irvcon
asked on
Cannot Get Autodiscover to Set Up Outlook or Pass Free/Busy Information with 3rd Party UCC cert
I have a 3rd party UCC/SAN certificate from a trusted CA. It is installed on an Exchange 2007 CAS server (single-server setup), the certificate automatically installs in the browser, and the autodiscover service passes all Exchange shell and remote tests that I have come across. Yet, it will not configure Outlook, and inside the firewall free/busy information is not working.
I think I have a permissions issue, but let me lay out the problem first.
The firewall has 443, 80 and 25 open to this machine, and I am trying to do Autodiscover with Outlook 2007. The Exchange server is patched through the 10/31 version of rollup 4, and running on Server 2008 patched all the way. The AD is 2008. OWA works perfectly.
Testing with Outlook's "Test E-mail Autoconfiguration" function seems to work for the Administrator account, but fails abjectly with any user account which is why I think there is an IIS permissions issue.
Using either the Administrator account, or a user account Outlook fails to set up a mail profile using the autodiscover service saying "the server cannot be contacted."
I also don't seem to be able to set up an Outlook profile remotely in an RPC/HTTP setup using the same settings that would work on an Exchange 2003 server, but I am not certain the same settings are appropriate.
If I run the "Test E-mail Autoconfiguration" function from a remote Outlook client using the Administrator account, the "Results" tab resolves all internal and external URL's seemingly correct ( cannot copy the output.)
The "Log" tab shows the following 4 lines with only the "Use Autodiscover" test being run (no Guessmart or Guessmart Authentication):
> Autodiscover to https://externaldomain.com/autodiscover/autodiscover.xml starting
> Autodiscover to https://externaldomain.com/autodiscover/autodiscover.xml FAILED (0x800C8203)
> Autodiscover to https://autodiscover.externaldomain.com/autodiscover/autodiscover.xml starting
> Autodiscover to https://autodiscover.externaldomain.com/autodiscover/autodiscover.xml succeeded (0x00000000)
The XML tab shows the following:
<?xml version="1.0" encoding="utf-8"?>
<Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
<Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">
<User>
<DisplayName>Administrator
<LegacyDN>/o=First Organization/ou=first administrative group/cn=Recipients/cn=Adm
<DeploymentId>dbb40376-ada
</User>
<Account>
<AccountType>email</Accoun
<Action>settings</Action>
<Protocol>
<Type>EXCH</Type>
<Server>servername.interna
<ServerDN>/o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Confi
<ServerVersion>720180F0</S
<MdbDN>/o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Confi
<PublicFolderServer>server
<AD>ADserver.internal.loca
<ASUrl>https://mail.externaldomain.com/ews/exchange.asmx</ASUrl>
<EwsUrl>https://mail.externaldomain.com/ews/exchange.asmx</EwsUrl>
<OOFUrl>https://mail.externaldomain.com/ews/exchange.asmx</OOFUrl>
<UMUrl>https://mail.externaldomain.com/unifiedmessaging/service.asmx</UMUrl>
<OABUrl>Public Folder</OABUrl>
</Protocol>
<Protocol>
<Type>EXPR</Type>
<Server>mail.externaldomai
<SSL>On</SSL>
<AuthPackage>Basic</AuthPa
<ASUrl>https://mail.externaldomain.com/EWS/Exchange.asmx</ASUrl>
<EwsUrl>https://mail.externaldomain.com/EWS/Exchange.asmx</EwsUrl>
<OOFUrl>https://mail.externaldomain.com/EWS/Exchange.asmx</OOFUrl>
<UMUrl>https://mail.externaldomain.com/UnifiedMessaging/Service.asmx</UMUrl>
<OABUrl>Public Folder</OABUrl>
</Protocol>
<Protocol>
<Type>WEB</Type>
<Internal>
<OWAUrl AuthenticationMethod="Basi
<Protocol>
<Type>EXCH</Type>
<ASUrl>https://mail.externaldomain.com/ews/exchange.asmx</ASUrl>
</Protocol>
</Internal>
</Protocol>
</Account>
</Response>
</Autodiscover>
I would like to go over the IIS permissions, but IIS7 is kind of a pain and I cannot find any document so far that says for Exchange 2007 on IIS7 permissions should be set like so.
