zkayyal
asked on
Unable to download/update offline address book - Exchange/Outlook 2007 - 0x80190194
Hi,
I have been troubleshooting this issue for some time now and have come a bit closer to resolution. The initial issue was also that free/busy info wasn't available but this has now been fixed. I have gone through 15+ hours and several steps working on this so I'll do my best to outline everything.
To clarify, this occured during a migration from Exchange 2003 to Exchange 2007. The exchange 2003 server is still on the network but mailboxes, public folders etc. have all migrated accross.
If I Ctrl Right-click Outlook and test email auto-configuration, everything is fine. Free/busy info is fine. I was previously getting sync issues about the offline address book but these have now stopped. However, if I manually try to download the address book, it just times out for a while eventially giving the error: 0x80190194.
I've run several commands in the Exchange Shell and I'll to post relevant ones.
Also, I have an OAB entry in IIS under Default Web Site, and under SBS Web applications.
Exchange Shell info:
Get-ExchangeCertificate: 8 certificates show (possibly the cause of the certificate error when loading Outlook?)
get-offlineaddressbook | update-offlineaddressbook: seems to complete without error
Update-OfflineAddressBook -id "Default Offline Address List" -verbose:
VERBOSE: Update-OfflineAddressBook : Beginning processing.
VERBOSE: Update-OfflineAddressBook : Searching objects "Default Offline Address
List" of type "OfflineAddressBook" under the root "$null".
VERBOSE: Update-OfflineAddressBook : Previous operation run on domain
controller 'SERVER2010.domain.local'.
VERBOSE: Update-OfflineAddressBook : Processing object "\Default Offline
Address List".
VERBOSE: Update-OfflineAddressBook : Searching objects "SERVER2006\First
Storage Group\Public Folder Store (SERVER2006)" of type "PublicFolderDatabase"
under the root "$null".
VERBOSE: Update-OfflineAddressBook : Previous operation run on domain
controller 'SERVER2010.domain.local'.
VERBOSE: Update-OfflineAddressBook : Searching objects "SERVER2010" of type
"Server" under the root "$null".
VERBOSE: Update-OfflineAddressBook : Previous operation run on domain
controller 'SERVER2010.domain.local'.
VERBOSE: Updating offline address book "Default Offline Address List".
VERBOSE: Update-OfflineAddressBook : Ending processing.
- Does this mean the address list is still on our SBS 2003 (SERVER2006)?
Get-OABVirtualDirectory:
Shows 2 OAB's both on SBS2008. Internal URL on both: https://autodiscovery.domain.com/oab External URL on both: http://autodiscovery.domain.com/oab
If I browse to this, it seems to work as I get a 401 unauthorised error.
Get-OfflineAddressbook | FL:
Server : SERVER2010
AddressLists : {\Default Global Address List}
Versions : {Version2, Version3, Version4}
IsDefault : True
PublicFolderDatabase : SERVER2006\First Storage Group\Public Folder
Store (SERVER2006)
PublicFolderDistributionEn abled : True
WebDistributionEnabled : True
DiffRetentionPeriod : 30
Schedule : {Sun.13:00-Sun.13:15, Mon.13:00-Mon.13:15, Tu
e.13:00-Tue.13:15, Wed.13:00-Wed.13:15, Thu.1
3:00-Thu.13:15, Fri.13:00-Fri.13:15, Sat.13:0
0-Sat.13:15}
VirtualDirectories : {SERVER2010\OAB (Default Web Site), SERVER201
0\OAB (SBS Web Applications)}
ExchangeVersion : 0.1 (8.0.535.0)
AdminDisplayName :
Name : Default Offline Address List
DistinguishedName : CN=Default Offline Address List,CN=Offline Ad
dress Lists,CN=Address Lists Container,CN=Fir
st Organization,CN=Microsoft Exchange,CN=Serv
ices,CN=Configuration,DC=d omain,DC=l ocal
Identity : \Default Offline Address List
Guid : dd8107d5-8969-4820-8a90-89 d34d05c998
ObjectCategory : domain.local/Configuration /Schema/ms -Exch-O
AB
ObjectClass : {top, msExchOAB}
WhenChanged : 14/04/2010 13:55:06
WhenCreated : 20/05/2005 16:25:15
OriginatingServer : SERVER2010.domain.local
IsValid : True
I'm a bit stuck now. Anyone got any ideas?
I have been troubleshooting this issue for some time now and have come a bit closer to resolution. The initial issue was also that free/busy info wasn't available but this has now been fixed. I have gone through 15+ hours and several steps working on this so I'll do my best to outline everything.
To clarify, this occured during a migration from Exchange 2003 to Exchange 2007. The exchange 2003 server is still on the network but mailboxes, public folders etc. have all migrated accross.
If I Ctrl Right-click Outlook and test email auto-configuration, everything is fine. Free/busy info is fine. I was previously getting sync issues about the offline address book but these have now stopped. However, if I manually try to download the address book, it just times out for a while eventially giving the error: 0x80190194.
I've run several commands in the Exchange Shell and I'll to post relevant ones.
Also, I have an OAB entry in IIS under Default Web Site, and under SBS Web applications.
Exchange Shell info:
Get-ExchangeCertificate: 8 certificates show (possibly the cause of the certificate error when loading Outlook?)
get-offlineaddressbook | update-offlineaddressbook:
Update-OfflineAddressBook -id "Default Offline Address List" -verbose:
VERBOSE: Update-OfflineAddressBook : Beginning processing.
VERBOSE: Update-OfflineAddressBook : Searching objects "Default Offline Address
List" of type "OfflineAddressBook" under the root "$null".
VERBOSE: Update-OfflineAddressBook : Previous operation run on domain
controller 'SERVER2010.domain.local'.
VERBOSE: Update-OfflineAddressBook : Processing object "\Default Offline
Address List".
VERBOSE: Update-OfflineAddressBook : Searching objects "SERVER2006\First
Storage Group\Public Folder Store (SERVER2006)" of type "PublicFolderDatabase"
under the root "$null".
VERBOSE: Update-OfflineAddressBook : Previous operation run on domain
controller 'SERVER2010.domain.local'.
VERBOSE: Update-OfflineAddressBook : Searching objects "SERVER2010" of type
"Server" under the root "$null".
VERBOSE: Update-OfflineAddressBook : Previous operation run on domain
controller 'SERVER2010.domain.local'.
VERBOSE: Updating offline address book "Default Offline Address List".
VERBOSE: Update-OfflineAddressBook : Ending processing.
- Does this mean the address list is still on our SBS 2003 (SERVER2006)?
Get-OABVirtualDirectory:
Shows 2 OAB's both on SBS2008. Internal URL on both: https://autodiscovery.domain.com/oab External URL on both: http://autodiscovery.domain.com/oab
If I browse to this, it seems to work as I get a 401 unauthorised error.
Get-OfflineAddressbook | FL:
Server : SERVER2010
AddressLists : {\Default Global Address List}
Versions : {Version2, Version3, Version4}
IsDefault : True
PublicFolderDatabase : SERVER2006\First Storage Group\Public Folder
Store (SERVER2006)
PublicFolderDistributionEn
WebDistributionEnabled : True
DiffRetentionPeriod : 30
Schedule : {Sun.13:00-Sun.13:15, Mon.13:00-Mon.13:15, Tu
e.13:00-Tue.13:15, Wed.13:00-Wed.13:15, Thu.1
3:00-Thu.13:15, Fri.13:00-Fri.13:15, Sat.13:0
0-Sat.13:15}
VirtualDirectories : {SERVER2010\OAB (Default Web Site), SERVER201
0\OAB (SBS Web Applications)}
ExchangeVersion : 0.1 (8.0.535.0)
AdminDisplayName :
Name : Default Offline Address List
DistinguishedName : CN=Default Offline Address List,CN=Offline Ad
dress Lists,CN=Address Lists Container,CN=Fir
st Organization,CN=Microsoft Exchange,CN=Serv
ices,CN=Configuration,DC=d
Identity : \Default Offline Address List
Guid : dd8107d5-8969-4820-8a90-89
ObjectCategory : domain.local/Configuration
AB
ObjectClass : {top, msExchOAB}
WhenChanged : 14/04/2010 13:55:06
WhenCreated : 20/05/2005 16:25:15
OriginatingServer : SERVER2010.domain.local
IsValid : True
I'm a bit stuck now. Anyone got any ideas?
ASKER
In addition to this, if I go to Exchange Management Console > Toolbox > Public Folder Management Console > System Public Folders > OFFLINE ADDRESS BOOK, there are 3 entries. If I right-click any of these and choose update, I get the error shown in the screengrab below.
3.png
3.png
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I take it this is SBS 2008?
Some people have reported this being fixed by turning off "kernel mode authentication" in IIS:
Disable Kernel Mode authentication by using IIS Manager. To do this, follow these steps:
Click Start, click Run, type inetmgr.exe, and then click OK.
In IIS Manager, expand server name, expand Web sites, and then click the Web site that you want to change.
Double-click Authentication, click Windows Authentication to highlight it, and then click Advanced Settings in the Action pane.
Click to clear the Enable Kernel-mode authentication box.
Some people have reported this being fixed by turning off "kernel mode authentication" in IIS:
Disable Kernel Mode authentication by using IIS Manager. To do this, follow these steps:
Click Start, click Run, type inetmgr.exe, and then click OK.
In IIS Manager, expand server name, expand Web sites, and then click the Web site that you want to change.
Double-click Authentication, click Windows Authentication to highlight it, and then click Advanced Settings in the Action pane.
Click to clear the Enable Kernel-mode authentication box.
Hello
First off all, your Public folder database is still on the SERVER2006.
that means that an OAB v3 or 4 is still distributed from the 2006, to Ooutlook 2003 clients or Outlook 2007 clients that cannot download for any reason, the oab through web services.
==> you should make sure replicate your PF to the 2010 server, and assign the 2010 database the default public folder database on the 2010.
After that :
Is the <Drive Letter>:\Program Files\Microsoft\Exchange Server\ClientAccess\OAB folder existing on the CAS server ?
Do you have files in their (verify the modification dates) ?
Do you find in the eventvwr, the eventid 1008 ? (you should)
After that,
First off all, your Public folder database is still on the SERVER2006.
that means that an OAB v3 or 4 is still distributed from the 2006, to Ooutlook 2003 clients or Outlook 2007 clients that cannot download for any reason, the oab through web services.
==> you should make sure replicate your PF to the 2010 server, and assign the 2010 database the default public folder database on the 2010.
After that :
Is the <Drive Letter>:\Program Files\Microsoft\Exchange Server\ClientAccess\OAB folder existing on the CAS server ?
Do you have files in their (verify the modification dates) ?
Do you find in the eventvwr, the eventid 1008 ? (you should)
After that,
ASKER
Hi both,
Thanks for the tips. Ok, here goes:
MegaNuk3 - I tried to find the folder you mentioned on the CAS. I don't see a V13 folder but I see ClientAccess\OAB and ExchangeOAB. I set read permissions for authenticated users on both these folders - still the same.
Regarding your second point about kernle-mode authentication...do you mean click on 'Default WebSite' root or click 'OAB' within default website? If I click 'Default WebSite' root, Windows authentication is disabled. Should this be enabled? If I click the OAB folder, Windows authentication is enabled, but kernel-mode authentication is already disabled.
seb_acker - I think you might have it here. If I look at Exchange System Manager on the SBS2003 box, I can see the three offline address books (under public folder instances) though the last time I looked in here it was empty! They are the only folders in there. I did a replicate now on the Public Folder store on the SBS 2003 box and they're now gone.
Even before I did that, the folder you mentioned does exist on the CAS. Modified dates are shown in attached screengrab.
In event viewer I have some 1008 entries (Source: Exchange Migration, Category: Move Mailbox) but these relate to failed mailbox moves that have now been resolved....so not too sure on that one.
And the error's on the client machines continue. :(
I thought getting those public folder onto the SBS 2008 box would fix it but it hasn't. Anything else I can try?
1.png
2.png
Thanks for the tips. Ok, here goes:
MegaNuk3 - I tried to find the folder you mentioned on the CAS. I don't see a V13 folder but I see ClientAccess\OAB and ExchangeOAB. I set read permissions for authenticated users on both these folders - still the same.
Regarding your second point about kernle-mode authentication...do you mean click on 'Default WebSite' root or click 'OAB' within default website? If I click 'Default WebSite' root, Windows authentication is disabled. Should this be enabled? If I click the OAB folder, Windows authentication is enabled, but kernel-mode authentication is already disabled.
seb_acker - I think you might have it here. If I look at Exchange System Manager on the SBS2003 box, I can see the three offline address books (under public folder instances) though the last time I looked in here it was empty! They are the only folders in there. I did a replicate now on the Public Folder store on the SBS 2003 box and they're now gone.
Even before I did that, the folder you mentioned does exist on the CAS. Modified dates are shown in attached screengrab.
In event viewer I have some 1008 entries (Source: Exchange Migration, Category: Move Mailbox) but these relate to failed mailbox moves that have now been resolved....so not too sure on that one.
And the error's on the client machines continue. :(
I thought getting those public folder onto the SBS 2008 box would fix it but it hasn't. Anything else I can try?
1.png
2.png
ASKER
Also, on the offline address folders in Public Folder Management console (SBS 2008) I have only the SBS 2008 in the replication tab. I previously had SBS 2003 machine in there too. Should I add this?
You intend to migrate your users and PF to the sbs : so the public folderreplicas on the exchange 2003 are no more to be used.
Get-OfflineAddressbook | ft identity, publicfolderdatabase
(post the results please)
=> you should only see there "SBS 2008 server" public folderdatabase...
On wich server are your users located ?
after that, launch get-mailboxdatabase | ft name, *public*
and post the results
The dates seems a little bit old (13/04). Just to be sure.
Modify an user attribute (phone per exemple), then try get-offlineaddressbook | update-offlineaddressbook, and see after a few minutes, if the date of some of these files are current (only soime files should have a current date, as they will be the differential).
Get-OfflineAddressbook | ft identity, publicfolderdatabase
(post the results please)
=> you should only see there "SBS 2008 server" public folderdatabase...
On wich server are your users located ?
after that, launch get-mailboxdatabase | ft name, *public*
and post the results
The dates seems a little bit old (13/04). Just to be sure.
Modify an user attribute (phone per exemple), then try get-offlineaddressbook | update-offlineaddressbook,
ASKER
Hi seb,
Thanks again. Ok, so I ran: Get-OfflineAddressbook | ft identity, publicfolderdatabase and still it only shows the SBS 2003 server. Results:
Identity PublicFolderDatabase
-------- --------------------
\Default Offline Address List SERVER2006\First Storage Group\Publi...
Running get-mailboxdatabase | ft name, *public* gives me:
Name PublicFolderDatabase
---- --------------------
Mailbox Database SERVER2010\Second Storage Group\Publ...
I updated a telephone number for a user in AD and ran get-offlineaddressbook | update-offlineaddressbook and the file now has a modified date of 5 minutes ago.
At the moment, all mailboxes etc. are on the new SBS 2008 server. The user accounts...well, I can modify them via the SBS 2008 box but they're not yet showing under the SBS Console (I understand there are some steps I need to carry out later in the migration for this happen.
I suppose the issue here is that the public folder database is still showing the old server...
Cheers,
Zak
Thanks again. Ok, so I ran: Get-OfflineAddressbook | ft identity, publicfolderdatabase and still it only shows the SBS 2003 server. Results:
Identity PublicFolderDatabase
-------- --------------------
\Default Offline Address List SERVER2006\First Storage Group\Publi...
Running get-mailboxdatabase | ft name, *public* gives me:
Name PublicFolderDatabase
---- --------------------
Mailbox Database SERVER2010\Second Storage Group\Publ...
I updated a telephone number for a user in AD and ran get-offlineaddressbook | update-offlineaddressbook and the file now has a modified date of 5 minutes ago.
At the moment, all mailboxes etc. are on the new SBS 2008 server. The user accounts...well, I can modify them via the SBS 2008 box but they're not yet showing under the SBS Console (I understand there are some steps I need to carry out later in the migration for this happen.
I suppose the issue here is that the public folder database is still showing the old server...
