• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 928
  • Last Modified:

How do you solve autodiscover issues in Exchange 2007?

I have recently been configuring Exchange server 2007. However i am facing a few issues, which all seem to be related to the 'autodiscover' service.. when clients open Outlook 2007 they have a security alert related to 'autodiscover.our-local-domain.co.uk' which says the certificate does name does not match, do you want to continue, click yes/no.. ??

When configuring outlook 2007 in 'offline' mode, users get the error '(0x8004010F) The operation failed: An object cannot be found' which again is related to the OAB...

Test email auto-configuation does not work, yet i've set the internal/external OWA, OAB, webservices in the exchange command shell

I am using IIS 6.0, i have 1 default website, with one certificate pointing to the FQDN of the server, so users on the network can authenticate to (https://apple.romgroup.com/owa) however externally users access OWA via https://apple.romgroup.co.uk/owa, so i get a certificate name error again, i'm hoping this can be solved by purchasing a SAN certificate?
0
Mandev23
Asked:
Mandev23
  • 10
  • 6
2 Solutions
 
Carol ChisholmCommented:
You will need a SAN certificate with multiple FQDNs.
http://www.digicert.com/subject-alternative-name.htm
Or you can make your own if you are prepared to have your users trust a private certificate.
0
 
Mandev23Author Commented:
Ok, i will look into this. I am currently trialing one by Verisign. but how can i solve errors like (0x8004010F) The operation failed: An object cannot be found' (when using outlook in offline mode)  and the autodiscover security alert when outlook 2007 opens? unless i solve the autodiscover issue users will have problems with out-of-hours service as well....

i have also read i need a windows DNS entry for autodiscover.rom.co.uk (rom being our local domain), so i created a new zone and added that in pointing it to the internal IP our Exchange server.... also we would need a public DNS pointing to Exchange servers public IP i would have thought..?
0
 
Carol ChisholmCommented:
0
Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

 
Mandev23Author Commented:
I have added the public DNS entry. I think the problem i have is to with public folder replication on server, i cannot replicate the OAB. Can anyone help me diagnose this so i dont get the error (0x8004010F) The operation failed: An object cannot be found'.  
0
 
Mandev23Author Commented:
hello, does anyone else have a solution on the above please....?
0
 
Carol ChisholmCommented:
0
 
Carol ChisholmCommented:
Or else
http://msexchangeteam.com/archive/2007/04/19/437902.aspx

This is a very common and vague error.
0
 
Carol ChisholmCommented:
0
 
Carol ChisholmCommented:
And to get rid of the security message, you have to have a SAN certificate which matches the internal FQDN of the CAS server.
0
 
Mandev23Author Commented:
Hi carolchi

Thanks for the replies, following your recent reply, is it possible to create an SSL create certificate for two domains? - if so how do you do this?, rather than purchasing a SAN cert, i got active sync working with a PDA with an SSL certificate?
0
 
Mandev23Author Commented:
My second question is, i believe the reason i am still getting the (0x8004010F) error is becasue public folder replication is not working on the Exchange serve, below is the error i get when i click on update OAB Version2 in the public folder management console, how can i troubleshoot this?

--------------------------------------------------------
Microsoft Exchange Error
--------------------------------------------------------
Action 'Update Content' could not be performed on object 'OAB Version 2'.

OAB Version 2
Failed
Error:
Cannot start content replication against public folder '\NON_IPM_SUBTREE\OFFLINE ADDRESS BOOK\/o=ROM Group Limited/cn=addrlists/cn=oabs/cn=Address book\OAB Version 2' on public folder database 'APPLE\Public Folders\Public Folder Database'.

MapiExceptionNoReplicaAvailable: StartContentReplication failed. (hr=0x80004005, ec=1129)
Diagnostic context:
    Lid: 1494    ---- Remote Context Beg ----
    Lid: 31229   Error: 0x0
    Lid: 21970   StoreEc: 0x8004010F PropTag: 0x66980102
    Lid: 9206    StoreEc: 0x469    
    Lid: 9206    StoreEc: 0x469    
    Lid: 9206    StoreEc: 0x469    
    Lid: 9206    StoreEc: 0x469    
    Lid: 9206    StoreEc: 0x469    
    Lid: 1267    StoreEc: 0x469    
    Lid: 19865   StoreEc: 0x469    
    Lid: 27225   StoreEc: 0x469    
    Lid: 1750    ---- Remote Context End ----
    Lid: 26322   StoreEc: 0x469    




--------------------------------------------------------
OK
--------------------------------------------------------
0
 
Carol ChisholmCommented:
I'd suggest opening a new question on this, with a more appropriate title. This is not about autodiscover any more. You'll get a better respose  if the question title is accurate.
0
 
Carol ChisholmCommented:
You can create your own SAN certificate on your own CA.

Use the Digicert wizard to create the command line,
- run the command on your exchange server
- send the output to your own CA to create the certificate
- enable the certificate on your exchange server for all the functions you want

https://www.digicert.com/easy-csr/exchange2007.htm

Here's a useful wiki

http://www.exchangeninjas.com/New-ExchangeCertificate



0
 
Mandev23Author Commented:
hi

i used the below syntax to create a SAN cert with multiple names, the output being c:\romgroup.req which i believe is not a viewable file, what is the next step in using this cert?

i'm hoping to use it so OWA users both internally/externally can authenticate to the FQDN of the server; apple.romgroup.com and the external address of apple.romgroup.co.uk

New-ExchangeCertificate -DomainName apple.romgroup.com, apple.romgroup.co.uk, autodiscover.rom.co.uk, autodiscover.rom-tech.co.uk, autodiscover.rfa-tech.co.uk, -FriendlyName
 RomGroup -GenerateRequest:$True -Keysize 1024 -path c:\romgroup.req -privatekeyExportable:$true -subjectName "c=uk, o=Rom, CN=apple.romgroup.com"

or if someone can show me how to setup exchange 2007 to use one URL for OWA which is the server name; for both internal and external access, please? -  this would be better...
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 10
  • 6
Tackle projects and never again get stuck behind a technical roadblock.
Join Now