Exchange 2007 - Outlook Anywhere Errors

Hello, we are having issues implementing Outlook Anywhere.  I had it working from the outside (clients could pull their email correctly), but we were still having problems with the OAB and certificate errors.  I have resolved the certificate errors when users open Outlook 2007 by changing the internalURIs to match my externalURI (they were pointing at the internal name of the server before).  After this though my external users cant connect to their Outlook Anywhere.  

We purchased a standard SSL certificate for outlook.mydomain.com (no SSL for OWA...I know...).  I imported it into the Default Web Site on the Exchange Server after removing the self-created certificate.  The certificate shows up correctly in the EMS.  I am able to access https://outlook.mydomain.com/autodiscover/autodiscover.xml from the inside as well as the outside and I get the XML text.

I have created a SRV record for autodiscover on our DNS server in the forward lookup zone, and A records for outlook and autodiscover in there as well.  I have setup external A records for outlook and autodiscover (not sure if that was needed for autodiscovery) pointing at our external IP accepting email.  I am waiting for our ISP  to create the external SRV record.

Here are the results of some commands in EMS:

get-ClientAccessServer | fl
---------------------------------------------------------------------------------------
Name                           : mailserver
OutlookAnywhereEnabled         : True
AutoDiscoverServiceCN          : mailserver
AutoDiscoverServiceClassName   : ms-Exchange-AutoDiscover-Service
AutoDiscoverServiceInternalUri : https://outlook.mydomain.com/Autodiscover/Autodiscover.xml
AutoDiscoverServiceGuid        : 77378f46-2c66-4aa9-a6a6-3e7a48b19596
AutoDiscoverSiteScope          : {Default-First-Site-Name}
IsValid                        : True
OriginatingServer              : NP-DEV.mydomain.com
ExchangeVersion                : 0.1 (8.0.535.0)
DistinguishedName              : CN=mailserver,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative
                                  Groups,CN=NPE,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=mydomain,DC=com
Identity                       : mailserver
Guid                           : c6c0931c-c212-4de5-8cfe-655dbd2a5a38
ObjectCategory                 : mydomain.com/Configuration/Schema/ms-Exch-Exchange-Server
ObjectClass                    : {top, server, msExchExchangeServer}
WhenChanged                    : 10/14/2007 1:12:09 AM
WhenCreated                    : 10/13/2007 12:07:10 PM



get-WebServicesVirtualDirectory | fl
---------------------------------------------------------------------------------------
Name                          : EWS (Default Web Site)
InternalAuthenticationMethods : {Basic, Ntlm}
ExternalAuthenticationMethods : {Basic, Ntlm}
BasicAuthentication           : True
DigestAuthentication          : False
WindowsAuthentication         : True
MetabasePath                  : IIS://mailserver.mydomain.com/W3SVC/1/ROOT/EWS
Path                          : C:\Program Files\Microsoft\Exchange Server\ClientAccess\exchweb\EWS
Server                        : mailserver
InternalUrl                   : https://outlook.mydomain.com/EWS/Exchange.asmx
ExternalUrl                   : https://outlook.mydomain.com/EWS/Exchange.asmx
AdminDisplayName              :
ExchangeVersion               : 0.1 (8.0.535.0)
DistinguishedName             : CN=EWS (Default Web Site),CN=HTTP,CN=Protocols,CN=mailserver,CN=Servers,CN=Exchange Administra
                                tive Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=NPE,CN=Microsoft Exchange,CN=Servic
                                es,CN=Configuration,DC=mydomain,DC=com
Identity                      : mailserver\EWS (Default Web Site)
Guid                          : db6b004a-dac7-476c-a3db-9533a7b5dbbb
ObjectCategory                : mydomain.com/Configuration/Schema/ms-Exch-Web-Services-Virtual-Directory
ObjectClass                   : {top, msExchVirtualDirectory, msExchWebServicesVirtualDirectory}
WhenChanged                   : 11/8/2007 3:08:15 PM
WhenCreated                   : 10/13/2007 12:49:51 PM
OriginatingServer             : NP-DEV.mydomain.com
IsValid                       : True


