Solved

Exchange 2007 - Outlook Anywhere Errors

Posted on 2007-11-14
20
3,047 Views
Last Modified: 2009-12-16
Hello, we are having issues implementing Outlook Anywhere.  I had it working from the outside (clients could pull their email correctly), but we were still having problems with the OAB and certificate errors.  I have resolved the certificate errors when users open Outlook 2007 by changing the internalURIs to match my externalURI (they were pointing at the internal name of the server before).  After this though my external users cant connect to their Outlook Anywhere.  

We purchased a standard SSL certificate for outlook.mydomain.com (no SSL for OWA...I know...).  I imported it into the Default Web Site on the Exchange Server after removing the self-created certificate.  The certificate shows up correctly in the EMS.  I am able to access https://outlook.mydomain.com/autodiscover/autodiscover.xml from the inside as well as the outside and I get the XML text.

I have created a SRV record for autodiscover on our DNS server in the forward lookup zone, and A records for outlook and autodiscover in there as well.  I have setup external A records for outlook and autodiscover (not sure if that was needed for autodiscovery) pointing at our external IP accepting email.  I am waiting for our ISP  to create the external SRV record.

Here are the results of some commands in EMS:

get-ClientAccessServer | fl
---------------------------------------------------------------------------------------
Name                           : mailserver
OutlookAnywhereEnabled         : True
AutoDiscoverServiceCN          : mailserver
AutoDiscoverServiceClassName   : ms-Exchange-AutoDiscover-Service
AutoDiscoverServiceInternalUri : https://outlook.mydomain.com/Autodiscover/Autodiscover.xml
AutoDiscoverServiceGuid        : 77378f46-2c66-4aa9-a6a6-3e7a48b19596
AutoDiscoverSiteScope          : {Default-First-Site-Name}
IsValid                        : True
OriginatingServer              : NP-DEV.mydomain.com
ExchangeVersion                : 0.1 (8.0.535.0)
DistinguishedName              : CN=mailserver,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative
                                  Groups,CN=NPE,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=mydomain,DC=com
Identity                       : mailserver
Guid                           : c6c0931c-c212-4de5-8cfe-655dbd2a5a38
ObjectCategory                 : mydomain.com/Configuration/Schema/ms-Exch-Exchange-Server
ObjectClass                    : {top, server, msExchExchangeServer}
WhenChanged                    : 10/14/2007 1:12:09 AM
WhenCreated                    : 10/13/2007 12:07:10 PM



get-WebServicesVirtualDirectory | fl
---------------------------------------------------------------------------------------
Name                          : EWS (Default Web Site)
InternalAuthenticationMethods : {Basic, Ntlm}
ExternalAuthenticationMethods : {Basic, Ntlm}
BasicAuthentication           : True
DigestAuthentication          : False
WindowsAuthentication         : True
MetabasePath                  : IIS://mailserver.mydomain.com/W3SVC/1/ROOT/EWS
Path                          : C:\Program Files\Microsoft\Exchange Server\ClientAccess\exchweb\EWS
Server                        : mailserver
InternalUrl                   : https://outlook.mydomain.com/EWS/Exchange.asmx
ExternalUrl                   : https://outlook.mydomain.com/EWS/Exchange.asmx
AdminDisplayName              :
ExchangeVersion               : 0.1 (8.0.535.0)
DistinguishedName             : CN=EWS (Default Web Site),CN=HTTP,CN=Protocols,CN=mailserver,CN=Servers,CN=Exchange Administra
                                tive Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=NPE,CN=Microsoft Exchange,CN=Servic
                                es,CN=Configuration,DC=mydomain,DC=com
Identity                      : mailserver\EWS (Default Web Site)
Guid                          : db6b004a-dac7-476c-a3db-9533a7b5dbbb
ObjectCategory                : mydomain.com/Configuration/Schema/ms-Exch-Web-Services-Virtual-Directory
ObjectClass                   : {top, msExchVirtualDirectory, msExchWebServicesVirtualDirectory}
WhenChanged                   : 11/8/2007 3:08:15 PM
WhenCreated                   : 10/13/2007 12:49:51 PM
OriginatingServer             : NP-DEV.mydomain.com
IsValid                       : True


