Solved

outlook anywhere and autodiscover with ISA 2006 SP1

Posted on 2010-08-22
29
2,808 Views
Last Modified: 2013-11-30
Dear Experts :

I have the following servers ( 2008 r2 + exchange 2010 ) in my design (2 servers MBX,hub + 2 CAS + 1 edge + 1 ISA Server -DMZ + 1 External DNS ) and need to know the concept and the "HOW TO" for the relation between outlook anywhere and autodiscover in a simple way.

i read that autodiscover can works in one of 4 ways , i use SCP internally and try to use DNS externally , IS THIS DOABLE - i mean to use both ?  but i get failed when i test the connection from www.testexchangeconnectivity.com , the error shown : Autodiscover settings weren't obtained when the Autodiscover POST request was sent , An HTTP 403 error was received because ISA Server denied the specified URL .

I have been successfully able to publish OWA through ISA 2006 and i use the same listener used for the OWA to use for outlook anywhere .

do i have to publish them both autodiscover , and outlook anywhere , each need a separate rule ?
i read something about redirection bit i don't know in my case if it Worthy or not ?
thanks in advance
0
Comment
Question by:Exchisa
  • 14
  • 13
  • +1
29 Comments
 
LVL 8

Expert Comment

by:SGrossmann
ID: 33494527
This is a very detailed blog post for publishing Exchange 2010 with ISA 2006 SP1.

You need to ignore the migration parts that are included.

http://msexchangeteam.com/archive/2009/12/17/453625.aspx
0
 

Author Comment

by:Exchisa
ID: 33494840
dear SGrossmann .

i already saw this article before , it's all about the migration .

do i need to publish autodiscover and outlook anywhere both on the same RULE ? or need

a rule for each one ?

thanks
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33496882
Let me make an attempt here:

i read that autodiscover can works in one of 4 ways , i use SCP internally and try to use DNS externally , IS THIS DOABLE - i mean to use both ?  
>> In your case you are using a CAS array (2 x CAS servers)
Autodiscover entries have to point to the CAS array - not to the cas server.

Typically you'd create a DNS Entry to cas.yourdomain.local in your DNS and point that to the cas array and then publish your autodiscover internal URL on that

get-autodiscovervirtualdirectory | fl

get-autodiscovervirtualdirectory | Set-autodiscovervirtualdirectory -internalurl "https://cas.domain.local/......"



but i get failed when i test the connection from www.testexchangeconnectivity.com , the error shown : Autodiscover settings weren't obtained when the Autodiscover POST request was sent , An HTTP 403 error was received because ISA Server denied the specified URL .
>> ExRCA tests for External Autodiscover which is configured as follows

SRV records in web DNS
autodiscover.domain.com > pointing to your IP

get-autodiscovervirtualdirectory | fl

See if your external URL is published or blank. It has to point to
https://autodiscover.domain.com/.........

To test your autodiscover

get-outlookprovider | fl
get-clientaccessserver | fl

0
 

Author Comment

by:Exchisa
ID: 33499229
Hello sunnyc7:
Thanks for the reply , i decide to choose the SRV record for the autodiscover service .
i crerate the rule in the firewall pointing to autodiscover.mydomain.com , I use the same
listener as OWA USE ,I create the SRV in DNS (autodiscover.mydomain.com and
mapped it to my REAL IP) , I RAN Set- AutodiscoverVirtualDirectory  -ExternalUrl  
"https://autodiscover.mydomain.com/autodiscover/autodiscover.xml " -InternalUrl  

"https://autodiscover.mydomain.com/autodiscover/autodiscover.xml " , then I enable
OutlookAnywhere and set the External Host Name there to be like autodiscover.mydomain.com

with basic auth and configure the auth delegation in ISA also AS WELL .
TILL NOW I GET NEW PROBLEM (  MY INTERNAL USERS ARE PROMPTED NOW TO ENTER THIER USERNAME AND PASSWORD FOR THE AUTODISCOVER VIR DIR - WINDOW )  , what is the right auth method that should be done for the Autodiscover VIR DIR regarding my internal users , i dont know , i guess instead of having this window for external users or non domain joined PC I have this for my internal users - domain joined  !!!!!
Note : the window stopped keep prompted only when i disable the rule on the firewall !!!!!
NOW the important thing when try to make the test (outlook anywhere or autodiscover)
through www.testexchangeconnectivity.com
I get below error on the SRV PART :
ExRCA is attempting to send an Autodiscover POST request to potential Autodiscover URLs.   Autodiscover settings weren't obtained when the Autodiscover POST request was sent.   Test Steps   Attempting to Retrieve XML AutoDiscover Response from url https://autodiscover.mydomain.com/Autodiscover/Autodiscover.xml for user xyz@mydomain.com   Failed to obtain AutoDiscover XML response.   Additional Details   An HTTP 500 response was returned from ISA .
Any Help Would be Appreciated .
Thanks in Advance.
0
 
LVL 1

Expert Comment

by:syvaki-2
ID: 33499448
Hello!

