I am attempting to help get impersonation setup within Exchange 2007 SP1 at a cloud service provider in order to use this with EWS.
The impersonation attempt is failing with the response code ErrorImpersonationFailed and message Impersonation failed.
The service provider has performed the configuration requirements outlined within the http://msdn.microsoft.com/en-us/library/bb204095(v=exchg.80).aspx article inorder to:
(1) give the impersonator account permission to perform impersonation on the CAS servers;
(2) give the impersonator account permission to impersonate individual user accounts;
(3) ensured that the impersonator account is not a member of any admin groups;
(4) added the user accounts to the Windows Authorization Access Group.
The service provider has also done the following:
(1) give the impersonator account permission to perform impersonation on the mailbox server;
(2) added the Exchange servers to the Windows Authorization Access Group;
(3) confirmed the impersonation call is using the primary SMTP address of the accounts;
(4) confirmed they do not use a cross-forest configuration;
(5) confirmed they do not use a Windows 2000 DC
Finally I've asked the provider to check the logs on the CAS servers but there were no entries relating to the failed impersonation attempt.
Could anyone advise of any other checks that I could perform to diagnose the reason for the impersonation failure?