get-OABVirtualDirectory | fl
---------------------------------------------------------------------------------------
Name                          : OAB (Default Web Site)
PollInterval                  : 480
OfflineAddressBooks           : {Default Offline Address List}
RequireSSL                    : True
MetabasePath                  : IIS://mailserver.mydomain.com/W3SVC/1/ROOT/OAB
Path                          : C:\Program Files\Microsoft\Exchange Server\ClientAccess\OAB
Server                        : mailserver
InternalUrl                   : https://outlook.mydomain.com/OAB
InternalAuthenticationMethods : {WindowsIntegrated}
ExternalUrl                   : https://outlook.mydomain.com/OAB
ExternalAuthenticationMethods : {WindowsIntegrated}
AdminDisplayName              :
ExchangeVersion               : 0.1 (8.0.535.0)
DistinguishedName             : CN=OAB (Default Web Site),CN=HTTP,CN=Protocols,CN=mailserver,CN=Servers,CN=Exchange Administra
                                tive Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=NPE,CN=Microsoft Exchange,CN=Servic
                                es,CN=Configuration,DC=mydomain,DC=com
Identity                      : mailserver\OAB (Default Web Site)
Guid                          : e41ed88d-b54c-484d-90b7-831715cd13cb
ObjectCategory                : mydomain.com/Configuration/Schema/ms-Exch-OAB-Virtual-Directory
ObjectClass                   : {top, msExchVirtualDirectory, msExchOABVirtualDirectory}
WhenChanged                   : 11/13/2007 1:44:51 PM
WhenCreated                   : 10/13/2007 12:49:43 PM
OriginatingServer             : NP-DEV.mydomain.com
IsValid                       : True



get-UMVirtualDirectory | fl
---------------------------------------------------------------------------------------
Name                          : UnifiedMessaging (Default Web Site)
InternalAuthenticationMethods : {Basic, Ntlm}
ExternalAuthenticationMethods : {Basic, Ntlm}
BasicAuthentication           : True
DigestAuthentication          : False
WindowsAuthentication         : True
MetabasePath                  : IIS://mailserver.mydomain.com/W3SVC/1/ROOT/UnifiedMessaging
Path                          : C:\Program Files\Microsoft\Exchange Server\UnifiedMessaging\WebService
Server                        : mailserver
InternalUrl                   : https://outlook.mydomain.com/UnifiedMessaging/Service.asmx
ExternalUrl                   : https://outlook.mydomain.com/UnifiedMessaging/Service.asmx
AdminDisplayName              :
ExchangeVersion               : 0.1 (8.0.535.0)
DistinguishedName             : CN=UnifiedMessaging (Default Web Site),CN=HTTP,CN=Protocols,CN=mailserver,CN=Servers,CN=Exchan
                                ge Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=NPE,CN=Microsoft Excha
                                nge,CN=Services,CN=Configuration,DC=mydomain,DC=com
Identity                      : mailserver\UnifiedMessaging (Default Web Site)
Guid                          : 6e4429ff-5b95-40bf-b5b9-e4ba61b60f22
ObjectCategory                : mydomain.com/Configuration/Schema/ms-Exch-UM-Virtual-Directory
ObjectClass                   : {top, msExchVirtualDirectory, msExchUMVirtualDirectory}
WhenChanged                   : 11/8/2007 3:07:57 PM
WhenCreated                   : 10/13/2007 12:49:47 PM
OriginatingServer             : NP-DEV.mydomain.com
IsValid                       : True


Test-OutlookWebServices -identity administrator | ft * -AutoSize -Wrap

  Id        Type Message
  --        ---- -------
1003 Information About to test AutoDiscover with the e-mail address administrator@mydomain.com.
1013       Error When contacting https://outlook.mydomain.com/autodiscover/autodiscover.xml received the error The remote server returned an error: (401) Unauthorized.
1006       Error Failed to contact AutoDiscover

Any suggestions?
0
Comment
Question by:aiscom
  • 10
  • 9
20 Comments
 
LVL 13

Expert Comment

by:consultkhan
ID: 20282470
hi
check this article if it helps you.
http://technet.microsoft.com/en-us/library/6ced71d4-ae0a-4b75-a5c5-30633c676b88.aspx
also see permission consideration link on the same article.
thanks.
0
 

Author Comment

by:aiscom
ID: 20282540
consultkhan: Those settings were already in place.  
0
 
LVL 22

Expert Comment

by:ATIG
ID: 20283604
First thing you need to do is readmy article
http://exchange-genie.blogspot.com/2007/07/autodiscover-ad-attribute.html

you dont need to create an SRV record just a standard A record for autodiscover as well....
0
 

Author Comment

by:aiscom
ID: 20283641
ATIG:  I did read through and others that why I have tried a few different things.  Specifically I can't get past the Test-OutlookWebServices portion.

As far as not needing the SRV record is that for both internal and external?  Would I still need an A record internally and externally?
0
 

Author Comment

by:aiscom
ID: 20289987
FYI - I was wrong about Outloko Anywhere from the outside not working it is.  

