Bad relationship meaning no Free/Busy

TL;DR – if you have a bad personal relationship then you will lose free/busy :)

I’ve recently worked with one of our o365 customers to investigate a free/busy issue not working across forest in one direction from X1@contoso.com -----x> to Y1@datum.com

It’s working for everyone else, even X1 is able to see the f/b of Y2.

X2 who is in the same database with X1 is able to see the f/b of Y1 and Y2.

The first and easiest way to move forward is to draw the scenario and think how we can approach the issue.

The first question to ask if the user can reproduce that in both owa and outlook and if we can have a decrypted fiddler trace from OWA.

Walking through the fiddler trace, here we go, the exception is:

{"MessageText":"Proxy web request failed. , inner exception: System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a receive. ---> System.IO.IOException: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host. ---> System.Net.Sockets.SocketException: An existing connection was forcibly closed by the remote host

The exception doesn’t make any sense, specially that X2@contoso.com is able to see the free/busy so we can’t really relay on that exception.

Permission issue ?

The default user is granted availability only permission which is what we need for organization relationship.

We also don’t have any explicit permissions for X1 or X2.

PS > Get-MailboxFolderPermission -Identity Y1@datum.com:\CalendarFolderName           User                 AccessRights----------           ----                 ------------Calendar             Default              {AvailabilityOnly}

To avoid ACL stale issues we moved X1 and Y1 mailbox but that didn’t change anything.

So what’s so special between the two users ?!

To answer this question I decided to take an extra trace from X1 backend server in a live session with the customer as we couldn’t find any useful data in IIS\Café Ews\EWS\event viewer logs.

The extra trace is confirming that they have a personal relationship but what kind of personal relationship do they have ?

"InfoWorker.RequestDispatch","RequestRouting", Found a personal relationship for Y1@datum.com

Looking at the source code, I found that we evaluate if there's a personal sharing between the two users and we query the f/b based on that.

But where do we store the personal sharing data ?

The subscription is stored as a hidden message in the folder "\root\sharing" and you can use MFCMAPI to check that.

The subscription message class is: IPM.ExternalSharingSubscription.

PropertyTag    : 80C9001F
PropertyId     : SharerIdentity:80C9:Unicode(f52a8693-c34d-4980-9e20-9d4c1eabb6a7:ExternalSharingSharerIdentity)
PropertyType   : Unicode
PropertyName   : f52a8693-c34d-4980-9e20-9d4c1eabb6a7:ExternalSharingSharerIdentity
EntryType      : Value
SerializedSize : 32
CanonicalSize  : 54
PropertyValue  : Y1@datum.com

PropertyTag    : 80C6001F
PropertyId     : Url:80C6:Unicode(f52a8693-c34d-4980-9e20-9d4c1eabb6a7:ExternalSharingUrl)
PropertyType   : Unicode
PropertyName   : f52a8693-c34d-4980-9e20-9d4c1eabb6a7:ExternalSharingUrl
EntryType      : Value
SerializedSize : 62
CanonicalSize  : 114
PropertyValue  : https://mail..datum.com/EWS/Exchange.asmx/WSSecurity

If the environment is on-premises you can leverage store query in exchange 2013\2016 instead of MFCMAPI.

$mbx=get-mailbox x1@contoso.com
$mbxNumber=Get-StoreQuery -Database $($mbx.Database) -Query "Select MailboxNumber From Mailbox Where MailboxGuid = '$($mbx.ExchangeGuid)'"
$folders=Get-StoreQuery -Database $mbx.Database -Query "select * from Folder where MailboxPartitionNumber = '$($mbxNumber.MailboxNumber)' and DisplayName like '%Sharing%'" $messages=$folders | %{Get-StoreQuery -Database $mbx.Database -Query "select * from Message Where MailboxPartitionNumber = '$($mbxNumber.MailboxNumber)' and FolderId = '$($_.FolderId)' and MessageClass = 'IPM.ExternalSharingSubscription'" -Unlimited}
$blob=@(Get-StoreQuery -Database $mbx.Database -Query "Select * From ParsePropertyBlob($($messages[0].PropertyBlob), 'Message',$($mbxNumber.MailboxNumber))") $blob | where{$_.PropertyName -like '*ExternalSharing*'}

$blob

We didn’t finish yet

Does that mean that f/b will always fail if the calendar sharing is used ?

Let’s introduce another user in the story, X3.

If Y1 shared her calendar with X3, X3 will automatically granted explicit permission over Y1 calendar.

If the explicit permission is removed or missing then the f/b won’t work.
Sounds like we have a way to resolve the issue and a solid understanding of the root cause.

Enjoy

Ahmed Ashour

Service Engineer II