Troubleshooting Exchange Freebusy Interop
- 1 Troubleshooting Exchange Freebusy Interop
- 2 General References
- 3 What Are My Current Settings? Useful To Share With Support In Initial Ticket
- 4 Test URL String For Exchange F/B View
- 5 Confirm Zimbra Can Reach Exchange/IIS Server For Setup
- 6 zimbraFreebusyExchangeAuthScheme set to Basic - Authentication Errors
- 7 zimbraFreebusyExchangeAuthScheme set to Form - Authentication Errors
- 8 Extended Debugging
- 9 Additional References
Troubleshooting Exchange Freebusy Interop
Note: For more information on Free Busy Interop for Exchange, see the Free Busy Interop for Exchange article.
First read ZimbraServer/docs/freebusy-interop.txt and get familiar with the settings.
Provide the following output:
The default configuration in Exchange uses cn=RECIPIENTS in the user legacyExchangeDN. Not all organizations use that. Enhancement http://bugzilla.zimbra.com/show_bug.cgi?id=37393 allowed organizations to set a different user legacyExchangeDN in the localconfig file. If your organization doesn't use cn=RECIPIENTS:
[zimbra@mail ~]$ zmlocalconfig | grep -i freebusy_exchange * Might or might not that this value set* * http://bugzilla.zimbra.com/show_bug.cgi?id=37393 * "Interop: don't hard code cn=RECIPIENTS"
[zimbra@mail ~]$ zmprov gacf | grep zimbraFreebusyExchange zimbraFreebusyExchangeAuthPassword: ******** zimbraFreebusyExchangeAuthScheme: basic zimbraFreebusyExchangeAuthUsername: zimbra zimbraFreebusyExchangeCachedInterval: 60d zimbraFreebusyExchangeCachedIntervalStart: 7d zimbraFreebusyExchangeURL: http://exchange.DOMAIN.com zimbraFreebusyExchangeUserOrg: /o=First Organization/ou=First Administrative Group
[zimbra@mail ~]$ zmprov gd DOMAIN.com | grep zimbraFreebusyExchange zimbraFreebusyExchangeAuthPassword: ******** zimbraFreebusyExchangeAuthScheme: basic zimbraFreebusyExchangeAuthUsername: zimbra zimbraFreebusyExchangeCachedInterval: 60d zimbraFreebusyExchangeCachedIntervalStart: 7d zimbraFreebusyExchangeURL: http://exchange.DOMAIN.com zimbraFreebusyExchangeUserOrg: /o=First Organization/ou=First Administrative Group
User config - used if your pushing/replicating Zimbra F/B to Exchange free/busy:
[zimbra@mail ~]$ zmprov ga USER@DOMAIN.com zimbraForeignPrincipal ad:USER
Test URL String For Exchange F/B View
Try testing the following URL in a browser, using a user in Exchange and a time that they have an appointment .
http://<server>/public/?cmd=freebusy&start=<ISO8601date>&end=<ISO8601date>&interval=<minutes>&u=SMTP:<emailaddr> * tokens in < > are variables. * ISO8601 date format is yyyy-mm-dd'T'hh:mm:ssZ
Confirm Zimbra Can Reach Exchange/IIS Server For Setup
Very simple test to do:
telnet [whatever you set zimbraFreebusyExchangeURL to] [PORT 80 [http] , 443[https]]
zmprov gd DOMAIN.com zimbraFreebusyExchangeURL http://exchange.DOMAIN.com telnet exchange.DOMAIN.com 80
zmprov gd DOMAIN.com zimbraFreebusyExchangeURL https://exchange.DOMAIN.com telnet exchange.DOMAIN.com 443
zimbraFreebusyExchangeAuthScheme set to Basic - Authentication Errors
Replace Exchange/OWA Server Hostname, USER and PASSWD var's below with valid data and adjust http or https accordingly.