Any ideas though why "Test-OutlookWebServices -identity administrator | ft * -AutoSize -Wrap" fails?
0
 
LVL 22

Expert Comment

by:ATIG
ID: 20289995
do you get a 401 error?
0
 
LVL 22

Expert Comment

by:ATIG
ID: 20290000
look at my blog..... I have an article on that as well, its due to a security modifiation in IIS.

0
 

Author Comment

by:aiscom
ID: 20290154
I saw that on your blog earlier and used the registry modification to enter the name of the server and it still fails.  Does it even matter really?

BTW - GREAT blog!
0
 
LVL 22

Expert Comment

by:ATIG
ID: 20290279
your welcome..... if everything is working its not  big deal.....

after the changes did you do an IISrest or reboot?
0
 

Author Comment

by:aiscom
ID: 20290312
Sure did.
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 
LVL 22

Expert Comment

by:ATIG
ID: 20290379
when you do a get-autodiscovervirtualdirectory | fl

you can show the output
0
 

Author Comment

by:aiscom
ID: 20290507
get-autodiscovervirtualdirectory | fl

Name                          : Autodiscover (Default Web Site)
InternalAuthenticationMethods : {Basic, Ntlm}
ExternalAuthenticationMethods : {Basic, Ntlm}
BasicAuthentication           : True
DigestAuthentication          : False
WindowsAuthentication         : True
MetabasePath                  : IIS://mailserver.mydomain.com/W3SVC/1/ROOT/Autodiscover
Path                          : C:\Program Files\Microsoft\Exchange Server\ClientAccess\Autodiscover
Server                        : mailserver
InternalUrl                   :
ExternalUrl                   :
AdminDisplayName              :
ExchangeVersion               : 0.1 (8.0.535.0)
DistinguishedName             : CN=Autodiscover (Default Web Site),CN=HTTP,CN=Protocols,CN=mailserver,CN=Servers,CN=Exchange A
                                dministrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=NPE,CN=Microsoft Exchange,
                                CN=Services,CN=Configuration,DC=mydomain,DC=com
Identity                      : mailserver\Autodiscover (Default Web Site)
Guid                          : 00b43920-c547-46c0-b1f3-28521479d352
ObjectCategory                : mydomain.com/Configuration/Schema/ms-Exch-Auto-Discover-Virtual-Directory
ObjectClass                   : {top, msExchVirtualDirectory, msExchAutoDiscoverVirtualDirectory}
WhenChanged                   : 10/13/2007 12:49:52 PM
WhenCreated                   : 10/13/2007 12:49:45 PM
OriginatingServer             : NP-DEV.mydomain.com
IsValid                       : True
0
 
LVL 22

Expert Comment

by:ATIG
ID: 20290532
add intergrated to both internal exteranal auth
0
 

Author Comment

by:aiscom
ID: 20290694
What is the command for this?  Tried this but it wouldnt take:
set-autodiscovervirtualdirectory -identity "mailserverl\autodiscover (Default Web Site)" -externalAuthenticationMethods integrated
0
 
LVL 22

Expert Comment

by:ATIG
ID: 20290765
your should be set based on the out put so lets do this....

first lets turn it off,
Set-AutodiscoverVirtualDirectory -Identity XXX -windowsAuthentication:$false
Lets reset
Set-AutodiscoverVirtualDirectory -Identity XXX -windowsAuthentication:$true

Then get it again

Mine are SP1 servers but I dont believe they made any changes for the auth in SP1
0
 

Author Comment

by:aiscom
ID: 20290800
After those changes I get the same output as I posted before.
0
 
LVL 22

Expert Comment

by:ATIG
ID: 20290833
hmmmmm..... on my servers 03 and LH with windowintergrated:$true it shows intergrated but again I am running exchange 2007 sp1

I will have to see if I can repro, what build are you running? Have you loaded the roll ups?
0
 

Author Comment

by:aiscom
ID: 20290921
ExchangeVersion               : 0.1 (8.0.535.0)
Version 8.0 Build 685.24 through EMC.
All rollups have been applied.

Should I have to do anything you think?
0
 
LVL 22

Accepted Solution

by:
ATIG earned 500 total points
ID: 20290926
if everything is functional I would not worry to much...
0
 

Author Comment

by:aiscom
ID: 20291037
Then I won't. :)

Thanks alot for your assistance.  Keep the blog going! :)
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Join & Write a Comment

Resolve Outlook connectivity issues after moving mailbox to new Exchange 2016 server
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
The viewer will learn how to create a normally distributed random variable in Excel, use a normal distribution to simulate the return on an investment over a period of years, Create a Monte Carlo simulation using a normal random variable, and calcul…
The viewer will learn how to create two correlated normally distributed random variables in Excel, use a normal distribution to simulate the return on different levels of investment in each of the two funds over a period of ten years, and, create a …

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now