Dismiss Notice
We would like to remind you that we’re updating our login process for all 3CX forums whereby you will be able to login with the same credentials you use for the Partner or Customer Portal. Click here to read more.

[SOLUTION] Linux 3CX 15.5 vs Exchange 2016 - Authentication Problems

Discussion in '3CX Phone System - General' started by cornholio21, Mar 20, 2018.

Thread Status:
Not open for further replies.
  1. cornholio21

    Joined:
    Dec 4, 2017
    Messages:
    8
    Likes Received:
    3
    Hello 3CX community!
    We've successfully deployed our 3CX phone system but we have headache with the 365/Exchange Contacs Sync...

    Let me explain our problem... First of all - it's a Linux deployment and 3CX says you are supposed to change Authentification Method of the EWS Application in IIS to Basic instead of Windows:
    https://www.3cx.com/docs/manual/phonebook-directory/#h.kkqlf5cur2x

    The sync seems to work this way BUT:

    This affects all our clients in the company - Outlook is not working properly anymore after this change. Outlook tryes to authentificate, opens a Login Windows every few seconds (doesn't matter if Office 2010/2013/2016) and don't let you login.

    We have also tryed to enable both (basic and windows auth):

    Outlook works again - no login window. Sync isn't working anymore - it gives this error:
    2018/03/20 18:42:05.268|687|0041|Excpt|Microsoft.Exchange.WebServices.Data.ServiceRequestException: The request failed. The remote server returned an error: (401) Unauthorized. ---> System.Net.WebException: The remote server returned an error: (401) Unauthorized.

    So, how do we solve this problem?

    Thanks!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. cornholio21

    Joined:
    Dec 4, 2017
    Messages:
    8
    Likes Received:
    3
    No ideas?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. mariosM_3CX

    mariosM_3CX Support Team
    Staff Member 3CX Support

    Joined:
    Nov 1, 2017
    Messages:
    406
    Likes Received:
    40
    Hello @cornholio21

    If you want to use this on a Linux machine then you'll need to use the basic authentication as described in the guide. I'm afraid there is no avoiding this.
    Now since this is working, you'll need to figure out why the outlook clients cannot connect when using basic authentication. Not the other way around, as we already know that the Linux PBX will not work without basic authentication.

    Now since this is out of 3CX's scope, i really can't be sure, but found from Microsoft's sites that "Outlook will not let you use Basic authentication when you connect to the proxy server for Exchange without using SSL encryption" Could this be the case?
     
  4. Masi Aziz

    Joined:
    Mar 26, 2018
    Messages:
    4
    Likes Received:
    1
    Hi, didnt work for me too. Thats why I did go back to Windows.
     
  5. cornholio21

    Joined:
    Dec 4, 2017
    Messages:
    8
    Likes Received:
    3
    Okay, after no one could help us, I figured myself out how to achive this...

    mariosM_3CX's solution is also not helping, because Outlook 2016 just uses internally the NTLM authentification and you should not disable it - this is a pointless and bad solution and I hope 3CX will delete this from their documentation!

    It is possible to create secondary IIS site for 3CX Sync only. This will not affect your outlook installations.

    Here is my guide:

    • Login on your Exchange Server as Administrator and do following changes:
      • Create folders: C:\inetpub\3CX_Sync, C:\inetpub\3CX_Sync\OWA, C:\inetpub\3CX_Sync\EWS, C:\inetpub\3CX_Sync\ECP
      • Copy files/folders from C:\inetpub\wwwroot\ to C:\inetpub\3CX_Sync
      • Copy files/folders from [Exchange Installation]\FrontEnd\HttpProxy\OWA to C:\inetpub\3CX_Sync\OWA
      • Copy files/folders from [Exchange Installation]\FrontEnd\HttpProxy\EWS to C:\inetpub\3CX_Sync\EWS
      • Copy files/folders from [Exchange Installation]\FrontEnd\HttpProxy\ECP to C:\inetpub\3CX_Sync\ECP
      • Give the local group IIS_IUSRS read and execute permissions on C:\inetpub\3CX_Sync
    • Open IIS and create a new site with following parameters:
      • Sitename: 3CX_Sync
      • Path: C:\inetpub\3CX_Sync
      • Type: https
      • IP-Address: Use the same as regular OWA
      • Port: 4433 (for example)
      • Hostname: FQDN of your default OWA
      • SSL Zertificate: Same as default OWA
      • Start Website: Yes
    • Leave IIS opened, open exchange management console as administrator and execute following commands (please put in your hostname of the exchange server instead of SERVERNAME):
      • New-OwaVirtualDirectory -Server SERVERNAME -Role ClientAccess -WebSiteName 3CX_Sync -Path "C:\inetpub\3CX_Sync\OWA"
      • New-WebServicesVirtualDirectory -Server SERVERNAME -Role ClientAccess -WebSiteName 3CX_Sync -Path "C:\inetpub\3CX_Snyc\EWS"
      • New-EcpVirtualDirectory -Server SERVERNAME -Role ClientAccess -WebSiteName 3CX_Sync -Path "C:\inetpub\3CX_Sync\ECP"
    • If the commands were successful, close the management console and return to IIS
      • Refresh the windows (F5)
      • Go to Sites->3CX_Sync and select EWS
      • In the right menu go to Authentification and activate Anonymous, activate Basic and Disable everything else.
      • Set SSL required on EWS, ECP and OWA in SSL settings
    • Try to access https://your.owa.url.tld:4433/owa - if it works - you're already done! Just set on 3CX your 365 URL as: https://your.owa.url.tld:4433/owa
    • If you cannot access the site, then try allowing the port on your windows firewall and check if the site is running
    Be warned - on every cumulative update you have to copy the files again! You could try setting up a task that runs every restart and copy the files.

    If you have any questions regarding this procedure, just ask me here ;)

    Regards,
    Anton
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #5 cornholio21, Mar 26, 2018
    Last edited: Mar 26, 2018
    bnc1, certified1 and mariosM_3CX like this.
  6. mariosM_3CX

    mariosM_3CX Support Team
    Staff Member 3CX Support

    Joined:
    Nov 1, 2017
    Messages:
    406
    Likes Received:
    40
    Hello @cornholio21

    Glad to hear that you managed resolving this. Thanks for sharing your solution as others may find it useful.
     
  7. certified1

    Joined:
    Jul 29, 2013
    Messages:
    18
    Likes Received:
    1
    Hi,

    would like to see that 3cx staff could create a fine solution (maybe a automatic task script) for exchange 20xx configuration).
     
Thread Status:
Not open for further replies.