We have a on-prem Exchange 2016 (2 servers behind a load balancer) and we're unable to get ENS v2 to reliably send push notifications. It's seems pretty random, you'll get notifications for 2 out of every 5 emails or so. We've opened a ticket with support and they ran us through the usual, but to no avail. I'm hoping that someone here maybe had a similar issue and was able to resolve it. Because it's so hit or miss, support believes (and so do I) that there is something wrong with our Exchange environment, specifically Exchange EWS. Anyone in a similar situation have issues getting ENS v2 to work reliably with an on-prem Exchange?
By chance, are you using any session persistence on your load balancer for the Exchange VIP that ENS uses? We don't on our normal Exchange VIP, but I created a new VIP for ENS v2 (we're cloud based, FYI), that uses source IP address as the persistence mode, with a 30 minute timeout. ENS v2 seems to function well for us that way.
Thanks for the response, that gave me some additional items to verify. I neglected to mention that we had previously changed our environment such that the ENS traffic bypassed our exchange load balancer and went directly to one of our Exchange servers, but this made no change to our issue. This traffic is also passing through a load balanced reverse proxy, so today I reconfigured those so that ENS traffic always uses the same reverse proxy and also bypasses the Exchange load balancer (and goes directly to a specific Exchange server) and we still have the same issue.
Airwatch thought that this might be an EWS authentication issue because they only support 'basic' authentication and 'basic' authentication was not enabled for our EWS virtual directory, but after enabling this, it also made no difference. I know you said your cloud based, but did you have to make any changes to your EWS authentication settings? (I don't know how this work cloud). If the authentication settings were wrong, I'm not sure how this would work at all, let alone randomly, but it's the only other lead I have.
Basic is disabled on the EWS sites in our environment. Only Anonymous and Windows Auth are enabled on EWS.
We're using Cert Based Auth, and we did have to change some settings in web.config to allow the larger payload, as well as setting the SSL Settings on EWS to accept client certs. We didn't really have to do much else, that I recall.