[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 913
  • Last Modified:

Autodiscover in Exchagne 2007 Not Working from Outside Non-domain computers

I have a relatively new Exchange 2007 environment on a single server.  Everything (OWA, internal email, send. receive...) is working fine except I cannot get Outlook Anywhere to work from the outside on domain or non-domain computers running Outlook 2007.  I've scoured the internet and EE looking for resolution and not finding it.  I receive a variety of errors relating to certificate name not matching and continuously having to log on to Outlook with no success.  I have a UCC/SAN certificate from Entrust.  

Please see below for the results of some popular tests and requests for information.

[PS] C:\Windows\System32>test-outlookwebservices | fl


Id      : 1003
Type    : Information
Message : About to test AutoDiscover with the e-mail address Administrator@corp
          orate.local.

Id      : 1007
Type    : Information
Message : Testing server server.intdomain.local with the published name h
          ttps://server.intdomain.local/EWS/Exchange.asmx & https://autod
          iscover.extdomainname.com/EWS/Exchange.asmx.

Id      : 1019
Type    : Information
Message : Found a valid AutoDiscover service connection point. The AutoDiscover
           URL on this object is https://server.intdomain.local/Autodiscover/A
        utodiscover.xml.

Id      : 1006
Type    : Information
Message : The Autodiscover service was contacted at https://server.intdomain.lo
          cal/Autodiscover/Autodiscover.xml.

Id      : 1016
Type    : Success
Message : [EXCH]-Successfully contacted the AS service at https://server.intdomain
          .local/EWS/Exchange.asmx. The elapsed time was 15 millisecon
          ds.

Id      : 1015
Type    : Success
Message : [EXCH]-Successfully contacted the OAB service at https://server.
          .intdomain.local/EWS/Exchange.asmx. The elapsed time was 0 millisecon
          ds.

Id      : 1014
Type    : Success
Message : [EXCH]-Successfully contacted the UM service at https://server.intdomain
          .local/UnifiedMessaging/Service.asmx. The elapsed time was 1
          5 milliseconds.

Id      : 1013
Type    : Error
Message : When contacting https://autodiscover.extdomain.com/EWS/Exchange.asmx
          received the error The request failed with HTTP status 401: Unauthori
          zed.

Id      : 1016
Type    : Error
Message : [EXPR]-Error when contacting the AS service at https://autodiscover.
          extdomain.com/EWS/Exchange.asmx. The elapsed time was 31 milliseconds.

Id      : 1015
Type    : Success
Message : [EXPR]-Successfully contacted the OAB service at https://autodiscover
          .extdomain.com/EWS/Exchange.asmx. The elapsed time was 0 milliseconds
          .

Id      : 1014
Type    : Information
Message : [EXPR]-The UM is not configured for this user.

Id      : 1017
Type    : Success
Message : [EXPR]-Successfully contacted the RPC/HTTP service at https://mail.extdomain
          .com/Rpc. The elapsed time was 0 milliseconds.

Id      : 1006
Type    : Success
Message : The Autodiscover service was tested successfully.

Id      : 1021
Type    : Information
Message : The following web services generated errors.
              As in EXPR
          Please use the prior output to diagnose and correct the errors.


Results of Outlook Test for Autodiscover ::

<?xml version="1.0" encoding="utf-8"?>
<Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
  <Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">
    <User>
      <DisplayName>Name</DisplayName>
      <LegacyDN>/o=Corporate/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=Name</LegacyDN>
      <DeploymentId>607a6695-187a-4826-9bce-ed7331e7d048</DeploymentId>
    </User>
    <Account>
      <AccountType>email</AccountType>
      <Action>settings</Action>
      <Protocol>
        <Type>EXCH</Type>
        <Server>server.intdomain.local</Server>
        <ServerDN>/o=Corporate/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=SERVER</ServerDN>
        <ServerVersion>720180F0</ServerVersion>
        <MdbDN>/o=Corporate/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=CORPSERVER02/cn=Microsoft Private MDB</MdbDN>
        <AD>CORPSERVER01.CORPORATE.local</AD>
        <ASUrl>https://server.intdomain.local/EWS/Exchange.asmx</ASUrl>
        <EwsUrl>https://server.intdomain.local/EWS/Exchange.asmx</EwsUrl>
        <OOFUrl>https://server.intdomain.local/EWS/Exchange.asmx</OOFUrl>
        <UMUrl>https://server.intdomain.local/UnifiedMessaging/Service.asmx</UMUrl>
        <OABUrl>https://server.intdomain.local/OAB/10fde666-6048-49fc-a19f-0eba8e8dfa6c/</OABUrl>
      </Protocol>
      <Protocol>
        <Type>EXPR</Type>
        <Server>mail.extdomain.com</Server>
        <SSL>On</SSL>
        <AuthPackage>Basic</AuthPackage>
        <ASUrl>https://autodiscover.extdomain.com/EWS/Exchange.asmx</ASUrl>
        <EwsUrl>https://autodiscover.extdomain.com/EWS/Exchange.asmx</EwsUrl>
        <OOFUrl>https://autodiscover.extdomain.com/EWS/Exchange.asmx</OOFUrl>
        <OABUrl>https://mail.extdomain.com/OAB/10fde666-6048-49fc-a19f-0eba8e8dfa6c/</OABUrl>
      </Protocol>
      <Protocol>
        <Type>WEB</Type>
        <External>
          <OWAUrl AuthenticationMethod="Fba">https://mail.extdomain.com/owa</OWAUrl>
          <Protocol>
            <Type>EXPR</Type>
            <ASUrl>https://autodiscover.extdomain.com/EWS/Exchange.asmx</ASUrl>
          </Protocol>
        </External>
        <Internal>
          <OWAUrl AuthenticationMethod="Basic, Fba">https://server.intdomain.local/owa</OWAUrl>
          <Protocol>
            <Type>EXCH</Type>
            <ASUrl>https://server.intdomain.local/EWS/Exchange.asmx</ASUrl>
          </Protocol>
        </Internal>
      </Protocol>
    </Account>
0
Insitems
Asked:
Insitems
  • 2
  • 2
1 Solution
 
MesthaCommented:
That only shows you internal stuff, but doesn't really give much information.
Use a test account with the MS test site.
https://www.testexchangeconnectivity.com

That will test it from the internet.

-M
0
 
InsitemsAuthor Commented:
It fails with the following information:

 Testing SSL mutual authentication with RPC Proxy server
  Failed to verify Mutual Authentication
   Tell me more about this issue and how to resolve it
 
 Additional Details
  The certificate common name domainname.com, doesn't validate against Mutual Authentication string provided msstd:mail.domainname.com

Looks like the certificate was not for the FQDN, mail.domainname.com.  Is there a way around this or do I need to request a new certificate?
0
 
MesthaCommented:
If the certificate was issued to domain.com then you need a new certificate.
The root of your domain should really point to your public web site.

-M
0
 
InsitemsAuthor Commented:
I finally got it to work.  Here are the steps that I had to do.

1.  Get a new certificate with the proper CN
2.  Imported and configured new certificate.  
**That resolved the first issue listed above about mutual authentication,
3.  Continued to use the testexchangeconnectivity.com website to test.  Started getting RCP errors.
4.  Used information from here http://msexchangeteam.com/archive/2008/06/20/449053.aspx to lead me to disable IPV6 in the hosts file.
5.  Tested successfully.  Was able to create email profile on an off-domain computer successfully.

Thank you for your help.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now