Cheers,
Zak
ok
you did not replicate all the public folders...
launch the following :
go to c:\program files\microsoft\exchange\v 14\scripts
.\AddReplicaToPFRecursive. ps1 -TopPublicFolder '\NON_IPM_SUBTREE' -ServerToAdd SERVER2010
please check the replication schedule on both public folders (server2006 and server2010), so that they always can replicate.
after a while, launch the command get-publicfolder '\NON_IPM_SUBTREE' -server 2010 | get-publicfoderstatistics -server 2010, and post the results
you did not replicate all the public folders...
launch the following :
go to c:\program files\microsoft\exchange\v
.\AddReplicaToPFRecursive.
please check the replication schedule on both public folders (server2006 and server2010), so that they always can replicate.
after a while, launch the command get-publicfolder '\NON_IPM_SUBTREE' -server 2010 | get-publicfoderstatistics -server 2010, and post the results
ASKER
Hi,
Ok, tried that command but got an error relating to permissions. Can you tell me what permissions I need to set? Don't want to go changing anything I'm not 100% sure about. Screengrab with error attached.
Cheers,
Zak
3.png
Ok, tried that command but got an error relating to permissions. Can you tell me what permissions I need to set? Don't want to go changing anything I'm not 100% sure about. Screengrab with error attached.
Cheers,
Zak
3.png
ASKER
Also, because of this issue, should I add server2006 back in to the replication tab of the folders?
Folders on both servers are set to always replicate.
Folders on both servers are set to always replicate.
It's allright, you had to get permission errors.
launch
get-publicfolder "NON_IPM_SUBTREE" -Recurse | ft name, replicas
Post results (copy paste, no need to screenshot)
launch
get-publicfolder "NON_IPM_SUBTREE" -Recurse | ft name, replicas
Post results (copy paste, no need to screenshot)
ASKER
Ok. :)
Here are the results:
[PS] C:\windows\system32>get-pu blicfolder "NON_IPM_SUBTREE" -Recurse | ft name,
replicas
Get-PublicFolder : There is no existing PublicFolder that matches the following
Identity: 'NON_IPM_SUBTREE'. Please make sure that you specified the correct P
ublicFolder Identity and that you have the necessary permissions to view Public
Folder.
At line:1 char:17
+ get-publicfolder <<<< "NON_IPM_SUBTREE" -Recurse | ft name, replicas
+ CategoryInfo : NotSpecified: (0:Int32) [Get-PublicFolder], Mapi
OperationException
+ FullyQualifiedErrorId : 66AF8B3E,Microsoft.Exchang e.Manageme nt.MapiTas ks
.GetPublicFolder
Here are the results:
[PS] C:\windows\system32>get-pu
replicas
Get-PublicFolder : There is no existing PublicFolder that matches the following
Identity: 'NON_IPM_SUBTREE'. Please make sure that you specified the correct P
ublicFolder Identity and that you have the necessary permissions to view Public
Folder.
At line:1 char:17
+ get-publicfolder <<<< "NON_IPM_SUBTREE" -Recurse | ft name, replicas
+ CategoryInfo : NotSpecified: (0:Int32) [Get-PublicFolder], Mapi
OperationException
+ FullyQualifiedErrorId : 66AF8B3E,Microsoft.Exchang
.GetPublicFolder
sorry
get-publicfolder "\NON_IPM_SUBTREE" -Recurse | ft name, replicas
get-publicfolder "\NON_IPM_SUBTREE" -Recurse | ft name, replicas
ASKER
Cool, here we go:
[PS] C:\windows\system32>get-pu blicfolder "\NON_IPM_SUBTREE" -Recurse | ft name,
replicas
Name Replicas
---- --------
NON_IPM_SUBTREE {}
EFORMS REGISTRY {}
Events Root {SERVER2010\Second Storage Group\Pub...
OFFLINE ADDRESS BOOK {}
/o=First Organization/cn=addrlists/ c... {SERVER2010\Second Storage Group\Pub...
OAB Version 2 {SERVER2010\Second Storage Group\Pub...
OAB Version 3a {SERVER2010\Second Storage Group\Pub...
OAB Version 4 {SERVER2010\Second Storage Group\Pub...
EX:/o=First Organization/ou=Exchange.. . {SERVER2010\Second Storage Group\Pub...
EX:/o=First Organization/ou=first ad... {SERVER2010\Second Storage Group\Pub...
OWAScratchPad{332AB33A-453 A-4D00-84B ... {SERVER2010\Second Storage Group\Pub...
OWAScratchPad{8EE8E0A3-1B6 0-4E73-BCB ... {SERVER2010\Second Storage Group\Pub...
SCHEDULE+ FREE BUSY {}
EX:/o=First Organization/ou=Exchange.. . {SERVER2010\Second Storage Group\Pub...
EX:/o=First Organization/ou=first ad... {SERVER2010\Second Storage Group\Pub...
schema-root {SERVER2010\Second Storage Group\Pub...
Default {SERVER2010\Second Storage Group\Pub...
microsoft {SERVER2010\Second Storage Group\Pub...
exchangeV1 {SERVER2010\Second Storage Group\Pub...
StoreEvents{332AB33A-453A- 4D00-84BD- ... {SERVER2010\Second Storage Group\Pub...
globalevents {SERVER2010\Second Storage Group\Pub...
internal {SERVER2010\Second Storage Group\Pub...
StoreEvents{8EE8E0A3-1B60- 4E73-BCB4- ... {SERVER2010\Second Storage Group\Pub...
globalevents {SERVER2010\Second Storage Group\Pub...
internal {SERVER2010\Second Storage Group\Pub...
[PS] C:\windows\system32>get-pu
replicas
Name Replicas
---- --------
NON_IPM_SUBTREE {}
EFORMS REGISTRY {}
Events Root {SERVER2010\Second Storage Group\Pub...
OFFLINE ADDRESS BOOK {}
/o=First Organization/cn=addrlists/
OAB Version 2 {SERVER2010\Second Storage Group\Pub...
OAB Version 3a {SERVER2010\Second Storage Group\Pub...
OAB Version 4 {SERVER2010\Second Storage Group\Pub...
EX:/o=First Organization/ou=Exchange..
EX:/o=First Organization/ou=first ad... {SERVER2010\Second Storage Group\Pub...
OWAScratchPad{332AB33A-453
OWAScratchPad{8EE8E0A3-1B6
SCHEDULE+ FREE BUSY {}
EX:/o=First Organization/ou=Exchange..
EX:/o=First Organization/ou=first ad... {SERVER2010\Second Storage Group\Pub...
schema-root {SERVER2010\Second Storage Group\Pub...
Default {SERVER2010\Second Storage Group\Pub...
microsoft {SERVER2010\Second Storage Group\Pub...
exchangeV1 {SERVER2010\Second Storage Group\Pub...
StoreEvents{332AB33A-453A-
globalevents {SERVER2010\Second Storage Group\Pub...
internal {SERVER2010\Second Storage Group\Pub...
StoreEvents{8EE8E0A3-1B60-
globalevents {SERVER2010\Second Storage Group\Pub...
internal {SERVER2010\Second Storage Group\Pub...
Get-OfflineAddressbook | FL
ASKER
[PS] C:\windows\system32>Get-Of flineAddre ssbook | FL
Server : SERVER2010
AddressLists : {\Default Global Address List}
Versions : {Version2, Version3, Version4}
IsDefault : True
PublicFolderDatabase : SERVER2006\First Storage Group\Public Folder
Store (SERVER2006)
PublicFolderDistributionEn abled : True
WebDistributionEnabled : True
DiffRetentionPeriod : 30
Schedule : {Sun.01:00-Sun.01:15, Mon.01:00-Mon.01:15, Tu
e.01:00-Tue.01:15, Wed.01:00-Wed.01:15, Thu.0
1:00-Thu.01:15, Fri.01:00-Fri.01:15, Sat.01:0
0-Sat.01:15}
VirtualDirectories : {SERVER2010\OAB (Default Web Site), SERVER201
0\OAB (SBS Web Applications)}
ExchangeVersion : 0.1 (8.0.535.0)
AdminDisplayName :
Name : Default Offline Address List
DistinguishedName : CN=Default Offline Address List,CN=Offline Ad
dress Lists,CN=Address Lists Container,CN=Fir
st Organization,CN=Microsoft Exchange,CN=Serv
ices,CN=Configuration,DC=c olumbus,DC =local
Identity : \Default Offline Address List
Guid : dd8107d5-8969-4820-8a90-89 d34d05c998
ObjectCategory : columbus.local/Configurati on/Schema/ ms-Exch-O
AB
ObjectClass : {top, msExchOAB}
WhenChanged : 14/04/2010 22:11:21
WhenCreated : 20/05/2005 16:25:15
OriginatingServer : SERVER2010.columbus.local
IsValid : True
---------------
Still 2006 by the looks of things. :(
Server : SERVER2010
AddressLists : {\Default Global Address List}
Versions : {Version2, Version3, Version4}
IsDefault : True
PublicFolderDatabase : SERVER2006\First Storage Group\Public Folder
Store (SERVER2006)
PublicFolderDistributionEn
WebDistributionEnabled : True
DiffRetentionPeriod : 30
Schedule : {Sun.01:00-Sun.01:15, Mon.01:00-Mon.01:15, Tu
e.01:00-Tue.01:15, Wed.01:00-Wed.01:15, Thu.0
1:00-Thu.01:15, Fri.01:00-Fri.01:15, Sat.01:0
0-Sat.01:15}
VirtualDirectories : {SERVER2010\OAB (Default Web Site), SERVER201
0\OAB (SBS Web Applications)}
ExchangeVersion : 0.1 (8.0.535.0)
AdminDisplayName :
Name : Default Offline Address List
DistinguishedName : CN=Default Offline Address List,CN=Offline Ad
dress Lists,CN=Address Lists Container,CN=Fir
st Organization,CN=Microsoft Exchange,CN=Serv
ices,CN=Configuration,DC=c
Identity : \Default Offline Address List
Guid : dd8107d5-8969-4820-8a90-89
ObjectCategory : columbus.local/Configurati
AB
ObjectClass : {top, msExchOAB}
WhenChanged : 14/04/2010 22:11:21
WhenCreated : 20/05/2005 16:25:15
OriginatingServer : SERVER2010.columbus.local
IsValid : True
---------------
Still 2006 by the looks of things. :(
rrrr
second, i have to test a command line, to be sure
second, i have to test a command line, to be sure
We will create a new oab, to see where it goes :
$a = Get-AddressList
New-OfflineAddressBook -Name "NewOfflineAddressBook" -Server Server2010.colombus.local -AddressLists $a
after that :
Get-OfflineAddressbook | FL
$a = Get-AddressList
New-OfflineAddressBook -Name "NewOfflineAddressBook" -Server Server2010.colombus.local -AddressLists $a
after that :
Get-OfflineAddressbook | FL
ASKER
Ok, looks like that's gone on SERVER 2010. Here are my results:
[PS] C:\windows\system32>New-Of flineAddre ssBook -Name "NewOfflineAddressBook" -S
erver Server2010.columbus.local -AddressLists $a
WARNING: The offline address book has not been enabled for public folder
distribution or web distribution. Users will not be able to download the
content of the offline address book.
Name Server Versions AddressLists
---- ------ -------- ------------
NewOfflineAddres... SERVER2010 {Version4} {\All Rooms, \Pu...
[PS] C:\windows\system32>
[PS] C:\windows\system32>Get-Of flineAddre ssbook | FL
Server : SERVER2010
AddressLists : {\Default Global Address List}
Versions : {Version2, Version3, Version4}
IsDefault : True
PublicFolderDatabase : SERVER2006\First Storage Group\Public Folder
Store (SERVER2006)
PublicFolderDistributionEn abled : True
WebDistributionEnabled : True
DiffRetentionPeriod : 30
Schedule : {Sun.01:00-Sun.01:15, Mon.01:00-Mon.01:15, Tu
e.01:00-Tue.01:15, Wed.01:00-Wed.01:15, Thu.0
1:00-Thu.01:15, Fri.01:00-Fri.01:15, Sat.01:0
0-Sat.01:15}
VirtualDirectories : {SERVER2010\OAB (Default Web Site), SERVER201
0\OAB (SBS Web Applications)}
ExchangeVersion : 0.1 (8.0.535.0)
AdminDisplayName :
Name : Default Offline Address List
DistinguishedName : CN=Default Offline Address List,CN=Offline Ad
dress Lists,CN=Address Lists Container,CN=Fir
st Organization,CN=Microsoft Exchange,CN=Serv
ices,CN=Configuration,DC=c olumbus,DC =local
Identity : \Default Offline Address List
Guid : dd8107d5-8969-4820-8a90-89 d34d05c998
ObjectCategory : columbus.local/Configurati on/Schema/ ms-Exch-O
AB
ObjectClass : {top, msExchOAB}
WhenChanged : 14/04/2010 22:11:21
WhenCreated : 20/05/2005 16:25:15
OriginatingServer : SERVER2010.columbus.local
IsValid : True
Server : SERVER2010
AddressLists : {\All Rooms, \Public Folders, \All Contacts,
\All Groups, \All Users}
Versions : {Version4}
IsDefault : False
PublicFolderDatabase :
PublicFolderDistributionEn abled : False
WebDistributionEnabled : False
DiffRetentionPeriod : 30
Schedule : {Sun.05:00-Sun.05:15, Mon.05:00-Mon.05:15, Tu
e.05:00-Tue.05:15, Wed.05:00-Wed.05:15, Thu.0
5:00-Thu.05:15, Fri.05:00-Fri.05:15, Sat.05:0
0-Sat.05:15}
VirtualDirectories : {}
ExchangeVersion : 0.1 (8.0.535.0)
AdminDisplayName :
Name : NewOfflineAddressBook
DistinguishedName : CN=NewOfflineAddressBook,C N=Offline Address L
ists,CN=Address Lists Container,CN=First Orga
nization,CN=Microsoft Exchange,CN=Services,CN
=Configuration,DC=columbus ,DC=local
Identity : \NewOfflineAddressBook
Guid : 0d3177d4-47e6-405b-bc91-ed 8893feab5f
ObjectCategory : columbus.local/Configurati on/Schema/ ms-Exch-O
AB
ObjectClass : {top, msExchOAB}
WhenChanged : 16/04/2010 13:04:18
WhenCreated : 16/04/2010 13:04:18
OriginatingServer : SERVER2010.columbus.local
IsValid : True
[PS] C:\windows\system32>New-Of
erver Server2010.columbus.local -AddressLists $a
WARNING: The offline address book has not been enabled for public folder
distribution or web distribution. Users will not be able to download the
content of the offline address book.
Name Server Versions AddressLists
---- ------ -------- ------------
NewOfflineAddres... SERVER2010 {Version4} {\All Rooms, \Pu...
[PS] C:\windows\system32>
[PS] C:\windows\system32>Get-Of
Server : SERVER2010
AddressLists : {\Default Global Address List}
Versions : {Version2, Version3, Version4}
IsDefault : True
PublicFolderDatabase : SERVER2006\First Storage Group\Public Folder
Store (SERVER2006)
PublicFolderDistributionEn
WebDistributionEnabled : True
DiffRetentionPeriod : 30
Schedule : {Sun.01:00-Sun.01:15, Mon.01:00-Mon.01:15, Tu
e.01:00-Tue.01:15, Wed.01:00-Wed.01:15, Thu.0
1:00-Thu.01:15, Fri.01:00-Fri.01:15, Sat.01:0
0-Sat.01:15}
VirtualDirectories : {SERVER2010\OAB (Default Web Site), SERVER201
0\OAB (SBS Web Applications)}
ExchangeVersion : 0.1 (8.0.535.0)
AdminDisplayName :
Name : Default Offline Address List
DistinguishedName : CN=Default Offline Address List,CN=Offline Ad
dress Lists,CN=Address Lists Container,CN=Fir
st Organization,CN=Microsoft Exchange,CN=Serv
ices,CN=Configuration,DC=c
Identity : \Default Offline Address List
Guid : dd8107d5-8969-4820-8a90-89
ObjectCategory : columbus.local/Configurati
AB
ObjectClass : {top, msExchOAB}
WhenChanged : 14/04/2010 22:11:21
WhenCreated : 20/05/2005 16:25:15
OriginatingServer : SERVER2010.columbus.local
IsValid : True
Server : SERVER2010
AddressLists : {\All Rooms, \Public Folders, \All Contacts,
\All Groups, \All Users}
Versions : {Version4}
IsDefault : False
PublicFolderDatabase :
PublicFolderDistributionEn
WebDistributionEnabled : False
DiffRetentionPeriod : 30
Schedule : {Sun.05:00-Sun.05:15, Mon.05:00-Mon.05:15, Tu
e.05:00-Tue.05:15, Wed.05:00-Wed.05:15, Thu.0
5:00-Thu.05:15, Fri.05:00-Fri.05:15, Sat.05:0
0-Sat.05:15}
VirtualDirectories : {}
ExchangeVersion : 0.1 (8.0.535.0)
AdminDisplayName :
Name : NewOfflineAddressBook
DistinguishedName : CN=NewOfflineAddressBook,C
ists,CN=Address Lists Container,CN=First Orga
nization,CN=Microsoft Exchange,CN=Services,CN
=Configuration,DC=columbus
Identity : \NewOfflineAddressBook
Guid : 0d3177d4-47e6-405b-bc91-ed
ObjectCategory : columbus.local/Configurati
AB
ObjectClass : {top, msExchOAB}
WhenChanged : 16/04/2010 13:04:18
WhenCreated : 16/04/2010 13:04:18
OriginatingServer : SERVER2010.columbus.local
IsValid : True
ASKER
Or in fact...has it not gone anywhere? "PublicFolderDatabase :" :(
Oup s:) enable the publicfolder ditribution on the new oab ;)
ASKER
Sorry, had to go to another job yesterday so just picking this up again now. So all I need to do now is enable public folder distribution on that new oab (under Exchange Management Console > Organisation > Mailbox > Offline Address Book)? Under Server Configuration > Mailbox > Database Management > Mailbox Database, i've also set the new OAB under the Client Settings tab. You think that should be? If so, you desrver several thousand points!
