After installing CU 22 for Exchange 2013 Standard, our third-party Symantec Mail Security product can no longer carry out antivirus scans. That product is installed directly on the server. The vendor examined the server, and observed that when
https://mail.customername.com/ews/exchange.asmx is accessed from a web browser on the Exchange server, the browser prompts for credentials to authenticate over and over, even when valid credentials are specified (we tried 2 different usernames/passwords).
Eventually, a blank page loads.
If that same URL is accessed from a browser on another computer on the network, the authentication succeeds and the default "Service--You have created a service. To test this service [...]" landing page loads. Again, we used two different sets
of valid credentials to confirm.
Checked the EWS virtual directory, it's https://mail.customername.com/ews/exchange.asmx for both internalURL and externalURL, as it should be.
Back on the server, the vendor had us configure their product to use https://servername.local/ews/exchange.asmx instead of https://mail.customername.com/ews/exchange.asmx, and Symantec started working again. Sure enough, if you browse to https://servername.local/ews/exchange.asmx on the server, and authenticate when prompted, you get right through to the test page. Using the other URL still fails.
Here's why I'm pointing to CU 22 as the possible culprit: we restored a month-old backup of this Exchange server, running CU 20, and browsing to https://mail.customername.com/ews/exchange.asmx and authenticating lets us right in to the landing page, no problem.
It's probably obvious since we do manage to get prompted for credentials, but I should note that the server with CU22 is able to resolve the URL that doesn't work in DNS, so it's not a DNS issue.
Exchange 2013 CUs can't be rolled back--what should I do to correct this? Symantec characterized their solution as a 'workaround', and said we should investigate whether something went wrong with the CU.
Thanks!