This working (at least for me..) configuration is for simple deployment, 1 TMG 2010 (ISA Server), 1 CAS, 1 MBX - Exchange 2010 Servers. Hope it will give some answers and not questions :)

- first copy SAN Cert from Exchange 2010 CAS - server to TMG 2010 (autodiscover.customer.com,owa.customer.com,internal CASname etc covered)
           

From Exchange CAS server:

         1. Click Start –> Run –> Type MMC
         2. Click File –> add remove Snap-in –> Certificates –> ADD –> Computer account-> Next –> finish-> ok
         3. Click Personal –> certificates
         4. Right Click on 3rd party certificate and click all tasks –> export
         5. Click Next –> Yes, Export Private Key –> Base-64 –> next –> Browse for file location.
         6. Next-> finish
         7. Copy certificate file to the TMG server
         8. Click Start –> Run –> Type MMC
         9. Click File –> add remove Snap-in –> Certificates –> ADD –> Computer account-> Next –> finish-> ok
        10. Click Personal –> Right Click certificates –> all task –> import –> next –> select file –> next –> next finish

- you need 2 Listeners (2 External DMZ IP,1 internal IP (TMG is Ad-Member)) with ISA/TMG, autodiscover and OWA, because they use different authentications, OWA Forms-Based,Autodiscover uses http-authentication

- owa.customer.com => https://owa.customer.com/owa redirect TMG-rule (easier to remember url):

  Allow traffic from anywhere To nothingmatters, Action Deny: Redirect to https://owa.customer.com/owa, Internal Path / not /*,
  authentication Delegation,No Delegation and client cannot authenticate directly

- register autodiscover.customer.com with Public DNS IP (TMG 2010 Autodiscover listener IP) x.x.x.x

- register owa.customer.com with Public DNS IP (TMG/ 2010 OWA Listener) y.y.y.y

- TMG/ISA OWA Listener properties: Networks External,Connections Enable httt+https,Do not Redirect

- remember to configure specific IP:s for Listener/Rule (OWa listener Listen on x.x.x.x,Autodiscover y.y.y.y, not Z.Z.Z.Z (all IP)

- TMG/ISA Outlook Anywhere Listener Rule & Properties:

  Action Allow,From Any,To CustomerCAS FQDN,https,Listener Autodiscover

  External Autodiscover Listener Props: External Autodiscover,IP;SSL,San Cert,http Authentication Basic (NOT FORMS Based!),  Requests for: autodiscover.customer.com,Paths Default,All authenticated

- OWA Basic Publishing with OWA Listener (same SAN certificate for OWA&Autodiscover will do)

- Powershell commands (CustomerCAS):

  Configure Exchange 2010 for basic authentication (Outlook Anywhere)
  Run the following on the CAS server that will be published

                * Set-OwaVirtualDirectory -identity customerCAS\* -BasicAuthentication $true -WindowsAuthentication $true -FormsAuthentication $false
                * set-WebServicesVirtualDirectory -identity customerCAS\* -WindowsAuthentication $true -BasicAuthentication $true
                * set-EcpVirtualdirectory -identity customerCAS\* -BasicAuthentication $true -WindowsAuthentication $true -FormsAuthentication $false
                * set-OabVirtualDirectory -identity customerCAS\* -WindowsAuthentication $true -BasicAuthentication $true
                * set-ActiveSyncVirtualDirectory -id <CasServer>\* -BasicAuthentication $true

- Exchange 2010 Urls with default settings (internal / External), I didn't configure autodiscover external settings with Powershell,they're empty and everything works OK.
- now ActiveSync,OWA,Outlook Anywhere works fine (Outlook Anywhere URL in Exchange 2010 Console is autodiscover.customer.com) and no SSL-warnings
- Outlook 2010/Windows 7 works by default, with XP&Outlook 2007 i configured proxy settings:

