Solved

Outlook Continuos Logon Prompts

Posted on 2010-08-18
31
1,037 Views
Last Modified: 2012-05-10
We have SBS 2008 running with Exchange 2007
Users are getting continous logon prompts when launching their outlook client.
After further review, (internally) I  noticed it is using the FQDN of the external mail server as domain\username
example  mail.somedomain.com\username

Why isnt it trying the local domian,  somedomain.local\username

Also looking on the web, I saw that installing Service Pack or roll-up would fix this issue
I installed Exchange 2007 SP2 along with rollup 4 and this is still an issue.
Need help
0
Comment
Question by:bntech
  • 16
  • 8
  • 2
  • +4
31 Comments
 
LVL 11

Expert Comment

by:Coast-IT
ID: 33469806
It sounds like your autodiscovery isn't set up right, spend some time and configure this via the powershell.  You basically set internal and external autodiscovery.

Here is one guide, but there are plenty out there ;

http://www.msexchange.org/articles_tutorials/exchange-server-2007/management-administration/configuring-outlook-2007-exchange-server-2007.html
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33471215
From exch shell run this

get-webservicesvirtualdirectory | fl
get-autodiscovervirtualdirectory | fl


Output the results here.

thanks
0
 
LVL 9

Accepted Solution

by:
v_9mhdrf earned 250 total points
ID: 33471748
Please check the following steps mentioned below:-

Autodiscover = Basic + Windows Integrated + SSL Forced == Disable - Kernel Mode Authentication.
OAB= Windows Integrated = Disable - Kernel Mode Authentication.
EWS= Windows Integrated = Disable - Kernel Mode Authentication + SSL forced.

Follow the kb-940726, and run the following command on the server.

Set-ClientAccessServer -Identity CAS_Server_Name -AutodiscoverServiceInternalUri https://mail.contoso.com/autodiscover/autodiscover.xml

Set-WebServicesVirtualDirectory -Identity "CAS_Server_Name\EWS (Default Web Site)" -InternalUrl https://mail.contoso.com/ews/exchange.asmx

Set-OABVirtualDirectory -Identity "CAS_Server_name\oab (Default Web Site)" -InternalUrl https://mail.contoso.com/oab

Please run the following command in the management shell:-

test-outlookWebserivces | fl and see the result. If you get 401 Unauthorized please follow the below link and restart the server.

DisableLoopbackcheck registry.
key as per the article <http://support.microsoft.com/kb/896861>.

Please do revert back if you have any issues.
0
 
LVL 23

Expert Comment

by:Malli Boppe
ID: 33471782
0
 
LVL 1

Author Comment

by:bntech
ID: 33474809
Here is the two commands runned as requested.

[PS] C:\Windows\system32>Get-AutodiscoverVirtualDirectory |fl


Name                          : Autodiscover (SBS Web Applications)
InternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated}
ExternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated}
BasicAuthentication           : True
DigestAuthentication          : False
WindowsAuthentication         : True
MetabasePath                  : IIS://DC.somedomain.local/W3SVC/3/ROOT/Autodisc
                                ver
Path                          : C:\Program Files\Microsoft\Exchange Server\Cli
                                ntAccess\Autodiscover
Server                        : DC
InternalUrl                   : https://webmail.somedomain.com/Autodi
                                cover/Autodiscover.xml
ExternalUrl                   : https://webmail.somedomain.com/Autodi
                                cover/Autodiscover.xml
AdminDisplayName              :
ExchangeVersion               : 0.1 (8.0.535.0)
DistinguishedName             : CN=Autodiscover (SBS Web Applications),CN=HTTP
                                CN=Protocols,CN=MHCM-DC,CN=Servers,CN=Exchange
                                Administrative Group (FYDIBOHF23SPDLT),CN=Admi
                                istrative Groups,CN=MHCM,CN=Microsoft Exchange
                                CN=Services,CN=Configuration,DC=somedomain,DC=local
Identity                      : DC\Autodiscover (SBS Web Applications)
Guid                          : 16450403-5e65-4dca-9311-9f32bf61201a
ObjectCategory                : MHCM.local/Configuration/Schema/ms-Exch-Auto-D
                                scover-Virtual-Directory
ObjectClass                   : {top, msExchVirtualDirectory, msExchAutoDiscov
                                rVirtualDirectory}
WhenChanged                   : 6/21/2010 10:06:53 AM
WhenCreated                   : 6/18/2010 5:34:04 PM
OriginatingServer             : DC.somedomain.local
IsValid                       : True



