We help IT Professionals succeed at work.

outlook anywhere and autodiscover

Pete
Pete used Ask the Experts™
on
exchange 2010 server

outlook anywhere and autodiscover works from outside the network on windows 7 and outlook 2010, an outlook account can be setup fine.

but on a XP machine with office 2007 I enter the name\email address\password during new account setup and then it constantly asks for credentials connecting to autodiscover.domainname and then 'you must use the mail icon to add an account'

then using the mail icon the error that  'the exchange server is unavailable'

autodiscover.domainname definitely points to the mail server. the ssl certificate works fine internally and obviously on windows 7 externally.

is there a difference between outlook anywhere setup and autodiscover in windows 7\2010 and xp\2007?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Solutions Architect
Commented:
as far as I remember it is related to the msstd do you have a * certificate ?

go to https://www.testexchangeconnectivity.com/ and do the outlook anywhere test with autodiscover

results?
check the following registry key on the server and then the windows xp machine:

Open registry editior on the server and go to the following location:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa
There will be a DWORD entry 'LmCompatibility level', Kindly make a note of this value.

On the XP machine open the registry and go to the same location, check the 'Lmcompatibility' value. Most probably it will be set to 0.
We need the value on the server and the XP machine to match.

P.S: I would recommed you change the value on the client than the server.

Let us know how it goes.

Author

Commented:
that registry dword value does not exist on the 2008r2 ex2010 server. should it?
on the xp client it is indeed a value of 0.
----
testing from link above passed all autodiscover tests but gave the warning:

Only able to build certificate chain when using the Root Certificate Update functionality from Windows Update. Your server may not be properly configured to send down the required intermediate certificates to complete the chain.
 my ssl certificate came with an intermediate certificate that I have installed and rebooted the server. maybe I installed it wrong?
 
remember this all works OK from windows 7 clients.
 

Author

Commented:
I have 2 certificates showing in my EMC:
1 x self signed that appeared at install
1 x purchased additional name certificate that covers mail.domainname autodiscover.domainname  and owa.domainname
The self signed certificate has the message below:

This CA Root certificate is not trusted because it is not in the Trusted Root Certification Authorities store.
Forget the self signed certificate. You are using the UCC certificate.
Check the registry key on a DC and compare the value with a XP machine.
AkhaterSolutions Architect

Commented:
Is it a start certificate ?

Author

Commented:
I ran exchange remote connectivity test using link above from an xp client off domain and it fails testing SSL mutual authentication with the RPC proxy server and gives a link:

http://technet.microsoft.com/en-gb/library/dd439371(EXCHG.80).aspx
The certificate Common Name does not match the Mutual Authentication (msstd:)  so I fixed from resolution on that site and all OK now.