curl http[s]://[Exchange/OWA Server Hostname]/exchange/ --basic -u USER:PASSWD
wget --no-check-certificate --user="USER" --password=PASSWD -d -S http[s]://[Exchange/OWA Server Hostname]/exchange/
If you see any other authentication type [NTLM for example] besides or before Basic this might be causing the issue. From the F/B Interop wiki page :
- In both cases, Zimbra needs to authenticate to the Exchange server via HTTP basic authentication or HTML form based authentication ala OWA.
zimbraFreebusyExchangeAuthScheme set to Form - Authentication Errors
During my initial setup, I set the global configuration and the domain configuration to "form". I was unable to get this to work. I then set the global configuration to basic, but the log file indicated I was still trying to authenticate with "NTLM". Once I change the domain setting to "basic", it responded as expected (doh!)
Enable debug logging by adding the following to log4j.properties - /opt/zimbra/conf/log4j.properties :
Now login to Zimbra webclient, then try looking up a user on Exchange. Make sure the user on Exchange has some appointments on the day(s) viewed so you can see the blocked time slots.
- select calendar app
- new appointment
- enter the email address of Exchange user in attendees box
- click schedule tab
If you can see the red or orange blocks indicating the busy time slots for the Exchange user, it's working properly. If you the result comes up as "all free", then look at /opt/zimbra/log/mailbox.log and look for following entry.
2008-09-25 09:47:39,065 DEBUG [btpool0-2] [name=<your zimbra account>;mid=2;ip=0:0:0:0:0:0:0:1%0;ua=ZimbraWebClient - FF3.0 (Mac)/dev build;] fb - fetching fb from url=http://<URL to Exchange>/public/?cmd=freebusy&start=2008-09-25T00:00:00-07:00&end=2008-09-26T00:00:00-07:00&interval=30&u=SMTP:<email address of Exchange user>
That's the request made to Exchange by ZCS. Make sure the URL looks correct. You can also use a web browser to try the URL and see if you get any HTTP error.
Then a few lines down you'll see an XML fragment as follows.
<a:response xmlns:a="WM"> <a:recipients> <a:item> <a:displayname>All Attendees</a:displayname> <a:type>1</a:type> <a:fbdata>000000000000000000002022220000000000000000000000</a:fbdata> </a:item> <a:item> <a:displayname>(full name of the user)</a:displayname> <a:email type="SMTP">(email address of Exchange user)</a:email> <a:type>1</a:type> <a:fbdata>000000000000000000000022220000000000000000000000</a:fbdata> </a:item> </a:recipients> </a:response>
If you tried the web browser test, that's the content you would see in the browser. Make sure you don't have all 0's in <a:fbdata> section, which means Exchange thinks the user's schedule is all free. If it shows all 0's, then either the user you are trying to look up doesn't have any appointments that day, or Exchange somehow doesn't know how to get the freebusy for the user. If you are sure the user has some appointments, then talk to Exchange admin and resolve the issue.
Now we can check if an Exchange user using Outlook or OWA can see freebusy of a Zimbra user. First, take a Zimbra user email@example.com. Create a mail enabled Contact object in Active Directory. Note the org being used, as it becomes the value of zimbraFreebusyExchangeUserOrg config variable on Zimbra. Also note the userid of the contact, which becomes the zimbraForeignPrincipal of the user firstname.lastname@example.org. It's best to use the localpart of the email address as the userid of the contact so there is no confusion (zuser in this case).
Make sure zimbraFreebusyExchangeUserOrg contains the correct org information.Run
zmprov ma email@example.com zimbraForeignPrincipal ad:zuser
Now log into Zimbra webclient as zuser. Create some appointments in the calendar.
Look at /opt/zimbra/log/mailbox.log. You'll see a request made to a URL that looks like
Check for any error message in the log around the request line. Also check the access log on IIS and make sure the IIS didn't return HTTP error. If you see error 403 or other auth related error, check the Zimbra configuration for zimbraFreebusyExchangeAuthUsername and zimbraFreebusyExchangeAuthPassword. Also make sure you are using correct auth scheme in zimbraFreebusyExchangeAuthScheme. If basic auth is disabled for OWA, then use form based auth.