  Alternate Fix - Disable MSSTD checkbox in Outlook Anywhere (although not recommended) in Powershell
  Set-OutlookProvider EXPR -Server $null -CertPrincipalName none

Comments welcome.
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33499490
Set- AutodiscoverVirtualDirectory  -ExternalUrl  
"https://autodiscover.mydomain.com/autodiscover/autodiscover.xml " -InternalUrl  
"https://autodiscover.mydomain.com/autodiscover/autodiscover.xml " , then I enable

>> Wrong commadlet.
This would set your INTERNAL autodiscover URL > to Look externally for autodiscover.

Can you copy paste the output of this

get-autodiscovervirtualdirectory | fl
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33499576
get-autodiscovervirtualdirectory  | Set-AutodiscoverVirtualDirectory -InternalUrl "https://cas.domain.local/Autodiscover/Autodiscover.xml" -WindowsAuthentication $True

Where cas.domain.local is the FQDN of your cas array on your DNS > which points to the HLB or NLB of CAS

Not the servers itself.
0
 

Author Comment

by:Exchisa
ID: 33500683
Dear Sunnyc7 :

I already configure the FQDN of MY CAS ARRAY to be included in all Internal Vir Dir URLs (OWA,ECP,EWS,Autodiscover ) , this also one of the SAN names included in the certificate , i dont have problem there , but why you want the auth method for the Autodiscover internal URL to be windows auth ?

this is the output of get-autodiscovervirtualdirectory | FL :


RunspaceId                    : c2521df0-c932-4221-a321-b4b86b12d620
Name                          : Autodiscover (Default Web Site)
InternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated, WSSecurity}
ExternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated, WSSecurity}
LiveIdSpNegoAuthentication    : False
WSSecurityAuthentication      : True
LiveIdBasicAuthentication     : False
BasicAuthentication           : True
DigestAuthentication          : False
WindowsAuthentication         : True
MetabasePath                  : IIS://CAS1.mydomain.com/W3SVC/1/ROOT/Autodiscover
Path                          : C:\Program Files\Microsoft\Exchange Server\V14\ClientAccess\Autodiscover
Server                        : CAS1
InternalUrl                   : https://autodiscover.mydomain.com/autodiscover/autodiscover.xml
ExternalUrl                   : https://autodiscover.mydomain.com/autodiscover/autodiscover.xml
AdminDisplayName              :
ExchangeVersion               : 0.10 (14.0.100.0)
DistinguishedName             : CN=Autodiscover (Default Web Site),CN=HTTP,CN=Protocols,CN=CAS1,CN=Servers,CN=Exchang
                                Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=mydomainEMAIL,CN=Microso
                                 Exchange,CN=Services,CN=Configuration,DC=mydomain,DC=com
Identity                      : CAS1\Autodiscover (Default Web Site)
Guid                          : 1b3af059-f2a5-4d33-a8fd-50e6050c43ec
ObjectCategory                : mydomain.com/Configuration/Schema/ms-Exch-Auto-Discover-Virtual-Directory
ObjectClass                   : {top, msExchVirtualDirectory, msExchAutoDiscoverVirtualDirectory}
WhenChanged                   : 8/23/2010 12:04:44 PM
WhenCreated                   : 4/11/2010 11:13:50 PM
WhenChangedUTC                : 8/23/2010 9:04:44 AM
WhenCreatedUTC                : 4/11/2010 8:13:50 PM
OrganizationId                :
OriginatingServer             : dc1.mydomain.com
IsValid                       : True