ASKER
Still getting the error in Outlook, but I'm guessing it might just take time to propogate....?
ASKER
I'm now back to getting: 0X8004010F. :(
ASKER
Sorry for all the comments but, looking at the below, there is no entry for offline address book or schedule+ free busy...though free busy is still working. I thought I had it aswell. :(
[PS] C:\windows\system32>get-pu blicfolder "\NON_IPM_SUBTREE" -Recurse | ft name,
replicas
Name Replicas
---- --------
NON_IPM_SUBTREE {}
EFORMS REGISTRY {}
Events Root {SERVER2010\Second Storage Group\Pub...
OFFLINE ADDRESS BOOK {}
/o=First Organization/cn=addrlists/ c... {SERVER2010\Second Storage Group\Pub...
OAB Version 2 {SERVER2010\Second Storage Group\Pub...
OAB Version 3a {SERVER2010\Second Storage Group\Pub...
OAB Version 4 {SERVER2010\Second Storage Group\Pub...
/o=First Organization/cn=addrlists/ c... {SERVER2010\Second Storage Group\Pub...
OAB Version 2 {SERVER2010\Second Storage Group\Pub...
OAB Version 3a {SERVER2010\Second Storage Group\Pub...
OAB Version 4 {SERVER2010\Second Storage Group\Pub...
EX:/o=First Organization/ou=Exchange.. . {SERVER2010\Second Storage Group\Pub...
EX:/o=First Organization/ou=first ad... {SERVER2010\Second Storage Group\Pub...
OWAScratchPad{332AB33A-453 A-4D00-84B ... {SERVER2010\Second Storage Group\Pub...
OWAScratchPad{8EE8E0A3-1B6 0-4E73-BCB ... {SERVER2010\Second Storage Group\Pub...
SCHEDULE+ FREE BUSY {}
EX:/o=First Organization/ou=Exchange.. . {SERVER2010\Second Storage Group\Pub...
EX:/o=First Organization/ou=first ad... {SERVER2010\Second Storage Group\Pub...
schema-root {SERVER2010\Second Storage Group\Pub...
Default {SERVER2010\Second Storage Group\Pub...
microsoft {SERVER2010\Second Storage Group\Pub...
exchangeV1 {SERVER2010\Second Storage Group\Pub...
StoreEvents{332AB33A-453A- 4D00-84BD- ... {SERVER2010\Second Storage Group\Pub...
globalevents {SERVER2010\Second Storage Group\Pub...
internal {SERVER2010\Second Storage Group\Pub...
StoreEvents{8EE8E0A3-1B60- 4E73-BCB4- ... {SERVER2010\Second Storage Group\Pub...
globalevents {SERVER2010\Second Storage Group\Pub...
internal {SERVER2010\Second Storage Group\Pub...
[PS] C:\windows\system32>get-pu
replicas
Name Replicas
---- --------
NON_IPM_SUBTREE {}
EFORMS REGISTRY {}
Events Root {SERVER2010\Second Storage Group\Pub...
OFFLINE ADDRESS BOOK {}
/o=First Organization/cn=addrlists/
OAB Version 2 {SERVER2010\Second Storage Group\Pub...
OAB Version 3a {SERVER2010\Second Storage Group\Pub...
OAB Version 4 {SERVER2010\Second Storage Group\Pub...
/o=First Organization/cn=addrlists/
OAB Version 2 {SERVER2010\Second Storage Group\Pub...
OAB Version 3a {SERVER2010\Second Storage Group\Pub...
OAB Version 4 {SERVER2010\Second Storage Group\Pub...
EX:/o=First Organization/ou=Exchange..
EX:/o=First Organization/ou=first ad... {SERVER2010\Second Storage Group\Pub...
OWAScratchPad{332AB33A-453
OWAScratchPad{8EE8E0A3-1B6
SCHEDULE+ FREE BUSY {}
EX:/o=First Organization/ou=Exchange..
EX:/o=First Organization/ou=first ad... {SERVER2010\Second Storage Group\Pub...
schema-root {SERVER2010\Second Storage Group\Pub...
Default {SERVER2010\Second Storage Group\Pub...
microsoft {SERVER2010\Second Storage Group\Pub...
exchangeV1 {SERVER2010\Second Storage Group\Pub...
StoreEvents{332AB33A-453A-
globalevents {SERVER2010\Second Storage Group\Pub...
internal {SERVER2010\Second Storage Group\Pub...
StoreEvents{8EE8E0A3-1B60-
globalevents {SERVER2010\Second Storage Group\Pub...
internal {SERVER2010\Second Storage Group\Pub...
Hello
Your addres book are located under the OFFLINE Address BOOK tree : you have the entries you need there (EX:/o=First Organization/ou=Exchange.. .)
Now you've got a new adress book, can you get the results of : get-offlineaddressbook | fl ?
Your addres book are located under the OFFLINE Address BOOK tree : you have the entries you need there (EX:/o=First Organization/ou=Exchange..
Now you've got a new adress book, can you get the results of : get-offlineaddressbook | fl ?
ASKER
Ah, ok. So the missing entries aren't needed then?
Here are the results:
[PS] C:\Windows\system32>get-of flineaddre ssbook | fl
Server : SERVER2010
AddressLists : {\Default Global Address List}
Versions : {Version2, Version3, Version4}
IsDefault : True
PublicFolderDatabase : SERVER2006\First Storage Group\Public Folder
Store (SERVER2006)
PublicFolderDistributionEn abled : True
WebDistributionEnabled : True
DiffRetentionPeriod : 30
Schedule : {Sun.01:00-Sun.01:15, Mon.01:00-Mon.01:15, Tu
e.01:00-Tue.01:15, Wed.01:00-Wed.01:15, Thu.0
1:00-Thu.01:15, Fri.01:00-Fri.01:15, Sat.01:0
0-Sat.01:15}
VirtualDirectories : {SERVER2010\OAB (Default Web Site), SERVER201
0\OAB (SBS Web Applications)}
ExchangeVersion : 0.1 (8.0.535.0)
AdminDisplayName :
Name : Default Offline Address List
DistinguishedName : CN=Default Offline Address List,CN=Offline Ad
dress Lists,CN=Address Lists Container,CN=Fir
st Organization,CN=Microsoft Exchange,CN=Serv
ices,CN=Configuration,DC=c olumbus,DC =local
Identity : \Default Offline Address List
Guid : dd8107d5-8969-4820-8a90-89 d34d05c998
ObjectCategory : columbus.local/Configurati on/Schema/ ms-Exch-O
AB
ObjectClass : {top, msExchOAB}
WhenChanged : 17/04/2010 10:50:51
WhenCreated : 20/05/2005 16:25:15
OriginatingServer : SERVER2006.columbus.local
IsValid : True
Server : SERVER2010
AddressLists : {\Default Global Address List, \All Rooms, \P
ublic Folders, \All Contacts, \All Groups, \A
ll Users}
Versions : {Version3, Version4}
IsDefault : False
PublicFolderDatabase : SERVER2010\Second Storage Group\Public Folder
Database
PublicFolderDistributionEn abled : True
WebDistributionEnabled : True
DiffRetentionPeriod : 30
Schedule : {Sun.05:00-Sun.05:15, Mon.05:00-Mon.05:15, Tu
e.05:00-Tue.05:15, Wed.05:00-Wed.05:15, Thu.0
5:00-Thu.05:15, Fri.05:00-Fri.05:15, Sat.05:0
0-Sat.05:15}
VirtualDirectories : {SERVER2010\OAB (Default Web Site), SERVER201
0\OAB (SBS Web Applications)}
ExchangeVersion : 0.1 (8.0.535.0)
AdminDisplayName :
Name : NewOfflineAddressBook
DistinguishedName : CN=NewOfflineAddressBook,C N=Offline Address L
ists,CN=Address Lists Container,CN=First Orga
nization,CN=Microsoft Exchange,CN=Services,CN
=Configuration,DC=columbus ,DC=local
Identity : \NewOfflineAddressBook
Guid : 0d3177d4-47e6-405b-bc91-ed 8893feab5f
ObjectCategory : columbus.local/Configurati on/Schema/ ms-Exch-O
AB
ObjectClass : {top, msExchOAB}
WhenChanged : 17/04/2010 10:50:51
WhenCreated : 16/04/2010 13:04:18
OriginatingServer : SERVER2006.columbus.local
IsValid : True
---------------
Incidentally, for whatever reason, Outlook error has reverted back to 0x80190194. Possibly because I rebooted both servers today.
Cheers.
Here are the results:
[PS] C:\Windows\system32>get-of
Server : SERVER2010
AddressLists : {\Default Global Address List}
Versions : {Version2, Version3, Version4}
IsDefault : True
PublicFolderDatabase : SERVER2006\First Storage Group\Public Folder
Store (SERVER2006)
PublicFolderDistributionEn
WebDistributionEnabled : True
DiffRetentionPeriod : 30
Schedule : {Sun.01:00-Sun.01:15, Mon.01:00-Mon.01:15, Tu
e.01:00-Tue.01:15, Wed.01:00-Wed.01:15, Thu.0
1:00-Thu.01:15, Fri.01:00-Fri.01:15, Sat.01:0
0-Sat.01:15}
VirtualDirectories : {SERVER2010\OAB (Default Web Site), SERVER201
0\OAB (SBS Web Applications)}
ExchangeVersion : 0.1 (8.0.535.0)
AdminDisplayName :
Name : Default Offline Address List
DistinguishedName : CN=Default Offline Address List,CN=Offline Ad
dress Lists,CN=Address Lists Container,CN=Fir
st Organization,CN=Microsoft Exchange,CN=Serv
ices,CN=Configuration,DC=c
Identity : \Default Offline Address List
Guid : dd8107d5-8969-4820-8a90-89
ObjectCategory : columbus.local/Configurati
AB
ObjectClass : {top, msExchOAB}
WhenChanged : 17/04/2010 10:50:51
WhenCreated : 20/05/2005 16:25:15
OriginatingServer : SERVER2006.columbus.local
IsValid : True
Server : SERVER2010
AddressLists : {\Default Global Address List, \All Rooms, \P
ublic Folders, \All Contacts, \All Groups, \A
ll Users}
Versions : {Version3, Version4}
IsDefault : False
PublicFolderDatabase : SERVER2010\Second Storage Group\Public Folder
Database
PublicFolderDistributionEn
WebDistributionEnabled : True
DiffRetentionPeriod : 30
Schedule : {Sun.05:00-Sun.05:15, Mon.05:00-Mon.05:15, Tu
e.05:00-Tue.05:15, Wed.05:00-Wed.05:15, Thu.0
5:00-Thu.05:15, Fri.05:00-Fri.05:15, Sat.05:0
0-Sat.05:15}
VirtualDirectories : {SERVER2010\OAB (Default Web Site), SERVER201
0\OAB (SBS Web Applications)}
ExchangeVersion : 0.1 (8.0.535.0)
AdminDisplayName :
Name : NewOfflineAddressBook
DistinguishedName : CN=NewOfflineAddressBook,C
ists,CN=Address Lists Container,CN=First Orga
nization,CN=Microsoft Exchange,CN=Services,CN
=Configuration,DC=columbus
Identity : \NewOfflineAddressBook
Guid : 0d3177d4-47e6-405b-bc91-ed
ObjectCategory : columbus.local/Configurati
AB
ObjectClass : {top, msExchOAB}
WhenChanged : 17/04/2010 10:50:51
WhenCreated : 16/04/2010 13:04:18
OriginatingServer : SERVER2006.columbus.local
IsValid : True
---------------
Incidentally, for whatever reason, Outlook error has reverted back to 0x80190194. Possibly because I rebooted both servers today.
Cheers.
Your new OAB is correctly setup to the new Publicfolderdatabase. Strange thing is that server2006 is still the originatingserver (but that's not the problem, i just say it's strange, because you created a new OAB from the new server, so this server should be the originating one ^^)
Ok so now, your outlooks have error 0x80190194 again.
is c:\Program Files\Microsoft\Exchange Server\Client Access\OAB\0d3177d4-47e6-4 05b-bc91-e d8893feab5 f populated with accurate files ?
You should find events 1008 (one for each adress book) in your eventvwr.. do you ?
Is your local REMOTE REGISTRY service enabled and started (on the exchange server) ?
Ok so now, your outlooks have error 0x80190194 again.
is c:\Program Files\Microsoft\Exchange Server\Client Access\OAB\0d3177d4-47e6-4
You should find events 1008 (one for each adress book) in your eventvwr.. do you ?
Is your local REMOTE REGISTRY service enabled and started (on the exchange server) ?
ASKER
Hi again,
Ok, I don't have any of the 1008 events in event viewer...what I did notice though, were several other events under the category "OAL Generator". Event ID's : 9337 (several), 9360, 9109, 9340. I've pasted some ones I thought might be relevant below:
"OALGen did not find any recipients in address list '\All Rooms'. This offline address list will not be generated.
- NewOfflineAddressBook"
"OALGen encountered an error while generating the changes.oab file for version 2 and 3 differential downloads of address list '\Global Address List'. The offline address list has not been updated so clients will not be able to download the current set of changes. Check other logged events to find the cause of this error.
If the cause of the problem was intentional or cannot be resolved, OALGen can be forced to post a full offline address list by creating the DWORD registry key 'HKEY_LOCAL_MACHINE\SYSTEM \CurrentCo ntrolSet\S ervices\MS ExchangeSA \Parameter s\OAL post full if diff fails' and setting it to 1 on this server. When OALGen next generates the offline address list, clients will perform a full OAB download. After that time, the registry key should be removed to prevent further full downloads.
- Default Offline Address List "
The above error is 9360. I've not yet followed what it says as I wanted to see your thoughts on it first. Do you think I should go ahead and make that registry change?
Also, REMOTE REGISTRY is enabled and started on the SBS 2008 box.
Cheers,
Zak
Ok, I don't have any of the 1008 events in event viewer...what I did notice though, were several other events under the category "OAL Generator". Event ID's : 9337 (several), 9360, 9109, 9340. I've pasted some ones I thought might be relevant below:
"OALGen did not find any recipients in address list '\All Rooms'. This offline address list will not be generated.
- NewOfflineAddressBook"
"OALGen encountered an error while generating the changes.oab file for version 2 and 3 differential downloads of address list '\Global Address List'. The offline address list has not been updated so clients will not be able to download the current set of changes. Check other logged events to find the cause of this error.
If the cause of the problem was intentional or cannot be resolved, OALGen can be forced to post a full offline address list by creating the DWORD registry key 'HKEY_LOCAL_MACHINE\SYSTEM
- Default Offline Address List "
The above error is 9360. I've not yet followed what it says as I wanted to see your thoughts on it first. Do you think I should go ahead and make that registry change?
Also, REMOTE REGISTRY is enabled and started on the SBS 2008 box.
Cheers,
Zak
These errors are not really embarrassing, and could be normal.
The fact is that if you dont have any 1008 event, your OAB is not replicated by FDS to the distribution folder on your server.
please check again, following this article to better understand :
http://blogs.msdn.com/dgoldman/archive/2006/11/27/Error-0x80190194-when-using-an-outlook-2007-client-to-download-a-web-distribution-enabled-oab.aspx
The fact is that if you dont have any 1008 event, your OAB is not replicated by FDS to the distribution folder on your server.
please check again, following this article to better understand :
http://blogs.msdn.com/dgoldman/archive/2006/11/27/Error-0x80190194-when-using-an-outlook-2007-client-to-download-a-web-distribution-enabled-oab.aspx
ASKER
I've had a good read at that link but still am no further forward. Is there any chance you could explain these steps in a bit more details please?
"1. Delete all of the OAB folders in the distrubition point.
2. Open both directories for the OAB and \Client Access\OAB
3. Change the polling interval to 2 minutes (this will speed up the test). Run Get-OabVirtualDirectory| Set-OabVirtualDirectory -pollinterval 2. (You will want to change this back after).
4. Rebuild your OAB and then watch to see if the folder gets replicated over."
Thanks,
Zak
"1. Delete all of the OAB folders in the distrubition point.
2. Open both directories for the OAB and \Client Access\OAB
3. Change the polling interval to 2 minutes (this will speed up the test). Run Get-OabVirtualDirectory| Set-OabVirtualDirectory -pollinterval 2. (You will want to change this back after).
4. Rebuild your OAB and then watch to see if the folder gets replicated over."
Thanks,
Zak
ASKER
Ok, I've figured out something else...maybe. If I look at the Outlook auto-configuration, the OAB URL (under Protocol: Exchange RPC) is: http://autodiscover.columbustelecom.com/oab/0d3177d4-47e6-405b-bc91-ed8893feab5f/
and under Protocol: Exchange HTTP it's: https://autodiscover.columbustelecom.com/oab/0d3177d4-47e6-405b-bc91-ed8893feab5f/
Should these point to https://autodiscover.columbustelecom.com/oab/0d3177d4-47e6-405b-bc91-ed8893feab5f/oab.xml (oab.xml on the end)?
Also, if I browse to
https://autodiscover.columbustelecom.com/oab/0d3177d4-47e6-405b-bc91-ed8893feab5f/oab.xml - I can see the file.
If I browse to https://autodiscover.columbustelecom.com/oab/0d3177d4-47e6-405b-bc91-ed8893feab5f/ I get access denied
If I browse to the address with or without OAB.xml on the end, I get a 404 error.
Any ideas?
Thanks again.
and under Protocol: Exchange HTTP it's: https://autodiscover.columbustelecom.com/oab/0d3177d4-47e6-405b-bc91-ed8893feab5f/
Should these point to https://autodiscover.columbustelecom.com/oab/0d3177d4-47e6-405b-bc91-ed8893feab5f/oab.xml (oab.xml on the end)?
Also, if I browse to
https://autodiscover.columbustelecom.com/oab/0d3177d4-47e6-405b-bc91-ed8893feab5f/oab.xml - I can see the file.
If I browse to https://autodiscover.columbustelecom.com/oab/0d3177d4-47e6-405b-bc91-ed8893feab5f/ I get access denied
If I browse to the address with or without OAB.xml on the end, I get a 404 error.
Any ideas?
Thanks again.
1) delete all folders under c:\program files\microsoft\exchange server\OAB
and c:\program files\microsoft\exchangese rver \clientaccess\OAB
2) open these two folders in background
3) launch Get-OabVirtualDirectory| Set-OabVirtualDirectory -pollinterval
4) launch get-offlineaddressbook | update-offlineaddressbook
And now see if both folders get populated within 10 minutes. if not, note exactly what happens, and describe it. (and look in the eventvwr)
and c:\program files\microsoft\exchangese
2) open these two folders in background
3) launch Get-OabVirtualDirectory| Set-OabVirtualDirectory -pollinterval
4) launch get-offlineaddressbook | update-offlineaddressbook
And now see if both folders get populated within 10 minutes. if not, note exactly what happens, and describe it. (and look in the eventvwr)
ASKER
Thanks Seb.
Just before I do, did you see my above note about the URL's? Just want to check they look right first.
Cheers.
Just before I do, did you see my above note about the URL's? Just want to check they look right first.
Cheers.
Can you post the full result of your autodiscover process ?
they look right, but these are not the correct pathes...
just one thing : you're erros appears form inside your LAN, isn't it ?
can you post also the results of
get-oabvirtualdirectory | fl
just one thing : you're erros appears form inside your LAN, isn't it ?
can you post also the results of
get-oabvirtualdirectory | fl
ASKER
Hi errors are from inside the LAN, yes. Here are my results below:
[PS] C:\Windows\system32>get-oa bvirtualdi rectory | fl
Name : OAB (SBS Web Applications)
PollInterval : 30
OfflineAddressBooks : {\NewOfflineAddressBook, \Default Offline Addre
ss List}
RequireSSL : True
BasicAuthentication : True
WindowsAuthentication : True
MetabasePath : IIS://SERVER2010.columbus. local/W3SV C/3/ROOT/O A
B
Path : C:\Program Files\Microsoft\Exchange Server\Clie
ntAccess\OAB
Server : SERVER2010
InternalUrl : https://autodiscover.columbustelecom.com/OAB
InternalAuthenticationMeth ods : {Basic, WindowsIntegrated}
ExternalUrl : http://autodiscover.columbustelecom.com/OAB
ExternalAuthenticationMeth ods : {Basic, WindowsIntegrated}
AdminDisplayName :
ExchangeVersion : 0.1 (8.0.535.0)
DistinguishedName : CN=OAB (SBS Web Applications),CN=HTTP,CN=P rotoc
ols,CN=SERVER2010,CN=Serve rs,CN=Exch ange Admini
strative Group (FYDIBOHF23SPDLT),CN=Admin istrat
ive Groups,CN=First Organization,CN=Microsoft E
xchange,CN=Services,CN=Con figuration ,DC=columb u
s,DC=local
Identity : SERVER2010\OAB (SBS Web Applications)
Guid : 3d341df8-a6f5-4b0d-a734-86 25542f7554
ObjectCategory : columbus.local/Configurati on/Schema/ ms-Exch-OA B
-Virtual-Directory
ObjectClass : {top, msExchVirtualDirectory, msExchOABVirtualD
irectory}
WhenChanged : 14/04/2010 13:51:15
WhenCreated : 29/03/2010 13:17:13
OriginatingServer : SERVER2010.columbus.local
IsValid : True
Name : OAB (Default Web Site)
PollInterval : 480
OfflineAddressBooks : {\NewOfflineAddressBook, \Default Offline Addre
ss List}
RequireSSL : True
BasicAuthentication : False
WindowsAuthentication : True
MetabasePath : IIS://SERVER2010.columbus. local/W3SV C/1/ROOT/O A
B
Path : C:\Program Files\Microsoft\Exchange Server\Clie
ntAccess\OAB
Server : SERVER2010
InternalUrl : https://autodiscover.columbustelecom.com/OAB
InternalAuthenticationMeth ods : {WindowsIntegrated}
ExternalUrl : http://autodiscover.columbustelecom.com/OAB
ExternalAuthenticationMeth ods : {WindowsIntegrated}
AdminDisplayName :
ExchangeVersion : 0.1 (8.0.535.0)
DistinguishedName : CN=OAB (Default Web Site),CN=HTTP,CN=Protocols ,
CN=SERVER2010,CN=Servers,C N=Exchange Administra
tive Group (FYDIBOHF23SPDLT),CN=Admin istrative
Groups,CN=First Organization,CN=Microsoft Excha
nge,CN=Services,CN=Configu ration,DC= columbus,D C
=local
Identity : SERVER2010\OAB (Default Web Site)
Guid : 6fa84c8d-0c16-4f30-b645-fd b664b761c9
ObjectCategory : columbus.local/Configurati on/Schema/ ms-Exch-OA B
-Virtual-Directory
ObjectClass : {top, msExchVirtualDirectory, msExchOABVirtualD
irectory}
WhenChanged : 14/04/2010 13:51:26
WhenCreated : 14/04/2010 13:44:51
OriginatingServer : SERVER2010.columbus.local
IsValid : True
[PS] C:\Windows\system32>get-oa
Name : OAB (SBS Web Applications)
PollInterval : 30
OfflineAddressBooks : {\NewOfflineAddressBook, \Default Offline Addre
ss List}
RequireSSL : True
BasicAuthentication : True
WindowsAuthentication : True
MetabasePath : IIS://SERVER2010.columbus.
B
Path : C:\Program Files\Microsoft\Exchange Server\Clie
ntAccess\OAB
Server : SERVER2010
InternalUrl : https://autodiscover.columbustelecom.com/OAB
InternalAuthenticationMeth
ExternalUrl : http://autodiscover.columbustelecom.com/OAB
ExternalAuthenticationMeth
AdminDisplayName :
ExchangeVersion : 0.1 (8.0.535.0)
DistinguishedName : CN=OAB (SBS Web Applications),CN=HTTP,CN=P
ols,CN=SERVER2010,CN=Serve
strative Group (FYDIBOHF23SPDLT),CN=Admin
ive Groups,CN=First Organization,CN=Microsoft E
xchange,CN=Services,CN=Con
s,DC=local
Identity : SERVER2010\OAB (SBS Web Applications)
Guid : 3d341df8-a6f5-4b0d-a734-86
ObjectCategory : columbus.local/Configurati
-Virtual-Directory
ObjectClass : {top, msExchVirtualDirectory, msExchOABVirtualD
irectory}
WhenChanged : 14/04/2010 13:51:15
WhenCreated : 29/03/2010 13:17:13
OriginatingServer : SERVER2010.columbus.local
IsValid : True
Name : OAB (Default Web Site)
PollInterval : 480
OfflineAddressBooks : {\NewOfflineAddressBook, \Default Offline Addre
ss List}
RequireSSL : True
BasicAuthentication : False
WindowsAuthentication : True
MetabasePath : IIS://SERVER2010.columbus.
B
Path : C:\Program Files\Microsoft\Exchange Server\Clie
ntAccess\OAB
Server : SERVER2010
InternalUrl : https://autodiscover.columbustelecom.com/OAB
InternalAuthenticationMeth
ExternalUrl : http://autodiscover.columbustelecom.com/OAB
ExternalAuthenticationMeth
AdminDisplayName :
ExchangeVersion : 0.1 (8.0.535.0)
DistinguishedName : CN=OAB (Default Web Site),CN=HTTP,CN=Protocols
CN=SERVER2010,CN=Servers,C
tive Group (FYDIBOHF23SPDLT),CN=Admin
Groups,CN=First Organization,CN=Microsoft Excha
nge,CN=Services,CN=Configu
=local
Identity : SERVER2010\OAB (Default Web Site)
Guid : 6fa84c8d-0c16-4f30-b645-fd
ObjectCategory : columbus.local/Configurati
-Virtual-Directory
ObjectClass : {top, msExchVirtualDirectory, msExchOABVirtualD
irectory}
WhenChanged : 14/04/2010 13:51:26
WhenCreated : 14/04/2010 13:44:51
OriginatingServer : SERVER2010.columbus.local
IsValid : True
Do the files exist under:
C:\Program Files\Microsoft\Exchange Server\ClientAccess\OAB or is it empty?
C:\Program Files\Microsoft\Exchange Server\ClientAccess\OAB or is it empty?
ASKER
Hi,
There are files in that folder and they were updated within the last hour. Really not sure what else to try. As far as I can tell, everything should be working. Any other ideas?
Also, for reference, if I try to connect to my mailbox from outside the lan, I get the credntials popup but after I enter my details, it still doesn't connect to Exchange. This is a side issue really though as it works through the VPN. My main concern is the OAB.
Any ideas would be greatly appreciated!
Cheers,
Zak
There are files in that folder and they were updated within the last hour. Really not sure what else to try. As far as I can tell, everything should be working. Any other ideas?
Also, for reference, if I try to connect to my mailbox from outside the lan, I get the credntials popup but after I enter my details, it still doesn't connect to Exchange. This is a side issue really though as it works through the VPN. My main concern is the OAB.
Any ideas would be greatly appreciated!
Cheers,
Zak
Can you post the results of an Outlook autoconfig test?
testing outlook autoconfig.
With outlook open do: Hold down the CTRL key and then right-click on the Outlook icon in the system tray(near the time on the bottom right-hand side of the screen)-->Test e-mail autoconfiguration-->enter a valid e-mail address and password-->make sure "Use AutoDiscover" is the only one ticked-->Press Test and then look in the Log for the OAB URL
testing outlook autoconfig.
With outlook open do: Hold down the CTRL key and then right-click on the Outlook icon in the system tray(near the time on the bottom right-hand side of the screen)-->Test e-mail autoconfiguration-->enter a valid e-mail address and password-->make sure "Use AutoDiscover" is the only one ticked-->Press Test and then look in the Log for the OAB URL
can you ping autodiscover.yourinternald omain (FQDN)?
Or do you have a an autodiscover (SRV) record in DNS?
I had a client that was getting the same error 0x80190194 because Outlook could not ping autodiscover.internaldomai n
as a quick test you can add the autodiscover.yourinternald omain to the workstation HOSTS file with an IP address of the CAS server and then open Outlook and see if you get the same error.
Or do you have a an autodiscover (SRV) record in DNS?
I had a client that was getting the same error 0x80190194 because Outlook could not ping autodiscover.internaldomai
as a quick test you can add the autodiscover.yourinternald
ASKER
Hi,
I was unsure how to copy and paste the autodiscover results so I've added screengrabs below showing the results.
I can ping autodiscover.domain.com and it resolves to the CAS server. I have a DNS entry for this, yea. I tried adding the record you suggested to my hosts file but still get the same error. :(
Please see screengrabs attached.
Thanks,
Zak
1.png
2.png
3.png
I was unsure how to copy and paste the autodiscover results so I've added screengrabs below showing the results.
I can ping autodiscover.domain.com and it resolves to the CAS server. I have a DNS entry for this, yea. I tried adding the record you suggested to my hosts file but still get the same error. :(
Please see screengrabs attached.
Thanks,
Zak
1.png
2.png
3.png
Do
Get-Mailboxdatabase |ft name,OfflineAddressBook
you will probably find that it is empty
Get-Mailboxdatabase |ft name,OfflineAddressBook
you will probably find that it is empty
ASKER
Hi there,
No, it does give a result...the new address book I created in an earlier step. :( Still not sure!
Thanks again,
Zak
No, it does give a result...the new address book I created in an earlier step. :( Still not sure!
Thanks again,
Zak
ASKER
Sorry, here's the result:
[PS] C:\Windows\system32>Get-Ma ilboxdatab ase |ft name,OfflineAddressBook
Name OfflineAddressBook
---- ------------------
Mailbox Database \NewOfflineAddressBook
[PS] C:\Windows\system32>Get-Ma
Name OfflineAddressBook
---- ------------------
Mailbox Database \NewOfflineAddressBook
hmmm on my SBS2008 the InternalURL of the OAB is
https://sites/OAB
but I am still using the self-signed cert...
If users ping autodiscover.columbustelec om.com from inside your LAN do they get the internal IP address or the external IP address? Maybe you need to add an internal zone/record for that so they don't try and contact the external IP address of your router.
https://sites/OAB
but I am still using the self-signed cert...
If users ping autodiscover.columbustelec
can you publish the result for GET-CLIENTACCESSSevr | fl
ASKER
Hi,
I pinged autodiscover.columbustelec om.com (having removed the entry from my hosts file) and it returns the internal IP of our server.
I take it the command you meant was: GET-CLIENTACCESSServer | fl ?
Here are the results:
[PS] C:\Windows\system32>GET-CL IENTACCESS Server | fl
Name : SERVER2010
OutlookAnywhereEnabled : True
AutoDiscoverServiceCN : SERVER2010
AutoDiscoverServiceClassNa me : ms-Exchange-AutoDiscover-S ervice
AutoDiscoverServiceInterna lUri : https://autodiscover.columbustelecom.com/Autod
iscover/Autodiscover.xml
AutoDiscoverServiceGuid : 77378f46-2c66-4aa9-a6a6-3e 7a48b19596
AutoDiscoverSiteScope : {Default-First-Site-Name}
IsValid : True
OriginatingServer : SERVER2010.columbus.local
ExchangeVersion : 0.1 (8.0.535.0)
DistinguishedName : CN=SERVER2010,CN=Servers,C N=Exchange Administr
ative Group (FYDIBOHF23SPDLT),CN=Admin istrativ
e Groups,CN=First Organization,CN=Microsoft Ex
change,CN=Services,CN=Conf iguration, DC=columbu
s,DC=local
Identity : SERVER2010
Guid : 06498858-0704-403e-84bd-9b a4d764cee5
ObjectCategory : columbus.local/Configurati on/Schema/ ms-Exch-Ex
change-Server
ObjectClass : {top, server, msExchExchangeServer}
WhenChanged : 02/04/2010 14:16:45
WhenCreated : 29/03/2010 13:13:41
I pinged autodiscover.columbustelec
I take it the command you meant was: GET-CLIENTACCESSServer | fl ?