[PS] C:\Windows\system32>Get-WebServicesVirtualDirectory |fl


InternalNLBBypassUrl          : https://dc.somedomain.local/ews/exchange.asmx
Name                          : EWS (SBS Web Applications)
InternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated}
ExternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated}
BasicAuthentication           : True
DigestAuthentication          : False
WindowsAuthentication         : True
MetabasePath                  : IIS://DC.somedomain.local/W3SVC/3/ROOT/EWS
Path                          : C:\Program Files\Microsoft\Exchange Server\Clie
                                ntAccess\exchweb\EWS
Server                        : DC
InternalUrl                   : https://webmail.somedomain.com/EWS/Exc
                                hange.asmx
ExternalUrl                   : https://webmail.somedomain.com/EWS/Exc
                                hange.asmx
AdminDisplayName              :
ExchangeVersion               : 0.1 (8.0.535.0)
DistinguishedName             : CN=EWS (SBS Web Applications),CN=HTTP,CN=Protoc
                                ols,CN=DC,CN=Servers,CN=Exchange Administr
                                ative Group (FYDIBOHF23SPDLT),CN=Administrative
                                 Groups,CN=MHCM,CN=Microsoft Exchange,CN=Servic
                                es,CN=Configuration,DC=DC,DC=local
Identity                      : DC\EWS (SBS Web Applications)
Guid                          : 727b961e-7c9b-4bfd-888e-556bbcd9e0ce
ObjectCategory                : somedomain.local/Configuration/Schema/ms-Exch-Web-Ser
                                vices-Virtual-Directory
ObjectClass                   : {top, msExchVirtualDirectory, msExchWebServices
                                VirtualDirectory}
WhenChanged                   : 8/16/2010 8:45:32 PM
WhenCreated                   : 6/18/2010 5:33:44 PM
OriginatingServer             : DC.somedomain.local
IsValid                       : True
0
 
LVL 1

Author Comment

by:bntech
ID: 33474949
Test-OutlookWebServices -identity user |fl


Id      : 1003
Type    : Information
Message : About to test AutoDiscover with the e-mail address user@somedomain.com.

Id      : 1013
Type    : Error
Message : When contacting https://webmail.somedomain.com/Autodiscover/
          Autodiscover.xml received the error The remote server returned an err
          or: (401) Unauthorized.

Id      : 1006
Type    : Error
Message : The Autodiscover service could not be contacted.

0
 
LVL 11

Expert Comment

by:Coast-IT
ID: 33475600
If you would have followed the first post I made it probably would have solved the problem, all of the steps above are listed in my post.

I have just had the exact same error and had to create a .com forward lookup zone and then point all autodiscovers to that.

i followed this tutorial and although a bit random, it works, trust me.

http://exchange-genie.blogspot.com/2007/07/401-error-when-attempting-test.html
0
 
LVL 1

Author Comment

by:bntech
ID: 33475858
So I changed the reg keys
DisableStrictNameChecking and DisableLoopbackcheck
I couldnt restart the server. Will do that this evening
But why would employees that previous logged onto the computer even be prompted for logon credentials in outlook.  It should just open without logon prompts-- right?
There are a few users this works as advertised, without re-entring in the credentials.

After I made the reg change -- I re-ran the Test-OutlookWebServices and recieved a little bit more information that I did before when I ran the command. I still have errors.

Looking at the output, what should I do?

[PS] C:\Windows\system32>Test-OutlookWebServices -identity user |fl


Id      : 1013
Type    : Error
Message : When contacting https://webmail.somedomain.com/Rpc received
          the error The server committed a protocol violation. Section=Response
          StatusLine

Id      : 1017
Type    : Error
Message : [EXPR]-Error when contacting the RPC/HTTP service at https://webmail.
          somedomain.com/Rpc. The elapsed time was 78 milliseconds.



Id      : 1003
Type    : Information
Message : About to test AutoDiscover with the e-mail address user@somedomain.com.

Id      : 1006
Type    : Information
Message : The Autodiscover service was contacted at https://webmail.somedomain.com/Autodiscover/Autodiscover.xml.

