In our previous blog post we covered an overview of what migration endpoints are, how to find them and what makes them tick. In this post, we will cover related troubleshooting. Note that this post h...
Updated Mar 30, 2020
Version 5.0
Blog Post
I have identical issue. Hybrid Setup 2019 Exchange Server (2). Last month did successful migration. This month we only renewed our Certificate. 4th Oct 2024. The only change. Migration of new mailbox broken. with the error,
ErrorDetail : Microsoft.Exchange.Migration.MigrationServerConnectionFailedException: The connection to the server 'mymail.domain.com' could not be completed. --->
Microsoft.Exchange.MailboxReplicationService.RemotePermanentException: The Mailbox Replication Service was unable to connect to the remote server using the credentials provided.
Please check the credentials and try again. The call to 'https://mymail.domain.com/EWS/mrsproxy.svc' failed. Error details: The HTTP request is unauthorized with client
authentication scheme 'Negotiate'. The authentication header received from the server was 'Negotiate,NTLM,Basic realm="mymail.domain.com"'. --> The remote server returned an error:
(401) Unauthorized.. --> The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The authentication header received from the server was 'Negotiate,NTLM,Basic
realm="mymail.domain.com"'. --> The remote server returned an error: (401) Unauthorized. ---> Microsoft.Exchange.MailboxReplicationService.RemotePermanentException: The call to
'https://mymail.domain.com/EWS/mrsproxy.svc' failed. Error details: The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The authentication header
received from the server was 'Negotiate,NTLM,Basic realm="mymail.domain.com"'. --> The remote server returned an error: (401) Unauthorized.. --->
Microsoft.Exchange.MailboxReplicationService.RemotePermanentException: The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The authentication header
received from the server was 'Negotiate,NTLM,Basic realm="mymail.domain.com"'. ---> Microsoft.Exchange.MailboxReplicationService.RemotePermanentException: The remote server returned
an error: (401) Unauthorized.
--- End of inner exception stack trace ---
--- End of inner exception stack trace ---
--- End of inner exception stack trace ---
at Microsoft.Exchange.MailboxReplicationService.MailboxReplicationServiceFault.<>c__DisplayClass97_0.<ReconstructAndThrow>b__0()
at Microsoft.Exchange.MailboxReplicationService.ExecutionContext.Execute(Action operation)
at Microsoft.Exchange.MailboxReplicationService.MailboxReplicationServiceFault.ReconstructAndThrow(String serverName, VersionInformation serverVersion)
at Microsoft.Exchange.MailboxReplicationService.WcfClientWithFaultHandling`2.<>c__DisplayClass7_0.<CallService>b__0()
at Microsoft.Exchange.Net.WcfClientBase`1.CallService(Action serviceCall, String context)
at Microsoft.Exchange.MailboxReplicationService.WcfClientWithFaultHandling`2.CallService(Action serviceCall, String context)
at Microsoft.Exchange.Migration.MigrationExchangeProxyRpcClient.CanConnectToMrsProxy(Fqdn serverName, Guid mbxGuid, NetworkCredential credentials, LocalizedException& error)
--- End of inner exception stack trace ---
at Microsoft.Exchange.Migration.DataAccessLayer.ExchangeRemoteMoveEndpoint.VerifyConnectivity()
at Microsoft.Exchange.Management.Migration.MigrationService.Endpoint.TestMigrationServerAvailability.InternalProcessEndpoint(Boolean fromAutoDiscover)
I tried to create a new endpoint and it failed as well,
EWS/IIS logs suggesting authentication provided is negotiate but false
HttpProxy
2024-10-24T02:07:19.744Z,bd9d4c8c-3d61-49d2-9640-5bdbb4a59148,15,2,1544,4,,Ews,mymail.domain.com,/EWS/mrsproxy.svc,,Negotiate,false,,,,,192.168.1.1,WNDRPEX30,401,,,POST,,,,,,,,,658,,,,,,,,,,,,,,,0,,,,,,,,,,,,,,0,,0,0,,,,BeginRequest=2024-10-24T02:07:19.744Z;CorrelationID=<empty>;SharedCacheGuard=0;EndRequest=2024-10-24T02:07:19.744Z;,,,,,,
2024-10-24T02:07:20.059Z,a81f2123-d9ef-41ce-a46e-585e91827c59,15,2,1544,4,,Ews,mymail.domain.com,/EWS/mrsproxy.svc,,Negotiate,false,,,,,192.168.1.1,WNDRPEX30,401,,,POST,,,,,,,,,0,,,,,,,,,,,,,,,0,,,,,,,,,,,,,,0,,0,0,,,,BeginRequest=2024-10-24T02:07:20.058Z;CorrelationID=<empty>;SharedCacheGuard=0;EndRequest=2024-10-24T02:07:20.059Z;,,,,,,
2024-10-24T02:07:20.345Z,86f8a012-6a25-4d56-a65f-454065100b13,15,2,1544,4,,Ews,mymail.domain.com,/EWS/mrsproxy.svc,,,false,,,,,192.168.1.1,WNDRPEX30,401,,,POST,,,,,,,,,658,,,,,,,,,,,,,,,0,,,,,,,,,,,,,,0,,0,0,,,,BeginRequest=2024-10-24T02:07:20.344Z;CorrelationID=<empty>;SharedCacheGuard=0;EndRequest=2024-10-24T02:07:20.345Z;S:ServiceLatencyMetadata.AuthModuleLatency=0,,,,,,
2024-10-24T02:07:20.435Z,50c1c6c2-e36e-4cdd-bedc-429124493b34,15,2,1544,4,,Ews,mymail.domain.com,/EWS/mrsproxy.svc,,Negotiate,false,,,,,192.168.1.1,WNDRPEX30,401,,,POST,,,,,,,,,658,,,,,,,,,,,,,,,0,,,,,,,,,,,,,,0,,0,0,,,,BeginRequest=2024-10-24T02:07:20.435Z;CorrelationID=<empty>;SharedCacheGuard=0;EndRequest=2024-10-24T02:07:20.435Z;,,,,,,
IIS Logs:
2024-10-24 02:07:19 10.1.101.218 POST /EWS/mrsproxy.svc &CorrelationID=<empty>;&cafeReqId=bd9d4c8c-3d61-49d2-9640-5bdbb4a59148; 443 - 192.168.1.1 - - 401 1 2148074248 19 -
2024-10-24 02:07:19 10.1.101.218 POST /EWS/mrsproxy.svc &CorrelationID=<empty>;&cafeReqId=86f8a012-6a25-4d56-a65f-454065100b13; 443 - 192.168.1.1 - - 401 2 5 17 -
2024-10-24 02:07:19 10.1.101.218 POST /EWS/mrsproxy.svc &CorrelationID=<empty>;&cafeReqId=50c1c6c2-e36e-4cdd-bedc-429124493b34; 443 - 192.168.1.1 - - 401 1 2148074248 16 -
Applied the solution from michael-mardahl but no luck. Why logs showing negotiate false or empty. no user info in the logs.
TIA.
Did you find a fix to this? I am having the same issue currently.
Please help!
