How do you solve autodiscover issues in Exchange 2007?

I have recently been configuring Exchange server 2007. However i am facing a few issues, which all seem to be related to the 'autodiscover' service.. when clients open Outlook 2007 they have a security alert related to 'autodiscover.our-local-domain.co.uk' which says the certificate does name does not match, do you want to continue, click yes/no.. ??

When configuring outlook 2007 in 'offline' mode, users get the error '(0x8004010F) The operation failed: An object cannot be found' which again is related to the OAB...

Test email auto-configuation does not work, yet i've set the internal/external OWA, OAB, webservices in the exchange command shell

I am using IIS 6.0, i have 1 default website, with one certificate pointing to the FQDN of the server, so users on the network can authenticate to (https://apple.romgroup.com/owa) however externally users access OWA via https://apple.romgroup.co.uk/owa, so i get a certificate name error again, i'm hoping this can be solved by purchasing a SAN certificate?
Mandev23Asked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
Carol ChisholmConnect With a Mentor Commented:
And to get rid of the security message, you have to have a SAN certificate which matches the internal FQDN of the CAS server.
0
 
Carol ChisholmCommented:
You will need a SAN certificate with multiple FQDNs.
http://www.digicert.com/subject-alternative-name.htm
Or you can make your own if you are prepared to have your users trust a private certificate.
0
 
Mandev23Author Commented:
Ok, i will look into this. I am currently trialing one by Verisign. but how can i solve errors like (0x8004010F) The operation failed: An object cannot be found' (when using outlook in offline mode)  and the autodiscover security alert when outlook 2007 opens? unless i solve the autodiscover issue users will have problems with out-of-hours service as well....

i have also read i need a windows DNS entry for autodiscover.rom.co.uk (rom being our local domain), so i created a new zone and added that in pointing it to the internal IP our Exchange server.... also we would need a public DNS pointing to Exchange servers public IP i would have thought..?
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
Carol ChisholmCommented:
0
 
Mandev23Author Commented:
I have added the public DNS entry. I think the problem i have is to with public folder replication on server, i cannot replicate the OAB. Can anyone help me diagnose this so i dont get the error (0x8004010F) The operation failed: An object cannot be found'.  
0
 
Mandev23Author Commented:
hello, does anyone else have a solution on the above please....?
0
 
Carol ChisholmCommented:
0
 
Carol ChisholmCommented:
Or else
http://msexchangeteam.com/archive/2007/04/19/437902.aspx

This is a very common and vague error.
0
 
Carol ChisholmCommented:
0
 
Mandev23Author Commented:
Hi carolchi

Thanks for the replies, following your recent reply, is it possible to create an SSL create certificate for two domains? - if so how do you do this?, rather than purchasing a SAN cert, i got active sync working with a PDA with an SSL certificate?
0
 
Mandev23Author Commented:
My second question is, i believe the reason i am still getting the (0x8004010F) error is becasue public folder replication is not working on the Exchange serve, below is the error i get when i click on update OAB Version2 in the public folder management console, how can i troubleshoot this?

--------------------------------------------------------
Microsoft Exchange Error
--------------------------------------------------------
Action 'Update Content' could not be performed on object 'OAB Version 2'.

OAB Version 2
Failed
Error:
Cannot start content replication against public folder '\NON_IPM_SUBTREE\OFFLINE ADDRESS BOOK\/o=ROM Group Limited/cn=addrlists/cn=oabs/cn=Address book\OAB Version 2' on public folder database 'APPLE\Public Folders\Public Folder Database'.

MapiExceptionNoReplicaAvailable: StartContentReplication failed. (hr=0x80004005, ec=1129)
Diagnostic context:
    Lid: 1494    ---- Remote Context Beg ----
    Lid: 31229   Error: 0x0
    Lid: 21970   StoreEc: 0x8004010F PropTag: 0x66980102
    Lid: 9206    StoreEc: 0x469    
    Lid: 9206    StoreEc: 0x469    
    Lid: 9206    StoreEc: 0x469    
    Lid: 9206    StoreEc: 0x469    
    Lid: 9206    StoreEc: 0x469    
    Lid: 1267    StoreEc: 0x469    
    Lid: 19865   StoreEc: 0x469    
    Lid: 27225   StoreEc: 0x469    
    Lid: 1750    ---- Remote Context End ----
    Lid: 26322   StoreEc: 0x469    




--------------------------------------------------------
OK
--------------------------------------------------------
0
 
Carol ChisholmCommented:
I'd suggest opening a new question on this, with a more appropriate title. This is not about autodiscover any more. You'll get a better respose  if the question title is accurate.
0
 
Carol ChisholmConnect With a Mentor Commented:
You can create your own SAN certificate on your own CA.

Use the Digicert wizard to create the command line,
- run the command on your exchange server
- send the output to your own CA to create the certificate
- enable the certificate on your exchange server for all the functions you want

https://www.digicert.com/easy-csr/exchange2007.htm

Here's a useful wiki

http://www.exchangeninjas.com/New-ExchangeCertificate



0
 
Mandev23Author Commented:
hi

i used the below syntax to create a SAN cert with multiple names, the output being c:\romgroup.req which i believe is not a viewable file, what is the next step in using this cert?

i'm hoping to use it so OWA users both internally/externally can authenticate to the FQDN of the server; apple.romgroup.com and the external address of apple.romgroup.co.uk

New-ExchangeCertificate -DomainName apple.romgroup.com, apple.romgroup.co.uk, autodiscover.rom.co.uk, autodiscover.rom-tech.co.uk, autodiscover.rfa-tech.co.uk, -FriendlyName
 RomGroup -GenerateRequest:$True -Keysize 1024 -path c:\romgroup.req -privatekeyExportable:$true -subjectName "c=uk, o=Rom, CN=apple.romgroup.com"

or if someone can show me how to setup exchange 2007 to use one URL for OWA which is the server name; for both internal and external access, please? -  this would be better...
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.