Troubleshoot Expressway Connector with Exchange - Error Code 401

Available Languages

Download Options

PDF (1.5 MB)
View with Adobe Reader on a variety of devices
ePub (1.6 MB)
View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
Mobi (Kindle) (1.1 MB)
View on Kindle device or Kindle app on multiple devices

Updated:May 5, 2022

Document ID:217871

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Confirm Imprersonation Account

Solution

Reset Mailbox Password via Exchange Admin Center (EAC)

Reset Mailbox Password via Exchange Management Shell

Validate the new Password from OWA

Update the Calendar Connector configuration

Common Issues

Unable to add Reset Password Roles to Organization Management.

References

Introduction

This document describes identification and remediation of Expressway Connector with the error status Exchange server HTTP error code 401 from the GUI.

Prerequisites

Requirements

- Webex Control Hub Organization.

- Hybrid Calendar with Exchange service

- Expressway Connector (X12.5 at a minimum for new deployments)

https://help.webex.com/en-us/article/ruyceab

Components Used

The information in this document is based on these software and hardware versions:

Hybrid Calendar activated. In this guide, use Hybrid Calendar with Exchange.
Exchange Server 2019 Standard.
Expressway-C X14.0.5.

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, ensure that you understand the potential impact of any command.

Symptom

Expressway-C GUI

Navigate to Applications > Hybrid Services > Calendar Service > Calendar Connector Status. The Collaboration On-Premises displays message status error: Exchange server http error code 401.

Screen Shot 2022-02-21 at 10.03.18

Troubleshoot

The loggingsnapshot.txt file is needed to locate the timestamp of the error from the Expressway server. If no logs are collected, Diagnostic Logs are needed while the issue is replicated.

Screen Shot 2022-02-21 at 10.03.51

With the logs collected, extract the files and locate loggingsnapshot.txt file.

diagnostic_log_ccnp-expressway-hybrid1_2022-02-21_16 03 39.tar.gz

Search for this output:

2022-02-21T10:00:15.018-06:00 localhost UTCTime="2022-02-21 16:00:15,017" Module="hybridservices.c_cal" Level="ERROR" Thread="ews-recovery-2" TrackingId="" Detail="checkServiceEntityConnectivity() threw ServiceRequest exception. Root cause exception: microsoft.exchange.webservices.data.HttpErrorException: The remote server returned an error: (401)Unauthorized"

(401)Unauthorized means the impersonation account password is invalid, possibly expired, or changed.

Confirm Imprersonation Account

Verify that the impersonation account is able to access the user interface in Outlook on the web (formerly known as Outlook Web App). Confirm that the password is expired.

Screen Shot 2022-04-04 at 21.45.50

OWA URL:

 https://<IPv4_FQDN_MXS>/owa

Solution

Change the password of the account and update the Calendar Connector configuration to bring the Hybrid Calendar back to Operational. Make the change from the OWA portal or update the password from Active Directory if the account is synchronized from there (out of scpe for this document).

Reset Mailbox Password via Exchange Admin Center (EAC)

In order to have this option available these commands needs to be run from Exchange Management Shell.

- Add-Pssnapin microsoft*
- Install-CannedRbacRoles
- Install-CannedRbacRoleAssignments

Screen Shot 2022-04-04 at 21.11.32

Enable the Reset Password option in the Exchange Admin Center.

1. Log in to Exchange Admin Center, navigate to Permissions>Organization Management, and click Edit.
2. In the Organization Management page, click + option under the Roles section (to add a new role).
3. Select the Reset Password from the provided list, click the Add option, and then click Save.
4. When the changes are saved, sign out from the Exchange Admin Center and log in again.

To confirm if the role is properly activated, run the command:

- Get-ManagementRole -id "Reset Password" | fl

Screen Shot 2022-04-04 at 22.05.49

Select a user mailbox, click Edit to view its properties, and find the Reset Password option.

Screen Shot 2022-04-04 at 22.07.54

Reset Mailbox Password via Exchange Management Shell

It is possible to reset a password via CLI, however, the old password is required to run the command:

Set-Mailbox -Identity "User" -OldPassword (ConvertTo-SecureString -string "OldPassword" -AsPlainText -Force) -NewPassword (ConvertTo-SecureString -string "NewPassword" -AsPlainText -Force)

that is:

Set-Mailbox -Identity "email address" -OldPassword (ConvertTo-SecureString -string "Webex4Ever" -AsPlainText -Force) -NewPassword (ConvertTo-SecureString -string "Webex4Ever&Ever" -AsPlainText -Force)

Screen Shot 2022-04-04 at 22.15.48

Validate the new Password from OWA

The impersonation account is now able to access the user interface in Outlook on the web (formerly known as Outlook Web App) with the updated credentials.

Screen Shot 2022-04-04 at 22.20.20

Screen Shot 2022-04-04 at 22.21.02

Update the Calendar Connector configuration

From Applications > Hybrid Services > Calendar Service > Microsoft Exchange Configuration > Credentials; update the Service Account Password with the newest password.

Screen Shot 2022-04-04 at 22.27.44