In the log files, you may find the following errors:

The request failed. The remote server returned an error: (401) Unauthorized.
The account does not have permission to impersonate the requested user.
The request failed. The remote name could not be resolved.

Solution:

The Sent Items Update service failure is caused by a wrong configuration that prevents the service from connecting with your Exchange Web Services, impersonating users and finally adding the signatures to sent emails. To resolve the problem, you need to verify if the EWS connection can be established and if the account used with the service is able to impersonate others.

1. Find the right local endpoint
   1. Single-server Exchange environments
   2. Multi-server Exchange environments
2. Create a service account
3. Reinitiate and test the Sent Items Update service configuration

Find the right local endpoint

First, you need to find out the server the Sent Items Update service should connect to. The steps below show how to find the correct connection URL for single- and multi-server Exchange environments and how to test if the endpoint is working correctly.

Single-server Exchange environments

If you are running just one server in your Exchange organization, it means it is able to handle the EWS connection. In this case, you can use the localhost name (the entire URL would be: https://localhost/EWS/Exchange.asmx) to configure the Sent Items Update service. 

To make sure the EWS protocol is working correctly you should open your browser directly on that Exchange server and navigate to the following address. 

https://localhost/EWS/Exchange.asmx

Multi-server Exchange environments

If your Exchange organization consists of more than one Exchange server, you should first check if all servers are Client Access servers. If so, you can use the localhost name (the entire URL would be: https://localhost/EWS/Exchange.asmx) as well to configure the Sent Items Update service.

However, if any Exchange server in your environment isn't running the Client Access role, you need to find one which runs that role and is best in terms of overall performance. Next, you should determine its Fully Qualified Domain Name (FQDN) or an IP address because you will need it to properly configure the Sent Items Update service.

To check the FQDN of your chosen server with the Client Access role, log in to it and run the Command Prompt (cmd.exe). In the Command Prompt window, execute the following command:

echo %COMPUTERNAME%.%USERDNSDOMAIN%

The Client Access server’s FQDN should be displayed in the next line (Fig. 1.). Write it down or copy it to a convenient place because you will need it later on. The IP address can be found out similarly via the ipconfig command.

Fig. 1. Obtaining your Client Access server’s FQDN.

Now, you need to test the connection with Exchange Web Services from another server:

1. Log in to an Exchange server that is not a Client Access server.
2. Open a new browser window.
3. Navigate to the following URL:

   https://<FQDN>/EWS/Exchange.asmx

   Where the <FQDN> part should be the Fully Qualified Domain Name of the Client Access server you have obtained earlier (as shown in Fig. 1.).

Create a service account

While the software can create the account automatically, you can also create it manually. If you decided to create the account manually, please keep in mind that according to the User Guide, the account requires:

• to have a valid User Principal Name (UPN) assigned,
• to be a member of the Domain Users group,
• impersonation rights (see our Knowledge Base article on how to set impersonation rights manually),
• to be in a working condition (it cannot be disabled, needs to have a valid password, etc.).

Learn more on Sent Items Update service requirements.

Reinitiate and test the Sent Items Update service configuration

Once you have found the correct URL for the EWS endpoint and prepared the service account, you should reinitiate the configuration of Sent Items Update. To do so, please follow these steps:

1. Navigate to each server that is running the CodeTwo Exchange Rules software.
   1. Stop the CodeTwo Sent Items Update service completely.
   2. Go to %programdata%CodeTwo Exchange Rules\Config folder and either remove the file named SentItemsUpdate.Service.xml and continue following the steps below normally to let the program recreate the config file, OR open the xml file with any text editor, find the EWSUrl setting and change it to contain the proper EWS address as IP (e.g. https://192.168.0.10/EWS/Exchange.asmx) or FQDN (e.g. https://exserv1.mydomain.com/EWS/Exchange.asmx), restart the Sent Items Update and continue from step 7 below.
   3. Start the CodeTwo Sent Items Update service.
2. Open the Administration Panel of the software and hit the Settings button in the top ribbon.
3. Make sure you are on the Sent Items Update tab and click Change... button next to the Account entry.
4. On the On-premises server connection tab, select Configure connection manually and use the EWS URL you have obtained earlier (Fig. 2.).

Fig. 2. Configuring the Sent Items Update service manually by using your Client Access server’s FQDN or IP address.

5. On the On-premises admin account tab, either allow the software to create the account for you or choose the one you have created manually.
6. Make sure the wizard is finished with all ticks green.
7. Send a test message.
8. Open your OWA and check if you are able to see your signatures in the Sent Items folder.

See also

• Troubleshooting Exchange Online connection when configuring SIU in Exchange Rules family of products
• Setting up the custom EWS address in Exchange Rules family software