RunspaceId                    : c2521df0-c932-4221-a321-b4b86b12d620
Name                          : Autodiscover (Default Web Site)
InternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated, WSSecurity}
ExternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated, WSSecurity}
LiveIdSpNegoAuthentication    : False
WSSecurityAuthentication      : True
LiveIdBasicAuthentication     : False
BasicAuthentication           : True
DigestAuthentication          : False
WindowsAuthentication         : True
MetabasePath                  : IIS://CAS1.mydomain.com/W3SVC/1/ROOT/Autodiscover
Path                          : C:\Program Files\Microsoft\Exchange Server\V14\ClientAccess\Autodiscover
Server                        : CAS1
InternalUrl                   : https://autodiscover.mydomain.com/autodiscover/autodiscover.xml
ExternalUrl                   : https://autodiscover.mydomain.com/autodiscover/autodiscover.xml
AdminDisplayName              :
ExchangeVersion               : 0.10 (14.0.100.0)
DistinguishedName             : CN=Autodiscover (Default Web Site),CN=HTTP,CN=Protocols,CN=CAS1,CN=Servers,CN=Exchang
                                Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=mydomainEMAIL,CN=Microso
                                 Exchange,CN=Services,CN=Configuration,DC=mydomain,DC=com
Identity                      : CAS1\Autodiscover (Default Web Site)
Guid                          : 1b3af059-f2a5-4d33-a8fd-50e6050c43ec
ObjectCategory                : mydomain.com/Configuration/Schema/ms-Exch-Auto-Discover-Virtual-Directory
ObjectClass                   : {top, msExchVirtualDirectory, msExchAutoDiscoverVirtualDirectory}
WhenChanged                   : 8/23/2010 12:04:44 PM
WhenCreated                   : 4/11/2010 11:13:50 PM
WhenChangedUTC                : 8/23/2010 9:04:44 AM
WhenCreatedUTC                : 4/11/2010 8:13:50 PM
OrganizationId                :
OriginatingServer             : dc1.mydomain.com
IsValid                       : True

thanks in advance
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33501174
hi
You can ignore the windows auth part.

a) I am concerned with just this one.
InternalUrl                   : https://autodiscover.mydomain.com/autodiscover/autodiscover.xml

is autodiscover.mydomain.com > points to cas array of your HLB / NLB ?
Looks like it points to one of the CAS servers ?

Please let me know.
a) DNS entry for CAS array which points to your HLB/NLB

lets say it is - cas.domain.local

then you should run this to set your internal autodiscover
get-autodiscovervirtualdirectory  | Set-AutodiscoverVirtualDirectory -InternalUrl "https://cas.domain.local/Autodiscover/Autodiscover.xml" -

b) run this too
get-exchangecertificate  | fl
See if it is issued to the CAS name as well as the CAS server names

Post back your queries.
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33502171
Hows it going ?
0
 

Author Comment

by:Exchisa
ID: 33504602
Hi Again Sunnyc7 :

my FQDN array name is mail.mydomain.com (2 IP's refer to the same FQDN CAS ARRAY name in the DNS - ROUND ROBIN ENABLED )AND i use SCP for my internal Users : it's https://autodiscover.mydomain.com/autodiscover/autodiscover.xml , MY CERT include both names , autodiscover.mydomain.com , mail.mydomain.com , i dont get any warning errors regard MY CERT , AM SURE THIS IS THE RIGHT SETTING .

regard your first point :
autodiscover.mydomain.com  A record points for one of my cas IPs , cas1 IP !!!!!!!!!!

regard your second point :
no only point to the fqdn array name and to the autodiscover and to mydomain.com .

NOW : I WANT TO ENABLE OUTLOOK ANYWHERE FOR MY EXTERNAL USERS , I DONT WANT TO CREATE A SEPERATE  AUTODISCOVER VIR DIRETCTORY SITE , INSTEAD I USE THE DEFAULT SITE , MY OUTLOOK ANYWHERE EXTERNAL HOST CONFIURED IN CAS SERVERS  IS AUTODISCOVER.MYDOMAIN.COM ,  I TRIED TO USE SRV RECORD IN MY EXTERNAL DNS BUT I RECIEVED THE ERROR ABOVE , I TRIED ALSO TO USE A RECORD IN MY EXTERNAL DNS WITH THE SAME ERROR .

am trying first to get outlook anywhere works for non joined domain PC .

I appreciate your kind help with me , thanks a lot .

0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33504649
regard your first point :
autodiscover.mydomain.com  A record points for one of my cas IPs , cas1 IP !!!!!!!!!!
>> It should point to autodiscover.mydomain.com > FQDN of your CAS array

I WANT TO ENABLE OUTLOOK ANYWHERE FOR MY EXTERNAL USERS , I DONT WANT TO CREATE A SEPERATE  AUTODISCOVER VIR DIRETCTORY SITE , INSTEAD I USE THE DEFAULT SITE , MY OUTLOOK ANYWHERE EXTERNAL HOST CONFIURED IN CAS SERVERS  IS AUTODISCOVER.MYDOMAIN.COM ,  I TRIED TO USE SRV RECORD IN MY EXTERNAL DNS BUT I RECIEVED THE ERROR ABOVE , I TRIED ALSO TO USE A RECORD IN MY EXTERNAL DNS WITH THE SAME ERROR .