Id      : 1016
Type    : Success
Message : [EXCH]-Successfully contacted the AS service at https://webmail.somedomain.com/EWS/Exchange.asmx.
The elapsed time was 131 milliseconds.

Id      : 1015
Type    : Information
Message : [EXCH]-The OAB is not configured for this user.

Id      : 1014
Type    : Success
Message : [EXCH]-Successfully contacted the UM service at https://webmail.somedomain.com/UnifiedMessaging/Service.asmx. The elapsed time was 7 milliseconds.

Id      : 1016
Type    : Success
Message : [EXPR]-Successfully contacted the AS service at https://webmail.somedomain.com/EWS/Exchange.asmx. The elapsed time was 27 milliseconds.

Id      : 1015
Type    : Information
Message : [EXPR]-The OAB is not configured for this user.

Id      : 1014
Type    : Success
Message : [EXPR]-Successfully contacted the UM service at https://webmail.somedomain.com/UnifiedMessaging/Service.asmx. The elapsed time was 7 milliseconds.

Id      : 1013
Type    : Error
Message : When contacting https://webmail.somedomain.com/Rpc received
          the error The server committed a protocol violation. Section=Response
          StatusLine

Id      : 1017
Type    : Error
Message : [EXPR]-Error when contacting the RPC/HTTP service at https://webmail.
          somedomain.com/Rpc. The elapsed time was 78 milliseconds.

Id      : 1006
Type    : Success
Message : The Autodiscover service was tested successfully.

Id      : 1021
Type    : Information
Message : The following web services generated errors.
              Contacting server in EXPR
          Please use the prior output to diagnose and correct the errors.

0
 
LVL 1

Author Comment

by:bntech
ID: 33476209
I am a tad confused but just to clarify
my domain = somedomain.local
exchangeserver = dc
internal address = dc.somedomain.local
external address = webmail.somedomain.com

I changed the Internal and External UI paths to the webmail.somedomain.com
Is this right, still having issues.

See above
0
 
LVL 1

Author Comment

by:bntech
ID: 33476560
Also just a reminder that this is on a SBS 2008 server.
There is only one cert.  webmail.somedomain.com
Does this matter?
0
 
LVL 9

Expert Comment

by:v_9mhdrf
ID: 33481853
It does matter if you have a single name certificate with Exchange 2007 server. Coz.. we need SAN certificate with multiple domains in it.
The following domain names should be present in the SAN certificate:-
owa.domainname.com
autodiscover.domainname.com
remote.domainname.com (used in SBS 2008)
servername.domainname.local (the internal FQDN of your Exchange Server)
SERVERNAME (NETBIOS Name of your Server)

You must also have the corresponding autodiscover.domainname.com and owa.domainname.com A records configured in your external DNS.

Also refer this:
http://blog.tiensivu.com/aaron/archives/1228-KB-940726-Exchange-2007-The-name-of-the-security-certificate-is-invalid-or-does-not-match-the-name-of-the-site-for-intranet-users.html

Please try this, and if there is a credential pop-up issue please refert this article as well:
Kb- 927612

Hope this helps!
0
 
LVL 1

Author Comment

by:bntech
ID: 33535300
Still getting mutiple logon prompts. Not sure what to do next.

I ran get-Outlookanywhere |fl
getting warning message as follows:
WARNING: IIS://internalDC.Somedomain.local/W3SVC/1/ROOT/Rpc was not found. Please make
sure you have typed it correctly.

Keep in mind again this is SBS 2008
In IIS manager there are multiple sites as follows:
  (Default Web Site)
  (SBS Client Deployment Applications)
  (SBS Sharepoint)
  (SBS Web Applications)   <------------- This is where all the exchange stuff is (autodicover, EWS, OWA, RPC, and etc
  (Shrepoint Central Administration

