Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Exchange 2010 AutoDiscover pointing to Client Access Server instead of F5 load balancer for some clients.

Posted on 2010-09-07
15
2,673 Views
Last Modified: 2012-08-14
We use an F5 load balancing device in our Exchange environment. It is assigned the DNS name "Outlook". The F5 load balances between two CAS Exchange servers, "ServerA" and "ServerB". We also use the Exchange AutoDiscover service and have it direct the clients to the F5 device "Outlook" for load balancing.

For most clients AutoDiscover works great and points the users to the F5 device "Outlook". On some clients the autodiscover points to client directly to the CAS "ServerA" instead of "Outlook".

The same user can log onto a different workstation and the autodiscover will correctly point to "Outlook". All clients use outlook 2007 or Outlook 2010.

We need ideas on what is causing some clients to get "autodiscovered" directly to the Exchange Server instead of the F5.
0
Comment
Question by:JasonLattin
  • 9
  • 6
15 Comments
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33620750
get-clientAccessServer | fl
get-autodiscovervirtualdirectory | fl

Please output both.

Asssumption:
a) Hardware Load Balancer (HLB)
Dns entry created for email.domain.local > pointing to HLB

b) UCC/SAN cert with the CAS server name in the certificate
email.domain.local (HLB)
cas1.domain.local
cas2.domain.local
email.domain.com (external)
autodiscover.domain.com (external)

to do:
Configure autodiscover SCP's and internal URL to pick it up from email.domain.local ?

Please confirm

thanks
0
 

Author Comment

by:JasonLattin
ID: 33620813
RunspaceId                           : 8653071c-2c1f-41a5-b565-0dd4945fd70a
Name                                 : ServerB
Fqdn                                 : ServerB.mycompany.com
OutlookAnywhereEnabled               : True
AutoDiscoverServiceCN                : ServerB
AutoDiscoverServiceClassName         : ms-Exchange-AutoDiscover-Service
AutoDiscoverServiceInternalUri       : https://ServerB.mycompany.com/Autodiscover/Autodiscover.xml
AutoDiscoverServiceGuid              : 77378f46-2c66-4aa9-a6a6-3e7a48b19596
AutoDiscoverSiteScope                : {DFW}
AlternateServiceAccountConfiguration :
IsValid                              : True
ExchangeVersion                      : 0.1 (8.0.535.0)
DistinguishedName                    : CN=ServerB,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=
                                       Administrative Groups,CN=mycompany,CN=Microsoft Exchange,CN=Services,CN=Configur
                                       ation,DC=mycompany,DC=com
Identity                             : ServerB
Guid                                 : 86065845-3432-4607-8384-d3ad06b5d793
ObjectCategory                       : mycompany.com/Configuration/Schema/ms-Exch-Exchange-Server
ObjectClass                          : {top, server, msExchExchangeServer}
WhenChanged                          : 8/24/2010 11:28:10 AM
WhenCreated                          : 4/24/2010 7:03:25 PM
WhenChangedUTC                       : 8/24/2010 3:28:10 PM
WhenCreatedUTC                       : 4/24/2010 11:03:25 PM
OrganizationId                       :
OriginatingServer                    : CLL-ENTDC03VW.mycompany.com

RunspaceId                           : 8653071c-2c1f-41a5-b565-0dd4945fd70a
Name                                 : ServerA
Fqdn                                 : ServerA.mycompany.com
OutlookAnywhereEnabled               : True
AutoDiscoverServiceCN                : ServerA
AutoDiscoverServiceClassName         : ms-Exchange-AutoDiscover-Service
AutoDiscoverServiceInternalUri       : https://ServerA.mycompany.com/Autodiscover/Autodiscover.xml
AutoDiscoverServiceGuid              : 77378f46-2c66-4aa9-a6a6-3e7a48b19596
AutoDiscoverSiteScope                : {DFW}
AlternateServiceAccountConfiguration :
IsValid                              : True
ExchangeVersion                      : 0.1 (8.0.535.0)
DistinguishedName                    : CN=ServerA,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=
                                       Administrative Groups,CN=mycompany,CN=Microsoft Exchange,CN=Services,CN=Configur
                                       ation,DC=mycompany,DC=com
Identity                             : ServerA
Guid                                 : 8985a78c-4752-4c94-83b0-f9d4c7f38ef9
ObjectCategory                       : mycompany.com/Configuration/Schema/ms-Exch-Exchange-Server
ObjectClass                          : {top, server, msExchExchangeServer}
WhenChanged                          : 6/7/2010 10:23:16 AM
WhenCreated                          : 4/25/2010 3:06:47 PM
WhenChangedUTC                       : 6/7/2010 2:23:16 PM
WhenCreatedUTC                       : 4/25/2010 7:06:47 PM
OrganizationId                       :
OriginatingServer                    : CLL-ENTDC03VW.mycompany.com
0
 

