Exchange Outlook WebService and login prompt

ABMauriHelpDesk
ABMauriHelpDesk used Ask the Experts™
on
Having an issue with outlook 2007 prompting for a login.  When I run the test-outlookwebservices it comes back with errors 1004 and 1013 and has the right certificate name but the wrong server (it is one of our servers, but not the one it should be).  Where is this set?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Top Expert 2010

Commented:
a) Please give details of your exchange and outlook version with what service packs are installed.

b) Did you update your Outlook to Office 2007 SP2
Run the updates and see if that solves the problem.

c) You mention that the certificate name is correct but the server name is wrong ?
did you go through a migration recently ?

Author

Commented:
Exchange is SP 1 - we have 5 exchange servers - all the same.  SP2 and SP1 for outlook - same problem.

It has been working fine until the past few days.  

We have a cert for OWA for outside.domain.com and the certificate is installed on server1.domain.local.  When I do a test-outlookwebservices, I get error 1004 - the certificate for the URL https://server2.domain.local/rpc is incorrect.  For SSL to work it needs ot have a subject of outside.domain.com and then goes on to list the details of the cert that is installed on 2nd server.
Top Expert 2010

Commented:
Can you run this test and get a detailed result.

http://www.testexchangeconnectivity.com/

Activesync tests >> will bring out your certificate issues.

Test for outlook autodiscover

Please post back the results of ExRCA
Python 3 Fundamentals

This course will teach participants about installing and configuring Python, syntax, importing, statements, types, strings, booleans, files, lists, tuples, comprehensions, functions, and classes.

Author

Commented:
I know my cert isn't correct for the autodiscover, but it has been working.  We do not have outlook anywhere on for this server and I don't understand why it is trying to go to server2 when outside.domain.com has a DNS record that points to server1
Attempting to test Autodiscover for medomain.com
 Testing Autodiscover failed.
 Test Steps
 ExRCA is attempting each method of contacting the Autodiscover service.
 The Autodiscover service couldn't be contacted successfully by any method.
 Test Steps
 Attempting to test potential AutoDiscover URL https://domain.com/AutoDiscover/AutoDiscover.xml
 Testing of this potential Autodiscover URL failed.
 Test Steps
 Attempting to resolve the host name domain.com in DNS.
 Host successfully resolved
 Additional Details
 IP(s) returned: xxx.xxx.xxx.xxx

Testing TCP Port 443 on host domain.com to ensure it is listening and open.
 The port was opened successfully.
ExRCA is testing the SSL certificate to make sure it's valid.
 The SSL certificate failed one or more certificate validation checks.
 Test Steps
 The certificate name is being validated.
 Certificate name validation failed.
  Tell me more about this issue and how to resolve it
 Additional Details
 Host name domain.com does not match any name found on the server certificate CN=outside.domain.com, OU=Domain Control Validated, O=outside.domain.com





Attempting to test potential AutoDiscover URL https://autodiscover.domain.com/AutoDiscover/AutoDiscover.xml
 Testing of this potential Autodiscover URL failed.
 Test Steps
 Attempting to resolve the host name autodiscover.domain.com in DNS.
 Host successfully resolved
 Additional Details
 IP(s) returned: xxx.xxx.xxx.xxx

Testing TCP Port 443 on host autodiscover.domain.com to ensure it is listening and open.
 The port was opened successfully.
ExRCA is testing the SSL certificate to make sure it's valid.
 The SSL certificate failed one or more certificate validation checks.
 Test Steps
 The certificate name is being validated.
 Certificate name validation failed.
  Tell me more about this issue and how to resolve it
 Additional Details
 Host name autodiscover.domain.com does not match any name found on the server certificate CN=outside.domain.com, OU=Domain Control Validated, O=outside.domain.com





ExRCA is attempting to contact the Autodiscover service using the HTTP redirect method.
 The attempt to contact Autodiscover using the HTTP Redirect method failed.
 Test Steps
 Attempting to resolve the host name autodiscover.domain.com in DNS.
 Host successfully resolved
 Additional Details
 IP(s) returned: xxx.xxx.xxx.xxx

Testing TCP Port 80 on host autodiscover.domain.com to ensure it is listening and open.
 The specified port is either blocked, not listening, or not producing the expected response.
  Tell me more about this issue and how to resolve it
 Additional Details
 A network error occurred while communicating with remote host
Exception details:
Message: No connection could be made because the target machine actively refused it xxx.xxx.xxx.xxx:80
Type: System.Net.Sockets.SocketException
Stack trace:
at System.Net.Sockets.TcpClient.Connect(String hostname, Int32 port)
at Microsoft.Exchange.Tools.ExRca.Tests.TcpPortTest.PerformTestReally()




ExRCA is attempting to contact the Autodiscover service using the DNS SRV redirect method.
 Failed to contact AutoDiscover using the DNS SRV redirect method.
 Test Steps
 Attempting to locate SRV record _autodiscover._tcp.domain.com in DNS.
 The Autodiscover SRV record wasn't found in DNS.
  Tell me more about this issue and how to resolve it
Top Expert 2010

Commented:
ok
a) your certificate name has a mismatch.
b) your autodiscover failed.
c) The Autodiscover SRV record wasn't found in DNS.

did you set these up ?