get-OABVirtualDirectory | fl
---------------------------------------------------------------------------------------
Name                          : OAB (Default Web Site)
PollInterval                  : 480
OfflineAddressBooks           : {Default Offline Address List}
RequireSSL                    : True
MetabasePath                  : IIS://mailserver.mydomain.com/W3SVC/1/ROOT/OAB
Path                          : C:\Program Files\Microsoft\Exchange Server\ClientAccess\OAB
Server                        : mailserver
InternalUrl                   : https://outlook.mydomain.com/OAB
InternalAuthenticationMethods : {WindowsIntegrated}
ExternalUrl                   : https://outlook.mydomain.com/OAB
ExternalAuthenticationMethods : {WindowsIntegrated}
AdminDisplayName              :
ExchangeVersion               : 0.1 (8.0.535.0)
DistinguishedName             : CN=OAB (Default Web Site),CN=HTTP,CN=Protocols,CN=mailserver,CN=Servers,CN=Exchange Administra
                                tive Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=NPE,CN=Microsoft Exchange,CN=Servic
                                es,CN=Configuration,DC=mydomain,DC=com
Identity                      : mailserver\OAB (Default Web Site)
Guid                          : e41ed88d-b54c-484d-90b7-831715cd13cb
ObjectCategory                : mydomain.com/Configuration/Schema/ms-Exch-OAB-Virtual-Directory
ObjectClass                   : {top, msExchVirtualDirectory, msExchOABVirtualDirectory}
WhenChanged                   : 11/13/2007 1:44:51 PM
WhenCreated                   : 10/13/2007 12:49:43 PM
OriginatingServer             : NP-DEV.mydomain.com
IsValid                       : True



get-UMVirtualDirectory | fl
---------------------------------------------------------------------------------------
Name                          : UnifiedMessaging (Default Web Site)
InternalAuthenticationMethods : {Basic, Ntlm}
ExternalAuthenticationMethods : {Basic, Ntlm}
BasicAuthentication           : True
DigestAuthentication          : False
WindowsAuthentication         : True
MetabasePath                  : IIS://mailserver.mydomain.com/W3SVC/1/ROOT/UnifiedMessaging
Path                          : C:\Program Files\Microsoft\Exchange Server\UnifiedMessaging\WebService
Server                        : mailserver
InternalUrl                   : https://outlook.mydomain.com/UnifiedMessaging/Service.asmx
ExternalUrl                   : https://outlook.mydomain.com/UnifiedMessaging/Service.asmx
AdminDisplayName              :
ExchangeVersion               : 0.1 (8.0.535.0)
DistinguishedName             : CN=UnifiedMessaging (Default Web Site),CN=HTTP,CN=Protocols,CN=mailserver,CN=Servers,CN=Exchan
                                ge Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=NPE,CN=Microsoft Excha
                                nge,CN=Services,CN=Configuration,DC=mydomain,DC=com
Identity                      : mailserver\UnifiedMessaging (Default Web Site)
Guid                          : 6e4429ff-5b95-40bf-b5b9-e4ba61b60f22
ObjectCategory                : mydomain.com/Configuration/Schema/ms-Exch-UM-Virtual-Directory
ObjectClass                   : {top, msExchVirtualDirectory, msExchUMVirtualDirectory}
WhenChanged                   : 11/8/2007 3:07:57 PM
WhenCreated                   : 10/13/2007 12:49:47 PM
OriginatingServer             : NP-DEV.mydomain.com
IsValid                       : True


Test-OutlookWebServices -identity administrator | ft * -AutoSize -Wrap

  Id        Type Message
  --        ---- -------
1003 Information About to test AutoDiscover with the e-mail address administrator@mydomain.com.
1013       Error When contacting https://outlook.mydomain.com/autodiscover/autodiscover.xml received the error The remote server returned an error: (401) Unauthorized.
1006       Error Failed to contact AutoDiscover

Any suggestions?
aiscomAsked:
Who is Participating?
 
ATIGCommented:
if everything is functional I would not worry to much...
0
 
consultkhanCommented:
hi
check this article if it helps you.
http://technet.microsoft.com/en-us/library/6ced71d4-ae0a-4b75-a5c5-30633c676b88.aspx
also see permission consideration link on the same article.
thanks.
0
 
aiscomAuthor Commented:
consultkhan: Those settings were already in place.  
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
ATIGCommented:
First thing you need to do is readmy article
http://exchange-genie.blogspot.com/2007/07/autodiscover-ad-attribute.html

you dont need to create an SRV record just a standard A record for autodiscover as well....
0
 
aiscomAuthor Commented:
ATIG:  I did read through and others that why I have tried a few different things.  Specifically I can't get past the Test-OutlookWebServices portion.

