Solved

Exchange 2007 - Outlook Anywhere Errors

Posted on 2007-11-14
20
3,048 Views
Last Modified: 2009-12-16
Hello, we are having issues implementing Outlook Anywhere.  I had it working from the outside (clients could pull their email correctly), but we were still having problems with the OAB and certificate errors.  I have resolved the certificate errors when users open Outlook 2007 by changing the internalURIs to match my externalURI (they were pointing at the internal name of the server before).  After this though my external users cant connect to their Outlook Anywhere.  

We purchased a standard SSL certificate for outlook.mydomain.com (no SSL for OWA...I know...).  I imported it into the Default Web Site on the Exchange Server after removing the self-created certificate.  The certificate shows up correctly in the EMS.  I am able to access https://outlook.mydomain.com/autodiscover/autodiscover.xml from the inside as well as the outside and I get the XML text.

I have created a SRV record for autodiscover on our DNS server in the forward lookup zone, and A records for outlook and autodiscover in there as well.  I have setup external A records for outlook and autodiscover (not sure if that was needed for autodiscovery) pointing at our external IP accepting email.  I am waiting for our ISP  to create the external SRV record.

Here are the results of some commands in EMS:

get-ClientAccessServer | fl
---------------------------------------------------------------------------------------
Name                           : mailserver
OutlookAnywhereEnabled         : True
AutoDiscoverServiceCN          : mailserver
AutoDiscoverServiceClassName   : ms-Exchange-AutoDiscover-Service
AutoDiscoverServiceInternalUri : https://outlook.mydomain.com/Autodiscover/Autodiscover.xml
AutoDiscoverServiceGuid        : 77378f46-2c66-4aa9-a6a6-3e7a48b19596
AutoDiscoverSiteScope          : {Default-First-Site-Name}
IsValid                        : True
OriginatingServer              : NP-DEV.mydomain.com
ExchangeVersion                : 0.1 (8.0.535.0)
DistinguishedName              : CN=mailserver,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative
                                  Groups,CN=NPE,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=mydomain,DC=com
Identity                       : mailserver
Guid                           : c6c0931c-c212-4de5-8cfe-655dbd2a5a38
ObjectCategory                 : mydomain.com/Configuration/Schema/ms-Exch-Exchange-Server
ObjectClass                    : {top, server, msExchExchangeServer}
WhenChanged                    : 10/14/2007 1:12:09 AM
WhenCreated                    : 10/13/2007 12:07:10 PM



get-WebServicesVirtualDirectory | fl
---------------------------------------------------------------------------------------
Name                          : EWS (Default Web Site)
InternalAuthenticationMethods : {Basic, Ntlm}
ExternalAuthenticationMethods : {Basic, Ntlm}
BasicAuthentication           : True
DigestAuthentication          : False
WindowsAuthentication         : True
MetabasePath                  : IIS://mailserver.mydomain.com/W3SVC/1/ROOT/EWS
Path                          : C:\Program Files\Microsoft\Exchange Server\ClientAccess\exchweb\EWS
Server                        : mailserver
InternalUrl                   : https://outlook.mydomain.com/EWS/Exchange.asmx
ExternalUrl                   : https://outlook.mydomain.com/EWS/Exchange.asmx
AdminDisplayName              :
ExchangeVersion               : 0.1 (8.0.535.0)
DistinguishedName             : CN=EWS (Default Web Site),CN=HTTP,CN=Protocols,CN=mailserver,CN=Servers,CN=Exchange Administra
                                tive Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=NPE,CN=Microsoft Exchange,CN=Servic
                                es,CN=Configuration,DC=mydomain,DC=com
Identity                      : mailserver\EWS (Default Web Site)
Guid                          : db6b004a-dac7-476c-a3db-9533a7b5dbbb
ObjectCategory                : mydomain.com/Configuration/Schema/ms-Exch-Web-Services-Virtual-Directory
ObjectClass                   : {top, msExchVirtualDirectory, msExchWebServicesVirtualDirectory}
WhenChanged                   : 11/8/2007 3:08:15 PM
WhenCreated                   : 10/13/2007 12:49:51 PM
OriginatingServer             : NP-DEV.mydomain.com
IsValid                       : True


