Troubleshooting Exchange Freebusy Interop
General References
Note: For more information on Free Busy Interop for Exchange, see the Free Busy Interop for Exchange article.
First read ZimbraServer/docs/freebusy-interop.txt and get familiar with the settings.
Provide the following output:
[zimbra@mail ~]$ zmlocalconfig | grep -i freebusy_exchange * Might or might not that this value set* * http://bugzilla.zimbra.com/show_bug.cgi?id=37393 * "Interop: don't hard code cn=RECIPIENTS"
Global config:
[zimbra@mail ~]$ zmprov gacf | grep zimbraFreebusyExchange zimbraFreebusyExchangeAuthPassword: ******** zimbraFreebusyExchangeAuthScheme: basic zimbraFreebusyExchangeAuthUsername: zimbra zimbraFreebusyExchangeCachedInterval: 60d zimbraFreebusyExchangeCachedIntervalStart: 7d zimbraFreebusyExchangeURL: http://exchange.DOMAIN.com zimbraFreebusyExchangeUserOrg: /o=First Organization/ou=First Administrative Group
Domain config:
[zimbra@mail ~]$ zmprov gd DOMAIN.com | grep zimbraFreebusyExchange zimbraFreebusyExchangeAuthPassword: ******** zimbraFreebusyExchangeAuthScheme: basic zimbraFreebusyExchangeAuthUsername: zimbra zimbraFreebusyExchangeCachedInterval: 60d zimbraFreebusyExchangeCachedIntervalStart: 7d zimbraFreebusyExchangeURL: http://exchange.DOMAIN.com zimbraFreebusyExchangeUserOrg: /o=First Organization/ou=First Administrative Group
User config - used if your pushing/replicating Zimbra F/B to Exchange free/busy:
[zimbra@mail ~]$ zmprov ga USER@DOMAIN.com zimbraForeignPrincipal ad:USER
Test URL String For Exchange F/B View
Try testing the following URL in a browser, using a user in Exchange and a time that they have an appointment .
http://<server>/public/?cmd=freebusy&start=<ISO8601date>&end=<ISO8601date>&interval=<minutes>&u=SMTP:<emailaddr> * tokens in < > are variables. * ISO8601 date format is yyyy-mm-dd'T'hh:mm:ssZ
zimbraFreebusyExchangeAuthScheme set to Basic - Authentication Errors
Replace Exchange/OWA Server Hostname, USER and PASSWD var's below with valid data and adjust http or https accordingly.
curl http[s]://[Exchange/OWA Server Hostname]/exchange/ --basic -u USER:PASSWD
or
wget --no-check-certificate --user="USER" --password=PASSWD -d -S http[s]://[Exchange/OWA Server Hostname]/exchange/
If you see any other authentication type [NTLM for example] besides or before Basic this might be causing the issue. From the F/B Interop wiki page :
- In both cases, Zimbra needs to authenticate to the Exchange server via HTTP basic authentication or HTML form based authentication ala OWA.
zimbraFreebusyExchangeAuthScheme set to Form - Authentication Errors
Extended Debugging
Enable debug logging by adding the following to log4j.properties:
log4j.logger.zimbra.fb=DEBUG
Now login to Zimbra webclient, then try looking up a user on Exchange. Make sure the user on Exchange has some appointments on the day(s) viewed so you can see the blocked time slots.
- select calendar app
- new appointment
- enter the email address of Exchange user in attendees box
- click schedule tab
If you can see the red or orange blocks indicating the busy time slots for the Exchange user, it's working properly. If you the result comes up as "all free", then look at /opt/zimbra/log/mailbox.log and look for following entry.
2008-09-25 09:47:39,065 DEBUG [btpool0-2] [name=<your zimbra account>;mid=2;ip=0:0:0:0:0:0:0:1%0;ua=ZimbraWebClient - FF3.0 (Mac)/dev build;] fb - fetching fb from url=http://<URL to Exchange>/public/?cmd=freebusy&start=2008-09-25T00:00:00-07:00&end=2008-09-26T00:00:00-07:00&interval=30&u=SMTP:<email address of Exchange user>
That's the request made to Exchange by ZCS. Make sure the URL looks correct. You can also use a web browser to try the URL and see if you get any HTTP error.
Then a few lines down you'll see an XML fragment as follows.
<a:response xmlns:a="WM"> <a:recipients> <a:item> <a:displayname>All Attendees</a:displayname> <a:type>1</a:type> <a:fbdata>000000000000000000002022220000000000000000000000</a:fbdata> </a:item> <a:item> <a:displayname>(full name of the user)</a:displayname> <a:email type="SMTP">(email address of Exchange user)</a:email> <a:type>1</a:type> <a:fbdata>000000000000000000000022220000000000000000000000</a:fbdata> </a:item> </a:recipients> </a:response>
If you tried the web browser test, that's the content you would see in the browser. Make sure you don't have all 0's in <a:fbdata> section, which means Exchange thinks the user's schedule is all free. If it shows all 0's, then either the user you are trying to look up doesn't have any appointments that day, or Exchange somehow doesn't know how to get the freebusy for the user. If you are sure the user has some appointments, then talk to Exchange admin and resolve the issue.
Now we can check if an Exchange user using Outlook or OWA can see freebusy of a Zimbra user. First, take a Zimbra user zuser@yourdomain.com. Create a mail enabled Contact object in Active Directory. Note the org being used, as it becomes the value of zimbraFreebusyExchangeUserOrg config variable on Zimbra. Also note the userid of the contact, which becomes the zimbraForeignPrincipal of the user zuser@yourdomain.com. It's best to use the localpart of the email address as the userid of the contact so there is no confusion (zuser in this case).
Make sure zimbraFreebusyExchangeUserOrg contains the correct org information.
Run
zmprov ma zuser@yourdomain.com zimbraForeignPrincipal ad:zuser
Now log into Zimbra webclient as zuser. Create some appointments in the calendar.
Look at /opt/zimbra/log/mailbox.log. You'll see a request made to a URL that looks like
http://<exchange URL>/public/NON_IPM_SUBTREE/SCHEDULE%2B%20FREE%20BUSY/EX:_xF8FF_o=First%20Organization_xF8FF_ou=First%20Administrative%20Group/USER-_xF8FF_cn=RECIPIENTS_xF8FF_cn=(userid).EML
Check for any error message in the log around the request line. Also check the access log on IIS and make sure the IIS didn't return HTTP error. If you see error 403 or other auth related error, check the Zimbra configuration for zimbraFreebusyExchangeAuthUsername and zimbraFreebusyExchangeAuthPassword. Also make sure you are using correct auth scheme in zimbraFreebusyExchangeAuthScheme. If basic auth is disabled for OWA, then use form based auth.
If there is no error, then wait 15 minutes as the very first freebusy propagation can take up to 15 minutes. The 15 minutes delay is from within Exchange when there are more than one Exchange server. The delay can occur only on the very first freebusy propagation, and there won't be any delay afterwards.
To test the Zimbra -> Exchange freebusy propagation, log into OWA, or use Outlook, add the email address of the contact created above to the required attendee, and click schedule tab.