>>
get-autodiscovervirtualdirectory  | Set-AutodiscoverVirtualDirectory -ExternalUrl "https://mail.externaldomain.com/Autodiscover/Autodiscover.xml" -

where mail.externaldomain.com is FQDN of your mail server

make sure you can browse to this - using IE
Go to
"https://mail.externaldomain.com/Autodiscover/Autodiscover.xml"
That should give you a auth box and then display the XML

thanks
0
 

Author Comment

by:Exchisa
ID: 33506555
sunnyc7 :

Regards the first point : you need me to create A record on my internal DNS for the autodiscover.mydomain.com, but which IP should I map for (the Array ) ????

second point : you need me to make the external URL the name of FQDN array , should i also make this for outlook anywhere external host in the CASs ??

wait you .
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33506807
autodiscover.mydomain.com == internal FQDN
IP should point to IP of Cas Array / Hardware Load Balancer / NLB

0
How does your email signature look on mobiles?

Do your employees use mobile devices to reply to emails? With mobile becoming increasingly important to the business world, it is in your best interest to make sure that your email signature looks great across all types of devices.

 

Author Comment

by:Exchisa
ID: 33508983
Hi sunnyc7 :

Sorry i don't understand you .

my fqdn array name has 2 IPs on my dns .

Now autodiscover.mydomain.com should point to IP (i don't use NLB or HLB) .

i dont know the IP i should map for .

thanks


0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33509692
0
 

Author Comment

by:Exchisa
ID: 33510127
Sunnyc7 :

As i told you , i don't use NLB or HLB , I use DNS round robin instead .
which mean the myfqdnarrayname.mydomain.com has 2 IP's (CAS1, CAS2)
NOW you want me to create an A record for the autodiscover.mydomain.com , but which IP
should i map for ???
when i create the CAS Array i dont remember i supply an IP .!!!
wait you

0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33510159
Lets give this a shot

Publish this in DNS

cas.domain.local --> 192.168.1.10 (CAS1 IP)
cas.domain.local --> 192.168.1.20 (CAS2 IP)

Restart DNS

Then set autodiscover

get-autodiscovervirtualdirectory  | Set-AutodiscoverVirtualDirectory -InternalUrl "https://cas.domain.local/Autodiscover/Autodiscover.xml" -
0
 

Author Comment

by:Exchisa
ID: 33510707
yes sunnyc7,  this what actually was before , and still like this , do i have to create an A record for the autodiscover in the internal DNS NOW ?

i use https://autodiscover.mydomain.com/autodiscover/autodiscover/autodiscover.xml for the internalURL and "https://cas.domain.local/Autodiscover/Autodiscover.xml" for the externalURL  .

why you want the internal url to be like this , if you click test email autoconfiguration  it will look for the XML file in this format :
https://autodiscover.mydomain.com/autodiscover/autodiscover/autodiscover.xml .?????

wait a reply
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33511281
Cas.domain.local cannot be for external URL

Please configure DNS as above where cas.domain.local resolves to both CAS servers (since you have a round robin)

external URL is for resolving external requests for RPC/HTTPs

it should go to your FQDN

like

https://mail.microsoft.com/autodiscover/autodiscover.xml
0
 

Author Comment

by:Exchisa
ID: 33514096
HI sunnyc7
this take time more than expected :)
now myFQDNarrayname = cas.mydomain.com which point point to the CAS servers IPs - 2 recordsv.
i make my InternalURL to match the above .
for my externalURL you need me also to have this , then we go back to the first point where the internal and external URL are the same = myFQDNarrayname .
in my cert i have only these 2 names , autodiscover.mydomain , cas.mydomain .

i note these parameters when i ran the below 2 commands:

i run get-cleintaccessserver | FL :

AutoDiscoverServiceInternalUri       : https://autodiscover.mydomain.com/autodiscover/autodiscover.xml

i run get-autodiscovervirtualdirectory | FL

InternalUrl                   : https://autodiscover.mydomain.com/autodiscover/autodiscover.xml
ExternalUrl                   : https://cas.mydomain.com/autodiscover/autodiscover.xml

what is the diffrence between them , specially for the internalURLs ?