At this stage I think it will be prudent to run some DNS tests

On your DC
start > run
type

dcdiag /v /e /TEST:DNS > C:\dcdiagdns.txt

Please post back here.

Author

Commented:
2 domains and includes some servers that are not on or accessaible by this DC.

Thanks for your help
dcdiagdns.txt
Top Expert 2010

Commented:
ok.
Your DNS test's failed.
that DNS diag was for the forest - which domain are we dealing with here. ( I am guessing abmna.local   ..)

Summary of DNS test results:        
                                            Auth Basc Forw Del  Dyn  RReg Ext
            _________________________________________________________________
            Domain: bpna.com               lasbpna                      FAIL FAIL n/a  n/a  n/a  n/a  n/a  
               fensrv24                     PASS FAIL n/a  n/a  n/a  WARN n/a  
               hutchtemp                    FAIL FAIL n/a  n/a  n/a  n/a  n/a  
               membpna                      PASS WARN FAIL PASS WARN WARN n/a  
               fensrv13                     FAIL FAIL n/a  n/a  n/a  n/a  n/a  
               fensrv02                     FAIL FAIL n/a  n/a  n/a  n/a  n/a  
               memsrv02                     FAIL FAIL n/a  n/a  n/a  n/a  n/a  
               hutsrv02                     FAIL FAIL n/a  n/a  n/a  n/a  n/a  
               calbpna                      FAIL FAIL n/a  n/a  n/a  n/a  n/a  
               bcvsrv01                     FAIL FAIL n/a  n/a  n/a  n/a  n/a  
            Domain: abmna.local               lassrv01                     PASS WARN PASS PASS PASS WARN n/a  
               fensrv21                     PASS WARN PASS PASS PASS FAIL n/a  
               ptlsrv01                     PASS WARN PASS PASS PASS WARN n/a  
               GRNSRV01                     PASS WARN FAIL PASS PASS WARN n/a  
               CALSRV01                     PASS WARN PASS PASS PASS WARN n/a  
               MEMSRV01                     PASS WARN PASS PASS PASS WARN n/a  

Author

Commented:
yes. abmna.local

Author

Commented:
When I do an Test E-mail autoconfiguration from my Outlook client, the Protocol Http shows server2 instead of server1.
Top Expert 2010

Commented:
test this on one of the workstations.

Close outlook

Go to

%userprofile%/Application Data/Microsoft/Outlook

there should be a file called outcmd.dat

rename that file to outcmd.dat-old

restart outlook (this will create a new outcmd.dat)
See if you can get the OAB now.
Top Expert 2010

Commented:
I mean - see if you can get the new exchange server now.

QUOTE
When I do an Test E-mail autoconfiguration from my Outlook client, the Protocol Http shows server2 instead of server1.

>> Which one is the new exchange server ? Server2 or Server1 ?
Top Expert 2010

Commented:
let me know if this works ?

Author

Commented:
Neither server is new, but the cert for outside.domain.local is installed on server1, autodiscover.domain.local points to server1 and my mail is on server1, so I don't know why server2 shows up at all.

I did delete outcmd from a computer that is having this issue and it prompted for a password as soon as I started outlook again.  The prompt is for outside.domain.local.

Author

Commented:
sorry -those should be domain.com not .local
Top Expert 2010

Commented:
when you do a Test E-mail autoconfiguration from outlook - does it STILL point to server2 or server1 ?

Author

Commented:
Yes.  I even tried deleting the outcmd on another person who is having the same issue who is on server3 and hers also pointed to server2.
Top Expert 2010

Commented:
Is there a DNS entry pointing to SERVER2 ?
Check A records in DNS on your DC

Let me know the name of server2 and server1 - so that I can look it up in your dcdiag / dns tests

Author

Commented:
server1 is fensrv30, server2 is ptlsrv01.  They all have correct a records,  NSlookups return the correct address and so does a ping.
Top Expert 2010

Commented:
Is there a backup / alternate DNS server ?

Anything coming from the second domain through replication ?

Just thinking out aloud.
Top Expert 2010

Commented:
PTLSRV01 is a DC and it hosts the global catalog role >> hence it's responding to requests.
It also has the DNS roles.

FENSRV30 - is not listed in dcdiag ?
Top Expert 2010

Commented:
ok. I never asked you this before (how stupid of me..) But what version of exchange are you running ?

Author

Commented:
Exchange 2007 SP1.  Fensrv30 is not a DNS  - the DNS/Global Catalog in its location is Fensrv21
Top Expert 2010
Commented:
Can you check this link
http://www.msexchange.org/articles_tutorials/exchange-server-2007/management-administration/configuring-exchange-server-2007-web-services-urls.html

I will be out of office the whole day, will be checking for your replies on the road.

Author

Commented:
Well,  I updated my certificate and installed the new one, reset IIS, and for the past hour and a half the people with issues are not having them.  Keeping my fingers crossed.  I will let you know later.

The test-outlookwebservices still fails with error 1004 as it tries to connect to the wrong server (ptlsrv01) for the outside.abmauri.us.  Seems like the SCP is wrong...

Thanks

Author

Commented:
Everthing seems to be working now.   Thanks for you help

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial