ENS: Unable to open Exchange Connection error


This error is observed post the configuration of the Email Notification Service(ENS) in the ENS logs in both SaaS and On Premise ENS deployments.

A detailed decryption of the error is as below.

2016/04/05 19:35:27.380 ENS-AIRWATCH 981f9ae6-4cea-4442-9258-33a8485e988e [0000000-0000000] (7) Error AW.Mail.Notification.Service.BusinessImpl.ExchangeSubscriber Unable to open Exchange Connection Microsoft.Exchange.WebServices.Data.ServiceRequestException: The request failed. The remote server returned an error: (401) Unauthorized. ---> System.Net.WebException: The remote server returned an error: (401) Unauthorized.
at System.Net.HttpWebRequest.GetResponse()
at Microsoft.Exchange.WebServices.Data.EwsHttpWebRequest.Microsoft.Exchange.WebServices.Data.IEwsHttpWebRequest.GetResponse()
at Microsoft.Exchange.WebServices.Data.ServiceRequestBase.GetEwsHttpWebResponse(IEwsHttpWebRequest request)
--- End of inner exception stack trace ---
at Microsoft.Exchange.WebServices.Data.ServiceRequestBase.GetEwsHttpWebResponse(IEwsHttpWebRequest request)
at Microsoft.Exchange.WebServices.Data.ServiceRequestBase.ValidateAndEmitRequest(IEwsHttpWebRequest& request)
at Microsoft.Exchange.WebServices.Data.MultiResponseServiceRequest`1.Execute()
at Microsoft.Exchange.WebServices.Data.ExchangeService.SubscribeToStreamingNotifications(IEnumerable`1 folderIds, EventType[] eventTypes)
at AW.Mail.Notification.Service.BusinessImpl.ExchangeSubscriber._SubscribeUsers(IEnumerable`1 usersByMailbox)
at AW.Mail.Notification.Service.BusinessImpl.ExchangeSubscriber._RestartSubscriber(IEnumerable`1 usersByMailbox)



The error means that the ENS (Email Notification Service) cannot open connections to the EWS (Exchange Web Services) endpoint on the exchange server and it cannot receive subscriptions for a specific email address.

It could be because of the following:

1. Cannot establish a persistent connection to the Exchange Server from the ENS Server, as the port 443 could be closed.

2. To be able to subscribe for subscriptions from Exchange, ENS uses a service account. The service account might not have the necessary permissions required. Also, the password associated with the service account could be wrong.

3. The Exchange server DNS uses an SSL certificate that the ENS does not trust.



1. Check if port 443 is open from the ENS Server. This can be done using Telnet.

2.  Check if the Service account has the impersonation role. 

3. To check if the password used for the service account during the ENS installation was right. Navigate to the ENS installation folder and run the ENS Configuration tool. The image below shows the location of the tool and also the screen that would show up when you run the config tool. Within the config tool there is a test connection button, that would check the connectivity from ENS to Exchange using the service account and the password can be validated.



The above image does not have the values populated, but it should have the values for your respective environment.

4. Ensure that there is no SSL trust issue between the ENS and the Exchange Server, so that the ENS trusts the Exchange Server's SSL certificate.

Have more questions? Submit a request


Article is closed for comments.