Here are the results:
[PS] C:\Windows\system32>GET-CL
Name : SERVER2010
OutlookAnywhereEnabled : True
AutoDiscoverServiceCN : SERVER2010
AutoDiscoverServiceClassNa
AutoDiscoverServiceInterna
iscover/Autodiscover.xml
AutoDiscoverServiceGuid : 77378f46-2c66-4aa9-a6a6-3e
AutoDiscoverSiteScope : {Default-First-Site-Name}
IsValid : True
OriginatingServer : SERVER2010.columbus.local
ExchangeVersion : 0.1 (8.0.535.0)
DistinguishedName : CN=SERVER2010,CN=Servers,C
ative Group (FYDIBOHF23SPDLT),CN=Admin
e Groups,CN=First Organization,CN=Microsoft Ex
change,CN=Services,CN=Conf
s,DC=local
Identity : SERVER2010
Guid : 06498858-0704-403e-84bd-9b
ObjectCategory : columbus.local/Configurati
change-Server
ObjectClass : {top, server, msExchExchangeServer}
WhenChanged : 02/04/2010 14:16:45
WhenCreated : 29/03/2010 13:13:41
really strange
Everything seems allright.
Everything seems allright.
ASKER
:( To the best of my knowledge, that's what I thought too. What would you do if you were me now? I really don't want to go uninstalling Exchange. Only things I can think of that might effect are that the issues seemed to start when I recreated my own account during the server migration. If anyone tries to mail my address internally, as it appears on the contacts in Outlook, they get an undeliverable back. The strange thing is that the email address hasn't changed after me re-creating the account so I would've expected it to still work.
The other thing is that this obviously occured during a migration. The old server hasn't been demoted yet (going to do that today) but I get the same results whether the old server is powered on or off so I don't *think* it's making a difference.
Really don't know where to go now...
The other thing is that this obviously occured during a migration. The old server hasn't been demoted yet (going to do that today) but I get the same results whether the old server is powered on or off so I don't *think* it's making a difference.
Really don't know where to go now...
Did you try to create a brand new Mailbox, and connect a brand new outlook profile to that mailbox, and see if the OAB is downloaded ?
when people e-mail you are they selecting you from the address book or are they using a cached outlook entry? what NDR are they getting?
Try this:
On your OAB folder and subfolders mentioned below:
"If I browse to https://autodiscover.columbustelecom.com/oab/0d3177d4-47e6-405b-bc91-ed8893feab5f/ I get access denied"
Give Authenticated Users "read" permissions and then see if you can open that URL. Then try Outlook
On your OAB folder and subfolders mentioned below:
"If I browse to https://autodiscover.columbustelecom.com/oab/0d3177d4-47e6-405b-bc91-ed8893feab5f/ I get access denied"
Give Authenticated Users "read" permissions and then see if you can open that URL. Then try Outlook
ASKER
Ok, here are my latest updates. Thought I'd format this post so it's easier to read.
Thanks again. As you can see, I'm trying everything!
Cheers,
Zak
New-User.png
Me.png
Queue-Viewer.png
- I've now demoted the SBS 2003 machine - still the same.
- I created a new user using the SBS console on the 2008 machine. Gave it a new email address and logged on as that user. I connected to the mailbox yet still got the same error. What I did notice was that, when trying to download the address book, the dropdown showed: "Download Offline Address Book List" (see screengrab: New User) whereas on other accounts it shows: "\Global Address Book" (see screengrab: Me). I still get the same error though.
- Think I mentioned this earlier but somehow, at some point in the process, I've ended up with two OAB folders (0d3177d4-47e6-405b-bc91-e
d8893feab5 f) and (dd8107d5-8969-4820-8a90-8 9d34d05c99 8). Looking in IIS, these both appear under "Default Web Site\OAB" and under "SBS Web Applications\OAB" (i.e. - 4 in total). - I've set user permissions for authenticated users to read on all these folders but still cannot browse to the link above (403: Forbidden).
- Not sure if this is related but, internally, I cannot browse to remote.columbustelecom.com
(http or https). I added remote.columbustelecom.com pointing to my internal server IP in my HOSTS file, and I can now browse to it. As far as I can tell, DNS looks correct but I guess it isn't. - Also, externally, I cannot reach remote.columbustelecom.com
at all. If I ping it, it gives our public IP but I cannot browse to it, nor does it respond to the ping. - Again, don't know if it's related but I have 2 disconnected mailboxes showing in Exchange management console.
- When loading Outlook, I still get a certificate error. I planned to troubleshoot this later but could this be a cause for the problems?
- Under Queue Viewer in Exchange Management Console, there are 4 items that won't send (see screengrab: Queue Viewer). If I double click this, then double click one of the messages, I get the below error:
-
- Identity: SERVER2010\29\18
Subject: Hierarchy
Internet Message ID: <B04093C224D7D04CBF3F6C5C081FBF1F04A CEFF890@SE RVER2010.c olumbus.lo cal>
From Address: PublicFolderDatabase@columbustelecom .com
Status: Ready
Size (KB): 4
Message Source Name: FromLocal
Source IP: 255.255.255.255
SCL: -1
Date Received: 23/04/2010 11:30:01
Expiration Time: 25/04/2010 11:30:01
Last Error:
Queue ID: SERVER2010\29
Recipients: SERVER2006-IS@columbustelecom.com - I notice this mentions SERVER2006 (our old server). Is this a problem?
- Identity: SERVER2010\29\18
Thanks again. As you can see, I'm trying everything!
Cheers,
Zak
New-User.png
Me.png
Queue-Viewer.png
ASKER
Also, regarding the NDR on my account. It's a bit odd. My name is Zaki Kayyal, but I'm known as Zak.Kayyal. If start typing my name and tab away (using the pre-stored address) I get the NDR (user unknown). zaki.kayyal is my login and zak.kayyal is a secondary address. If users manually type zak.kayyal it works. Externally though, either address works.
does the NDR say /o=youORgname/0u=youradmin group/cn=r eipients/c n=zak or something similar?
All you need to do then is add the /o string as an X500 e-mail address to your mailbox.
All you need to do then is add the /o string as an X500 e-mail address to your mailbox.
ASKER
Hi,
Yes the message is similar to the one you described. Can you please let me know how to make the above change?
Here's the error:
IMCEAEX-_O=FIRST+20ORGANIZ ATION_OU=F irst+20adm inistrativ e+20group_ cn=Recipie nts_cn=zak i+2Ekayyal @columbust elecom.com
#550 5.1.1 RESOLVER.ADR.ExRecipNotFou nd; not found ##
Cheers,
Zak
Yes the message is similar to the one you described. Can you please let me know how to make the above change?
Here's the error:
IMCEAEX-_O=FIRST+20ORGANIZ
#550 5.1.1 RESOLVER.ADR.ExRecipNotFou
Cheers,
Zak
hmmm that is different, dump your mailbox and have a look and see if there is a LegacyExchangeDN on it or not.
Run
Get-EmailAddressPolicy | where { $_.RecipientFilterType -eq "Legacy" }
Does it list any?
Get-EmailAddressPolicy | where { $_.RecipientFilterType -eq "Legacy" }
Does it list any?
ASKER
Sorry, can you just explain how to do the above please?
ASKER
Ah, thanks. :) Ran that query and got no results.
ASKER
Do you think any of the things I mentioned in the larger post above are relevant?
dump your mailbox with:
get-mailbox -identity <you> |ft name, legacyExchangeDN
get-mailbox -identity <you> |ft name, legacyExchangeDN
ASKER
Here are my results.
[PS] C:\Windows\system32>get-ma ilbox -identity zaki.kayyal |ft name, legacyExcha
ngeDN
Name LegacyExchangeDN
---- ----------------
Zaki Kayyal /o=First Organization/ou=Exchange Ad...
Sorry, I'm pretty new to PS, so I'm unsure how to expand them out (i.e. - Get rid of the ... and read the full result).
[PS] C:\Windows\system32>get-ma
ngeDN
Name LegacyExchangeDN
---- ----------------
Zaki Kayyal /o=First Organization/ou=Exchange Ad...
Sorry, I'm pretty new to PS, so I'm unsure how to expand them out (i.e. - Get rid of the ... and read the full result).
just do
get-mailbox -identity zaki.kayyal |ft legacyExchangeDN
then so it just gives the legacyExchangeDN
get-mailbox -identity zaki.kayyal |ft legacyExchangeDN
then so it just gives the legacyExchangeDN
ASKER
Ok, here's the result (again, can't read it all). Thanks so much for all your excellent help so far....
[PS] C:\Windows\system32>get-ma ilbox -identity zaki.kayyal |ft legacyExchangeDN
LegacyExchangeDN
----------------
/o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=...
[PS] C:\Windows\system32>get-ma
LegacyExchangeDN
----------------
/o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=...
See what happens if you add
/o=FIRST ORGANIZATION/ou=First administrative group/cn=Recipients/cn=zak i.Ekayyal@ columbuste lecom.com
As an X500 e-mail address to your mailbox, then try and e-mail it using the cached Outlook entry
/o=FIRST ORGANIZATION/ou=First administrative group/cn=Recipients/cn=zak
As an X500 e-mail address to your mailbox, then try and e-mail it using the cached Outlook entry
Hi
Just saw you long message. You cannot download the OAB if you have a certificate ERROR in your outlook.
First off all, post again the result of the following commands :
get-oabvirtualdirectory | fl
get-autodiscovervirtualdir ectory | fl
Get-WebServicesVirtualDire ctory | fl
get-clientaccesserver | fl
get-exchangecertificate | fl
Thanks
Just saw you long message. You cannot download the OAB if you have a certificate ERROR in your outlook.
First off all, post again the result of the following commands :
get-oabvirtualdirectory | fl
get-autodiscovervirtualdir
Get-WebServicesVirtualDire
get-clientaccesserver | fl
get-exchangecertificate | fl
Thanks
ASKER
I thought it might have been a certificate thing. That's one area I was a bit grey on.
Here are my results:
[PS] C:\Windows\system32>get-oa bvirtualdi rectory | fl
Name : OAB (SBS Web Applications)
PollInterval : 30
OfflineAddressBooks : {\NewOfflineAddressBook, \Default Offline Addre
ss List}
RequireSSL : True
BasicAuthentication : True
WindowsAuthentication : True
MetabasePath : IIS://SERVER2010.columbus. local/W3SV C/3/ROOT/O A
B
Path : C:\Program Files\Microsoft\Exchange Server\Clie
ntAccess\OAB
Server : SERVER2010
InternalUrl : https://autodiscover.columbustelecom.com/OAB
InternalAuthenticationMeth ods : {Basic, WindowsIntegrated}
ExternalUrl : http://autodiscover.columbustelecom.com/OAB
ExternalAuthenticationMeth ods : {Basic, WindowsIntegrated}
AdminDisplayName :
ExchangeVersion : 0.1 (8.0.535.0)
DistinguishedName : CN=OAB (SBS Web Applications),CN=HTTP,CN=P rotoc
ols,CN=SERVER2010,CN=Serve rs,CN=Exch ange Admini
strative Group (FYDIBOHF23SPDLT),CN=Admin istrat
ive Groups,CN=First Organization,CN=Microsoft E
xchange,CN=Services,CN=Con figuration ,DC=columb u
s,DC=local
Identity : SERVER2010\OAB (SBS Web Applications)
Guid : 3d341df8-a6f5-4b0d-a734-86 25542f7554
ObjectCategory : columbus.local/Configurati on/Schema/ ms-Exch-OA B
-Virtual-Directory
ObjectClass : {top, msExchVirtualDirectory, msExchOABVirtualD
irectory}
WhenChanged : 14/04/2010 13:51:15
WhenCreated : 29/03/2010 13:17:13
OriginatingServer : SERVER2010.columbus.local
IsValid : True
Name : OAB (Default Web Site)
PollInterval : 480
OfflineAddressBooks : {\NewOfflineAddressBook, \Default Offline Addre
ss List}
RequireSSL : True
BasicAuthentication : False
WindowsAuthentication : True
MetabasePath : IIS://SERVER2010.columbus. local/W3SV C/1/ROOT/O A
B
Path : C:\Program Files\Microsoft\Exchange Server\Clie
ntAccess\OAB
Server : SERVER2010
InternalUrl : https://autodiscover.columbustelecom.com/OAB
InternalAuthenticationMeth ods : {WindowsIntegrated}
ExternalUrl : http://autodiscover.columbustelecom.com/OAB
ExternalAuthenticationMeth ods : {WindowsIntegrated}
AdminDisplayName :
ExchangeVersion : 0.1 (8.0.535.0)
DistinguishedName : CN=OAB (Default Web Site),CN=HTTP,CN=Protocols ,
CN=SERVER2010,CN=Servers,C N=Exchange Administra
tive Group (FYDIBOHF23SPDLT),CN=Admin istrative
Groups,CN=First Organization,CN=Microsoft Excha
nge,CN=Services,CN=Configu ration,DC= columbus,D C
=local
Identity : SERVER2010\OAB (Default Web Site)
Guid : 6fa84c8d-0c16-4f30-b645-fd b664b761c9
ObjectCategory : columbus.local/Configurati on/Schema/ ms-Exch-OA B
-Virtual-Directory
ObjectClass : {top, msExchVirtualDirectory, msExchOABVirtualD
irectory}
WhenChanged : 14/04/2010 13:51:26
WhenCreated : 14/04/2010 13:44:51
OriginatingServer : SERVER2010.columbus.local
IsValid : True
[PS] C:\Windows\system32>get-au todiscover virtualdir ectory | fl
Name : Autodiscover (SBS Web Applications)
InternalAuthenticationMeth ods : {Basic, Ntlm, WindowsIntegrated}
ExternalAuthenticationMeth ods : {Basic, Ntlm, WindowsIntegrated}
BasicAuthentication : True
DigestAuthentication : False
WindowsAuthentication : True
MetabasePath : IIS://SERVER2010.columbus. local/W3SV C/3/ROOT/A u
todiscover
Path : C:\Program Files\Microsoft\Exchange Server\Clie
ntAccess\Autodiscover
Server : SERVER2010
InternalUrl : https://remote.columbustelecom.com/Autodiscover
/Autodiscover.xml
ExternalUrl : https://remote.columbustelecom.com/Autodiscover
/Autodiscover.xml
AdminDisplayName :
ExchangeVersion : 0.1 (8.0.535.0)
DistinguishedName : CN=Autodiscover (SBS Web Applications),CN=HTTP,
CN=Protocols,CN=SERVER2010 ,CN=Server s,CN=Excha n
ge Administrative Group (FYDIBOHF23SPDLT),CN=Ad
ministrative Groups,CN=First Organization,CN=Mi
crosoft Exchange,CN=Services,CN=Co nfiguratio n,D
C=columbus,DC=local
Identity : SERVER2010\Autodiscover (SBS Web Applications)
Guid : 99bd1047-8596-40f9-acae-83 71ce7d0f6f
ObjectCategory : columbus.local/Configurati on/Schema/ ms-Exch-Au t
o-Discover-Virtual-Directo ry
ObjectClass : {top, msExchVirtualDirectory, msExchAutoDiscove
rVirtualDirectory}
WhenChanged : 29/03/2010 14:31:54
WhenCreated : 29/03/2010 13:17:20
OriginatingServer : SERVER2010.columbus.local
IsValid : True
Name : Autodiscover (Default Web Site)
InternalAuthenticationMeth ods : {Basic, Ntlm, WindowsIntegrated}
ExternalAuthenticationMeth ods : {Basic, Ntlm, WindowsIntegrated}
BasicAuthentication : True
DigestAuthentication : False
WindowsAuthentication : True
MetabasePath : IIS://SERVER2010.columbus. local/W3SV C/1/ROOT/A u
todiscover
Path : C:\Program Files\Microsoft\Exchange Server\Clie
ntAccess\Autodiscover
Server : SERVER2010
InternalUrl :
ExternalUrl :
AdminDisplayName :
ExchangeVersion : 0.1 (8.0.535.0)
DistinguishedName : CN=Autodiscover (Default Web Site),CN=HTTP,CN=P
rotocols,CN=SERVER2010,CN= Servers,CN =Exchange A
dministrative Group (FYDIBOHF23SPDLT),CN=Admin i
strative Groups,CN=First Organization,CN=Micros
oft Exchange,CN=Services,CN=Co nfiguratio n,DC=co
lumbus,DC=local
Identity : SERVER2010\Autodiscover (Default Web Site)
Guid : 597c310f-b327-4c89-a917-2b 2a130a93ee
ObjectCategory : columbus.local/Configurati on/Schema/ ms-Exch-Au t
o-Discover-Virtual-Directo ry
ObjectClass : {top, msExchVirtualDirectory, msExchAutoDiscove
rVirtualDirectory}
WhenChanged : 14/04/2010 12:49:07
WhenCreated : 14/04/2010 12:49:07
OriginatingServer : SERVER2010.columbus.local
IsValid : True
[PS] C:\Windows\system32>Get-We bServicesV irtualDire ctory | fl
InternalNLBBypassUrl : https://server2010.columbus.local/ews/exchange.
