?
Solved

How do you solve autodiscover issues in Exchange 2007?

Posted on 2008-06-15
17
Medium Priority
?
922 Views
Last Modified: 2012-08-14
I have recently been configuring Exchange server 2007. However i am facing a few issues, which all seem to be related to the 'autodiscover' service.. when clients open Outlook 2007 they have a security alert related to 'autodiscover.our-local-domain.co.uk' which says the certificate does name does not match, do you want to continue, click yes/no.. ??

When configuring outlook 2007 in 'offline' mode, users get the error '(0x8004010F) The operation failed: An object cannot be found' which again is related to the OAB...

Test email auto-configuation does not work, yet i've set the internal/external OWA, OAB, webservices in the exchange command shell

I am using IIS 6.0, i have 1 default website, with one certificate pointing to the FQDN of the server, so users on the network can authenticate to (https://apple.romgroup.com/owa) however externally users access OWA via https://apple.romgroup.co.uk/owa, so i get a certificate name error again, i'm hoping this can be solved by purchasing a SAN certificate?
0
Comment
Question by:Mandev23
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 10
  • 6
17 Comments
 
LVL 16

Expert Comment

by:Carol Chisholm
ID: 21789418
You will need a SAN certificate with multiple FQDNs.
http://www.digicert.com/subject-alternative-name.htm
Or you can make your own if you are prepared to have your users trust a private certificate.
0
 

Author Comment

by:Mandev23
ID: 21791474
Ok, i will look into this. I am currently trialing one by Verisign. but how can i solve errors like (0x8004010F) The operation failed: An object cannot be found' (when using outlook in offline mode)  and the autodiscover security alert when outlook 2007 opens? unless i solve the autodiscover issue users will have problems with out-of-hours service as well....

i have also read i need a windows DNS entry for autodiscover.rom.co.uk (rom being our local domain), so i created a new zone and added that in pointing it to the internal IP our Exchange server.... also we would need a public DNS pointing to Exchange servers public IP i would have thought..?
0
 
LVL 16

Expert Comment

by:Carol Chisholm
ID: 21810171
0
The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

 

Author Comment

by:Mandev23
ID: 21811654
I have added the public DNS entry. I think the problem i have is to with public folder replication on server, i cannot replicate the OAB. Can anyone help me diagnose this so i dont get the error (0x8004010F) The operation failed: An object cannot be found'.  
0
 

Author Comment

by:Mandev23
ID: 21830224
hello, does anyone else have a solution on the above please....?
0
 
LVL 16

Expert Comment

by:Carol Chisholm
ID: 21846885
0
 
LVL 16

Expert Comment

by:Carol Chisholm
ID: 21846906
Or else
http://msexchangeteam.com/archive/2007/04/19/437902.aspx

This is a very common and vague error.
0
 
LVL 16

Expert Comment

by:Carol Chisholm
ID: 21846916
0
 
LVL 16

Expert Comment

by:Carol Chisholm
ID: 21846930
0
 
LVL 16

Accepted Solution

by:
Carol Chisholm earned 2000 total points
ID: 21846968
And to get rid of the security message, you have to have a SAN certificate which matches the internal FQDN of the CAS server.
0
 

Author Comment

by:Mandev23
ID: 21849166
Hi carolchi

Thanks for the replies, following your recent reply, is it possible to create an SSL create certificate for two domains? - if so how do you do this?, rather than purchasing a SAN cert, i got active sync working with a PDA with an SSL certificate?
0
 

Author Comment

by:Mandev23
ID: 21849195
My second question is, i believe the reason i am still getting the (0x8004010F) error is becasue public folder replication is not working on the Exchange serve, below is the error i get when i click on update OAB Version2 in the public folder management console, how can i troubleshoot this?

--------------------------------------------------------
Microsoft Exchange Error
--------------------------------------------------------
Action 'Update Content' could not be performed on object 'OAB Version 2'.

OAB Version 2
Failed
Error:
Cannot start content replication against public folder '\NON_IPM_SUBTREE\OFFLINE ADDRESS BOOK\/o=ROM Group Limited/cn=addrlists/cn=oabs/cn=Address book\OAB Version 2' on public folder database 'APPLE\Public Folders\Public Folder Database'.

MapiExceptionNoReplicaAvailable: StartContentReplication failed. (hr=0x80004005, ec=1129)
Diagnostic context:
    Lid: 1494    ---- Remote Context Beg ----
    Lid: 31229   Error: 0x0
    Lid: 21970   StoreEc: 0x8004010F PropTag: 0x66980102
    Lid: 9206    StoreEc: 0x469    
    Lid: 9206    StoreEc: 0x469    
    Lid: 9206    StoreEc: 0x469    
    Lid: 9206    StoreEc: 0x469    
    Lid: 9206    StoreEc: 0x469    
    Lid: 1267    StoreEc: 0x469    
    Lid: 19865   StoreEc: 0x469    
    Lid: 27225   StoreEc: 0x469    
    Lid: 1750    ---- Remote Context End ----
    Lid: 26322   StoreEc: 0x469    




--------------------------------------------------------
OK
--------------------------------------------------------
0
 
LVL 16

Expert Comment

by:Carol Chisholm
ID: 21852928
I'd suggest opening a new question on this, with a more appropriate title. This is not about autodiscover any more. You'll get a better respose  if the question title is accurate.
0
 
LVL 16

Assisted Solution

by:Carol Chisholm
Carol Chisholm earned 2000 total points
ID: 21852947
You can create your own SAN certificate on your own CA.

Use the Digicert wizard to create the command line,
- run the command on your exchange server
- send the output to your own CA to create the certificate
- enable the certificate on your exchange server for all the functions you want

https://www.digicert.com/easy-csr/exchange2007.htm

Here's a useful wiki

http://www.exchangeninjas.com/New-ExchangeCertificate



0
 

Author Comment

by:Mandev23
ID: 21934465
hi

i used the below syntax to create a SAN cert with multiple names, the output being c:\romgroup.req which i believe is not a viewable file, what is the next step in using this cert?

i'm hoping to use it so OWA users both internally/externally can authenticate to the FQDN of the server; apple.romgroup.com and the external address of apple.romgroup.co.uk

New-ExchangeCertificate -DomainName apple.romgroup.com, apple.romgroup.co.uk, autodiscover.rom.co.uk, autodiscover.rom-tech.co.uk, autodiscover.rfa-tech.co.uk, -FriendlyName
 RomGroup -GenerateRequest:$True -Keysize 1024 -path c:\romgroup.req -privatekeyExportable:$true -subjectName "c=uk, o=Rom, CN=apple.romgroup.com"

or if someone can show me how to setup exchange 2007 to use one URL for OWA which is the server name; for both internal and external access, please? -  this would be better...
0

Featured Post

Get MySQL database support online, now!

At Percona’s web store you can order your MySQL database support needs in minutes. No hassles, no fuss, just pick and click. Pay online with a credit card.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As tax season makes its return, so does the increase in cyber crime and tax refund phishing that comes with it
Unified and professional email signatures help maintain a consistent company brand image to the outside world. This article shows how to create an email signature in Exchange Server 2010 using a transport rule and how to overcome native limitations …
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question