Solved

How do you solve autodiscover issues in Exchange 2007?

Posted on 2008-06-15
17
910 Views
Last Modified: 2012-08-14
I have recently been configuring Exchange server 2007. However i am facing a few issues, which all seem to be related to the 'autodiscover' service.. when clients open Outlook 2007 they have a security alert related to 'autodiscover.our-local-domain.co.uk' which says the certificate does name does not match, do you want to continue, click yes/no.. ??

When configuring outlook 2007 in 'offline' mode, users get the error '(0x8004010F) The operation failed: An object cannot be found' which again is related to the OAB...

Test email auto-configuation does not work, yet i've set the internal/external OWA, OAB, webservices in the exchange command shell

I am using IIS 6.0, i have 1 default website, with one certificate pointing to the FQDN of the server, so users on the network can authenticate to (https://apple.romgroup.com/owa) however externally users access OWA via https://apple.romgroup.co.uk/owa, so i get a certificate name error again, i'm hoping this can be solved by purchasing a SAN certificate?
0
Comment
Question by:Mandev23
  • 10
  • 6
17 Comments
 
LVL 16

Expert Comment

by:Carol Chisholm
ID: 21789418
You will need a SAN certificate with multiple FQDNs.
http://www.digicert.com/subject-alternative-name.htm
Or you can make your own if you are prepared to have your users trust a private certificate.
0
 

Author Comment

by:Mandev23
ID: 21791474
Ok, i will look into this. I am currently trialing one by Verisign. but how can i solve errors like (0x8004010F) The operation failed: An object cannot be found' (when using outlook in offline mode)  and the autodiscover security alert when outlook 2007 opens? unless i solve the autodiscover issue users will have problems with out-of-hours service as well....

i have also read i need a windows DNS entry for autodiscover.rom.co.uk (rom being our local domain), so i created a new zone and added that in pointing it to the internal IP our Exchange server.... also we would need a public DNS pointing to Exchange servers public IP i would have thought..?
0
 
LVL 16

Expert Comment

by:Carol Chisholm
ID: 21810171
0
 

Author Comment

by:Mandev23
ID: 21811654
I have added the public DNS entry. I think the problem i have is to with public folder replication on server, i cannot replicate the OAB. Can anyone help me diagnose this so i dont get the error (0x8004010F) The operation failed: An object cannot be found'.  
0
 

Author Comment

by:Mandev23
ID: 21830224
hello, does anyone else have a solution on the above please....?
0
 
LVL 16

Expert Comment

by:Carol Chisholm
ID: 21846869
0
 
LVL 16

Expert Comment

by:Carol Chisholm
ID: 21846885
0
 
LVL 16

Expert Comment

by:Carol Chisholm
ID: 21846906
Or else
http://msexchangeteam.com/archive/2007/04/19/437902.aspx

This is a very common and vague error.
0
Do email signature updates give you a headache?

Do you spend too much time managing email signatures? Hate visiting every user’s desk to make updates? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Well, let Exclaimer give your company the email signature it deserves!

 
LVL 16

Expert Comment

by:Carol Chisholm
ID: 21846916
0
 
LVL 16

Expert Comment

by:Carol Chisholm
ID: 21846930
0
 
LVL 16

Accepted Solution

by:
Carol Chisholm earned 500 total points
ID: 21846968
And to get rid of the security message, you have to have a SAN certificate which matches the internal FQDN of the CAS server.
0
 

Author Comment

by:Mandev23
ID: 21849166
Hi carolchi

Thanks for the replies, following your recent reply, is it possible to create an SSL create certificate for two domains? - if so how do you do this?, rather than purchasing a SAN cert, i got active sync working with a PDA with an SSL certificate?
0
 

Author Comment

by:Mandev23
ID: 21849195
My second question is, i believe the reason i am still getting the (0x8004010F) error is becasue public folder replication is not working on the Exchange serve, below is the error i get when i click on update OAB Version2 in the public folder management console, how can i troubleshoot this?

--------------------------------------------------------
Microsoft Exchange Error
--------------------------------------------------------
Action 'Update Content' could not be performed on object 'OAB Version 2'.

OAB Version 2
Failed
Error:
Cannot start content replication against public folder '\NON_IPM_SUBTREE\OFFLINE ADDRESS BOOK\/o=ROM Group Limited/cn=addrlists/cn=oabs/cn=Address book\OAB Version 2' on public folder database 'APPLE\Public Folders\Public Folder Database'.

MapiExceptionNoReplicaAvailable: StartContentReplication failed. (hr=0x80004005, ec=1129)
Diagnostic context:
    Lid: 1494    ---- Remote Context Beg ----
    Lid: 31229   Error: 0x0
    Lid: 21970   StoreEc: 0x8004010F PropTag: 0x66980102
    Lid: 9206    StoreEc: 0x469    
    Lid: 9206    StoreEc: 0x469    
    Lid: 9206    StoreEc: 0x469    
    Lid: 9206    StoreEc: 0x469    
    Lid: 9206    StoreEc: 0x469    
    Lid: 1267    StoreEc: 0x469    
    Lid: 19865   StoreEc: 0x469    
    Lid: 27225   StoreEc: 0x469    
    Lid: 1750    ---- Remote Context End ----
    Lid: 26322   StoreEc: 0x469    




--------------------------------------------------------
OK
--------------------------------------------------------
0
 
LVL 16

Expert Comment

by:Carol Chisholm
ID: 21852928
I'd suggest opening a new question on this, with a more appropriate title. This is not about autodiscover any more. You'll get a better respose  if the question title is accurate.
0
 
LVL 16

Assisted Solution

by:Carol Chisholm
Carol Chisholm earned 500 total points
ID: 21852947
You can create your own SAN certificate on your own CA.

Use the Digicert wizard to create the command line,
- run the command on your exchange server
- send the output to your own CA to create the certificate
- enable the certificate on your exchange server for all the functions you want

https://www.digicert.com/easy-csr/exchange2007.htm

Here's a useful wiki

http://www.exchangeninjas.com/New-ExchangeCertificate



0
 

Author Comment

by:Mandev23
ID: 21934465
hi

i used the below syntax to create a SAN cert with multiple names, the output being c:\romgroup.req which i believe is not a viewable file, what is the next step in using this cert?

i'm hoping to use it so OWA users both internally/externally can authenticate to the FQDN of the server; apple.romgroup.com and the external address of apple.romgroup.co.uk

New-ExchangeCertificate -DomainName apple.romgroup.com, apple.romgroup.co.uk, autodiscover.rom.co.uk, autodiscover.rom-tech.co.uk, autodiscover.rfa-tech.co.uk, -FriendlyName
 RomGroup -GenerateRequest:$True -Keysize 1024 -path c:\romgroup.req -privatekeyExportable:$true -subjectName "c=uk, o=Rom, CN=apple.romgroup.com"

or if someone can show me how to setup exchange 2007 to use one URL for OWA which is the server name; for both internal and external access, please? -  this would be better...
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Local Continuous Replication is a cost effective and quick way of backing up Exchange server data. The following article describes the steps required to configure Local Continuous Replication. Also, the article tells you how to restore from a backup…
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now