asmx
Name : EWS (SBS Web Applications)
InternalAuthenticationMeth ods : {Basic, Ntlm, WindowsIntegrated}
ExternalAuthenticationMeth ods : {Basic, Ntlm, WindowsIntegrated}
BasicAuthentication : True
DigestAuthentication : False
WindowsAuthentication : True
MetabasePath : IIS://SERVER2010.columbus. local/W3SV C/3/ROOT/E W
S
Path : C:\Program Files\Microsoft\Exchange Server\Clie
ntAccess\exchweb\EWS
Server : SERVER2010
InternalUrl : https://remote.columbustelecom.com/EWS/Exchange
.asmx
ExternalUrl : https://remote.columbustelecom.com/EWS/Exchange
.asmx
AdminDisplayName :
ExchangeVersion : 0.1 (8.0.535.0)
DistinguishedName : CN=EWS (SBS Web Applications),CN=HTTP,CN=P rotoc
ols,CN=SERVER2010,CN=Serve rs,CN=Exch ange Admini
strative Group (FYDIBOHF23SPDLT),CN=Admin istrat
ive Groups,CN=First Organization,CN=Microsoft E
xchange,CN=Services,CN=Con figuration ,DC=columb u
s,DC=local
Identity : SERVER2010\EWS (SBS Web Applications)
Guid : 3773ecf6-c108-48a3-b376-12 3d5542ed83
ObjectCategory : columbus.local/Configurati on/Schema/ ms-Exch-We b
-Services-Virtual-Director y
ObjectClass : {top, msExchVirtualDirectory, msExchWebServices
VirtualDirectory}
WhenChanged : 02/04/2010 14:18:44
WhenCreated : 29/03/2010 13:17:07
OriginatingServer : SERVER2010.columbus.local
IsValid : True
InternalNLBBypassUrl : https://server2010.columbus.local/EWS/Exchange.
asmx
Name : EWS (Default Web Site)
InternalAuthenticationMeth ods : {Basic, Ntlm, WindowsIntegrated}
ExternalAuthenticationMeth ods : {Basic, Ntlm, WindowsIntegrated}
BasicAuthentication : True
DigestAuthentication : False
WindowsAuthentication : True
MetabasePath : IIS://SERVER2010.columbus. local/W3SV C/1/ROOT/E W
S
Path : C:\Program Files\Microsoft\Exchange Server\Clie
ntAccess\exchweb\EWS
Server : SERVER2010
InternalUrl : https://server2010.columbus.local/EWS/Exchange.
asmx
ExternalUrl :
AdminDisplayName :
ExchangeVersion : 0.1 (8.0.535.0)
DistinguishedName : CN=EWS (Default Web Site),CN=HTTP,CN=Protocols ,
CN=SERVER2010,CN=Servers,C N=Exchange Administra
tive Group (FYDIBOHF23SPDLT),CN=Admin istrative
Groups,CN=First Organization,CN=Microsoft Excha
nge,CN=Services,CN=Configu ration,DC= columbus,D C
=local
Identity : SERVER2010\EWS (Default Web Site)
Guid : 52e4abdf-9c48-4782-b99c-2c 989dc53e34
ObjectCategory : columbus.local/Configurati on/Schema/ ms-Exch-We b
-Services-Virtual-Director y
ObjectClass : {top, msExchVirtualDirectory, msExchWebServices
VirtualDirectory}
WhenChanged : 14/04/2010 12:50:57
WhenCreated : 14/04/2010 12:50:57
OriginatingServer : SERVER2010.columbus.local
IsValid : True
[PS] C:\Windows\system32>get-cl ientaccess server | fl
Name : SERVER2010
OutlookAnywhereEnabled : True
AutoDiscoverServiceCN : SERVER2010
AutoDiscoverServiceClassNa me : ms-Exchange-AutoDiscover-S ervice
AutoDiscoverServiceInterna lUri : https://autodiscover.columbustelecom.com/Autod
iscover/Autodiscover.xml
AutoDiscoverServiceGuid : 77378f46-2c66-4aa9-a6a6-3e 7a48b19596
AutoDiscoverSiteScope : {Default-First-Site-Name}
IsValid : True
OriginatingServer : SERVER2010.columbus.local
ExchangeVersion : 0.1 (8.0.535.0)
DistinguishedName : CN=SERVER2010,CN=Servers,C N=Exchange Administr
ative Group (FYDIBOHF23SPDLT),CN=Admin istrativ
e Groups,CN=First Organization,CN=Microsoft Ex
change,CN=Services,CN=Conf iguration, DC=columbu
s,DC=local
Identity : SERVER2010
Guid : 06498858-0704-403e-84bd-9b a4d764cee5
ObjectCategory : columbus.local/Configurati on/Schema/ ms-Exch-Ex
change-Server
ObjectClass : {top, server, msExchExchangeServer}
WhenChanged : 02/04/2010 14:16:45
WhenCreated : 29/03/2010 13:13:41
[PS] C:\Windows\system32>get-ex changecert ificate | fl
AccessRules : {System.Security.AccessCon trol.Crypt oKeyAccess Rule, System
.Security.AccessControl.Cr yptoKeyAcc essRule, System.Securi
ty.AccessControl.CryptoKey AccessRule }
CertificateDomains : {SERVER2010.columbus.local }
HasPrivateKey : True
IsSelfSigned : True
Issuer : CN=SERVER2010.columbus.loc al
NotAfter : 16/04/2013 00:00:00
NotBefore : 17/04/2010 00:00:00
PublicKeySize : 1024
RootCAType : None
SerialNumber : 25555E96222B4983412A26C024 5043C4
Services : None
Status : Valid
Subject : CN=SERVER2010.columbus.loc al
Thumbprint : B0FCA6B6792617D8D6A79D8D26 02CBDCDD71 77F5
AccessRules : {System.Security.AccessCon trol.Crypt oKeyAccess Rule, System
.Security.AccessControl.Cr yptoKeyAcc essRule, System.Securi
ty.AccessControl.CryptoKey AccessRule }
CertificateDomains : {remote.columbustelecom.co m, columbustelecom.com, SERVER20
10.columbus.local}
HasPrivateKey : True
IsSelfSigned : False
Issuer : CN=columbus-SERVER2010-CA
NotAfter : 12/04/2012 12:11:55
NotBefore : 13/04/2010 12:11:55
PublicKeySize : 2048
RootCAType : Registry
SerialNumber : 1530C0FC00000000000A
Services : IMAP, POP, SMTP
Status : Valid
Subject : CN=remote.columbustelecom. com
Thumbprint : B78E465543187C7961F2BED2BA 33A8C39FA9 B119
AccessRules : {System.Security.AccessCon trol.Crypt oKeyAccess Rule, System
.Security.AccessControl.Cr yptoKeyAcc essRule, System.Securi
ty.AccessControl.CryptoKey AccessRule }
CertificateDomains : {remote.columbustelecom.co m, columbustelecom.com, SERVER20
10.columbus.local}
HasPrivateKey : True
IsSelfSigned : False
Issuer : CN=columbus-SERVER2010-CA
NotAfter : 12/04/2012 11:58:36
NotBefore : 13/04/2010 11:58:36
PublicKeySize : 2048
RootCAType : Registry
SerialNumber : 15248FCF000000000009
Services : IMAP, POP, IIS, SMTP
Status : Valid
Subject : CN=remote.columbustelecom. com
Thumbprint : 5A2F12BAE26173FDBB7A072D81 6BF2D00EB5 7891
AccessRules : {System.Security.AccessCon trol.Crypt oKeyAccess Rule, System
.Security.AccessControl.Cr yptoKeyAcc essRule, System.Securi
ty.AccessControl.CryptoKey AccessRule }
CertificateDomains : {remote.columbustelecom.co m, columbustelecom.com, SERVER20
10.columbus.local}
HasPrivateKey : True
IsSelfSigned : False
Issuer : CN=columbus-SERVER2010-CA
NotAfter : 07/04/2012 14:26:30
NotBefore : 08/04/2010 14:26:30
PublicKeySize : 2048
RootCAType : Registry
SerialNumber : 15A5078C000000000008
Services : IMAP, POP, SMTP
Status : Valid
Subject : CN=remote.columbustelecom. com
Thumbprint : 9AA8D06600CC0995ADADF66F2F CDB93DF302 181E
AccessRules : {System.Security.AccessCon trol.Crypt oKeyAccess Rule, System
.Security.AccessControl.Cr yptoKeyAcc essRule, System.Securi
ty.AccessControl.CryptoKey AccessRule }
CertificateDomains : {remote.columbustelecom.co m, columbustelecom.com, SERVER20
10.columbus.local}
HasPrivateKey : True
IsSelfSigned : False
Issuer : CN=columbus-SERVER2010-CA
NotAfter : 28/03/2012 14:21:03
NotBefore : 29/03/2010 14:21:03
PublicKeySize : 2048
RootCAType : Registry
SerialNumber : 61199CCB000000000005
Services : IMAP, POP, IIS, SMTP
Status : Valid
Subject : CN=remote.columbustelecom. com
Thumbprint : 5292F9ADECA8301267A4029356 779C30AEB4 FE21
AccessRules : {System.Security.AccessCon trol.Crypt oKeyAccess Rule, System
.Security.AccessControl.Cr yptoKeyAcc essRule, System.Securi
ty.AccessControl.CryptoKey AccessRule }
CertificateDomains : {SERVER2010.columbus.local }
HasPrivateKey : True
IsSelfSigned : False
Issuer : CN=columbus-SERVER2010-CA
NotAfter : 29/03/2011 13:03:44
NotBefore : 29/03/2010 13:03:44
PublicKeySize : 2048
RootCAType : Registry
SerialNumber : 6126642F000000000004
Services : IIS, SMTP
Status : Valid
Subject : CN=SERVER2010.columbus.loc al
Thumbprint : E1779AFDEBD0091609C508C3A3 A88D58ECE2 ED8F
AccessRules : {System.Security.AccessCon trol.Crypt oKeyAccess Rule, System
.Security.AccessControl.Cr yptoKeyAcc essRule, System.Securi
ty.AccessControl.CryptoKey AccessRule }
CertificateDomains : {Sites, SERVER2010.columbus.local}
HasPrivateKey : True
IsSelfSigned : False
Issuer : CN=columbus-SERVER2010-CA
NotAfter : 28/03/2012 12:55:49
NotBefore : 29/03/2010 12:55:49
PublicKeySize : 2048
RootCAType : Registry
SerialNumber : 611F2442000000000002
Services : SMTP
Status : Valid
Subject : CN=Sites
Thumbprint : 038B29AE8E2822923904512F16 95A226D2B0 51C9
AccessRules : {System.Security.AccessCon trol.Crypt oKeyAccess Rule, System
.Security.AccessControl.Cr yptoKeyAcc essRule}
CertificateDomains : {columbus-SERVER2010-CA}
HasPrivateKey : True
IsSelfSigned : True
Issuer : CN=columbus-SERVER2010-CA
NotAfter : 29/03/2015 13:05:33
NotBefore : 29/03/2010 12:55:33
PublicKeySize : 2048
RootCAType : Registry
SerialNumber : 36C78FE88E876AA34084BF7996 AD7B4B
Services : None
Status : Valid
Subject : CN=columbus-SERVER2010-CA
Thumbprint : A9E33C5C4E75FF61422B6F1710 05F0B23FBB CD83
AccessRules : {System.Security.AccessCon trol.Crypt oKeyAccess Rule, System
.Security.AccessControl.Cr yptoKeyAcc essRule}
CertificateDomains : {WMSvc-WIN-YKAAUF5CRPN}
HasPrivateKey : True
IsSelfSigned : True
Issuer : CN=WMSvc-WIN-YKAAUF5CRPN
NotAfter : 26/03/2020 10:04:18
NotBefore : 29/03/2010 11:04:18
PublicKeySize : 2048
RootCAType : Registry
SerialNumber : 6E4129B57811DA8C4218D4ADDE E973C8
Services : None
Status : Valid
Subject : CN=WMSvc-WIN-YKAAUF5CRPN
Thumbprint : 59BA9948734EBE6CA7D859419E D01EA6824C EBA3
Here are my results:
[PS] C:\Windows\system32>get-oa
Name : OAB (SBS Web Applications)
PollInterval : 30
OfflineAddressBooks : {\NewOfflineAddressBook, \Default Offline Addre
ss List}
RequireSSL : True
BasicAuthentication : True
WindowsAuthentication : True
MetabasePath : IIS://SERVER2010.columbus.
B
Path : C:\Program Files\Microsoft\Exchange Server\Clie
ntAccess\OAB
Server : SERVER2010
InternalUrl : https://autodiscover.columbustelecom.com/OAB
InternalAuthenticationMeth
ExternalUrl : http://autodiscover.columbustelecom.com/OAB
ExternalAuthenticationMeth
AdminDisplayName :
ExchangeVersion : 0.1 (8.0.535.0)
DistinguishedName : CN=OAB (SBS Web Applications),CN=HTTP,CN=P
ols,CN=SERVER2010,CN=Serve
strative Group (FYDIBOHF23SPDLT),CN=Admin
ive Groups,CN=First Organization,CN=Microsoft E
xchange,CN=Services,CN=Con
s,DC=local
Identity : SERVER2010\OAB (SBS Web Applications)
Guid : 3d341df8-a6f5-4b0d-a734-86
ObjectCategory : columbus.local/Configurati
-Virtual-Directory
ObjectClass : {top, msExchVirtualDirectory, msExchOABVirtualD
irectory}
WhenChanged : 14/04/2010 13:51:15
WhenCreated : 29/03/2010 13:17:13
OriginatingServer : SERVER2010.columbus.local
IsValid : True
Name : OAB (Default Web Site)
PollInterval : 480
OfflineAddressBooks : {\NewOfflineAddressBook, \Default Offline Addre
ss List}
RequireSSL : True
BasicAuthentication : False
WindowsAuthentication : True
MetabasePath : IIS://SERVER2010.columbus.
