Exchange 2013 Hybrid EWS not using proxy

Hi

I have an Exchange 2013 CU8 server (Win2012R2) in hybrid mode sitting behind a proxy server. Free busy info of online mailboxes is not working from on-premise mailboxes. I have chased the problem to EWS not appearing to use the proxy.

I have set the IE proxy. I have set the WinHTTP proxy. I have set the InternetWebProxy.

A WireShark trace also shows the token request coming directly from the server, bypassing any proxy set.

I have also tried to set the proxy directly in the web.config file of EWS, but that has no affect either.

This is really strange. Any thoughts?

Test-OAuthConnectivity -Service EWS -TargetUri https://outlook.office365.com/ews/exchange.asmx
-Mailbox onpremiseaccount@domainname.org -Verbose | fl

Produces the following output:

RunspaceId  : d3d36eec-38d7-4371-8fd9-720b86ce2d1c
Task        : Checking EWS API Call Under Oauth
Detail      : The configuration was last successfully loaded at 06/07/2015 09:28:13 UTC. This was 49 minutes ago.
              The token cache is being cleared because "use cached token" was set to false.
              Exchange Outbound Oauth Log:
              Client request ID: ab8fed2b-321a-4100-ae01-152bb9552aa0
              Information:[OAuthCredentials:Authenticate] entering
              Information:[OAuthCredentials:Authenticate] challenge from
              'https://outlook.office365.com/ews/Exchange.asmx' received: Bearer
              client_id="00000002-0000-0ff1-ce00-000000000000",
              trusted_issuers="00000001-0000-0000-c000-000000000000@*", token_types="app_asserted_user_v1",
              authorization_uri="https://login.windows.net/common/oauth2/authorize",Basic Realm=""
              Information:[OAuthCredentials:GetToken] client-id: '00000002-0000-0ff1-ce00-000000000000', realm: '',
              trusted_issuer:'00000001-0000-0000-c000-000000000000@*'
              Information:[OAuthCredentials:GetToken] start building a token for the user domain 'domain.org'
              Information:[OAuthTokenBuilder:GetAppToken] start building the apptoken
              Information:[OAuthTokenBuilder:GetAppToken] checking enabled auth servers
              Information:[OAuthTokenBuilder:GetAppToken] trusted_issuer includes the auth server 'ACS':
              00000001-0000-0000-c000-000000000000@9cdffd99-a391-4492-8b8b-03b8ef1da48c,
              Information:[OAuthTokenBuilder:GetAppToken] updating the tenant id with the auth server realm; current
              tenant id value is '', new value is '9cdffd99-a391-4492-8b8b-03b8ef1da48c'
              Information:[OAuthTokenBuilder:GetAppToken] trying to get the apptoken from the auth server 'ACS' for
              resource
              '00000002-0000-0ff1-ce00-000000000000/outlook.office365.com@9cdffd99-a391-4492-8b8b-03b8ef1da48c'
              Information:[ACSTokenCache:GetActorToken] Each key and its counts are L:00000002-0000-0ff1-ce00-000000000
              000-AS:00000001-0000-0000-c000-000000000000@9cdffd99-a391-4492-8b8b-03b8ef1da48c, 0
              Information:[ACSTokenCache:GetActorToken] cache size is 0
              Information:[ACSTokenCache:GetActorToken] try to get a new ACS token synchronously
              Information:[ACSTokenBuildRequest:BuildToken] started
              Information:[ACSTokenBuildRequest:GetActorTokenFromAuthServer] Sending token request to
              'https://accounts.accesscontrol.windows.net/9cdffd99-a391-4492-8b8b-03b8ef1da48c/tokens/OAuth/2' for the
              resource
              '00000002-0000-0ff1-ce00-000000000000/outlook.office365.com@9cdffd99-a391-4492-8b8b-03b8ef1da48c' with
              token: {"typ":"JWT","alg":"RS256","x5t":"vGeyUPR3l9gDmgp4W4cFO5EhqHk"}.{"iss":"00000002-0000-0ff1-ce00-00
              0000000000@9cdffd99-a391-4492-8b8b-03b8ef1da48c","aud":"00000001-0000-0000-c000-000000000000/accounts.acc
              esscontrol.windows.net@9cdffd99-a391-4492-8b8b-03b8ef1da48c","nbf":1436177871,"exp":1436178471}
              Error:[ACSTokenBuildRequest:GetActorTokenFromAuthServer] Unable to get the token from auth server
              'https://accounts.accesscontrol.windows.net/9cdffd99-a391-4492-8b8b-03b8ef1da48c/tokens/OAuth/2'. The
              request has token {"typ":"JWT","alg":"RS256","x5t":"vGeyUPR3l9gDmgp4W4cFO5EhqHk"}.{"iss":"00000002-0000-0
              ff1-ce00-000000000000@9cdffd99-a391-4492-8b8b-03b8ef1da48c","aud":"00000001-0000-0000-c000-000000000000/a
              ccounts.accesscontrol.windows.net@9cdffd99-a391-4492-8b8b-03b8ef1da48c","nbf":1436177871,"exp":1436178471
              }, the error from ACS is , the exception is System.Net.WebException: Unable to connect to the remote
              server ---> System.Net.Sockets.SocketException: A connection attempt failed because the connected party
              did not properly respond after a period of time, or established connection failed because connected host
              has failed to respond 191.235.135.222:443
                 at System.Net.Sockets.Socket.EndConnect(IAsyncResult asyncResult)
                 at System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure, Socket s4, Socket s6,
              Socket& socket, IPAddress& address, ConnectSocketState state, IAsyncResult asyncResult, Exception&
              exception)
                 --- End of inner exception stack trace ---
                 at System.Net.HttpWebRequest.EndGetRequestStream(IAsyncResult asyncResult, TransportContext& context)
                 at System.Net.HttpWebRequest.EndGetRequestStream(IAsyncResult asyncResult)
                 at Microsoft.Exchange.Security.OAuth.ACSTokenBuildRequest.GetActorTokenFromAuthServer(Boolean
              throwOnError)
              Error:[ACSTokenBuildRequest:GetActorTokenFromAuthServer] the inner exception is
              System.Net.Sockets.SocketException (0x80004005): A connection attempt failed because the connected party
              did not properly respond after a period of time, or established connection failed because connected host
              has failed to respond 191.235.135.222:443
                 at System.Net.Sockets.Socket.EndConnect(IAsyncResult asyncResult)
                 at System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure, Socket s4, Socket s6,
              Socket& socket, IPAddress& address, ConnectSocketState state, IAsyncResult asyncResult, Exception&
              exception)
              Error:Unable to get token from Auth Server. Error code: ''. Description: ''.

