Overview
Public Folder Scanning enables MailEssentials to retrieve emails from Exchange public folders to add to Whitelist/Blocklist and HAM/SPAM databases.
This article provides the troubleshooting steps and recommended solution when Public Folder Scanning using Exchange Web Services (EWS) is failing leaving MailEssentials unable to access and scan Exchange Public Folders.
Prerequisites
Exchange Web Services can only be used to access Microsoft Exchange 2007 and later Public Folders. If using older versions of Exchange (pre-2007), polling the Public Folders is done via MAPI, IMAP, or WebDAV protocols.
Verify that the user that is being used to access Exchange Public Folders has full permissions by following these steps:
- Open the Exchange Admin Center
- Click Public Folders node
- Navigate to Root permissions
- Add the user to be used for public folder scanning here and grant full permissions
Diagnosis
Access the Public Folder Scanning configuration screen by navigating to GFI MailEssentials > Anti-Spam > Anti-Spam Settings then click on the Public Folder Scanning tab.
Ensure Public Folder Scanning is enabled to poll Exchange via Web Services as described in Enabling Public Folder Scanning.
Clicking on the Test button to verify connectivity to Exchange produces a Test failed! error as shown below:
The debug log file for the EWS Public Folder Scanning module (PFTrainEWS.log) contains further details on the failure reason. Locate this file from ...GFI\MailEssentials\Attendant\debuglogs\PFTrainEWS.log
and look out for the following error:
"info ","PFTrainEWS","EWS PFTrain Test...."
"info ","PFTrainEWS","gfi\administrator.admin : https://mail-exch01:443/EWS/Exchange.asmx"
"error ","PFTrainEWS","error:PFTrain EWS Test Failed: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel."
"info ","PFTrainEWS","Config Timer..."
"info ","PFTrainEWS","Config Timer...ok"
"error ","PFTrainEWS","error:Create Folders Exception: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel."
Solution
This error will occur when the Server name in the Web services configuration screen is different from the Exchange Web Services EWS (Default Website) internal URL configured in Exchange.
Follow the steps below to correct the Public Folder Scanning Settings and resolve the error:
- Open Exchange Management Shell and run the following command:
-
Get-WebServicesVirtualDirectory |Select name, url | fl
- Sample output:
-
- Open the Public Folder Scanning configuration screen and change the Server name to the same server name under InternalUrl obtained from step 1. This is usually the same as the FQDN (Fully Qualified Domain Name) of the Exchange server.
- Note: The
Get-ExchangeSettings
cmdlet can be executed on the Exchange Management Shell to view various Exchange Server settings that are stored in Active Directory, including the FQDN.
- Note: The
- Enter the Domain and credentials for a user with full permissions to the Exchange server and specify whether or not to use SSL. Change the default ports accordingly to match your Exchange server configuration if necessary.
- Note: If both a local and a public domain exist, corresponding to InternalUrl and ExternalUrl respectively, always use the local domain.
- Click on Apply button to save the configuration prior to testing.
- Click on the Test button to confirm successful connection to poll Exchange Public Folders.
Testing
- In order to confirm that the credentials used are correct, you can use the same credentials and access the URL that is generated for the EWS service discovery (e.g. https://mail.gfi.local:443/EWS/Exchange.asmx from the example above). If the credentials entered are correct, there should be a Service web page displayed. Any authentication or permissions issues should be resolved before testing the configuration.
- Use the Test button to confirm a successful connection to the Exchange server for scanning Exchange Public Folders.