Author Comment

by:JasonLattin
ID: 33620850
get-autodiscovervirtualdirectory | fl
----------------------------------------------------

RunspaceId                    : 8653071c-2c1f-41a5-b565-0dd4945fd70a
Name                          : Autodiscover (Default Web Site)
InternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated, WSSecurity}
ExternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated, WSSecurity}
LiveIdSpNegoAuthentication    : False
WSSecurityAuthentication      : True
LiveIdBasicAuthentication     : False
BasicAuthentication           : True
DigestAuthentication          : False
WindowsAuthentication         : True
MetabasePath                  : IIS://ServerB.mycompany.com/W3SVC/1/ROOT/Autodiscover
Path                          : C:\Program Files\Microsoft\Exchange Server\V14\ClientAccess\Autodiscover
Server                        : ServerB
InternalUrl                   : https://ServerB/autodiscover/autodiscover.xml
ExternalUrl                   : https://webmail.mycompany.com/autodiscover/autodiscover.xml
AdminDisplayName              :
ExchangeVersion               : 0.10 (14.0.100.0)
DistinguishedName             : CN=Autodiscover (Default Web Site),CN=HTTP,CN=Protocols,CN=ServerB,CN=Servers,CN=Ex
                                change Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=mycompany,CN=
                                Microsoft Exchange,CN=Services,CN=Configuration,DC=mycompany,DC=com
Identity                      : ServerB\Autodiscover (Default Web Site)
Guid                          : 6ce2b027-47a4-4011-9d6a-f5dfa0f61482
ObjectCategory                : mycompany.com/Configuration/Schema/ms-Exch-Auto-Discover-Virtual-Directory
ObjectClass                   : {top, msExchVirtualDirectory, msExchAutoDiscoverVirtualDirectory}
WhenChanged                   : 6/30/2010 6:20:33 PM
WhenCreated                   : 4/24/2010 7:08:04 PM
WhenChangedUTC                : 6/30/2010 10:20:33 PM
WhenCreatedUTC                : 4/24/2010 11:08:04 PM
OrganizationId                :
OriginatingServer             : CLL-ENTDC03VW.mycompany.com
IsValid                       : True

RunspaceId                    : 8653071c-2c1f-41a5-b565-0dd4945fd70a
Name                          : Autodiscover (Default Web Site)
InternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated, WSSecurity}
ExternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated, WSSecurity}
LiveIdSpNegoAuthentication    : False
WSSecurityAuthentication      : True
LiveIdBasicAuthentication     : False
BasicAuthentication           : True
DigestAuthentication          : False
WindowsAuthentication         : True
MetabasePath                  : IIS://ServerA.mycompany.com/W3SVC/1/ROOT/Autodiscover
Path                          : C:\Program Files\Microsoft\Exchange Server\V14\ClientAccess\Autodiscover
Server                        : ServerA
InternalUrl                   : https://ServerA/autodiscover/autodiscover.xml
ExternalUrl                   : https://webmail.mycompany.com/autodiscover/autodiscover.xml
AdminDisplayName              :
ExchangeVersion               : 0.10 (14.0.100.0)
DistinguishedName             : CN=Autodiscover (Default Web Site),CN=HTTP,CN=Protocols,CN=ServerA,CN=Servers,CN=Ex
                                change Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=mycompany,CN=
                                Microsoft Exchange,CN=Services,CN=Configuration,DC=mycompany,DC=com
Identity                      : ServerA\Autodiscover (Default Web Site)
Guid                          : 5dddbc1f-c61a-4b5f-aee2-ec385923750e
ObjectCategory                : mycompany.com/Configuration/Schema/ms-Exch-Auto-Discover-Virtual-Directory
ObjectClass                   : {top, msExchVirtualDirectory, msExchAutoDiscoverVirtualDirectory}
WhenChanged                   : 6/30/2010 6:16:23 PM
WhenCreated                   : 4/25/2010 3:11:13 PM
WhenChangedUTC                : 6/30/2010 10:16:23 PM
WhenCreatedUTC                : 4/25/2010 7:11:13 PM
OrganizationId                :
OriginatingServer             : CLL-ENTDC03VW.mycompany.com
IsValid                       : True
0
Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