              Exchange Response Details:
              HTTP response message:
              Exception:
              System.Net.WebException: The request was aborted: The request was canceled. --->
              Microsoft.Exchange.Security.OAuth.OAuthTokenRequestFailedException: Unable to get token from Auth
              Server. Error code: ''. Description: ''. ---> System.Net.WebException: Unable to connect to the remote
              server ---> System.Net.Sockets.SocketException: A connection attempt failed because the connected party
              did not properly respond after a period of time, or established connection failed because connected host
              has failed to respond 191.235.135.222:443
                 at System.Net.Sockets.Socket.EndConnect(IAsyncResult asyncResult)
                 at System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure, Socket s4, Socket s6,
              Socket& socket, IPAddress& address, ConnectSocketState state, IAsyncResult asyncResult, Exception&
              exception)
                 --- End of inner exception stack trace ---
                 at System.Net.HttpWebRequest.EndGetRequestStream(IAsyncResult asyncResult, TransportContext& context)
                 at System.Net.HttpWebRequest.EndGetRequestStream(IAsyncResult asyncResult)
                 at Microsoft.Exchange.Security.OAuth.ACSTokenBuildRequest.GetActorTokenFromAuthServer(Boolean
              throwOnError)
                 --- End of inner exception stack trace ---
                 at Microsoft.Exchange.Security.OAuth.ACSTokenBuildRequest.GetActorTokenFromAuthServer(Boolean
              throwOnError)
                 at Microsoft.Exchange.Security.OAuth.ACSTokenBuildRequest.BuildToken(Boolean throwOnError)
                 at Microsoft.Exchange.Security.OAuth.ACSTokenCache.GetActorToken(ACSTokenBuildRequest
              tokenBuildRequest, IOutboundTracer tracer, Nullable`1 clientRequestId)
                 at Microsoft.Exchange.Security.OAuth.OAuthTokenBuilder.GetAppToken(String applicationId, String
              destinationHost, String realmFromChallenge, IssuerMetadata[] trustedIssuersFromChallenge, String
              userDomain)
                 at Microsoft.Exchange.Security.OAuth.OAuthTokenBuilder.GetAppWithUserToken(String applicationId,
              String destinationHost, String realmFromChallenge, IssuerMetadata[] trustedIssuersFromChallenge, String
              userDomain, ClaimProvider claimProvider)
                 at Microsoft.Exchange.Security.OAuth.OAuthCredentials.GetToken(WebRequest webRequest,
              HttpAuthenticationChallenge challengeObject)
                 at Microsoft.Exchange.Security.OAuth.OAuthCredentials.Authenticate(String challengeString, WebRequest
              webRequest, Boolean preAuthenticate)
                 at Microsoft.Exchange.Security.OAuth.OAuthCredentials.OAuthAuthenticationModule.Authenticate(String
              challenge, WebRequest request, ICredentials credentials)
                 at System.Net.AuthenticationManager.Authenticate(String challenge, WebRequest request, ICredentials
              credentials)
                 at System.Net.AuthenticationState.AttemptAuthenticate(HttpWebRequest httpWebRequest, ICredentials
              authInfo)
                 at System.Net.HttpWebRequest.CheckResubmitForAuth()
                 at System.Net.HttpWebRequest.CheckResubmit(Exception& e, Boolean& disableUpload)
                 at System.Net.HttpWebRequest.DoSubmitRequestProcessing(Exception& exception)
                 at System.Net.HttpWebRequest.ProcessResponse()
                 at System.Net.HttpWebRequest.SetResponse(CoreResponseData coreResponseData)
                 --- End of inner exception stack trace ---
                 at System.Net.HttpWebRequest.GetResponse()
                 at Microsoft.Exchange.Monitoring.TestOAuthConnectivityHelper.SendExchangeOAuthRequest(ADUser user,
              String orgDomain, Uri targetUri, String& diagnosticMessage, Boolean appOnly, Boolean useCachedToken,
              Boolean reloadConfig)

ResultType  : Error
Identity    : Microsoft.Exchange.Security.OAuth.ValidationResultNodeId
IsValid     : True
ObjectState : New