dankilleen
asked on
Exchange 2007 - prompts for password on Oulook open
Hi All,
Brand new Exchange 2007 server, with single name SSL cert. Problem:
Problem is with Autodiscover; if Basic authentication is turned on, then autodiscovery and Out of office works fine, but basic authentication also requires credentials when outlook starts.
So if you prefer to start outlook without logon then is appears Basic authentic must be disabled. With Basic auth disabled, users can open Outlook with no password prompt, but autodiscover tests will fail and OOO is unavailable.
Logon window is showing that it is trying to connect to mail.domain.com which - there is an A record on internal DNS to resolve mail.domain.com to Internal IP of Exchange server. Local domain is domain.local
There is a single exchange server only running Exch sp3 on Server 2008R2.
AM sure more info will be require so please let me know what you need.
Thanks in anticipation.
Brand new Exchange 2007 server, with single name SSL cert. Problem:
Problem is with Autodiscover; if Basic authentication is turned on, then autodiscovery and Out of office works fine, but basic authentication also requires credentials when outlook starts.
So if you prefer to start outlook without logon then is appears Basic authentic must be disabled. With Basic auth disabled, users can open Outlook with no password prompt, but autodiscover tests will fail and OOO is unavailable.
Logon window is showing that it is trying to connect to mail.domain.com which - there is an A record on internal DNS to resolve mail.domain.com to Internal IP of Exchange server. Local domain is domain.local
There is a single exchange server only running Exch sp3 on Server 2008R2.
AM sure more info will be require so please let me know what you need.
Thanks in anticipation.
Please find IIS authentication type and the SSL requirement for Exchange 2007
1) Autodiscover: Basic and Integrated authentication SSL Optional
2) EWS : Integrated authentication NO SSL
3) Exadmin : Basic and Integrated authentication NO SSL
4) Exchange : Basic and Integrated authentication SSL Optional
5) Exchweb : Basic and Integrated authentication NO SSL
6) Microsoft-Server-ActiveSyn c: Basic authentication SSL Optional
7) OAB : Integrated authentication NO SSL
8) OWA : Basic authentication SSL Optional
9) Public : Basic and Integrated authentication SSL Optional
After that restart IIS and check it.
1) Autodiscover: Basic and Integrated authentication SSL Optional
2) EWS : Integrated authentication NO SSL
3) Exadmin : Basic and Integrated authentication NO SSL
4) Exchange : Basic and Integrated authentication SSL Optional
5) Exchweb : Basic and Integrated authentication NO SSL
6) Microsoft-Server-ActiveSyn
7) OAB : Integrated authentication NO SSL
8) OWA : Basic authentication SSL Optional
9) Public : Basic and Integrated authentication SSL Optional
After that restart IIS and check it.
ASKER
sunnyc7 - as per original post.
Just one server and a single name cert.