B
Path : C:\Program Files\Microsoft\Exchange Server\Clie
ntAccess\OAB
Server : SERVER2010
InternalUrl : https://autodiscover.columbustelecom.com/OAB
InternalAuthenticationMeth
ExternalUrl : http://autodiscover.columbustelecom.com/OAB
ExternalAuthenticationMeth
AdminDisplayName :
ExchangeVersion : 0.1 (8.0.535.0)
DistinguishedName : CN=OAB (Default Web Site),CN=HTTP,CN=Protocols
CN=SERVER2010,CN=Servers,C
tive Group (FYDIBOHF23SPDLT),CN=Admin
Groups,CN=First Organization,CN=Microsoft Excha
nge,CN=Services,CN=Configu
=local
Identity : SERVER2010\OAB (Default Web Site)
Guid : 6fa84c8d-0c16-4f30-b645-fd
ObjectCategory : columbus.local/Configurati
-Virtual-Directory
ObjectClass : {top, msExchVirtualDirectory, msExchOABVirtualD
irectory}
WhenChanged : 14/04/2010 13:51:26
WhenCreated : 14/04/2010 13:44:51
OriginatingServer : SERVER2010.columbus.local
IsValid : True
[PS] C:\Windows\system32>get-au
Name : Autodiscover (SBS Web Applications)
InternalAuthenticationMeth
ExternalAuthenticationMeth
BasicAuthentication : True
DigestAuthentication : False
WindowsAuthentication : True
MetabasePath : IIS://SERVER2010.columbus.
todiscover
Path : C:\Program Files\Microsoft\Exchange Server\Clie
ntAccess\Autodiscover
Server : SERVER2010
InternalUrl : https://remote.columbustelecom.com/Autodiscover
/Autodiscover.xml
ExternalUrl : https://remote.columbustelecom.com/Autodiscover
/Autodiscover.xml
AdminDisplayName :
ExchangeVersion : 0.1 (8.0.535.0)
DistinguishedName : CN=Autodiscover (SBS Web Applications),CN=HTTP,
CN=Protocols,CN=SERVER2010
ge Administrative Group (FYDIBOHF23SPDLT),CN=Ad
ministrative Groups,CN=First Organization,CN=Mi
crosoft Exchange,CN=Services,CN=Co
C=columbus,DC=local
Identity : SERVER2010\Autodiscover (SBS Web Applications)
Guid : 99bd1047-8596-40f9-acae-83
ObjectCategory : columbus.local/Configurati
o-Discover-Virtual-Directo
ObjectClass : {top, msExchVirtualDirectory, msExchAutoDiscove
rVirtualDirectory}
WhenChanged : 29/03/2010 14:31:54
WhenCreated : 29/03/2010 13:17:20
OriginatingServer : SERVER2010.columbus.local
IsValid : True
Name : Autodiscover (Default Web Site)
InternalAuthenticationMeth
ExternalAuthenticationMeth
BasicAuthentication : True
DigestAuthentication : False
WindowsAuthentication : True
MetabasePath : IIS://SERVER2010.columbus.
todiscover
Path : C:\Program Files\Microsoft\Exchange Server\Clie
ntAccess\Autodiscover
Server : SERVER2010
InternalUrl :
ExternalUrl :
AdminDisplayName :
ExchangeVersion : 0.1 (8.0.535.0)
DistinguishedName : CN=Autodiscover (Default Web Site),CN=HTTP,CN=P
rotocols,CN=SERVER2010,CN=
dministrative Group (FYDIBOHF23SPDLT),CN=Admin
strative Groups,CN=First Organization,CN=Micros
oft Exchange,CN=Services,CN=Co
lumbus,DC=local
Identity : SERVER2010\Autodiscover (Default Web Site)
Guid : 597c310f-b327-4c89-a917-2b
ObjectCategory : columbus.local/Configurati
o-Discover-Virtual-Directo
ObjectClass : {top, msExchVirtualDirectory, msExchAutoDiscove
rVirtualDirectory}
WhenChanged : 14/04/2010 12:49:07
WhenCreated : 14/04/2010 12:49:07
OriginatingServer : SERVER2010.columbus.local
IsValid : True
[PS] C:\Windows\system32>Get-We
InternalNLBBypassUrl : https://server2010.columbus.local/ews/exchange.
asmx
Name : EWS (SBS Web Applications)
InternalAuthenticationMeth
ExternalAuthenticationMeth
BasicAuthentication : True
DigestAuthentication : False
WindowsAuthentication : True
MetabasePath : IIS://SERVER2010.columbus.
S
Path : C:\Program Files\Microsoft\Exchange Server\Clie
ntAccess\exchweb\EWS
Server : SERVER2010
InternalUrl : https://remote.columbustelecom.com/EWS/Exchange
.asmx
ExternalUrl : https://remote.columbustelecom.com/EWS/Exchange
.asmx
AdminDisplayName :
ExchangeVersion : 0.1 (8.0.535.0)
DistinguishedName : CN=EWS (SBS Web Applications),CN=HTTP,CN=P
ols,CN=SERVER2010,CN=Serve
strative Group (FYDIBOHF23SPDLT),CN=Admin
ive Groups,CN=First Organization,CN=Microsoft E
xchange,CN=Services,CN=Con
s,DC=local
Identity : SERVER2010\EWS (SBS Web Applications)
Guid : 3773ecf6-c108-48a3-b376-12
ObjectCategory : columbus.local/Configurati
-Services-Virtual-Director
ObjectClass : {top, msExchVirtualDirectory, msExchWebServices
VirtualDirectory}
WhenChanged : 02/04/2010 14:18:44
WhenCreated : 29/03/2010 13:17:07
OriginatingServer : SERVER2010.columbus.local
IsValid : True
InternalNLBBypassUrl : https://server2010.columbus.local/EWS/Exchange.
asmx
Name : EWS (Default Web Site)
InternalAuthenticationMeth
ExternalAuthenticationMeth
BasicAuthentication : True
DigestAuthentication : False
WindowsAuthentication : True
MetabasePath : IIS://SERVER2010.columbus.
S
Path : C:\Program Files\Microsoft\Exchange Server\Clie
ntAccess\exchweb\EWS
Server : SERVER2010
InternalUrl : https://server2010.columbus.local/EWS/Exchange.
asmx
ExternalUrl :
AdminDisplayName :
ExchangeVersion : 0.1 (8.0.535.0)
DistinguishedName : CN=EWS (Default Web Site),CN=HTTP,CN=Protocols
CN=SERVER2010,CN=Servers,C
tive Group (FYDIBOHF23SPDLT),CN=Admin
Groups,CN=First Organization,CN=Microsoft Excha
nge,CN=Services,CN=Configu
=local
Identity : SERVER2010\EWS (Default Web Site)
Guid : 52e4abdf-9c48-4782-b99c-2c
ObjectCategory : columbus.local/Configurati
-Services-Virtual-Director
ObjectClass : {top, msExchVirtualDirectory, msExchWebServices
VirtualDirectory}
WhenChanged : 14/04/2010 12:50:57
WhenCreated : 14/04/2010 12:50:57
OriginatingServer : SERVER2010.columbus.local
IsValid : True
[PS] C:\Windows\system32>get-cl
Name : SERVER2010
OutlookAnywhereEnabled : True
AutoDiscoverServiceCN : SERVER2010
AutoDiscoverServiceClassNa
AutoDiscoverServiceInterna
iscover/Autodiscover.xml
AutoDiscoverServiceGuid : 77378f46-2c66-4aa9-a6a6-3e
AutoDiscoverSiteScope : {Default-First-Site-Name}
IsValid : True
OriginatingServer : SERVER2010.columbus.local
ExchangeVersion : 0.1 (8.0.535.0)
DistinguishedName : CN=SERVER2010,CN=Servers,C
ative Group (FYDIBOHF23SPDLT),CN=Admin
e Groups,CN=First Organization,CN=Microsoft Ex
change,CN=Services,CN=Conf
s,DC=local
Identity : SERVER2010
Guid : 06498858-0704-403e-84bd-9b
ObjectCategory : columbus.local/Configurati
change-Server
ObjectClass : {top, server, msExchExchangeServer}
WhenChanged : 02/04/2010 14:16:45
WhenCreated : 29/03/2010 13:13:41
[PS] C:\Windows\system32>get-ex
AccessRules : {System.Security.AccessCon
.Security.AccessControl.Cr
ty.AccessControl.CryptoKey
CertificateDomains : {SERVER2010.columbus.local
HasPrivateKey : True
IsSelfSigned : True
Issuer : CN=SERVER2010.columbus.loc
NotAfter : 16/04/2013 00:00:00
NotBefore : 17/04/2010 00:00:00
PublicKeySize : 1024
RootCAType : None
SerialNumber : 25555E96222B4983412A26C024
Services : None
Status : Valid
Subject : CN=SERVER2010.columbus.loc
Thumbprint : B0FCA6B6792617D8D6A79D8D26
AccessRules : {System.Security.AccessCon
.Security.AccessControl.Cr
ty.AccessControl.CryptoKey
CertificateDomains : {remote.columbustelecom.co
10.columbus.local}
HasPrivateKey : True
IsSelfSigned : False
Issuer : CN=columbus-SERVER2010-CA
NotAfter : 12/04/2012 12:11:55
NotBefore : 13/04/2010 12:11:55
PublicKeySize : 2048
RootCAType : Registry
SerialNumber : 1530C0FC00000000000A
Services : IMAP, POP, SMTP
Status : Valid
Subject : CN=remote.columbustelecom.
Thumbprint : B78E465543187C7961F2BED2BA
AccessRules : {System.Security.AccessCon
.Security.AccessControl.Cr
ty.AccessControl.CryptoKey
CertificateDomains : {remote.columbustelecom.co
10.columbus.local}
HasPrivateKey : True
IsSelfSigned : False
Issuer : CN=columbus-SERVER2010-CA
NotAfter : 12/04/2012 11:58:36
NotBefore : 13/04/2010 11:58:36
PublicKeySize : 2048
RootCAType : Registry
SerialNumber : 15248FCF000000000009
Services : IMAP, POP, IIS, SMTP
Status : Valid
Subject : CN=remote.columbustelecom.
Thumbprint : 5A2F12BAE26173FDBB7A072D81
AccessRules : {System.Security.AccessCon
.Security.AccessControl.Cr
ty.AccessControl.CryptoKey
CertificateDomains : {remote.columbustelecom.co
10.columbus.local}
HasPrivateKey : True
IsSelfSigned : False
Issuer : CN=columbus-SERVER2010-CA
NotAfter : 07/04/2012 14:26:30
NotBefore : 08/04/2010 14:26:30
PublicKeySize : 2048
RootCAType : Registry
SerialNumber : 15A5078C000000000008
Services : IMAP, POP, SMTP
Status : Valid
Subject : CN=remote.columbustelecom.
Thumbprint : 9AA8D06600CC0995ADADF66F2F
AccessRules : {System.Security.AccessCon
.Security.AccessControl.Cr
ty.AccessControl.CryptoKey
CertificateDomains : {remote.columbustelecom.co
10.columbus.local}
HasPrivateKey : True
IsSelfSigned : False
Issuer : CN=columbus-SERVER2010-CA
NotAfter : 28/03/2012 14:21:03
NotBefore : 29/03/2010 14:21:03
PublicKeySize : 2048
RootCAType : Registry
SerialNumber : 61199CCB000000000005
Services : IMAP, POP, IIS, SMTP
Status : Valid
Subject : CN=remote.columbustelecom.
Thumbprint : 5292F9ADECA8301267A4029356
AccessRules : {System.Security.AccessCon
.Security.AccessControl.Cr
ty.AccessControl.CryptoKey
CertificateDomains : {SERVER2010.columbus.local
HasPrivateKey : True
IsSelfSigned : False
Issuer : CN=columbus-SERVER2010-CA
NotAfter : 29/03/2011 13:03:44
NotBefore : 29/03/2010 13:03:44
PublicKeySize : 2048
RootCAType : Registry
SerialNumber : 6126642F000000000004
Services : IIS, SMTP
Status : Valid
Subject : CN=SERVER2010.columbus.loc
Thumbprint : E1779AFDEBD0091609C508C3A3
AccessRules : {System.Security.AccessCon
.Security.AccessControl.Cr
ty.AccessControl.CryptoKey
CertificateDomains : {Sites, SERVER2010.columbus.local}
HasPrivateKey : True
IsSelfSigned : False
Issuer : CN=columbus-SERVER2010-CA
NotAfter : 28/03/2012 12:55:49
NotBefore : 29/03/2010 12:55:49
PublicKeySize : 2048
RootCAType : Registry
SerialNumber : 611F2442000000000002
Services : SMTP
Status : Valid
Subject : CN=Sites
Thumbprint : 038B29AE8E2822923904512F16
AccessRules : {System.Security.AccessCon
.Security.AccessControl.Cr
CertificateDomains : {columbus-SERVER2010-CA}
HasPrivateKey : True
IsSelfSigned : True
Issuer : CN=columbus-SERVER2010-CA
NotAfter : 29/03/2015 13:05:33
NotBefore : 29/03/2010 12:55:33
PublicKeySize : 2048
RootCAType : Registry
SerialNumber : 36C78FE88E876AA34084BF7996
Services : None
Status : Valid
Subject : CN=columbus-SERVER2010-CA
Thumbprint : A9E33C5C4E75FF61422B6F1710
AccessRules : {System.Security.AccessCon
.Security.AccessControl.Cr
CertificateDomains : {WMSvc-WIN-YKAAUF5CRPN}
HasPrivateKey : True
IsSelfSigned : True
Issuer : CN=WMSvc-WIN-YKAAUF5CRPN
NotAfter : 26/03/2020 10:04:18
NotBefore : 29/03/2010 11:04:18
PublicKeySize : 2048
RootCAType : Registry
SerialNumber : 6E4129B57811DA8C4218D4ADDE
Services : None
Status : Valid
Subject : CN=WMSvc-WIN-YKAAUF5CRPN
Thumbprint : 59BA9948734EBE6CA7D859419E
ASKER
Not sure why so many certificates show! :(
ok
autodiscover.columbus.com is not on your cets..
run the following commands :
get-oabvirtualdirectory | set-oabvirtualdirectory -internalUrl https://server2010.columbus.local/OAB -externaurl htps://remote.columbustele com.com/OA B
Get-WebServicesVirtualDire ctory | set-WebServicesVirtualDire ctory -InternalUrl https://server2010.columbus.local/EWS/Exchange.asmx
get-clientaccessserver | set-clientaccessserver -AutoDiscoverServiceIntern alUri https://autodiscover.columbustelecom.com/Autodiscover/Autodiscover.xml
restart IIS
test your outlook connection, from internal : Objective : no certificate errors.
autodiscover.columbus.com is not on your cets..
run the following commands :
get-oabvirtualdirectory | set-oabvirtualdirectory -internalUrl https://server2010.columbus.local/OAB -externaurl htps://remote.columbustele
Get-WebServicesVirtualDire
get-clientaccessserver | set-clientaccessserver -AutoDiscoverServiceIntern
restart IIS
test your outlook connection, from internal : Objective : no certificate errors.
can you ping sites?
If so, then I reckon that if you change the internalURL for the OAB to https://sites/OAB it will start to work because you have a certificate for the sites name.
on my SBS2008 the InternalURL of the OAB is
https://sites/OAB
If so, then I reckon that if you change the internalURL for the OAB to https://sites/OAB it will start to work because you have a certificate for the sites name.
on my SBS2008 the InternalURL of the OAB is
https://sites/OAB
Or just do what Seb says first...
I need to see which cert applys to your IIS : Browse to wour inetnal OWA, by using https, and double click on the cert in internet explorer.
Browse to the options of the cert, and find the attributes "subject alternative names", and tell us which names are on it. Also verify it's expiration date.
Browse to the options of the cert, and find the attributes "subject alternative names", and tell us which names are on it. Also verify it's expiration date.
ASKER
Ok, firstly, I followed the steps in your first post Seb. Note, after running:
Get-WebServicesVirtualDire ctory | set-WebServicesVirtualDire ctory -InternalUrl https://server2010.columbus.local/EWS/Exchange.asmx
I got back: WARNING: The command completed successfully but no settings of 'SERVER2010\EWS
(Default Web Site)' have been modified.
Also, in the third command, is it -AutoDiscoverServiceIntern alUri or -AutoDiscoverServiceIntern alUrl. I did Uri as per your post. Restart IIS. Exited Outlook 2007 and reloaded, still got a certificate error.
MegaNuk3: I can ping Sites, but it doesn't resolve to our SBS, it resolves to another address...not sure what device that is right now.
I followed the step re. the certificate but, just to note as the above, despite DNS looking correct, I think there's an issue there. I can't get to our internal OWA address (remote.columbustelecom.co m/owa) unless I edit my hosts file to make it point to our internal server IP. Once I do that and follow your steps above the Subject Alternative Names are:
DNS Name=columbustelecom.com
DNS Name=remote.columbusteleco m.com
DNS Name=SERVER2010.columbus.l ocal
Valid to date: 12 April 2012.
Do you think it's the DNS issue?
Get-WebServicesVirtualDire
I got back: WARNING: The command completed successfully but no settings of 'SERVER2010\EWS
(Default Web Site)' have been modified.
Also, in the third command, is it -AutoDiscoverServiceIntern
MegaNuk3: I can ping Sites, but it doesn't resolve to our SBS, it resolves to another address...not sure what device that is right now.
I followed the step re. the certificate but, just to note as the above, despite DNS looking correct, I think there's an issue there. I can't get to our internal OWA address (remote.columbustelecom.co
DNS Name=columbustelecom.com
DNS Name=remote.columbusteleco
DNS Name=SERVER2010.columbus.l
Valid to date: 12 April 2012.
Do you think it's the DNS issue?
ASKER
Ok, think we've almost fixed it! I just logged on to a machine as the admin account I created for the migration....and the address book downloaded! Got a certificate error still when I setup the account in Outlook, but the address book downloading is definite progress. I'm happy!
I'm at home now but, on my own account (via the VPN) it still won't download...though the error has changed. I now get 0X80070057. Could that be because I'm connecting via the VPN?
Cheers guys.
I'm at home now but, on my own account (via the VPN) it still won't download...though the error has changed. I now get 0X80070057. Could that be because I'm connecting via the VPN?
