VMware Workspace ONE Community
hccvsphere
Enthusiast
Enthusiast

Has anyone gotten ENS v2 to work properly on-premise?

Just curious. We're having issues with ENS v2 on-premise and browsing through the forums, I see that others have had issues in the past. Is this still the case? Thanks.
Labels (1)
40 Replies
Mario_Giese
Enthusiast
Enthusiast

Can you open the EWS Url in a browser on your ENS, it should prompt for username and password. Try to login with the testuser credentials. The ENS tries to subscribe on the EWS with Emailadress and password (automatically taken from the users device your are testing with). If EWS says 401 then it seems to be that the user is not allowed or the wrong credentials are used. Maybe you can see something in the logs of the EWS Server?
Reply
0 Kudos
nemanjailic
Contributor
Contributor

I open EWS Url in browser, and when I type  domain or testuser and pass it is ok. But, in my company, email domain is different than user account domain. There is a accepted domain that is  used for email. So, when I tried testuser@external.domain and password, there is an error.  Is it possible that problem is in that?
Regards,
Nemanja
Reply
0 Kudos
Mario_Giese
Enthusiast
Enthusiast

Hi, yes it seems to be the problem. You can change the authentication credentials which are used by ENS at ' All Settings'  > ' Email'  > Email Notification > advanced. I think you have to do this with custom attributes from your AD. Never tried it but I think this is the way you will have to go.
BR Mario
Reply
0 Kudos
MATTHAYSMATTHAY
Contributor
Contributor

Also, contrary to the documentation which was incorrect; verify that the EWSUrl listed as a string key pair (appconfig) as
https://exchangedomain.com/EWS/Exchange.asmx
Reply
0 Kudos
nemanjailic
Contributor
Contributor

I change mail email address to default domain address. Change it in AD, user on AirWatch change also to default (domain name) email address. Enrolled IPHONE again, but it still doesn't work. So, I think that it is not problem with different email domain name.
About appconfig I didn't understand what exactly You meen? What do You suggest me to do?
Regads,
Nemanja
Reply
0 Kudos
MATTHAYSMATTHAY
Contributor
Contributor

Nemanja,

First of all, ensure that you are running ENS v2 (sometimes referenced as ENS2 ) version 1.3.0.4 on-premise. 

For the appconfig, you will need to edit your Boxer app assignment and scroll down to the bottom where you select AppConfig (below where you would set your Tunnel but not this app as it doesn't use it)

You will need these 3 key pairs.


ENSAPIToken         String  alphanumerictoken
ENSLinkAddress String https://ens.domain.com/MailNotificationService/api/ens
EWSUrl          String       https://casarray.domain.com/EWS/Exchange.asmx

Good luck.
Reply
0 Kudos
nemanjailic
Contributor
Contributor

I find something interesting. I create useraccount for ENSapplicationimpersonation. When I use that account for EWSEditor to check EWS it pass the test. I create this account for ENS earlier, bat I'm not sure that I configure it when I install ENS v2. How is it apply in installation of ENS? With config file that I download from AirWatch Console or...?

Nemanja
Reply
0 Kudos
nemanjailic
Contributor
Contributor

Matt,
thank You for trying to help. I install ENSv2 1.3.0.4, and everything is set correctly. I use VMware Email Notification Service v2.0 Installation and Configuration Guide for setup. Also, I spoke with AirWatch Support, and they also find only problem with EWS authentication. So, there is some problem with ENS to Exchange 2016 EWS auth.
Nemanja
Reply
0 Kudos
nemanjailic
Contributor
Contributor

Does anybody knows how to create custom attribute for username, and use it in email notification for User Attribute instead of EmailAddress (which is default)?
Regards,
Nemanja
Reply
0 Kudos
AlthafMashood
Contributor
Contributor

for us it got working after we ensured that:
1. TLS and SSL protocols on ENS server were aligned with that on EWS server - Till then only subscription was successful - EWS notifications from exchange was not decipherable by ENS
2. For CBA devices configured compliance for ENS on SEGv2 application properties
3. Ensured that our CNS is 2.0
4. Used ENS server as https://ens.domain.com/MailNotificationService/api/ens and EWS as https://ewsdomain/EWS/Exchange.asmx
Reply
0 Kudos
antherITguy
Enthusiast
Enthusiast

For ENSv2 on-prem does the ENSLinkAddress need to be accessible externally? If so, where do you install ENSv2?  DMZ?

