A customer encountered an error when setting up a new Exchange integration with Sage CRM.

On saving the integration details, the setup failed at the step: "The Sync Engine is checking to see if the Exchange Web Service is available."

The following error was logged in the ewaresystem.log:

SOAPFaultException: The request is invalid


The issue was caused by Basic Authentication being disabled on the EWS application in IIS on the Exchange CAS server. Basic authentication is used by the Exchange synch engine to authenticate its impersonated user against Exchange Web Services.

Fiddler was used to identify the root cause of the error. This troubleshooting method is described in the linked Knowledgebase article below:

On enabling Basic authentication on the EWS application the issue was resolved.


More information:

The test for Basic authentication on an Exchange CAS server is reasonably straightforward. It can be done without having access to the Exchange server itself. Any request to the Exchange web services endpoint will tell you the accepted authentication methods, but since there may be a number of issues that result in this request failing, it is good practice to mimic the behaviour of the Exchange synch engine.

An example request, showing the parts which will need to be changed for the test is given below:

Authorization: Basic Y3JtLXVzZXJAcGFub3BseS10ZWNoOnBhc3N3b3Jk
Encoding: UTF-8
Content-Type: text/xml

<soap:Envelope xmlns:soap=""><soap:Header><RequestServerVersion xmlns:ns2="" xmlns="" Version="Exchange2007_SP1" /></soap:Header><soap:Body><ns2:ResolveNames xmlns="" xmlns:ns2="" ReturnFullContactData="false"><ns2:UnresolvedEntry>crm-user@panoply-tech</ns2:UnresolvedEntry></ns2:ResolveNames></soap:Body></soap:Envelope>


If Basic authentication is disabled, then a HTTP 401: Anonymous Request Disallowed will be returned. This is unexpected, since we have supplied credentials in the Basic authorisation header.

The response headers from the EWS endpoint will indicate the acceptable authentication methods for that server:

Server: Microsoft-IIS/8.5
request-id: 12345678-90ab-cde1-2345-67890abcde12
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
X-Powered-By: ASP.NET
Date: Fri, 18 Dec 2015 10:07:15 GMT
Content-Length: 0


In the example above, the Negotiate and NTLM authentication methods are allowed, and Basic authentication is missing. Basic authentication is required for the integration. You would expect to see the following header in the response:

WWW-Authenticate: Basic Realm=""

Other responses form the Exchange server may indicate an incorrect username and password, or other issue on the Exchange side of hte integration.