Thank you in advance for your attention and help!
I think I have a permissions issue, but let me lay out the problem first.
The firewall has 443, 80 and 25 open to this machine, and I am trying to do Autodiscover with Outlook 2007. The Exchange server is patched through the 10/31 version of rollup 4, and running on Server 2008 patched all the way. The AD is 2008. OWA works perfectly.
Testing with Outlook's "Test E-mail Autoconfiguration" function seems to work for the Administrator account, but fails abjectly with any user account which is why I think there is an IIS permissions issue.
Using either the Administrator account, or a user account Outlook fails to set up a mail profile using the autodiscover service saying "the server cannot be contacted."
I also don't seem to be able to set up an Outlook profile remotely in an RPC/HTTP setup using the same settings that would work on an Exchange 2003 server, but I am not certain the same settings are appropriate.
If I run the "Test E-mail Autoconfiguration" function from a remote Outlook client using the Administrator account, the "Results" tab resolves all internal and external URL's seemingly correct ( cannot copy the output.)
The "Log" tab shows the following 4 lines with only the "Use Autodiscover" test being run (no Guessmart or Guessmart Authentication):
> Autodiscover to https://externaldomain.com/autodiscover/autodiscover.xml starting
> Autodiscover to https://externaldomain.com/autodiscover/autodiscover.xml FAILED (0x800C8203)
> Autodiscover to https://autodiscover.externaldomain.com/autodiscover/autodiscover.xml starting
> Autodiscover to https://autodiscover.externaldomain.com/autodiscover/autodiscover.xml succeeded (0x00000000)
The XML tab shows the following:
<?xml version="1.0" encoding="utf-8"?>
<Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
<Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">
<User>
<DisplayName>Administrator
<LegacyDN>/o=First Organization/ou=first administrative group/cn=Recipients/cn=Adm
<DeploymentId>dbb40376-ada
</User>
<Account>
<AccountType>email</Accoun
<Action>settings</Action>
<Protocol>
<Type>EXCH</Type>
<Server>servername.interna
<ServerDN>/o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Confi
<ServerVersion>720180F0</S
<MdbDN>/o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Confi
<PublicFolderServer>server
<AD>ADserver.internal.loca
<ASUrl>https://mail.externaldomain.com/ews/exchange.asmx</ASUrl>
<EwsUrl>https://mail.externaldomain.com/ews/exchange.asmx</EwsUrl>
<OOFUrl>https://mail.externaldomain.com/ews/exchange.asmx</OOFUrl>
<UMUrl>https://mail.externaldomain.com/unifiedmessaging/service.asmx</UMUrl>
<OABUrl>Public Folder</OABUrl>
</Protocol>
<Protocol>
<Type>EXPR</Type>
<Server>mail.externaldomai
<SSL>On</SSL>
<AuthPackage>Basic</AuthPa
<ASUrl>https://mail.externaldomain.com/EWS/Exchange.asmx</ASUrl>
<EwsUrl>https://mail.externaldomain.com/EWS/Exchange.asmx</EwsUrl>
<OOFUrl>https://mail.externaldomain.com/EWS/Exchange.asmx</OOFUrl>
<UMUrl>https://mail.externaldomain.com/UnifiedMessaging/Service.asmx</UMUrl>
<OABUrl>Public Folder</OABUrl>
</Protocol>
<Protocol>
<Type>WEB</Type>
<Internal>
<OWAUrl AuthenticationMethod="Basi
<Protocol>
<Type>EXCH</Type>
<ASUrl>https://mail.externaldomain.com/ews/exchange.asmx</ASUrl>
</Protocol>
</Internal>
</Protocol>
</Account>
</Response>
</Autodiscover>
I would like to go over the IIS permissions, but IIS7 is kind of a pain and I cannot find any document so far that says for Exchange 2007 on IIS7 permissions should be set like so.
Thank you in advance for your attention and help!
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER