Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 958
  • Last Modified:

Exchange 2007 AutoDiscover

HI

I have set up an exchange server with the following.

Windows Server 2008 Enteprise on a 2003 Server Domain with 2 domain controllers.
Exchange seemed to be working fine until i reinstalled network card drivers to make use of jumbo frames on one nic, and ever since i have been getting asked for a password in outlook 2007. test-outlookwebservices failed with error 1013 and 1006. Outlook anywhere is enabled and i have a valid godaddy ucc certificate for autodiscover.mydomain.com and webmail.mydomain.com.

My internal dns server points clients to webmail.mydomain.com for everything and when testing autodiscover in outlook 2007 everything looks fine. I wned to test get-webservicesvirtualdirectory | fl name,internalurl,externalurl and i get an access is denied error. I am thinking it is something to do with authentication on iis7 to the 2003 domain controllers.

Can anyone offer any advice?
0
dogsnaps
Asked:
dogsnaps
  • 6
  • 6
1 Solution
 
dogsnapsAuthor Commented:
hi all i have managed to fix the test get-webservices error if i was to open ems as administrator. However i still get the error 1013 when testing outlook web services.
0
 
LegendZMPrincipal Security ArchitectCommented:
0
 
dogsnapsAuthor Commented:
hi

i have tried that, and added the registry edit, set the binary to 0xff and still have the error. thanks for the suggestions though.
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
LegendZMPrincipal Security ArchitectCommented:
0
 
dogsnapsAuthor Commented:
hi, i have tried that an still get an error going to https://localhost/autodiscover/autodiscover.xml. when going to local host i get a certificate error but i dont with my fqdn, meaning my certificate is properly loaded. the output is errorcode 600 invalid request.

i am assuming this is not correct? From this i figured that it is more than a loobback issue.
0
 
LegendZMPrincipal Security ArchitectCommented:
I believe the 600 error code is normal when accessing the autodiscover address internally, What happens if you try to use a real outlook 2007 client?
0
 
dogsnapsAuthor Commented:
outlook 2007 works fine when on the domain and i originally had a heap of password issues with connecting over  https (outlook anywhere) but seem to have resolved those, yet i still cannot test-outlookwebservices.
0
 
LegendZMPrincipal Security ArchitectCommented:
What are your authentication settings on IIS7?
0
 
dogsnapsAuthor Commented:
on the default website they are this:
anonymous and windows
on the autodiscover they are:
basic and windows
on the iis server
anonymous and windows.
should i add basic here or not?
0
 
LegendZMPrincipal Security ArchitectCommented:
Try adding basic to default website, also try removing windows,
Try adding anonymous for auto discover
try adding basic to iis server
0
 
LegendZMPrincipal Security ArchitectCommented:
If that doesn't work, try removing / re-adding the CAS role, would probably fix it up
0
 
dogsnapsAuthor Commented:
Thanks for that it worked a treat!
0
 
FrenchWalkerCommented:
I Solved it. You can try disabling ASP.NET Impersonation, Disable Anonymous, Digest and Forms. Enable Windows and Basic ONLY for autodiscover and EWS.

After numerous forums, pulling hair out this definately resolved for us.

We have a Communications CERT, set the internal to local domain ie domain.local, external to public domain ie domain.com.au and all works well.

Good luck.
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

  • 6
  • 6
Tackle projects and never again get stuck behind a technical roadblock.
Join Now