Get-OutlookAnywhere |fl
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
ServerName                 : InternalDC
SSLOffloading              : False
ExternalHostname           : mail.somedomain.com
ClientAuthenticationMethod : Basic
IISAuthenticationMethods   : {Basic, Ntlm}
MetabasePath               : IIS://InternalDC.somedomain.local/W3SVC/1/ROOT/Rpc
Path                       :
Server                     : InternalDC
AdminDisplayName           :
ExchangeVersion            : 0.1 (8.0.535.0)
Name                       : Rpc (Default Web Site)
DistinguishedName          : CN=Rpc (Default Web Site),CN=HTTP,CN=Protocols,CN=
                             InternalDC,CN=Servers,CN=Exchange Administrative Grou
                             p (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Somedomain
                        ,CN=Microsoft Exchange,CN=Services,CN=Configurat
                             ion,DC=somedomain,DC=local
Identity                   : InternalDC\Rpc (Default Web Site)
Guid                       : 0d9508b7-66f8-40ba-9e54-1b85e615340c
ObjectCategory             : somedomain.local/Configuration/Schema/ms-Exch-Rpc-Http-V
                             irtual-Directory
ObjectClass                : {top, msExchVirtualDirectory, msExchRpcHttpVirtual
                             Directory}
WhenChanged                : 6/21/2010 10:06:54 AM
WhenCreated                : 6/21/2010 10:06:54 AM
OriginatingServer          : internaldc.somedomain.local
IsValid                    : True


0
 
LVL 1

Author Comment

by:bntech
ID: 33535498
going to
https://mail.somedomain.com/rpc does not yield any responce, just a blank page
however going to
https://mail.somedomain.com/owa  brings up the Office Outlook Web Access Page.
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33535799
https://mail.domain.com/rpc/rpcproxy.dll

try this from LAN also

https://mail.domain.local/rpc/rpcproxy.dll

where mail.domain.local = SBS FQDN
0
 
LVL 1

Author Comment

by:bntech
ID: 33535996
Both gives blank pages.
0
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 28

Expert Comment

by:sunnyc7
ID: 33536081
if both gives blank after login - that means rpc proxy is working ok.

Can you run this from SBS command prompt

%windir%\System32\inetsrv\appcmd.exe set config -section:windowsAuthentication /useKernelMode:false
http://blogs.technet.com/b/sbs/archive/2010/02/16/outlook-2007-credential-prompts-in-small-business-server-2008.aspx

0
 
LVL 1

Author Comment

by:bntech
ID: 33542402
I am running Exchange 2007 SP2 update 4, which should be fixed per the article,
However I ran the command, and still the same issue with continous logon prompting.

Also is the warning from get-outlookanywhere |fl anything to worry about
WARNING: IIS://internalDC.Somedomain.local/W3SVC/1/ROOT/Rpc was not found. Please make
sure you have typed it correctly.
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33542467
start > run > inetmgr
Navigate to Sites > SBS web Applications > RPC
Right Click > manage applications advanced settings

Check if it is configured like the image attached.

rpc-cert.png
0
 
LVL 1

Author Comment

by:bntech
ID: 33542991
I included two print screens, (1) for /RPC and (1) for /RPCwithCert

Looks the same
rpc.bmp
rpcwithcert.bmp
0
 
LVL 1

Author Comment

by:bntech
ID: 33543256
I ran the Exchange Remote Connectivity Analyzer twice. @ https://www.testexchangeconnectivity.com/
One for
Outlook Anywhere (RPC over HTTP)
and one for
Outlook Autodiscover

When running Outlook anywhere (rpc over http)
you can use Autodicover to detect settings -- selecting this option fails, similar to the Outlook Autodiscover test, posted further below.
When chosing Outlook anywhere (rpc over http) and Manually specifying server settings
 -- RPC proxy server:   mail.somedomain.com
 -- Exchangeserver:     internalDC
 -- msstd:mail.somedomain.com
All test pass, even certificates and etc all are good. Everything has check boxes

When testing autodiscover, get the following errors \ report

Attempting to test Autodiscover for user@somedomain.com
 Testing Autodiscover failed.
 Test Steps
 ExRCA is attempting each method of contacting the Autodiscover service.
 The Autodiscover service couldn't be contacted successfully by any method.
 Test Steps
 Attempting to test potential AutoDiscover URL https://somedomain.com/AutoDiscover/AutoDiscover.xml
 Testing of this potential Autodiscover URL failed.
 Test Steps
 Attempting to resolve the host name somedomain.com in DNS.
 Host successfully resolved
 Additional Details
 IP(s) returned: ww.xx.yy.zz
Testing TCP Port 443 on host somedomain.com to ensure it is listening and open.
 The port was opened successfully.
ExRCA is testing the SSL certificate to make sure it's valid.
 The SSL certificate failed one or more certificate validation checks.
 Test Steps
 The certificate name is being validated.
 Certificate name validation failed.
  Tell me more about this issue and how to resolve it
 Additional Details
 Host name somedomain.com does not match any name found on the server certificate