[PS] C:\Windows\system32>get-cl ientaccess server | fl
Name : V4PCMAIL
OutlookAnywhereEnabled : False
AutoDiscoverServiceCN : v4PCMAIL
AutoDiscoverServiceClassNa me : ms-Exchange-AutoDiscover-S ervice
AutoDiscoverServiceInterna lUri : https://mail.domain.com/Autodiscover/Autodiscover.xml
AutoDiscoverServiceGuid : 77378f46-2c66-4aa9-a6a6-3e 7a48b19596
AutoDiscoverSiteScope : {Default-First-Site-Name}
IsValid : True
OriginatingServer : v4PCFILE.domain.local
ExchangeVersion : 0.1 (8.0.535.0)
DistinguishedName : CN=V4PCMAIL,CN=Servers,CN= Exchange Administrative Group (FYDIBOHF2
3SPDLT),CN=Administrative Groups,CN=First Organization,CN=Microsof
t Exchange,CN=Services,CN=Co nfiguratio n,DC=domai n,DC=local
Identity : V4PCMAIL
Guid : d933cc57-7a75-4fbc-9072-87 5bb5a8348b
ObjectCategory : domain.local/Configuration /Schema/ms -Exch-Exch ange-Serve r
ObjectClass : {top, server, msExchExchangeServer}
WhenChanged : 01/09/2010 22:42:27
WhenCreated : 14/08/2010 19:01:17
************************** ********** ********** ********** ********** *******
[PS] C:\Windows\system32>get-au todiscover virtualdir ectory | fl
Name : Autodiscover (Default Web Site)
InternalAuthenticationMeth ods : {Ntlm, WindowsIntegrated}
ExternalAuthenticationMeth ods : {Ntlm, WindowsIntegrated}
BasicAuthentication : False
DigestAuthentication : False
WindowsAuthentication : True
MetabasePath : IIS://V4PCMAIL.domain.loca l/W3SVC/1/ ROOT/Autod iscover
Path : D:\Program Files\Microsoft\Exchange Server\ClientAccess\Autodi scove
r
Server : V4PCMAIL
InternalUrl : https://v4pcmail.domain.local/Autodiscover/Autodiscover.xml
ExternalUrl :
AdminDisplayName :
ExchangeVersion : 0.1 (8.0.535.0)
DistinguishedName : CN=Autodiscover (Default Web Site),CN=HTTP,CN=Protocols ,CN=V4PCMA IL
,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=A
dministrative Groups,CN=First Organization,CN=Microsoft Exchange,CN
=Services,CN=Configuration ,DC=domain ,DC=local
Identity : V4PCMAIL\Autodiscover (Default Web Site)
Guid : 11517374-a800-4dbd-9df7-2e 7e0a7c8cdf
ObjectCategory : domain.local/Configuration /Schema/ms -Exch-Auto -Discover- Virtual
-Directory
ObjectClass : {top, msExchVirtualDirectory, msExchAutoDiscoverVirtualD irectory}
WhenChanged : 06/09/2010 13:14:19
WhenCreated : 14/08/2010 19:09:09
OriginatingServer : v4PCFILE.domain.local
IsValid : True
Just one server and a single name cert.
[PS] C:\Windows\system32>get-cl
Name : V4PCMAIL
OutlookAnywhereEnabled : False
AutoDiscoverServiceCN : v4PCMAIL
AutoDiscoverServiceClassNa
AutoDiscoverServiceInterna
AutoDiscoverServiceGuid : 77378f46-2c66-4aa9-a6a6-3e
AutoDiscoverSiteScope : {Default-First-Site-Name}
IsValid : True
OriginatingServer : v4PCFILE.domain.local
ExchangeVersion : 0.1 (8.0.535.0)
DistinguishedName : CN=V4PCMAIL,CN=Servers,CN=
3SPDLT),CN=Administrative Groups,CN=First Organization,CN=Microsof
t Exchange,CN=Services,CN=Co
Identity : V4PCMAIL
Guid : d933cc57-7a75-4fbc-9072-87
ObjectCategory : domain.local/Configuration
ObjectClass : {top, server, msExchExchangeServer}
WhenChanged : 01/09/2010 22:42:27
WhenCreated : 14/08/2010 19:01:17
**************************
[PS] C:\Windows\system32>get-au
Name : Autodiscover (Default Web Site)
InternalAuthenticationMeth
ExternalAuthenticationMeth
BasicAuthentication : False
DigestAuthentication : False
WindowsAuthentication : True
MetabasePath : IIS://V4PCMAIL.domain.loca
Path : D:\Program Files\Microsoft\Exchange Server\ClientAccess\Autodi
r
Server : V4PCMAIL
InternalUrl : https://v4pcmail.domain.local/Autodiscover/Autodiscover.xml
ExternalUrl :
AdminDisplayName :
ExchangeVersion : 0.1 (8.0.535.0)
DistinguishedName : CN=Autodiscover (Default Web Site),CN=HTTP,CN=Protocols
,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=A
dministrative Groups,CN=First Organization,CN=Microsoft Exchange,CN
=Services,CN=Configuration
Identity : V4PCMAIL\Autodiscover (Default Web Site)
Guid : 11517374-a800-4dbd-9df7-2e
ObjectCategory : domain.local/Configuration
-Directory
ObjectClass : {top, msExchVirtualDirectory, msExchAutoDiscoverVirtualD
WhenChanged : 06/09/2010 13:14:19
WhenCreated : 14/08/2010 19:09:09
OriginatingServer : v4PCFILE.domain.local
IsValid : True
ASKER
Satya,
Thanks. verified all settings. Only change was to remove SSL from EWS.