get-OABVirtualDirectory | fl
---------------------------------------------------------------------------------------
Name                          : OAB (Default Web Site)
PollInterval                  : 480
OfflineAddressBooks           : {Default Offline Address List}
RequireSSL                    : True
MetabasePath                  : IIS://mailserver.mydomain.com/W3SVC/1/ROOT/OAB
Path                          : C:\Program Files\Microsoft\Exchange Server\ClientAccess\OAB
Server                        : mailserver
InternalUrl                   : https://outlook.mydomain.com/OAB
InternalAuthenticationMethods : {WindowsIntegrated}
ExternalUrl                   : https://outlook.mydomain.com/OAB
ExternalAuthenticationMethods : {WindowsIntegrated}
AdminDisplayName              :
ExchangeVersion               : 0.1 (8.0.535.0)
DistinguishedName             : CN=OAB (Default Web Site),CN=HTTP,CN=Protocols,CN=mailserver,CN=Servers,CN=Exchange Administra
                                tive Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=NPE,CN=Microsoft Exchange,CN=Servic
                                es,CN=Configuration,DC=mydomain,DC=com
Identity                      : mailserver\OAB (Default Web Site)
Guid                          : e41ed88d-b54c-484d-90b7-831715cd13cb
ObjectCategory                : mydomain.com/Configuration/Schema/ms-Exch-OAB-Virtual-Directory
ObjectClass                   : {top, msExchVirtualDirectory, msExchOABVirtualDirectory}
WhenChanged                   : 11/13/2007 1:44:51 PM
WhenCreated                   : 10/13/2007 12:49:43 PM
OriginatingServer             : NP-DEV.mydomain.com
IsValid                       : True



get-UMVirtualDirectory | fl
---------------------------------------------------------------------------------------
Name                          : UnifiedMessaging (Default Web Site)
InternalAuthenticationMethods : {Basic, Ntlm}
ExternalAuthenticationMethods : {Basic, Ntlm}
BasicAuthentication           : True
DigestAuthentication          : False
WindowsAuthentication         : True
MetabasePath                  : IIS://mailserver.mydomain.com/W3SVC/1/ROOT/UnifiedMessaging
Path                          : C:\Program Files\Microsoft\Exchange Server\UnifiedMessaging\WebService
Server                        : mailserver
InternalUrl                   : https://outlook.mydomain.com/UnifiedMessaging/Service.asmx
ExternalUrl                   : https://outlook.mydomain.com/UnifiedMessaging/Service.asmx
AdminDisplayName              :
ExchangeVersion               : 0.1 (8.0.535.0)
DistinguishedName             : CN=UnifiedMessaging (Default Web Site),CN=HTTP,CN=Protocols,CN=mailserver,CN=Servers,CN=Exchan
                                ge Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=NPE,CN=Microsoft Excha
                                nge,CN=Services,CN=Configuration,DC=mydomain,DC=com
Identity                      : mailserver\UnifiedMessaging (Default Web Site)
Guid                          : 6e4429ff-5b95-40bf-b5b9-e4ba61b60f22
ObjectCategory                : mydomain.com/Configuration/Schema/ms-Exch-UM-Virtual-Directory
ObjectClass                   : {top, msExchVirtualDirectory, msExchUMVirtualDirectory}
WhenChanged                   : 11/8/2007 3:07:57 PM
WhenCreated                   : 10/13/2007 12:49:47 PM
OriginatingServer             : NP-DEV.mydomain.com
IsValid                       : True


Test-OutlookWebServices -identity administrator | ft * -AutoSize -Wrap

  Id        Type Message
  --        ---- -------
1003 Information About to test AutoDiscover with the e-mail address administrator@mydomain.com.
1013       Error When contacting https://outlook.mydomain.com/autodiscover/autodiscover.xml received the error The remote server returned an error: (401) Unauthorized.
1006       Error Failed to contact AutoDiscover

Any suggestions?
0
Comment
Question by:aiscom
  • 10
  • 9
20 Comments
 
LVL 13

Expert Comment

by:consultkhan
ID: 20282470
hi
check this article if it helps you.
http://technet.microsoft.com/en-us/library/6ced71d4-ae0a-4b75-a5c5-30633c676b88.aspx
also see permission consideration link on the same article.
thanks.
0
 

Author Comment

by:aiscom
ID: 20282540
consultkhan: Those settings were already in place.  
0
 
LVL 22

Expert Comment

by:ATIG
ID: 20283604
First thing you need to do is readmy article
http://exchange-genie.blogspot.com/2007/07/autodiscover-ad-attribute.html

you dont need to create an SRV record just a standard A record for autodiscover as well....
0
 

Author Comment

by:aiscom
ID: 20283641
ATIG:  I did read through and others that why I have tried a few different things.  Specifically I can't get past the Test-OutlookWebServices portion.

As far as not needing the SRV record is that for both internal and external?  Would I still need an A record internally and externally?
0
 

Author Comment

by:aiscom
ID: 20289987
FYI - I was wrong about Outloko Anywhere from the outside not working it is.  

Any ideas though why "Test-OutlookWebServices -identity administrator | ft * -AutoSize -Wrap" fails?
0
 
LVL 22

Expert Comment

by:ATIG
ID: 20289995
do you get a 401 error?
0
 
LVL 22

Expert Comment

by:ATIG
ID: 20290000
look at my blog..... I have an article on that as well, its due to a security modifiation in IIS.