 

Author Comment

by:JasonLattin
ID: 33620860
SunnyC7,
0
 

Author Comment

by:JasonLattin
ID: 33620863
SunnyC7,
0
 

Author Comment

by:JasonLattin
ID: 33620875
sunnyC7.. the DNs entries you mentioned are made and I believe thatthe certificate is set up correctly, but can verify that if you can give me steps on how to do it. I didn't set up that part of the install. Since the autodiscover does work for a large number of clients I'm thinking thatthe certs are good to go.
0
 
LVL 28

Accepted Solution

by:
sunnyc7 earned 500 total points
ID: 33620876
a) Assuming the DNS entry for HLB is -

*email.domain.local*

you need to run this on both - SERVER A and SERVER B
--

Get-AutodiscoverVirtualDirectory | set-AutodiscoverVirtualDirectory -InternalUrl:"https://email.domain.local/Autodiscover/Autodiscover.xml"

Get-ClientAccessServer | Set-ClientAccessServer -AutoDiscoverServiceInternalUri:"https://email.domain.local/Autodiscover/Autodiscover.xml"

--
Assuming you took care of the certificate part above, that should work.

You can restart both CAS servers after making these changes.
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33620899
if you have UCC/SAN Cert's installed

get-exchangecertificate | fl

check the cert where IsSelfSigned is > NOT TRUE
that's your UCC/SAN
Check the domains listed in there and compare it with my first post.

The above Get/Set should work.

Post back questions.

thanks
0
 

Author Comment

by:JasonLattin
ID: 33620981
Sunnyc7,

I appreciate your quick response.
Did you see something specifc in our logs that leads you to believe that this hasn't already been done? I believe those steps have been done. I am open to the idea if you saw something specific that wasn't correct but if you are just recommending those steps "in case" they haven't been done then I'm hesitant to take down the environment without specific cause. We're have small offices overseas and there is no maintenance window that won't bring small numbers of users down so I want to be sure.

What did you see that tells you the commands haven't already been done?
0
 

Author Comment

by:JasonLattin
ID: 33620995
Sunnc7,
Also, as an addition to my earlier email, if those steps weren't done then why would it work correctly with the same user on a different workstation? I'm sure you can understand my hesitance to reboot our servers without a very specific remedy.

0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33621028
Good question and the answer is yes

Present Config:
AutoDiscoverServiceInternalUri       : https://ServerA.mycompany.com/Autodiscover/Autodiscover.xml
AutoDiscoverServiceInternalUri       : https://ServerB.mycompany.com/Autodiscover/Autodiscover.xml

InternalUrl                   : https://ServerB/autodiscover/autodiscover.xml
InternalUrl                   : https://ServerA/autodiscover/autodiscover.xml

--
What this means is your autodiscoverinternalURI's were never configured. They point to the servers itself - which *may* have worked if the servers were stand alone and not part of the CAS.

if you have CAS1 / CAS2 - they have to have their SCP's configured with the load balancer not themselves.

See the 4-part guide here
http://www.msexchange.org/articles_tutorials/exchange-server-2010/high-availability-recovery/load-balancing-exchange-2010-client-access-servers-using-hardware-load-balancer-solution-part1.html
0
 

Author Comment

by:JasonLattin
ID: 33621034
AccessRules        :
CertificateDomains : {bade9413-f056-df11-8970-00155d013c86}
HasPrivateKey      : True
IsSelfSigned       : False
Issuer             : CN=hostingco OneStop CA, O=hostingco Corporation, DC=seanoc, DC=hostingco, DC=net, C=us
NotAfter           : 5/3/2015 4:11:47 PM
NotBefore          : 5/3/2010 4:01:47 PM
PublicKeySize      : 1024
RootCAType         : Registry
SerialNumber       : 71852661000000000175
Services           : None
Status             : Valid
Subject            : CN=bade9413-f056-df11-8970-00155d013c86
Thumbprint         : 095A27538C54DFF30641A9E8FA0340E9ACA86A57