Ran IISREST and opened Outlook - the prompt is still there.
Thanks
Thanks. verified all settings. Only change was to remove SSL from EWS.
Ran IISREST and opened Outlook - the prompt is still there.
Thanks
Run these 2 commands
Get-AutodiscoverVirtualDir ectory | set-AutodiscoverVirtualDir ectory -InternalUrl:"https://v4pcmail.domain.local/Autodiscover/Autodiscover.xml"
Get-ClientAccessServer | Set-ClientAccessServer -AutoDiscoverServiceIntern alUri:"https://v4pcmail.domain.local/Autodiscover/Autodiscover.xml"
------
Whats your external FQDN
Assuming it is mail.domain.com - replace mail.domain.com in the code below.
Get-AutodiscoverVirtualDir ectory | set-AutodiscoverVirtualDir ectory -ExternalUrl:"https://mail.domain.com/Autodiscover/Autodiscover.xml"
---
also output
get-exchangecertificate | fl
thanks
Get-AutodiscoverVirtualDir
Get-ClientAccessServer | Set-ClientAccessServer -AutoDiscoverServiceIntern
------
Whats your external FQDN
Assuming it is mail.domain.com - replace mail.domain.com in the code below.
Get-AutodiscoverVirtualDir
---
also output
get-exchangecertificate | fl
thanks
ASKER
SunnyC - all done. See output
NOTE - starting outlook now gives a MAIL CERT error and THEN prompts for username/password. presumably because Exchange is bound to mail.domain.com cert not internal cert
[PS] C:\Windows\system32>Get-Au todiscover VirtualDir ectory | set-AutodiscoverVirtualDir ectory -Intern
alUrl:"https://v4pcmail.domain.local/Autodiscover/Autodiscover.xml"
WARNING: The command completed successfully but no settings of 'V4PCMAIL\Autodiscover (Default Web
Site)' have been modified.
[PS] C:\Windows\system32>Get-Cl ientAccess Server | Set-ClientAccessServer -AutoDiscoverServiceIntern a
lUri:"https://v4pcmail.domain.local/Autodiscover/Autodiscover.xml"
[PS] C:\Windows\system32>Get-Au todiscover VirtualDir ectory | set-AutodiscoverVirtualDir ectory -Extern
alUrl:"https://mail.domain.com/Autodiscover/Autodiscover.xml"
[PS] C:\Windows\system32>get-ex changecert ificate | fl
AccessRules : {System.Security.AccessCon trol.Crypt oKeyAccess Rule, System.Security.AccessCont
rol.CryptoKeyAccessRule, System.Security.AccessCont rol.Crypto KeyAccessR ule}
CertificateDomains : {cjsm.domain.com}
HasPrivateKey : True
IsSelfSigned : False
Issuer : E=raymond.edah@cwipapps.ne t, CN=Criminal Justice IT Root CA (CJSM), OU=CJIT Se
cure Mail, O=Cable & Wireless plc, L=Swindon, S=Wiltshire, C=GB
NotAfter : 18/08/2013 02:56:24
NotBefore : 18/08/2010 02:56:24
PublicKeySize : 1024
RootCAType : Registry
SerialNumber : 011F
Services : SMTP
Status : Unknown
Subject : CN=cjsm.domain.com, O=Judgment Ltd
Thumbprint : F674217D434FFB45C2DE70C23D 41D2C2FBC8 A98A
AccessRules : {System.Security.AccessCon trol.Crypt oKeyAccess Rule, System.Security.AccessCont
rol.CryptoKeyAccessRule, System.Security.AccessCont rol.Crypto KeyAccessR ule}
CertificateDomains : {mail.domain.com}
HasPrivateKey : True
IsSelfSigned : False
Issuer : OU=Equifax Secure Certificate Authority, O=Equifax, C=US
NotAfter : 13/08/2012 20:36:16
NotBefore : 16/08/2010 00:40:24
PublicKeySize : 1024
RootCAType : ThirdParty
SerialNumber : 144817
Services : IMAP, POP, IIS, SMTP
Status : Valid
Subject : CN=mail.domain.com, OU=Domain Control Validated - RapidSSL(R), OU=See www.