Attempting to test potential AutoDiscover URL https://autodiscover.somedomain.com/AutoDiscover/AutoDiscover.xml
 Testing of this potential Autodiscover URL failed.
 Test Steps
 Attempting to resolve the host name autodiscover.somedomain.com in DNS.
 Host successfully resolved
 Additional Details
 IP(s) returned: ww.xx.yy.zz

Testing TCP Port 443 on host autodiscover.somedomain.com to ensure it is listening and open.
 The port was opened successfully.
ExRCA is testing the SSL certificate to make sure it's valid.
 The SSL certificate failed one or more certificate validation checks.
 Test Steps
 The certificate name is being validated.
 Certificate name validation failed.
  Tell me more about this issue and how to resolve it
 Additional Details
 Host name autodiscover.somedomain.com does not match any name found on the server certificate


ExRCA is attempting to contact the Autodiscover service using the HTTP redirect method.
 The attempt to contact Autodiscover using the HTTP Redirect method failed.
 Test Steps
 Attempting to resolve the host name autodiscover.somedomain.com in DNS.
 Host successfully resolved
 Additional Details
 IP(s) returned: ww.xx.yy.zz

Testing TCP Port 80 on host autodiscover.somedomain.com to ensure it is listening and open.
 The port was opened successfully.
Checking Host autodiscover.somedomain.com for an HTTP redirect to AutoDiscover
 ExRCA failed to get an HTTP redirect response for Autodiscover.
 Additional Details
 An HTTP 403 forbidden response was received. The response appears to have come from IIS7. Body is: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>
<title>403 - Forbidden: Access is denied.</title>
<style type="text/css">
<!--
body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}
fieldset{padding:0 15px 10px 15px;}
h1{font-size:2.4em;margin:0;color:#FFF;}
h2{font-size:1.7em;margin:0;color:#CC0000;}
h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;}
#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;
background-color:#555555;}
#content{margin:0 0 0 2%;position:relative;}
.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}
-->
</style>
</head>
<body>
<div id="header"><h1>Server Error</h1></div>
<div id="content">
<div class="content-container"><fieldset>
<h2>403 - Forbidden: Access is denied.</h2>
<h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3>
</fieldset></div>
</div>
</body>
</html>




ExRCA is attempting to contact the Autodiscover service using the DNS SRV redirect method.
 Failed to contact AutoDiscover using the DNS SRV redirect method.
 Test Steps
 Attempting to locate SRV record _autodiscover._tcp.somedomain.com in DNS.
 The Autodiscover SRV record wasn't found in DNS.
  Tell me more about this issue and how to resolve it
0
 
LVL 1

Author Comment

by:bntech
ID: 33558944
Any ideas?
0
 
LVL 28

Assisted Solution

by:sunnyc7
sunnyc7 earned 250 total points
ID: 33560371
0
 
LVL 12

Expert Comment

by:GusGallows
ID: 33571130
Another thing to look at is your outlook add-ins. Under the Trust Center/Add-Ins, click the drop down at the bottom and change it to Exchange Client Extensions. Click Go. If you see an Add-In called Outlook Scan, you may want to disable it. This scan will try to scan any connections you may have in Outlook to include sharepoint lists, weblinks, etc. This will cause you to attempt to authenticate to those sites.

I am not sure this is the issue you are having, but I had the same problem and unchecking that box fixed it for me.
0
 
LVL 1

Author Comment

by:bntech
ID: 33586786
It probably has something to do with Autodiscover I am guessing
Is there a way to disable autodiscover on both client and server
How do you do it for mass machines?
Would this even work?
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33586816
Can you run this
Get-OutlookProvider | fl

Do you have an external DNS entry for autodiscover.domain.com > pointing to your public IP
Can you create it.
0
 
LVL 1

Author Comment

by:bntech
ID: 33587157
CertPrincipalName :
Server            :
TTL               : 1
AdminDisplayName  :
ExchangeVersion   : 0.1 (8.0.535.0)
Name              : EXCH
DistinguishedName : CN=EXCH,CN=Outlook,CN=AutoDiscover,CN=Client Access,CN=Domain
                    ,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=domain
                    ,DC=local
Identity          : EXCH
Guid              : 71be9ef8-4f64-409e-99ff-b2931ffef7c1
ObjectCategory    : domain.local/Configuration/Schema/ms-Exch-Auto-Discover-Confi
                    g
ObjectClass       : {top, msExchAutoDiscoverConfig}
WhenChanged       : 6/18/2010 5:25:47 PM
WhenCreated       : 6/18/2010 5:25:47 PM
OriginatingServer : internaldc.domain.local
IsValid           : True

