Insitems
asked on
Autodiscover in Exchagne 2007 Not Working from Outside Non-domain computers
I have a relatively new Exchange 2007 environment on a single server. Everything (OWA, internal email, send. receive...) is working fine except I cannot get Outlook Anywhere to work from the outside on domain or non-domain computers running Outlook 2007. I've scoured the internet and EE looking for resolution and not finding it. I receive a variety of errors relating to certificate name not matching and continuously having to log on to Outlook with no success. I have a UCC/SAN certificate from Entrust.
Please see below for the results of some popular tests and requests for information.
[PS] C:\Windows\System32>test-o utlookwebs ervices | fl
Id : 1003
Type : Information
Message : About to test AutoDiscover with the e-mail address Administrator@corp
orate.local.
Id : 1007
Type : Information
Message : Testing server server.intdomain.local with the published name h
ttps://server.intdomain.lo cal/EWS/Ex change.asm x & https://autod
iscover.extdomainname.com/ EWS/Exchan ge.asmx.
Id : 1019
Type : Information
Message : Found a valid AutoDiscover service connection point. The AutoDiscover
URL on this object is https://server.intdomain.local/Autodiscover/A
utodiscover.xml.
Id : 1006
Type : Information
Message : The Autodiscover service was contacted at https://server.intdomain.lo
cal/Autodiscover/Autodisco ver.xml.
Id : 1016
Type : Success
Message : [EXCH]-Successfully contacted the AS service at https://server.intdomain
.local/EWS/Exchange.asmx. The elapsed time was 15 millisecon
ds.
Id : 1015
Type : Success
Message : [EXCH]-Successfully contacted the OAB service at https://server.
.intdomain.local/EWS/Excha nge.asmx. The elapsed time was 0 millisecon
ds.
Id : 1014
Type : Success
Message : [EXCH]-Successfully contacted the UM service at https://server.intdomain
.local/UnifiedMessaging/Se rvice.asmx . The elapsed time was 1
5 milliseconds.
Id : 1013
Type : Error
Message : When contacting https://autodiscover.extdomain.com/EWS/Exchange.asmx
received the error The request failed with HTTP status 401: Unauthori
zed.
Id : 1016
Type : Error
Message : [EXPR]-Error when contacting the AS service at https://autodiscover.
extdomain.com/EWS/Exchange .asmx. The elapsed time was 31 milliseconds.
Id : 1015
Type : Success
Message : [EXPR]-Successfully contacted the OAB service at https://autodiscover
.extdomain.com/EWS/Exchang e.asmx. The elapsed time was 0 milliseconds
.
Id : 1014
Type : Information
Message : [EXPR]-The UM is not configured for this user.
Id : 1017
Type : Success
Message : [EXPR]-Successfully contacted the RPC/HTTP service at https://mail.extdomain
.com/Rpc. The elapsed time was 0 milliseconds.
Id : 1006
Type : Success
Message : The Autodiscover service was tested successfully.
Id : 1021
Type : Information
Message : The following web services generated errors.
As in EXPR
Please use the prior output to diagnose and correct the errors.
Results of Outlook Test for Autodiscover ::
<?xml version="1.0" encoding="utf-8"?>
<Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
<Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">
<User>
<DisplayName>Name</Display Name>
<LegacyDN>/o=Corporate/ou= Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recip ients/cn=N ame</Legac yDN>
<DeploymentId>607a6695-187 a-4826-9bc e-ed7331e7 d048</Depl oymentId>
</User>
<Account>
<AccountType>email</Accoun tType>
<Action>settings</Action>
<Protocol>
<Type>EXCH</Type>
<Server>server.intdomain.l ocal</Serv er>
<ServerDN>/o=Corporate/ou= Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Confi guration/c n=Servers/ cn=SERVER< /ServerDN>
<ServerVersion>720180F0</S erverVersi on>
<MdbDN>/o=Corporate/ou=Exc hange Administrative Group (FYDIBOHF23SPDLT)/cn=Confi guration/c n=Servers/ cn=CORPSER VER02/cn=M icrosoft Private MDB</MdbDN>
<AD>CORPSERVER01.CORPORATE .local</AD >
<ASUrl>https://server.intdomain.local/EWS/Exchange.asmx</ASUrl>
<EwsUrl>https://server.intdomain.local/EWS/Exchange.asmx</EwsUrl>
<OOFUrl>https://server.intdomain.local/EWS/Exchange.asmx</OOFUrl>
<UMUrl>https://server.intdomain.local/UnifiedMessaging/Service.asmx</UMUrl>
<OABUrl>https://server.intdomain.local/OAB/10fde666-6048-49fc-a19f-0eba8e8dfa6c/</OABUrl>
</Protocol>
<Protocol>
<Type>EXPR</Type>
<Server>mail.extdomain.com </Server>
<SSL>On</SSL>
<AuthPackage>Basic</AuthPa ckage>
<ASUrl>https://autodiscover.extdomain.com/EWS/Exchange.asmx</ASUrl>
<EwsUrl>https://autodiscover.extdomain.com/EWS/Exchange.asmx</EwsUrl>
<OOFUrl>https://autodiscover.extdomain.com/EWS/Exchange.asmx</OOFUrl>
<OABUrl>https://mail.extdomain.com/OAB/10fde666-6048-49fc-a19f-0eba8e8dfa6c/</OABUrl>
</Protocol>
<Protocol>
<Type>WEB</Type>
<External>
<OWAUrl AuthenticationMethod="Fba" >https://mail.extdomain.com/owa</OWAUrl>
<Protocol>
<Type>EXPR</Type>
<ASUrl>https://autodiscover.extdomain.com/EWS/Exchange.asmx</ASUrl>
</Protocol>
</External>
<Internal>
<OWAUrl AuthenticationMethod="Basi c, Fba">https://server.intdomain.local/owa</OWAUrl>
<Protocol>
<Type>EXCH</Type>
<ASUrl>https://server.intdomain.local/EWS/Exchange.asmx</ASUrl>
</Protocol>
</Internal>
</Protocol>
</Account>
Please see below for the results of some popular tests and requests for information.
[PS] C:\Windows\System32>test-o
Id : 1003
Type : Information
Message : About to test AutoDiscover with the e-mail address Administrator@corp
orate.local.
Id : 1007
Type : Information
Message : Testing server server.intdomain.local with the published name h
ttps://server.intdomain.lo
iscover.extdomainname.com/
Id : 1019
Type : Information
Message : Found a valid AutoDiscover service connection point. The AutoDiscover
URL on this object is https://server.intdomain.local/Autodiscover/A
utodiscover.xml.
Id : 1006
Type : Information
Message : The Autodiscover service was contacted at https://server.intdomain.lo
cal/Autodiscover/Autodisco
Id : 1016
Type : Success
Message : [EXCH]-Successfully contacted the AS service at https://server.intdomain
.local/EWS/Exchange.asmx. The elapsed time was 15 millisecon
ds.
Id : 1015
Type : Success
Message : [EXCH]-Successfully contacted the OAB service at https://server.
.intdomain.local/EWS/Excha
ds.
Id : 1014
Type : Success
Message : [EXCH]-Successfully contacted the UM service at https://server.intdomain
.local/UnifiedMessaging/Se
5 milliseconds.
Id : 1013
Type : Error
Message : When contacting https://autodiscover.extdomain.com/EWS/Exchange.asmx
received the error The request failed with HTTP status 401: Unauthori
zed.
Id : 1016
Type : Error
Message : [EXPR]-Error when contacting the AS service at https://autodiscover.
extdomain.com/EWS/Exchange
Id : 1015
Type : Success
Message : [EXPR]-Successfully contacted the OAB service at https://autodiscover
.extdomain.com/EWS/Exchang
.
Id : 1014
Type : Information
Message : [EXPR]-The UM is not configured for this user.
Id : 1017
Type : Success
Message : [EXPR]-Successfully contacted the RPC/HTTP service at https://mail.extdomain
.com/Rpc. The elapsed time was 0 milliseconds.
Id : 1006
Type : Success
Message : The Autodiscover service was tested successfully.
Id : 1021
Type : Information
Message : The following web services generated errors.
As in EXPR
Please use the prior output to diagnose and correct the errors.
Results of Outlook Test for Autodiscover ::
<?xml version="1.0" encoding="utf-8"?>
<Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
<Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">
<User>
<DisplayName>Name</Display
<LegacyDN>/o=Corporate/ou=
<DeploymentId>607a6695-187
</User>
<Account>
<AccountType>email</Accoun
<Action>settings</Action>
<Protocol>
<Type>EXCH</Type>
<Server>server.intdomain.l
<ServerDN>/o=Corporate/ou=
<ServerVersion>720180F0</S
<MdbDN>/o=Corporate/ou=Exc
<AD>CORPSERVER01.CORPORATE
<ASUrl>https://server.intdomain.local/EWS/Exchange.asmx</ASUrl>
<EwsUrl>https://server.intdomain.local/EWS/Exchange.asmx</EwsUrl>
<OOFUrl>https://server.intdomain.local/EWS/Exchange.asmx</OOFUrl>
<UMUrl>https://server.intdomain.local/UnifiedMessaging/Service.asmx</UMUrl>
<OABUrl>https://server.intdomain.local/OAB/10fde666-6048-49fc-a19f-0eba8e8dfa6c/</OABUrl>
</Protocol>
<Protocol>
<Type>EXPR</Type>
<Server>mail.extdomain.com
<SSL>On</SSL>
<AuthPackage>Basic</AuthPa
<ASUrl>https://autodiscover.extdomain.com/EWS/Exchange.asmx</ASUrl>
<EwsUrl>https://autodiscover.extdomain.com/EWS/Exchange.asmx</EwsUrl>
<OOFUrl>https://autodiscover.extdomain.com/EWS/Exchange.asmx</OOFUrl>
<OABUrl>https://mail.extdomain.com/OAB/10fde666-6048-49fc-a19f-0eba8e8dfa6c/</OABUrl>
</Protocol>
<Protocol>
<Type>WEB</Type>
<External>
<OWAUrl AuthenticationMethod="Fba"
<Protocol>
<Type>EXPR</Type>
<ASUrl>https://autodiscover.extdomain.com/EWS/Exchange.asmx</ASUrl>
</Protocol>
</External>
<Internal>
<OWAUrl AuthenticationMethod="Basi
<Protocol>
<Type>EXCH</Type>
<ASUrl>https://server.intdomain.local/EWS/Exchange.asmx</ASUrl>
</Protocol>
</Internal>
</Protocol>
</Account>
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
If the certificate was issued to domain.com then you need a new certificate.
The root of your domain should really point to your public web site.
-M
The root of your domain should really point to your public web site.
-M
ASKER
I finally got it to work. Here are the steps that I had to do.
1. Get a new certificate with the proper CN
2. Imported and configured new certificate.
**That resolved the first issue listed above about mutual authentication,
3. Continued to use the testexchangeconnectivity.c om website to test. Started getting RCP errors.
4. Used information from here http://msexchangeteam.com/archive/2008/06/20/449053.aspx to lead me to disable IPV6 in the hosts file.
5. Tested successfully. Was able to create email profile on an off-domain computer successfully.
Thank you for your help.
1. Get a new certificate with the proper CN
2. Imported and configured new certificate.
**That resolved the first issue listed above about mutual authentication,
3. Continued to use the testexchangeconnectivity.c
4. Used information from here http://msexchangeteam.com/archive/2008/06/20/449053.aspx to lead me to disable IPV6 in the hosts file.
5. Tested successfully. Was able to create email profile on an off-domain computer successfully.
Thank you for your help.
ASKER
Testing SSL mutual authentication with RPC Proxy server
Failed to verify Mutual Authentication
Tell me more about this issue and how to resolve it
Additional Details
The certificate common name domainname.com, doesn't validate against Mutual Authentication string provided msstd:mail.domainname.com
Looks like the certificate was not for the FQDN, mail.domainname.com. Is there a way around this or do I need to request a new certificate?