rapidssl.com/resources/cps (c)10, OU=4245279748, O=mail.domain.com, C=GB,
SERIALNUMBER=TAvj3wq9-XFXN XV7SqjJvwa KuA5hKDsL
Thumbprint : 8168D289C2BE70A6CFBD32A6B8 F22FF17950 165D
AccessRules : {System.Security.AccessCon trol.Crypt oKeyAccess Rule, System.Security.AccessCont
rol.CryptoKeyAccessRule, System.Security.AccessCont rol.Crypto KeyAccessR ule, Sy
stem.Security.AccessContro l.CryptoKe yAccessRul e}
CertificateDomains : {v4PCMAIL, v4PCMAIL.domain.local}
HasPrivateKey : True
IsSelfSigned : True
Issuer : CN=v4PCMAIL
NotAfter : 14/08/2011 19:03:23
NotBefore : 14/08/2010 19:03:23
PublicKeySize : 2048
RootCAType : None
SerialNumber : 6B7BEBFCF721F99649EA0FE813 441394
Services : SMTP
Status : Valid
Subject : CN=v4PCMAIL
Thumbprint : D64F3CB912996465CED5242335 EF9385310A BA81
NOTE - starting outlook now gives a MAIL CERT error and THEN prompts for username/password. presumably because Exchange is bound to mail.domain.com cert not internal cert
[PS] C:\Windows\system32>Get-Au
alUrl:"https://v4pcmail.domain.local/Autodiscover/Autodiscover.xml"
WARNING: The command completed successfully but no settings of 'V4PCMAIL\Autodiscover (Default Web
Site)' have been modified.
[PS] C:\Windows\system32>Get-Cl
lUri:"https://v4pcmail.domain.local/Autodiscover/Autodiscover.xml"
[PS] C:\Windows\system32>Get-Au
alUrl:"https://mail.domain.com/Autodiscover/Autodiscover.xml"
[PS] C:\Windows\system32>get-ex
AccessRules : {System.Security.AccessCon
rol.CryptoKeyAccessRule, System.Security.AccessCont
CertificateDomains : {cjsm.domain.com}
HasPrivateKey : True
IsSelfSigned : False
Issuer : E=raymond.edah@cwipapps.ne
cure Mail, O=Cable & Wireless plc, L=Swindon, S=Wiltshire, C=GB
NotAfter : 18/08/2013 02:56:24
NotBefore : 18/08/2010 02:56:24
PublicKeySize : 1024
RootCAType : Registry
SerialNumber : 011F
Services : SMTP
Status : Unknown
Subject : CN=cjsm.domain.com, O=Judgment Ltd
Thumbprint : F674217D434FFB45C2DE70C23D
AccessRules : {System.Security.AccessCon
rol.CryptoKeyAccessRule, System.Security.AccessCont
CertificateDomains : {mail.domain.com}
HasPrivateKey : True
IsSelfSigned : False
Issuer : OU=Equifax Secure Certificate Authority, O=Equifax, C=US
NotAfter : 13/08/2012 20:36:16
NotBefore : 16/08/2010 00:40:24
PublicKeySize : 1024
RootCAType : ThirdParty
SerialNumber : 144817
Services : IMAP, POP, IIS, SMTP
Status : Valid
Subject : CN=mail.domain.com, OU=Domain Control Validated - RapidSSL(R), OU=See www.
