We are using re-writing to provide external access to OWA (2010) and most things work. The problem we have is when users try to changing their OWA settings it fails with a message "The server method "SetObject" failed.". Doing some digging using Fiddler I found an exception reply from the exchange server saying "Invalid Canary". Researching this it is a security mechanism used to help prevent cross-site request forgery attacks. Anyone else had this issue and found a solution?
6.5R4.1 (build 15977)
Did it work in OWA 2007?
Can it be duplicated on-demand?
Based on what you said, does enabling either one of the following have a positive impact?
1) Users>Resource Policies>Web>Selective Rewriting>Custom Headers
2) Users>Resource Policies>Web>Selective Rewriting>Cross-Domain access
If not, please collect the logs outlined here and create a case with JTAC.
Thanks for the suggestion. Custom Headers partially fixed the problem. Now "SetObject" works and it is possible to change most settings. The only outstanding issue is changing the Out Of Office setting. This fails because for some reason a huge amount of text is posted into the Out of Office message field. Further investigation shows the text is a combination of the parts of /dana-cached/js/shimdata.cgi file and the /dana-cached/js/ie.js file.
I have created the logs files as suggested and opened a JTAC case (2010-1015-0150)
Glad to hear it helped some; sorry it didn't fix th whole issue.
Good luck with the case; thank you for collecting all the needed information.
Just as an update JTAC has confirmed the Out of Office issue is a known bug fixed in 7.0R1