• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1320
  • Last Modified:

Cannot Get Autodiscover to Set Up Outlook or Pass Free/Busy Information with 3rd Party UCC cert

I have a 3rd party UCC/SAN certificate from a trusted CA.  It is installed on an Exchange 2007 CAS server (single-server setup), the certificate automatically installs in the browser, and the autodiscover service passes all Exchange shell and remote tests that I have come across.  Yet, it will not configure Outlook, and inside the firewall free/busy information is not working.

I think I have a permissions issue, but let me lay out the problem first.

The firewall has 443, 80 and 25 open to this machine, and I am trying to do Autodiscover with Outlook 2007.  The Exchange server is patched through the 10/31 version of rollup 4, and running on Server 2008 patched all the way.  The AD is 2008.  OWA works perfectly.

Testing with Outlook's "Test E-mail Autoconfiguration" function seems to work for the Administrator account, but fails abjectly with any user account which is why I think there is an IIS permissions issue.

Using either the Administrator account, or a user account Outlook fails to set up a mail profile using the autodiscover service saying "the server cannot be contacted."

 I also don't seem to be able to set up an Outlook profile remotely in an RPC/HTTP setup using the same settings that would work on an Exchange 2003 server, but I am not certain the same settings are appropriate.

If I run the "Test E-mail Autoconfiguration" function from a remote Outlook client using the Administrator account, the "Results" tab resolves all internal and external URL's seemingly correct ( cannot copy the output.)  

The "Log" tab shows the following 4 lines with only the "Use Autodiscover" test being run (no Guessmart or Guessmart Authentication):

> Autodiscover to https://externaldomain.com/autodiscover/autodiscover.xml starting
> Autodiscover to https://externaldomain.com/autodiscover/autodiscover.xml FAILED (0x800C8203)
> Autodiscover to https://autodiscover.externaldomain.com/autodiscover/autodiscover.xml starting
> Autodiscover to https://autodiscover.externaldomain.com/autodiscover/autodiscover.xml succeeded (0x00000000)

The XML tab shows the following:

<?xml version="1.0" encoding="utf-8"?>
<Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
  <Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">
    <User>
      <DisplayName>Administrator</DisplayName>
      <LegacyDN>/o=First Organization/ou=first administrative group/cn=Recipients/cn=Administrator</LegacyDN>
      <DeploymentId>dbb40376-adab-4d86-bcea-50c6659da487</DeploymentId>
    </User>
    <Account>
      <AccountType>email</AccountType>
      <Action>settings</Action>
      <Protocol>
        <Type>EXCH</Type>
        <Server>servername.internal.local</Server>
        <ServerDN>/o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=servername</ServerDN>
        <ServerVersion>720180F0</ServerVersion>
        <MdbDN>/o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=servername/cn=Microsoft Private MDB</MdbDN>
        <PublicFolderServer>servername.internal.local</PublicFolderServer>
        <AD>ADserver.internal.local</AD>
        <ASUrl>https://mail.externaldomain.com/ews/exchange.asmx</ASUrl>
        <EwsUrl>https://mail.externaldomain.com/ews/exchange.asmx</EwsUrl>
        <OOFUrl>https://mail.externaldomain.com/ews/exchange.asmx</OOFUrl>
        <UMUrl>https://mail.externaldomain.com/unifiedmessaging/service.asmx</UMUrl>
        <OABUrl>Public Folder</OABUrl>
      </Protocol>
      <Protocol>
        <Type>EXPR</Type>
        <Server>mail.externaldomain.com</Server>
        <SSL>On</SSL>
        <AuthPackage>Basic</AuthPackage>
        <ASUrl>https://mail.externaldomain.com/EWS/Exchange.asmx</ASUrl>
        <EwsUrl>https://mail.externaldomain.com/EWS/Exchange.asmx</EwsUrl>
        <OOFUrl>https://mail.externaldomain.com/EWS/Exchange.asmx</OOFUrl>
        <UMUrl>https://mail.externaldomain.com/UnifiedMessaging/Service.asmx</UMUrl>
        <OABUrl>Public Folder</OABUrl>
      </Protocol>
      <Protocol>
        <Type>WEB</Type>
        <Internal>
          <OWAUrl AuthenticationMethod="Basic, Fba">https://servername.internal.local/owa</OWAUrl>
          <Protocol>
            <Type>EXCH</Type>
            <ASUrl>https://mail.externaldomain.com/ews/exchange.asmx</ASUrl>
          </Protocol>
        </Internal>
      </Protocol>
    </Account>
  </Response>
</Autodiscover>

I would like to go over the IIS permissions, but IIS7 is kind of a pain and I cannot find any document so far that says for Exchange 2007 on IIS7 permissions should be set like so.

Thank you in advance for your attention and help!
0
irvcon
Asked:
irvcon
  • 2
2 Solutions
 
Pret0rianCommented:
Virtual Directories:
Autodiscover: Integrated Windows Authentication and basic Authentication
EWS: Same as above
RPC: same as above
On Default Website you should ONLY have "Enable Anonymous Access"

Check if they are the same as he ones i have put in here...

Remi
0
 
irvconAuthor Commented:
Only RPC was out of joint with your scenario, it only had Basic, and I added Windows Integrated.

Also, I figured out why the Admin account tests fine but the user accounts did not.  I won't go into the depths of it, but now they both test fine and both fail to set up an outlook profile in the exact way specified above.

Here is output from within the EMS:

[PS] C:\>test-outlookwebservices -identity user@externaldomain.com | fl


Id      : 1003
Type    : Information
Message : About to test AutoDiscover with the e-mail address user@externaldomain.com.

Id      : 1006
Type    : Information
Message : The Autodiscover service was contacted at https://server.internaldomain.local/autodiscover/autodiscover.xml.

Id      : 1016
Type    : Success
Message : [EXCH]-Successfully contacted the AS service at https://mail.externaldomain.com/EWS/Exchange.asmx. The elapsed time was 46 milliseconds.

Id      : 1015
Type    : Information
Message : [EXCH]-The OAB is not configured for this user.

Id      : 1014
Type    : Success
Message : [EXCH]-Successfully contacted the UM service at https://mail.externaldomain.com/UnifiedMessaging/Service.asmx. The elapsed time was 15 milliseconds.

Id      : 1016
Type    : Success
Message : [EXPR]-Successfully contacted the AS service at https://mail.externaldomain.com/EWS/Exchange.asmx. The elapsed time was 62 milliseconds.

Id      : 1015
Type    : Information
Message : [EXPR]-The OAB is not configured for this user.

Id      : 1014
Type    : Success
Message : [EXPR]-Successfully contacted the UM service athttps://mail.externaldomain.com/UnifiedMessaging/Service.asmx. The elapsed time was 15 milliseconds.

Id      : 1017
Type    : Success
Message : [EXPR]-Successfully contacted the RPC/HTTP service at https://mail.externaldomain.com/Rpc. The elapsed time was 15 milliseconds.

Id      : 1006
Type    : Success
Message : The Autodiscover service was tested successfully.
0
 
irvconAuthor Commented:
I went over it all with a fine-toothed comb and found a couple of small things which cumulatively seemed to do it.  I think the host file entries on the servers are what finally did the trick
0

Featured Post

Microsoft Certification Exam 74-409

VeeamĀ® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now