rapidssl.com/resources/cps
SERIALNUMBER=TAvj3wq9-XFXN
Thumbprint : 8168D289C2BE70A6CFBD32A6B8
AccessRules : {System.Security.AccessCon
rol.CryptoKeyAccessRule, System.Security.AccessCont
stem.Security.AccessContro
CertificateDomains : {v4PCMAIL, v4PCMAIL.domain.local}
HasPrivateKey : True
IsSelfSigned : True
Issuer : CN=v4PCMAIL
NotAfter : 14/08/2011 19:03:23
NotBefore : 14/08/2010 19:03:23
PublicKeySize : 2048
RootCAType : None
SerialNumber : 6B7BEBFCF721F99649EA0FE813
Services : SMTP
Status : Valid
Subject : CN=v4PCMAIL
Thumbprint : D64F3CB912996465CED5242335
ok
we need to make some changes :)
a) your cert is in the name of mail.domain.com
CertificateDomains : {mail.domain.com}
HasPrivateKey : True
IsSelfSigned : False
Issuer : OU=Equifax Secure Certificate Authority, O=Equifax, C=US
--
What we will do is this.
a) Create a DNS entry for mail.domain.com (that is your external FQDN - in the name of which the cert is issued)
Create an A-Record
Assign it local LAN IP of exchange server.
b) Change the scripts above, to point to mail.domain.com - to get their autodiscover URL's
Get-AutodiscoverVirtualDir ectory | set-AutodiscoverVirtualDir ectory -InternalUrl:"https://mail.domain.com/Autodiscover/Autodiscover.xml"
Get-ClientAccessServer | Set-ClientAccessServer -AutoDiscoverServiceIntern alUri:"https://mail.domain.com/Autodiscover/Autodiscover.xml"
--
then start outlook and see what happens.
we need to make some changes :)
a) your cert is in the name of mail.domain.com
CertificateDomains : {mail.domain.com}
HasPrivateKey : True
IsSelfSigned : False
Issuer : OU=Equifax Secure Certificate Authority, O=Equifax, C=US
--
What we will do is this.
a) Create a DNS entry for mail.domain.com (that is your external FQDN - in the name of which the cert is issued)
Create an A-Record
Assign it local LAN IP of exchange server.
b) Change the scripts above, to point to mail.domain.com - to get their autodiscover URL's
Get-AutodiscoverVirtualDir
Get-ClientAccessServer | Set-ClientAccessServer -AutoDiscoverServiceIntern
--
then start outlook and see what happens.
ASKER
OK will do - but isn't that just changing it back (internal URL) to what is was before we started!? Will update you shortly
ASKER
OK, all done. DNS A record already existed. Back to swuare 1. i.e. start outlook and am immediately prompted for auth to mail.domain.com
If I enter the details in domain\username format, everything works. But users should not have to and will not enter that every time outlook starts. If I cancel it, OOO does not function and outlook displays "need password" in botton right hand side.
If I enter the details in domain\username format, everything works. But users should not have to and will not enter that every time outlook starts. If I cancel it, OOO does not function and outlook displays "need password" in botton right hand side.
hmm
so you have domain\username thing.
will post back :)
so you have domain\username thing.
will post back :)
ASKER
correct. please do - I have tried every KB article and blog on the subject and cannot see where I went wrong....
ASKER
see attached image - it gives error 401 UNAUTHORISED.
ews-error.JPG
ews-error.JPG
try
Test-OutlookWebServices -Identity:user@domain.com
Test-OutlookWebServices -Identity:user@domain.com
ASKER
[PS] C:\Windows\system32>Test-O utlookWebS ervices -Identity:cbond@domain.com | fl
Id : 1003
Type : Information
Message : About to test AutoDiscover with the e-mail address CBond@domain.com.
Id : 1013
Type : Error
Message : When contacting https://autodiscover.domain.com/autodiscover/autodiscover.xml receive
d the error The remote name could not be resolved: 'autodiscover.domain.com'
Id : 1006
Type : Error
Message : The Autodiscover service could not be contacted.