As far as not needing the SRV record is that for both internal and external?  Would I still need an A record internally and externally?
0
 
aiscomAuthor Commented:
FYI - I was wrong about Outloko Anywhere from the outside not working it is.  

Any ideas though why "Test-OutlookWebServices -identity administrator | ft * -AutoSize -Wrap" fails?
0
 
ATIGCommented:
do you get a 401 error?
0
 
ATIGCommented:
look at my blog..... I have an article on that as well, its due to a security modifiation in IIS.

0
 
aiscomAuthor Commented:
I saw that on your blog earlier and used the registry modification to enter the name of the server and it still fails.  Does it even matter really?

BTW - GREAT blog!
0
 
ATIGCommented:
your welcome..... if everything is working its not  big deal.....

after the changes did you do an IISrest or reboot?
0
 
aiscomAuthor Commented:
Sure did.
0
 
ATIGCommented:
when you do a get-autodiscovervirtualdirectory | fl

you can show the output
0
 
aiscomAuthor Commented:
get-autodiscovervirtualdirectory | fl

Name                          : Autodiscover (Default Web Site)
InternalAuthenticationMethods : {Basic, Ntlm}
ExternalAuthenticationMethods : {Basic, Ntlm}
BasicAuthentication           : True
DigestAuthentication          : False
WindowsAuthentication         : True
MetabasePath                  : IIS://mailserver.mydomain.com/W3SVC/1/ROOT/Autodiscover
Path                          : C:\Program Files\Microsoft\Exchange Server\ClientAccess\Autodiscover
Server                        : mailserver
InternalUrl                   :
ExternalUrl                   :
AdminDisplayName              :
ExchangeVersion               : 0.1 (8.0.535.0)
DistinguishedName             : CN=Autodiscover (Default Web Site),CN=HTTP,CN=Protocols,CN=mailserver,CN=Servers,CN=Exchange A
                                dministrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=NPE,CN=Microsoft Exchange,
                                CN=Services,CN=Configuration,DC=mydomain,DC=com
Identity                      : mailserver\Autodiscover (Default Web Site)
Guid                          : 00b43920-c547-46c0-b1f3-28521479d352
ObjectCategory                : mydomain.com/Configuration/Schema/ms-Exch-Auto-Discover-Virtual-Directory
ObjectClass                   : {top, msExchVirtualDirectory, msExchAutoDiscoverVirtualDirectory}
WhenChanged                   : 10/13/2007 12:49:52 PM
WhenCreated                   : 10/13/2007 12:49:45 PM
OriginatingServer             : NP-DEV.mydomain.com
IsValid                       : True
0
 
ATIGCommented:
add intergrated to both internal exteranal auth
0
 
aiscomAuthor Commented:
What is the command for this?  Tried this but it wouldnt take:
set-autodiscovervirtualdirectory -identity "mailserverl\autodiscover (Default Web Site)" -externalAuthenticationMethods integrated
0
 
ATIGCommented:
your should be set based on the out put so lets do this....

first lets turn it off,
Set-AutodiscoverVirtualDirectory -Identity XXX -windowsAuthentication:$false
Lets reset
Set-AutodiscoverVirtualDirectory -Identity XXX -windowsAuthentication:$true

Then get it again

Mine are SP1 servers but I dont believe they made any changes for the auth in SP1
0
 
aiscomAuthor Commented:
After those changes I get the same output as I posted before.
0
 
ATIGCommented:
hmmmmm..... on my servers 03 and LH with windowintergrated:$true it shows intergrated but again I am running exchange 2007 sp1

I will have to see if I can repro, what build are you running? Have you loaded the roll ups?
0
 
aiscomAuthor Commented:
ExchangeVersion               : 0.1 (8.0.535.0)
Version 8.0 Build 685.24 through EMC.
All rollups have been applied.

Should I have to do anything you think?
0
 
aiscomAuthor Commented:
Then I won't. :)

Thanks alot for your assistance.  Keep the blog going! :)
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.