AccessRules        :
CertificateDomains : {webmail.mycompany.com, ServerB.mycompany.com, ServerA.mycompany.com, autodiscover.vertafo
                     re.com}
HasPrivateKey      : True
IsSelfSigned       : False
Issuer             : CN=DigiCert High Assurance CA-3, OU=www.digicert.com, O=DigiCert Inc, C=US
NotAfter           : 5/6/2013 7:59:59 PM
NotBefore          : 5/2/2010 8:00:00 PM
PublicKeySize      : 2048
RootCAType         : ThirdParty
SerialNumber       : 04C22726DE894E3F9065FCD6802EF225
Services           : IMAP, POP, IIS, SMTP
Status             : Valid
Subject            : CN=webmail.mycompany.com, OU=Enterprise IT, O="mycompany, Inc.", L=Bothell, S=Washington, C=US
Thumbprint         : 558994806228DD25428424D3251B991507ED0694

AccessRules        :
CertificateDomains : {ServerB, ServerB.mycompany.com}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=ServerB
NotAfter           : 4/24/2015 7:04:46 PM
NotBefore          : 4/24/2010 7:04:46 PM
PublicKeySize      : 2048
RootCAType         : None
SerialNumber       : 204E14C23D451D95441CAED507370FDB
Services           : SMTP
Status             : Valid
Subject            : CN=ServerB
Thumbprint         : 700CD824AE69491227807266B90E617E1DADCB6E
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33621063
AccessRules        :
CertificateDomains : {webmail.mycompany.com, ServerB.mycompany.com, ServerA.mycompany.com, autodiscover.vertafo
                     re.com}
HasPrivateKey      : True
IsSelfSigned       : False
Issuer             : CN=DigiCert High Assurance CA-3, OU=www.digicert.com, O=DigiCert Inc, C=US
NotAfter           : 5/6/2013 7:59:59 PM
NotBefore          : 5/2/2010 8:00:00 PM
PublicKeySize      : 2048
RootCAType         : ThirdParty
SerialNumber       : 04C22726DE894E3F9065FCD6802EF225
Services           : IMAP, POP, IIS, SMTP
Status             : Valid
Subject            : CN=webmail.mycompany.com, OU=Enterprise IT, O="mycompany, Inc.", L=Bothell, S=Washington, C=US
Thumbprint         : 558994806228DD25428424D3251B991507ED0694

>> Both CAS servers are listed - which is correct, but NLB DNS entry is not listed.
You can make those changes suggested above on both servers and give it a shot.

you can try connecting outlook without reboot and see if it works.
http:#33620876

Also read the guide in my prior post.

thanks

0
 

Author Comment

by:JasonLattin
ID: 33645576
We have discovered what is going on with this and the resolution was very different than we had originally anticipated. I'm awarding points to Sunnyc7 Since his advice was solid and very well thought out technically even though our fix wasn't directly listed.

The "Fix" :
A number of months ago we upgraded form Exchange 2003 to Exchnage 2010. duyring this period we were living in to email worlds with some users on the 2003 boxes and some on the 2010 boxes. During this transition autodiscover was automatically switching some users Outlook clients to the new servers even though we hadn't moved the actual user accoutn over, so one of my peers disabled autodiscover during the transition. During that time while autodiscover was disabled any Outlook profile that was set up had to be done "manually". It was these users who, even though we had re-enabled autodiscovery, were still stuck pointing to an individual email server. Enabling auto-discovery did not overwrite the manual profile. The "fix" we found was simply to go into their "account settings" in Outlook and highlight the Exchange Server setting and choose "repair". This fixed the bad mojo that had us messed up prior to that.

Thanks sunnyc7 and I appreciate your thorough responses.

Jason
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33645607
damnn...
It would have been really hard to catch that @ manual settings. :)

Glad to be of help Jason
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Large Outlook files lead to various unwanted errors and corruption issues. Furthermore, large outlook files can also make Outlook take longer to start-up, search, navigate, and shut-down. So, In this article, i will discuss a method to make your Out…
Read this checklist to learn more about the 15 things you should never include in an email signature.
Many of my clients call in with monstrous Gmail overloading issues with Outlook. A quick tip is to turn off the All Mail and Important folders from synching. Here is a quick video I made to show you how to turn off these and other folders in Gmail s…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question