Reply
0 Kudos
AlthafMashood
Contributor
Contributor

Yes Derek. ENS URL need to be accessible from devices in public internet. Its ideal to set the server up in DMZ. Also, if you are using On prem Exchange, then ENS server should reach EWS URL/Servers and also, you should check if ENS can reach VMWare CNS as well.
Reply
0 Kudos
GoranErdec
Contributor
Contributor

In ENS configuration guide it says that you must upgrade your CNS from CNS v1.0 to CNS v2.0 for supporting notifications.
Is there any procedure how to upgrade CNS to v2? Also, is it possible to check current CNS version in Workplace One console (om-prem)?

Reply
0 Kudos
antherITguy
Enthusiast
Enthusiast

CNS is on the VMware side so you'll need contact support to make sure you're on v2.
Reply
0 Kudos
SaurabhSagarSau
Contributor
Contributor

Hi All, Can someone advise the following for ENS deployment please? Its for On-prem solution.
ENS DB Size for 12K user
Recommended setting on IIS EWS Website
Thanks in advance,
Saurabh
Reply
0 Kudos
ArianZuta
Contributor
Contributor

Hi All

If you want to use your SEG as a EWS proxy you need to change the application.properties file on the SEG and set the enable.boxer.ens.ews.proxy=true. However i still have on the SEG issues saying that:

- Request Device not present in the request header
- Error serving request on path /EWS/Exchange.asmx

If I try to access the SEG Url https://seg_url/EWS/Exchange.asmx I get a white screen. So there is a connection made but i don't get the prompt where username/password is asked. How does that look like on your side? Is anybode using SEG as a EWS proxy to the Exchange?

Additional on the ENS (on-prem) I have the following issues:
ReSubscriptionMechanism.log:
- CNS Url : https://cns.awmdm.com/nws/notify/apns
- Call to Notification Cloud failed for user : GUID Status: ProtocolError :: The remote server returned an error: (400) Bad request.

In the AutoDiscoveryChecker.log file I see that awtrustdiscovery.awmdm.com is being accessed. However VMware states nowhere that awtrustdiscovery.awmdm.com is needed. Do you allow the connection to the awtrustdiscovery.awmdm.com? What role does the awtrustdiscovery.amwmd.com play?

Sorry for the spam.
Best Arian
Reply
0 Kudos
rpleupen
Contributor
Contributor

Hi all,

I am having the same problem.

The SEG server is not proxying the https:\\seg.bla.nl\EWS\Exchange.asmx correct.

Using the ews editor to check this I am getting:

The request failed. The remote server returned an error: (400) Bad Request.

So the seg is not handling that correctly. I am running the latest version of seg and ENS(2.1.7.1)

But this is more a SEG problem than a ENS problem.

What I did found was editing the hostfile on de ENS server pointing it to the internal address of the exchange server made it work on one occasion.

I will try to update this after some more testing.

sheers Remko

Reply
0 Kudos
PaulLondon90
Contributor
Contributor

get this fixed?

Reply
0 Kudos
MichaelSchn
Enthusiast
Enthusiast

Hi,

 

We have the exact same issue, vmware support cannot help.

Do you got this to work?

We are using the ENS cloud with SEGv2 but I also get the error 400/401 on the microosft testing tools.

 

Thanks and BR

Michael

Reply
0 Kudos
HmacAuthenticat
Contributor
Contributor

Getting the same error. SEG is not proxying the EWS requests although it's configured for.

Did you manage to get this running?

Reply
0 Kudos