VMware Workspace ONE Community
reizarf27
Contributor
Contributor
‎04-03-2019 07:58 AM

EN2 V2 and on-prem exchange push issue

We have a on-prem Exchange 2016 (2 servers behind a load balancer) and we're unable to get ENS v2 to reliably send push notifications.  It's seems pretty random, you'll get notifications for 2 out of every 5 emails or so.  We've opened a ticket with support and they ran us through the usual, but to no avail.  I'm hoping that someone here maybe had a similar issue and was able to resolve it.  Because it's so hit or miss, support believes (and so do I) that there is something wrong with our Exchange environment, specifically Exchange EWS.  Anyone in a similar situation have issues getting ENS v2 to work reliably with an on-prem Exchange? 
Labels (1)
Labels
Reply
0 Kudos
5 Replies
MarkPuchalski
Contributor
Contributor
‎04-03-2019 09:19 AM

By chance, are you using any session persistence on your load balancer for the Exchange VIP that ENS uses?  We don't on our normal Exchange VIP, but I created a new VIP for ENS v2 (we're cloud based, FYI), that uses source IP address as the persistence mode, with a 30 minute timeout.  ENS v2 seems to function well for us that way.
Reply
0 Kudos
reizarf27
Contributor
Contributor
‎04-04-2019 09:40 AM

Thanks for the response, that gave me some additional items to verify.  I neglected to mention that we had previously changed our environment such that the ENS traffic bypassed our exchange load balancer and went directly to one of our Exchange servers, but this made no change to our issue.  This traffic is also passing through a load balanced reverse proxy, so today I reconfigured those so that ENS traffic always uses the same reverse proxy and also bypasses the Exchange load balancer (and goes directly to a specific Exchange server) and we still have the same issue. 

Airwatch thought that this might be an EWS authentication issue because they only support 'basic' authentication and 'basic' authentication was not enabled for our EWS virtual directory, but after enabling this, it also made no difference.  I know you said your cloud based, but did you have to make any changes to your EWS authentication settings? (I don't know how this work cloud).  If the authentication settings were wrong, I'm not sure how this would work at all, let alone randomly, but it's the only other lead I have.

Thanks
Reply
0 Kudos
MarkPuchalski
Contributor
Contributor
‎04-04-2019 09:53 AM

Basic is disabled on the EWS sites in our environment.  Only Anonymous and Windows Auth are enabled on EWS.

We're using Cert Based Auth, and we did have to change some settings in web.config to allow the larger payload, as well as setting the SSL Settings on EWS to accept client certs.  We didn't really have to do much else, that I recall.
Reply
0 Kudos
anonymousmigrat
Enthusiast
Enthusiast
‎04-09-2019 05:45 AM

Take a look in active directory and check if user UPN is the same as Email address I had that problem with my customer and this resolved the issue.

If you can send me ens log from ens server maybe i can help you.

Reply
0 Kudos
reizarf27
Contributor
Contributor
‎04-09-2019 06:16 AM

In our environment, UPN and email address are different for everyone.  I don't have access to the ENS logs as we're using the Airwatch cloud ENS.  What change did you make that resolved the issue?
Reply
0 Kudos