If there is no error, then wait 15 minutes as the very first freebusy propagation can take up to 15 minutes. The 15 minutes delay is from within Exchange when there are more than one Exchange server. The delay can occur only on the very first freebusy propagation, and there won't be any delay afterwards.
To test the Zimbra -> Exchange freebusy propagation, log into OWA, or use Outlook, add the email address of the contact created above to the required attendee, and click schedule tab.
Manually pushing freebusy data from Zimbra
Push freebusy data for a single account (firstname.lastname@example.org):
zmprov pfb email@example.com
Push freebusy for an entire domain (domain.tld):
zmprov pfbd domain.tld
Watch the logs for trouble.
Testing freebusy data in Exchange using curl
Similar to the above, you can test using curl that the data actually resides in the Exchange Public Folder:
Curl test (command-line):
$ curl -v --basic --location-trusted -u 'USERNAME':'PASSWORD' 'http://exchange-server.example.com/public/?cmd=freebusy&start=2012-01-31T08:00:00-08:00&end=2012-01-31T18:00:00-08:00&interval=30&u=SMTP:firstname.lastname@example.org'
* About to connect() to exchange-server.example.com port 80 (#0) * Trying 10.11.12.13... connected * Connected to exchange-server.example.com (10.11.12.13) port 80 (#0) * Server auth using Basic with user 'email@example.com' > GET /public/?cmd=freebusy&start=2012-01-31T08:00:00-08:00&end=2012-01-31T18:00:00-08:00&interval=30&u=SMTP:firstname.lastname@example.org HTTP/1.1 > Authorization: Basic emgoZnJhYACiXHZtd2FyZS2jb496Vk13ZXJlLmMcbFE= > User-Agent: curl/7.21.4 (universal-apple-darwin11.0) libcurl/7.21.4 OpenSSL/0.9.8r zlib/1.2.5 > Host: exchange-server.example.com > Accept: */* > < HTTP/1.1 200 OK < Date: Tue, 31 Jan 2012 22:08:18 GMT < Server: Microsoft-IIS/6.0 < X-Powered-By: ASP.NET < Content-Type: text/html < Content-Length: 406 < MS-WebStorage: 08.02.10176 < <a:response xmlns:a="WM"> <a:recipients> <a:item> <a:displayname>All Attendees</a:displayname> <a:type>1</a:type> <a:fbdata>01220020222212220000</a:fbdata> </a:item> <a:item> <a:displayname>Firstname Lastname</a:displayname> <a:email type="SMTP">email@example.com</a:email> <a:type>1</a:type> <a:fbdata>01220020222212220000</a:fbdata> </a:item> </a:recipients> </a:response> * Connection #0 to host exchange-server.example.com left intact * Closing connection #0
If you are getting something like the above, you are seeing what looks to be valid freebusy data from the Exchange Public Folder. If freebusy is still not working from Zimbra or Exchange, it is likely you have some other configuration problem.
Understanding Free/Busy Data
While the specifics of understanding freebusy data is not the focus of this article, we can provide a quick overview:
The freebusy data is presented according to the following: Each character in the free/busy data section represents a length of "interval" minutes (according to the interval specified in the request URL). 0 - Free 1 - Tentative 2 - Busy 3 - Out of Office 4 - Unknown
1. If using a complex Exchange environment with multiple versions, or using Exchange 2007 or 2010 with CAS, it is very important that your Exchange environment is configured to properly use the Public Folders for storing and referencing freebusy information. See this Microsoft reference on configuring Free/Busy Sharing between Exchange Organizations:
- An Exchange 2007 or Exchange 2010 environment must be configured with an Exchange server setup to provide public folders:
- CAS (if used) must be configured to use the free/busy public folders:
- It is highly important to correctly configure the Availability Address Space for the domain in Exchange:
2. We've heard of problems within Exchange related to Free/Busy data and public folder replication. From what Zimbra has heard, you'll have best results if replication is disabled:
3. If using Outlook 2007 or Outlook 2003 with Exchange 2007 or Exchange 2010, there may be considerations for configuring to use with public folder free/busy: