Troubleshooting on-premises Exchange Server connectivity

Typical connection problems for on-premises Exchange servers are described below.

Exchange server name vs. IP address

There are two connection options available in the Server connection step of the Exchange connection wizard. If you choose the manual connection, we recommend using the FQDN (fully qualified domain name) of the server instead of its IP address. However, if you need to use the IP address (Fig. 1.), you need to configure the target server's PowerShell Virtual Directory in IIS to allow basic authentication

Backup failed connection via IP address
Fig. 1.  Connecting manually to the Exchange server via the IP address.

If you do not do this, the program will not be able to grant the impersonation rights, and the result will be the inability to list the server’s mailboxes. You will also get failure notifications when your connection is verified in the last step of the wizard (Fig. 2.).

Backup failed to grant impersonation rights
Fig. 2. Failure notifications shown when the impersonation rights cannot be granted automatically.

Failed to connect to Exchange Server

When you verify connection settings in the last step of the Exchange connection wizard, the program performs three actions: checks your server connection, attempts to grant impersonation rights on user mailboxes, and tries to enumerate target mailboxes by using PowerShell. If the program fails to perform any of these actions, it will display failure notifications (Fig. 3.).

Backup failed connection to on-prem Exchange
Fig. 3. Failure notifications shown when configuring a connection to  Exchange Server.

The first action checks if the program can establish a connection to the target on-premises Exchange server, using the administrator's User Principal Name. The program tries to access the admin's mailbox by using EWS (Exchange Web Services) API. Next, it attempts to enumerate the Inbox folder of this mailbox.

Any failure will result in the following notification: Failed to connect to Exchange Server (see Fig. 3.). Click the Failure link on the right side of the notification to view details on the error. The examples below show the most common error messages:

The request failed. The remote server returned an error: (401) Unauthorized.

The error above indicates that the administrator's credentials entered in the Admin's credentials step of the Exchange connection wizard are incorrect or belong to a non-administrative user. To fix the problem, make sure to enter the proper administrator's credentials. The used admin account needs to be also mailbox-enabled and its SMTP email address must be the same as its UPN (User Principal Name) – note that these two values are also case-sensitive.

Another reason you might get this error is when the admin account password has expired. You need to set a new password before you reattept to configure a connection to your server in CodeTwo Backup. You may also set the password to never expire. 

The request failed. Unable to connect to the remote server.

This error occurs if the domain name in the administrator's email address is misspelled or the password is wrong. To fix the problem, go to the Admin's credentials step of the Exchange connection wizard and make sure to enter correct credentials. A similar message is also shown if the EWS URL is wrong. In that case, go to the Server connection step of the wizard and enter a correct EWS URL.

Failed to find in Active Directory an email address for [email address].
Exchange Server doesn't support the requested version.​

These errors appear after you choose the target Exchange Server version that is not supported by the program. CodeTwo Backup can be used to back up mailboxes from Exchange Server 2016 and newer. Learn more about supported platforms

Invalid URL: The URL is empty.

This error indicates that the administrator, whose email address was used in the Admin's credentials step of the Exchange connection wizard, does not have an active mailbox. To resolve this issue, make sure that the administrator has a mailbox and it is active.

The request failed. The remote server returned an error: (403) Forbidden.

The error message is produced when there is a problem connecting to the source/target server via Exchange Web Services (EWS). Make sure you provided the right FQDN or IP address of the server and the right EWS server address. To check this, you can copy-paste the EWS server address (EWS URL) from the program's settings into your web browser when you are logged in to the source server. If you don't get a pop-up window asking to provide credentials, this might mean that you provided wrong EWS server URL or IP.

Error: (407) Proxy Authentication Required.

Read more about this error in this Knowledge Base article.

Important

Make sure that the administrator whose email address is used to connect to Exchange Server, has his User Principal Name configured. Otherwise, the program may work incorrectly and errors are likely to appear.

Failed to grant the impersonation rights

The second action performed by the program is to check if an administrator whose email address was entered in the Admin's credentials step of the wizard can impersonate users to perform actions on their behalf. The program does so by running the PowerShell cmdlet: Get-ManagementRoleAssignment. If the result is negative, the program tries to add such rights to the administrator account.

Any failure will result in the following notification: Failed to grant the impersonation rights (see Fig. 3.). Click on the Failure link on the right side of the notification to view details on the error. The examples below show the most common error messages:

The server could not be contacted. The LDAP server is unavailable.

This error might be caused by missing impersonation rights. The wizard tries to grant them automatically, but when it fails, the above error is shown.

Follow our Knowledge Base article to learn how to grant application impersonation rights manually and fix this issue.

Cannot bind parameter 'Name' to the target.

The error message is produced when the UPN of the user is too long and, therefore, software is not able to check/add impersonation rights properly. Either use a different server domain's admin account with a shorter name (Global administrator account in the case of Microsoft 365 / Office 365) or add impersonation rights manually using PowerShell.

Failed to connect to target PowerShell

The last action is to check the remote PowerShell connectivity to the target Exchange Server. After connecting to the target, the program tries to execute the Get-Mailbox PowerShell cmdlet to enumerate all mailboxes.

Any failure will result in the following notification: Failed to connect to target PowerShell (see Fig. 3.). Click on the Failure link on the right side of the notification to view details on the error. The examples below show the most common error messages:

Connecting to remote server failed with the following error message: The WinRM client cannot process the request.

This error occurs if the domain name in the administrator's email address is misspelled or the corresponding password is wrong. To fix the problem, go to the Admin's credentials step of the connection wizard and make sure to enter correct credentials.

A similar message is also shown if the EWS URL is wrong. In that case, go to the Admin's credentials step of the wizard and enter a correct EWS URL.

The error above can also indicate that the credentials entered in the Admin's credentials step are incorrect or belong to a non-administrative user. To fix the problem, make sure to enter a proper administrator's credentials.

Problem not solved?

If you can't find the solution to your problem, try searching our Knowledge Base.

If you still need help, contact our Customer Service. We know our products inside out.

In this article

Was this information useful?