0
 

Author Comment

by:aiscom
ID: 20290154
I saw that on your blog earlier and used the registry modification to enter the name of the server and it still fails.  Does it even matter really?

BTW - GREAT blog!
0
 
LVL 22

Expert Comment

by:ATIG
ID: 20290279
your welcome..... if everything is working its not  big deal.....

after the changes did you do an IISrest or reboot?
0
 

Author Comment

by:aiscom
ID: 20290312
Sure did.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 22

Expert Comment

by:ATIG
ID: 20290379
when you do a get-autodiscovervirtualdirectory | fl

you can show the output
0
 

Author Comment

by:aiscom
ID: 20290507
get-autodiscovervirtualdirectory | fl

Name                          : Autodiscover (Default Web Site)
InternalAuthenticationMethods : {Basic, Ntlm}
ExternalAuthenticationMethods : {Basic, Ntlm}
BasicAuthentication           : True
DigestAuthentication          : False
WindowsAuthentication         : True
MetabasePath                  : IIS://mailserver.mydomain.com/W3SVC/1/ROOT/Autodiscover
Path                          : C:\Program Files\Microsoft\Exchange Server\ClientAccess\Autodiscover
Server                        : mailserver
InternalUrl                   :
ExternalUrl                   :
AdminDisplayName              :
ExchangeVersion               : 0.1 (8.0.535.0)
DistinguishedName             : CN=Autodiscover (Default Web Site),CN=HTTP,CN=Protocols,CN=mailserver,CN=Servers,CN=Exchange A
                                dministrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=NPE,CN=Microsoft Exchange,
                                CN=Services,CN=Configuration,DC=mydomain,DC=com
Identity                      : mailserver\Autodiscover (Default Web Site)
Guid                          : 00b43920-c547-46c0-b1f3-28521479d352
ObjectCategory                : mydomain.com/Configuration/Schema/ms-Exch-Auto-Discover-Virtual-Directory
ObjectClass                   : {top, msExchVirtualDirectory, msExchAutoDiscoverVirtualDirectory}
WhenChanged                   : 10/13/2007 12:49:52 PM
WhenCreated                   : 10/13/2007 12:49:45 PM
OriginatingServer             : NP-DEV.mydomain.com
IsValid                       : True
0
 
LVL 22

Expert Comment

by:ATIG
ID: 20290532
add intergrated to both internal exteranal auth
0
 

Author Comment

by:aiscom
ID: 20290694
What is the command for this?  Tried this but it wouldnt take:
set-autodiscovervirtualdirectory -identity "mailserverl\autodiscover (Default Web Site)" -externalAuthenticationMethods integrated
0
 
LVL 22

Expert Comment

by:ATIG
ID: 20290765
your should be set based on the out put so lets do this....

first lets turn it off,
Set-AutodiscoverVirtualDirectory -Identity XXX -windowsAuthentication:$false
Lets reset
Set-AutodiscoverVirtualDirectory -Identity XXX -windowsAuthentication:$true

Then get it again

Mine are SP1 servers but I dont believe they made any changes for the auth in SP1
0
 

Author Comment

by:aiscom
ID: 20290800
After those changes I get the same output as I posted before.
0
 
LVL 22

Expert Comment

by:ATIG
ID: 20290833
hmmmmm..... on my servers 03 and LH with windowintergrated:$true it shows intergrated but again I am running exchange 2007 sp1

I will have to see if I can repro, what build are you running? Have you loaded the roll ups?
0
 

Author Comment

by:aiscom
ID: 20290921
ExchangeVersion               : 0.1 (8.0.535.0)
Version 8.0 Build 685.24 through EMC.
All rollups have been applied.

Should I have to do anything you think?
0
 
LVL 22

Accepted Solution

by:
ATIG earned 500 total points
ID: 20290926
if everything is functional I would not worry to much...
0
 

Author Comment

by:aiscom
ID: 20291037
Then I won't. :)

Thanks alot for your assistance.  Keep the blog going! :)
0

Featured Post

Will my email signature work in Office 365?

You've built an email signature using raw HTML code in Office 365, but you can't review how it looks with Transport Rules. So you have to test it over and over again before it can be used. Isn't this a bit of a waste of your time? Wouldn't a WYSIWYG editor make it a lot easier?

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
The viewer will learn how to simulate a series of sales calls dependent on a single skill level and learn how to simulate a series of sales calls dependent on two skill levels. Simulating Independent Sales Calls: Enter .75 into cell C2 – “skill leve…
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

24 Experts available now in Live!

Get 1:1 Help Now