may this resolve the conflict .

wait you sunnyc7 .bye

0
 

Author Comment

by:Exchisa
ID: 33514258
sorry for the second command :
the internalURL is : https://cas.mydomain.com/auto................etc .
regards
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33515306
i run get-cleintaccessserver | FL :
AutoDiscoverServiceInternalUri       : https://autodiscover.mydomain.com/autodiscover/autodiscover.xml

i run get-autodiscovervirtualdirectory | FL
InternalUrl                   : https://autodiscover.mydomain.com/autodiscover/autodiscover.xml
ExternalUrl                   : https://cas.mydomain.com/autodiscover/autodiscover.xml

what is the diffrence between them , specially for the internalURLs ?

>> Internal URL's configure autodiscover for Outlook clients.
get-clientaccessserver > configures the internal SCP - Service connection points for outlook to connect to.

External URL configures external autodiscover using RPC/HTTPS
You can test it here
https://www.testexchangeconnectivity.com/

Test for outlook autodiscover

Let me know if you have any more questions.

did you test your installation by connecting outlook 2007/2010 and let autodiscover work its magic ?
0
 

Author Comment

by:Exchisa
ID: 33518513
I don't mean like this ,

I mean the difference between AutoDiscoverServiceInternalUri (get-clientaccessserver)  and InternalUrl (get-autodiscovervirtualdirectory) ?

and just to finalize everything , what external URL should I provide for the external users ?
sure not cas.mydomain.com ?
thanks in advance


0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33519779
You need both - otherwise it wont work.

external URL has to be the FQDN of your domain

On your external DNS (like godaddy, network solutions), if you have a DNS setup for
autodiscover.domain.com > use that

otherwise use > mail.domain.com
0
 

Author Comment

by:Exchisa
ID: 33530700
Dear Sunnyc7 :

Sorry for being late my friend .

I have 2 points here :

First ; i don't remember exactly what is the outlook anywhere FQDN  name i provided  when i ran the exchange certificate wizard  , does our problem related if i filled this different than what i use for .

Second : I just want to let you know that i can't even able to browse the autodiscover  XML file , either Internally nor externally , i tried to use the SCP link (autodiscover.mydomain.com/autod.......etc)
i use the internal, external link configured on the get-autodiscovervirtualdirectory
but with the same thing like below :

<script><!--function f(e){if (e.className=="ci"){if (e.children(0).innerText.indexOf("\n")>0) fix(e,"cb");}if (e.className=="di"){if (e.children(0).innerText.indexOf("\n")>0) fix(e,"db");}e.id="";}function fix(e,cl){e.className=cl;e.style.display="block";j=e.parentElement.children(0);j.className="c";k=j.children(0);k.style.visibility="visible";k.href="#";}function ch(e){mark=e.children(0).children(0);if (mark.innerText=="+"){mark.innerText="-";for (var i=1;i</script> <?xml version="1.0" encoding="utf-8" ?> - <Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">- <Response>- <Error Time="15:15:19.3732329" Id="3807360382">  <ErrorCode>600</ErrorCode>   <Message>Invalid Request</Message>   <DebugData />   </Error>  </Response>  </Autodiscover>

Thanks in advance
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33536860
Will post back @ been running around.
0
 

Accepted Solution

by:
Exchisa earned 0 total points
ID: 33555010
Hi Sunny7C .

New News :) , RPC over HTTP is now working from outside , using cas.mydomain.com , i guess it was ISA rules order , i did two points :

first : i have separate the autodiscover rule from the RPC rule ,then I removed the autodiscover path from the RPC rule  and added this to the autdiscover rule
second :  OWA rule should be higher than RPC rule !! I don't know why .

Now autodiscover is still did not work from outside , i have to configure the profile manually .
each time i receive the error below :

A network error occurred while communicating with remote host
Exception details:
Message: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond xxxxxxx:80
Type: System.Net.Sockets.SocketException
Stack trace:
at System.Net.Sockets.TcpClient.Connect(String hostname, Int32 port)
at Microsoft.Exchange.Tools.ExRca.Tests.TcpPortTest.PerformTestReally()

Waits you




 
0
 

Author Closing Comment

by:Exchisa
ID: 34509878
i just change the rules order
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
Not sure what the best email signature size is? Are you worried about email signature image size? Follow this best practice guide.
In this video we show how to create a Distribution Group in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >>…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now