CertPrincipalName : msstd:mail.somedomain.com
Server            :
TTL               : 1
AdminDisplayName  :
ExchangeVersion   : 0.1 (8.0.535.0)
Name              : EXPR
DistinguishedName : CN=EXPR,CN=Outlook,CN=AutoDiscover,CN=Client Access,CN=Domain
                    ,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=domain
                    ,DC=local
Identity          : EXPR
Guid              : b1edb353-de3c-495e-9f2f-0c425792f53f
ObjectCategory    : domain.local/Configuration/Schema/ms-Exch-Auto-Discover-Confi
                    g
ObjectClass       : {top, msExchAutoDiscoverConfig}
WhenChanged       : 7/14/2010 9:53:39 AM
WhenCreated       : 6/18/2010 5:25:47 PM
OriginatingServer : internaldc.domain.local
IsValid           : True

CertPrincipalName :
Server            :
TTL               : 1
AdminDisplayName  :
ExchangeVersion   : 0.1 (8.0.535.0)
Name              : WEB
DistinguishedName : CN=WEB,CN=Outlook,CN=AutoDiscover,CN=Client Access,CN=Domain
                    ,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=domain
                    ,DC=local
Identity          : WEB
Guid              : f43cc9f3-34c1-44c1-8e61-719ba278f585
ObjectCategory    : domain.local/Configuration/Schema/ms-Exch-Auto-Discover-Confi
                    g
ObjectClass       : {top, msExchAutoDiscoverConfig}
WhenChanged       : 6/18/2010 5:25:47 PM
WhenCreated       : 6/18/2010 5:25:47 PM
OriginatingServer : internaldc.domain.local
IsValid           : True

0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33588741
hi
you will have to give me sometime...I am stuck with a client issue at the moment.
thought I'll leave a quick note here.

thanks
0
 
LVL 1

Author Comment

by:bntech
ID: 33597256
along with helping me in the above ---
We have a single cert for our SBS 2008 \ Exchange 2007 server.
What steps would we need to do on the SBS server to install a UCC cert
Would this fix the continous prompting"?
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33597354
a) First
In this post you mentioned the following output for intenral and external domain name
https:#33474809

In your get-outlook
InternalUrl                   : https://webmail.somedomain.com/EWS/Exchange.asmx
ExternalUrl                   : https://webmail.somedomain.com/EWS/Exchange.asmx

Is webmail.somedomain.com - your external FQDN or internal.

Also is your internal and external dns same or different - like domain.com and domain.local ?

=======
b) try that and see if this works.
Set-OutlookProvider EXPR -Server $null -CertPrincipalName msstd:Autodiscover.externaldomain.com

c) didnt know that :) about UCC/SAN. thanks for pointing out
Yes you would need that.

go here
http://www.godaddy.com/ssl/ssl-certificates.aspx?ci=8979

You need to purchase a UCC/SAN Certificate
and add the following domains to that

autodiscover.domain.com (external autodiscover)
mail.domain.com (external FQDN - also the first MX)
mailservername.domain.local (internal FQDN of exchange server)
mailservername (exchange server name)

-
Then you can install it using this guide.
http://help.godaddy.com/topic/742/article/4877
0
 
LVL 3

Expert Comment

by:-Juddy-
ID: 33597477
We had exactly the same issue which turned out to be a DNS issue.  Check the Exchange Server logs for anything related to DNS.
0
 
LVL 1

Author Comment

by:bntech
ID: 33597557
webmail.somedomain.com is both the internal\external address.
There is a DNS zone on the internal DNS with a record for webmail.somedomain.com so all users access this the same way, internally and externally alike

You 100% sure that purchasing a UCC cert will aliviate this problem

But how do you request \ install the UCC on a SBS 2008 server. The steps are different as it has the SSL wizard.
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

We are happy to announce a brand new addition to our line of acclaimed email signature management products – CodeTwo Email Signatures for Office 365.
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now