Cheers guys.
ASKER
Ok, I remote desktopped a PC in the office, removed any exchange mailboxes and added mine again. Certificate errors still appearing but it's downloading the address book! I'll report back when I'm in the office again.
Thanks again x 9999
Thanks again x 9999
nice
still have to get rid of the cert error
But it's a good news :)
still have to get rid of the cert error
But it's a good news :)
ASKER
Yeah. At the moment I'm still having issues downloading it over the VPN (0X80070057) and there's obviously the certificate error but I'll do all I can over the weekend / Monday morning and post again then. If you're around to help on Monday, that'd be excellent.
Cheers.
Cheers.
yop
ASKER
Hi Seb,
Thanks again for your help. The OAB issue is definitely resolved for all users inside the LAN! Really happy. I've yet to fully test this over the VPN but want to resolve the certificate error next. If you think I should award points for this one and create a new question, please let me know as I think this is a slightly different issue now.
The error I get is shown in the screengrab below. When I view the certificate, I get the 2nd screenshot. I think the issue here is that on the security alert it states "autodiscover.columbustele com.com" but when viewing the certificate, it's issued to "remote.columbustelecom.co m".
Is there an easy fix for this?
Cheers,
Zak
Thanks again for your help. The OAB issue is definitely resolved for all users inside the LAN! Really happy. I've yet to fully test this over the VPN but want to resolve the certificate error next. If you think I should award points for this one and create a new question, please let me know as I think this is a slightly different issue now.
The error I get is shown in the screengrab below. When I view the certificate, I get the 2nd screenshot. I think the issue here is that on the security alert it states "autodiscover.columbustele
Is there an easy fix for this?
Cheers,
Zak
Hi
can you have a look on this certificate stating the error, for the "AlternatSubjectNames" part ?
isn't autodiscover on it ?
The problem here, is that you're outlook clients are not detecting that they are connected to the server, and try to get the server thrdough Internet Web services, and thence look for AUTODISCOVER.columbustelec om.com
=> You will have either to give the vpn clients a correct path to autodiscover.columbustelec om.com, or to reissue a certificate for your exchange server, with all the correct names on it.
can you have a look on this certificate stating the error, for the "AlternatSubjectNames" part ?
isn't autodiscover on it ?
The problem here, is that you're outlook clients are not detecting that they are connected to the server, and try to get the server thrdough Internet Web services, and thence look for AUTODISCOVER.columbustelec
=> You will have either to give the vpn clients a correct path to autodiscover.columbustelec
ASKER
Hi,
No, autodiscover isn't listed under "AtlernateSubjectNames". Not sure how to add that using PS though. Is there a command to do this?
Also, just to clarify, this message appears from within the LAN and I notice I do have the "connected to Microsoft Exchange" message at the bottom right of Outlook before clicking Yes to the security alert.
Regarding your note about the VPN...which would be easier? As far as I can remember, the security cert error is a bit different when connecting over the VPN.
No, autodiscover isn't listed under "AtlernateSubjectNames". Not sure how to add that using PS though. Is there a command to do this?
Also, just to clarify, this message appears from within the LAN and I notice I do have the "connected to Microsoft Exchange" message at the bottom right of Outlook before clicking Yes to the security alert.
Regarding your note about the VPN...which would be easier? As far as I can remember, the security cert error is a bit different when connecting over the VPN.
You can use this wizard to generate the Exchange certificate command that you would use for your server and include all the subjectAlternate Names, such as autodiscover.columbustelec om.com:
https://www.digicert.com/easy-csr/exchange2007.htm
https://www.digicert.com/easy-csr/exchange2007.htm
Hum.
I Need to compare both certificate errors to have a better view of your organization : Can you post both errors, and both certificates details in that case
Also, can you confirm ?
You want access from INSIDE and from LAN : No Outlook over RPC, right ?
Your server name is Server2010.columbustelecom .local
Your remote server name (owa) is remote.columbustelecom.com
You have an external columbustelecom.com DNS zone, stating "remote" and "autodiscover" to your public IP address
You don't have any internal zone "columbustelecom.com", right ?
I Need to compare both certificate errors to have a better view of your organization : Can you post both errors, and both certificates details in that case
Also, can you confirm ?
You want access from INSIDE and from LAN : No Outlook over RPC, right ?
Your server name is Server2010.columbustelecom
Your remote server name (owa) is remote.columbustelecom.com
You have an external columbustelecom.com DNS zone, stating "remote" and "autodiscover" to your public IP address
You don't have any internal zone "columbustelecom.com", right ?
ASKER
MegaNuk3, thanks for the link. I'll give that a try once I'm confident with what needs doing.
Seb - Ultimately, I would like Outlook over RPC though my initial task is to get rid of the cert. errors from within the LAN.
Our server name is SERVER2010.columbus.local
Our remote server name *should* be remote.columbustelecom.com though I can only access this internally at the moment...
Our external DNS is managed by a 3rd party but remote.columbustelecom.com and autodiscover.columbustelec om.com point to our public IP.
I do have an internal zone for columbustelecom.com...shou ld this not be present? Within it, I have www setup to point to where our website is hosted, and I have remote,autodiscover and mail pointing to the internal IP of our DC.
I also have a seperate internal zone for remote.columbustelecom.com with the root (so, remote.columbustelecom.com ) pointing to the internal IP of the server.
Is this not correct?
Cheers.
Seb - Ultimately, I would like Outlook over RPC though my initial task is to get rid of the cert. errors from within the LAN.
Our server name is SERVER2010.columbus.local
Our remote server name *should* be remote.columbustelecom.com
Our external DNS is managed by a 3rd party but remote.columbustelecom.com
I do have an internal zone for columbustelecom.com...shou
I also have a seperate internal zone for remote.columbustelecom.com
Is this not correct?
Cheers.
ASKER
Also, I can post the error from outside the LAN around 7pm British time.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi again,
I've been really busy with a few other domains lately so only just getting the chance to revisit this one. Ok, just before I go ahead, there's no chance that deleting all the other certificates will cause the OAB issues to occur again, or Free/Busy info issues (a problem occuring near the start of the install) ?
Also, just to clarify, our FQDN for the DC is server2010.columbus.local so I presume I'd apply that to the certificate rather than server2010.columbustelecom .local, yea?
And (sorry if this is a really silly question) is this all possible without purchasing a secure certificate? Can I use the self-issued one?
I *think* I'm nearly there.
Oh, and one final thing, what is the command to delete the old certificates once I've created the new one?
Thanks again. Lifesavers, both of you. :)
I've been really busy with a few other domains lately so only just getting the chance to revisit this one. Ok, just before I go ahead, there's no chance that deleting all the other certificates will cause the OAB issues to occur again, or Free/Busy info issues (a problem occuring near the start of the install) ?
Also, just to clarify, our FQDN for the DC is server2010.columbus.local so I presume I'd apply that to the certificate rather than server2010.columbustelecom
And (sorry if this is a really silly question) is this all possible without purchasing a secure certificate? Can I use the self-issued one?
I *think* I'm nearly there.
Oh, and one final thing, what is the command to delete the old certificates once I've created the new one?
Thanks again. Lifesavers, both of you. :)
ASKER
Hi gents. Sorry to bump this but are either of you available to read the above post? I just want to try to ensure I don't mess anything else up by removing the old certificates. Hopefully I can get this one stroked off after this.
Cheers again,
Zak
Cheers again,
Zak
Hello
I thought I answered : I've probably missed the submit Button :)
Yes it is possible to do that with an internal certificate service (microsoft pki).
In order not to distrub your infrastrcture, you must first install a new certificate and affect the services on it, and after that you can delete the old certs.
On the new certificate, you will have to put the following names (interpret intenal and external to your real domain names..):
- COMMON NAME : External FQDN of your principal EMAIL DOMAIN : remote.columbustelecom.com
- SANs : autodiscover.columbustelec om.com, autodiscover.internaldomai n.local, autodiscover.whatever other.principal.email.doma in.name.yo u.have
- SANs : Server2010
I thought I answered : I've probably missed the submit Button :)
Yes it is possible to do that with an internal certificate service (microsoft pki).
In order not to distrub your infrastrcture, you must first install a new certificate and affect the services on it, and after that you can delete the old certs.
On the new certificate, you will have to put the following names (interpret intenal and external to your real domain names..):
- COMMON NAME : External FQDN of your principal EMAIL DOMAIN : remote.columbustelecom.com
- SANs : autodiscover.columbustelec
- SANs : Server2010
ASKER
Hi Seb, thanks. Ok, I've generated the certificate using the link above which gave me back:
"New-ExchangeCertificate -GenerateRequest -Path c:\remot
e_columbustelecom_com.csr -KeySize 2048 -SubjectName "c=GB, s=Glasgow, l=Glasgow
, o=Columbus Telecom, cn=remote.columbustelecom. com" -DomainName server2010.colu
mbus.local, remote.columbustelecom.com , autodiscover.columbustelec om.com, server
2010 -PrivateKeyExportable $True"
I pasted this into the shell and got back:
Thumbprint Services Subject
---------- -------- -------
4A5327A5E11EA82CC7DA548613 3890A7AC21 D679 ..... C=GB, S=Glasgow, L=Glas...
I then pasted the command you posted, changing the path to the actual file so my command was:
Import-ExchangeCertificate -Path c:\remote_columbustele
com_com.csr | Enable-ExchangeCertificate -Services IIS, SMTP, UM, POP
But when I did this, I got the error back:
Import-ExchangeCertificate : The source data cannot be imported or the wrong pa
ssword was specified.
At line:1 char:27
+ Import-ExchangeCertificate <<<< -Path c:\remote_columbustelecom_ com.csr | En
able-ExchangeCertificate -Services IIS, SMTP, UM, POP
+ CategoryInfo : ReadError: (0:Int32) [Import-ExchangeCertificat e
], ImportCertificateDataInval idExceptio n
+ FullyQualifiedErrorId : 56E2F48A,Microsoft.Exchang e.Manageme nt.SystemC on
figurationTasks.ImportExch angeCertif icate
Is it because the file generated is a .csr file rather than .txt as you mentioned?
Cheers.
"New-ExchangeCertificate -GenerateRequest -Path c:\remot
e_columbustelecom_com.csr -KeySize 2048 -SubjectName "c=GB, s=Glasgow, l=Glasgow
, o=Columbus Telecom, cn=remote.columbustelecom.
mbus.local, remote.columbustelecom.com
2010 -PrivateKeyExportable $True"
I pasted this into the shell and got back:
Thumbprint Services Subject
---------- -------- -------
4A5327A5E11EA82CC7DA548613
I then pasted the command you posted, changing the path to the actual file so my command was:
Import-ExchangeCertificate
com_com.csr | Enable-ExchangeCertificate
But when I did this, I got the error back:
Import-ExchangeCertificate
ssword was specified.
At line:1 char:27
+ Import-ExchangeCertificate
able-ExchangeCertificate -Services IIS, SMTP, UM, POP
+ CategoryInfo : ReadError: (0:Int32) [Import-ExchangeCertificat
], ImportCertificateDataInval
+ FullyQualifiedErrorId : 56E2F48A,Microsoft.Exchang
figurationTasks.ImportExch
Is it because the file generated is a .csr file rather than .txt as you mentioned?
Cheers.
Hello
That's logical : you just made a certificate request. (the csr file)
You now have to transform that request in a real certficate. For that, you will have to present the CSR (the request) to a Certification Authority : Either a public one (comodo, versign, ...) or an internal Microsoft PKI if you have one.
That's logical : you just made a certificate request. (the csr file)
You now have to transform that request in a real certficate. For that, you will have to present the CSR (the request) to a Certification Authority : Either a public one (comodo, versign, ...) or an internal Microsoft PKI if you have one.
Hmmm, can't you do:
Enable-ExchangeCertificate -Thumbprint 4A5327A5E11EA82CC7DA548613 3890A7AC21 D679 -Services IIS, SMTP, UM, POP
?
Enable-ExchangeCertificate
?
ASKER
MegaNuk3 - Upon doing a bit of reading, I tried the above command already and I get:
"The certificate with thumbprint xxxxxx was not found."
Since I don't know about using an internal PKI, I think we're going to look at purchasing the certificate now as that looks to be the only valid option.
I'll discuss this with our director and try to get it ordered today.
"The certificate with thumbprint xxxxxx was not found."
Since I don't know about using an internal PKI, I think we're going to look at purchasing the certificate now as that looks to be the only valid option.
I'll discuss this with our director and try to get it ordered today.
That should create you a self-signed certificate.
I'm not using these, and i don't know if everything will work smoothly behind, perhaps you will have to import this certificate to the client computers when using OWA. But yes, you can try that, and if not working, just delete this cert at the end :)
I'm usually using a Microsoft our a Public CA.
I'm not using these, and i don't know if everything will work smoothly behind, perhaps you will have to import this certificate to the client computers when using OWA. But yes, you can try that, and if not working, just delete this cert at the end :)
I'm usually using a Microsoft our a Public CA.
Lol
Ok, it's a good step. From my poitn of view, COMODO UCC Certificates are the cheapest (About 1200$$ for three years).
(Oups)...
Ok, it's a good step. From my poitn of view, COMODO UCC Certificates are the cheapest (About 1200$$ for three years).
(Oups)...
Apparently GoDaddy ones are really cheap too.
ASKER
Hi gents, me again! Ok, since I last posted, I ordered a 90-day free secure certificate from Comodo to try out. I followed the above steps (with a few tweaks) and the cert is now installed...but I now get two certificate errors upon loading Outlook 2007! I don't want to go deleting the old certs just yet until I'm sure I know what's going on.
The first one clearly relates to the new certificate I've installed (screengrab attached). Despite everything above, under subject alternative name, all I have is shown in screenshot two. Not sure why autodiscover, server2010 etc. are not present there....
I'm not too worried about the 2nd cert error as I assume it'll disappear once I fix this one and remove the other unneeded certs.
I keep thinking I've cracked it but not quite yet!
Cert1.png
Cert2.png
Cert3.png
The first one clearly relates to the new certificate I've installed (screengrab attached). Despite everything above, under subject alternative name, all I have is shown in screenshot two. Not sure why autodiscover, server2010 etc. are not present there....
I'm not too worried about the 2nd cert error as I assume it'll disappear once I fix this one and remove the other unneeded certs.
I keep thinking I've cracked it but not quite yet!
Cert1.png
Cert2.png
Cert3.png
ASKER
Interestingly however, it does look to have fixed the cert issue with RWW. At least that's one positive! :)
you missed the entry : autodiscover.columbus..... .....
ASKER
Yeah, but the thing is, This:
"New-ExchangeCertificate -GenerateRequest -Path c:\remot
e_columbustelecom_com.csr -KeySize 2048 -SubjectName "c=GB, s=Glasgow, l=Glasgow
, o=Columbus Telecom, cn=remote.columbustelecom. com" -DomainName server2010.colu
mbus.local, remote.columbustelecom.com , autodiscover.columbustelec om.com, server
2010 -PrivateKeyExportable $True"
Is what I gave to comodo to generate the certificate.... :s
"New-ExchangeCertificate -GenerateRequest -Path c:\remot
e_columbustelecom_com.csr -KeySize 2048 -SubjectName "c=GB, s=Glasgow, l=Glasgow
, o=Columbus Telecom, cn=remote.columbustelecom.
mbus.local, remote.columbustelecom.com
2010 -PrivateKeyExportable $True"
Is what I gave to comodo to generate the certificate.... :s
strange.. even the www.remote... is not on the request you made.
Try it again :)
Try it again :)
Try this:
http://blogs.msdn.com/dgoldman/archive/2006/11/27/Error-0x80190194-when-using-an-outlook-2007-client-to-download-a-web-distribution-enabled-oab.aspx
It should fix your issue. We can into this and I had the link bookmarked. Hope it helps.
http://blogs.msdn.com/dgoldman/archive/2006/11/27/Error-0x80190194-when-using-an-outlook-2007-client-to-download-a-web-distribution-enabled-oab.aspx
It should fix your issue. We can into this and I had the link bookmarked. Hope it helps.
ASKER
Hi all, sorry for the lack of activity on this. Been tied up with a few other projects lately. I think all the info I need is in this thread and I can't thank you both (seb_acker and MegaNuk3) enough for your help. I'm going to consider this resolved and dish out the points. I'm sorry it can't be more than 500 though!
Cheers,
Zak
Cheers,
Zak
ASKER
Superb help from seb_acker and MegaNuk3.
Thanks for the points, glad you got it working in the end
Thanks and have it well for the next steps :)
ASKER