outlook anywhere and autodiscover
exchange 2010 server
outlook anywhere and autodiscover works from outside the network on windows 7 and outlook 2010, an outlook account can be setup fine.
but on a XP machine with office 2007 I enter the name\email address\password during new account setup and then it constantly asks for credentials connecting to autodiscover.domainname and then 'you must use the mail icon to add an account'
then using the mail icon the error that 'the exchange server is unavailable'
autodiscover.domainname definitely points to the mail server. the ssl certificate works fine internally and obviously on windows 7 externally.
is there a difference between outlook anywhere setup and autodiscover in windows 7\2010 and xp\2007?
outlook anywhere and autodiscover works from outside the network on windows 7 and outlook 2010, an outlook account can be setup fine.
but on a XP machine with office 2007 I enter the name\email address\password during new account setup and then it constantly asks for credentials connecting to autodiscover.domainname and then 'you must use the mail icon to add an account'
then using the mail icon the error that 'the exchange server is unavailable'
autodiscover.domainname definitely points to the mail server. the ssl certificate works fine internally and obviously on windows 7 externally.
is there a difference between outlook anywhere setup and autodiscover in windows 7\2010 and xp\2007?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
that registry dword value does not exist on the 2008r2 ex2010 server. should it?
on the xp client it is indeed a value of 0.
----
testing from link above passed all autodiscover tests but gave the warning:
Only able to build certificate chain when using the Root Certificate Update functionality from Windows Update. Your server may not be properly configured to send down the required intermediate certificates to complete the chain.
my ssl certificate came with an intermediate certificate that I have installed and rebooted the server. maybe I installed it wrong?
remember this all works OK from windows 7 clients.
on the xp client it is indeed a value of 0.
----
testing from link above passed all autodiscover tests but gave the warning:
Only able to build certificate chain when using the Root Certificate Update functionality from Windows Update. Your server may not be properly configured to send down the required intermediate certificates to complete the chain.
my ssl certificate came with an intermediate certificate that I have installed and rebooted the server. maybe I installed it wrong?
remember this all works OK from windows 7 clients.
ASKER
I have 2 certificates showing in my EMC:
1 x self signed that appeared at install
1 x purchased additional name certificate that covers mail.domainname autodiscover.domainname and owa.domainname
The self signed certificate has the message below:
This CA Root certificate is not trusted because it is not in the Trusted Root Certification Authorities store.
1 x self signed that appeared at install
1 x purchased additional name certificate that covers mail.domainname autodiscover.domainname and owa.domainname
The self signed certificate has the message below:
This CA Root certificate is not trusted because it is not in the Trusted Root Certification Authorities store.
Forget the self signed certificate. You are using the UCC certificate.
Check the registry key on a DC and compare the value with a XP machine.
Check the registry key on a DC and compare the value with a XP machine.
Is it a start certificate ?
ASKER
I ran exchange remote connectivity test using link above from an xp client off domain and it fails testing SSL mutual authentication with the RPC proxy server and gives a link:
The certificate Common Name does not match the Mutual Authentication (msstd:) so I fixed from resolution on that site and all OK now.
http://technet.microsoft.com/en-gb/library/dd439371(EXCHG.80).aspx
Open registry editior on the server and go to the following location:
HKEY_LOCAL_MACHINE\System\
There will be a DWORD entry 'LmCompatibility level', Kindly make a note of this value.
On the XP machine open the registry and go to the same location, check the 'Lmcompatibility' value. Most probably it will be set to 0.
We need the value on the server and the XP machine to match.
P.S: I would recommed you change the value on the client than the server.
Let us know how it goes.