SEMblog

Now starting to see more implementations of Windows 2016 and Exchange 2016, so odd issues are starting to come to light.

One that I have seen a few times is a problem with Macs connecting to EWS on the 2016 versions of Exchange and Windows.

Going through the logs, there are 401 errors (unauthorised), yet the same credentials work with OWA.

Further troubleshooting with the web server and a hint on an Apple forum suggested that Windows 2016 was using HTTPS 2 by default and that the Mac was having some problems working with that for authentication.
The fix was to downgrade to HTTP 1.1.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters

New DWORD values

EnableHttp2Cleartext
EnableHttp2Tls

Set both to a value of 0.

The first one is for HTTP, the second for HTTPS. I set both, even though in most cases only HTTPS is allowed to the server and being used.

Reboot the server (restarting the IIS services does not appear to work).

Here is the registry value content to create a reg file for easy installation:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP\Parameters]
"EnableHttp2Tls"=dword:00000000
"EnableHttp2Cleartext"=dword:00000000

From an operational point of view, I cannot see any loss of functionality. OWA is designed to work with Windows 2012 R2 which still uses HTTP 1.1. In very large environments you might see a small performance hit because of the loss of the optimisations provided by HTTP 2, but most systems will not see anything.