Id : 1003
Type : Information
Message : About to test AutoDiscover with the e-mail address CBond@domain.com.
Id : 1013
Type : Error
Message : When contacting https://autodiscover.domain.com/autodiscover/autodiscover.xml receive
d the error The remote name could not be resolved: 'autodiscover.domain.com'
Id : 1006
Type : Error
Message : The Autodiscover service could not be contacted.
thats fine - you dont have a autodiscover DNS entry.
I will post back on the NTLM thing
I will post back on the NTLM thing
ASKER
autodiscover A record added for domain.com
autodiscover A record already existed for domain.local
autodiscover A record already existed for domain.local
ASKER
ah - have removed the A record for autodiscover.domain.com as it resulted in Cert prompt when opening outlook, looking for mail.domain.com
Interested to hear thoughts on ntlm idea.
Interested to hear thoughts on ntlm idea.
Please check the following steps mentioned below:-
Autodiscover = Basic + Windows Integrated + SSL Forced == Disable - Kernel Mode Authentication.
OAB= Windows Integrated = Disable - Kernel Mode Authentication.
EWS= Windows Integrated = Disable - Kernel Mode Authentication + SSL forced.
Follow the kb-940726, and run the following command on the server.
Set-ClientAccessServer -Identity CAS_Server_Name -AutodiscoverServiceIntern alUri https://mail.contoso.com/autodiscover/autodiscover.xml
Set-WebServicesVirtualDire ctory -Identity "CAS_Server_Name\EWS (Default Web Site)" -InternalUrl https://mail.contoso.com/ews/exchange.asmx
Set-OABVirtualDirectory -Identity "CAS_Server_name\oab (Default Web Site)" -InternalUrl https://mail.contoso.com/oab
Please run the following command in the management shell:-
test-outlookWebserivces | fl and see the result. If you get 401 Unauthorized please follow the below link and restart the server.
DisableLoopbackcheck registry.
key as per the article <http://support.microsoft.com/kb/896861>.
Then perform "SetSPN -a http/(Exchange server FQDN) (Exchange server name)"
Check the HTTP keep alive in IIS 7 in the following place:-
HTTP response headers on Default WebSite == set common headers.
If still the issue persists, please follow this steps:-
Delete and recreate the Autodiscover/ EWS Virtual Directories.
Remove-AutodiscoverVirtual Directory -identity "CAS server name\Autodiscover (Default Web Site)"
Remove-WebservicesVirtualD irectory -identity "CAS server name\EWS (Default Web Site)"
new-AutodiscoverVirtualDir ectory
new-WebservicesVirtualDire ctory
And follow the kb-940726 again to set the InternalUri.
Perform IISreset.
And also please check whether you have 3.5 .netFramework, if yes please download and install the following hotfix.
KB- 958934
And Run Test EmailAutoconfiguration from outlook 2007 client, and please select only Autodiscover. Remove Guessmart and Secure Guess mart.
Please check out these steps and revert back if the issue persists.
Thanks.
Mohammed
Autodiscover = Basic + Windows Integrated + SSL Forced == Disable - Kernel Mode Authentication.
OAB= Windows Integrated = Disable - Kernel Mode Authentication.
EWS= Windows Integrated = Disable - Kernel Mode Authentication + SSL forced.
Follow the kb-940726, and run the following command on the server.
Set-ClientAccessServer -Identity CAS_Server_Name -AutodiscoverServiceIntern
Set-WebServicesVirtualDire
Set-OABVirtualDirectory -Identity "CAS_Server_name\oab (Default Web Site)" -InternalUrl https://mail.contoso.com/oab
Please run the following command in the management shell:-
test-outlookWebserivces | fl and see the result. If you get 401 Unauthorized please follow the below link and restart the server.
DisableLoopbackcheck registry.
key as per the article <http://support.microsoft.com/kb/896861>.
Then perform "SetSPN -a http/(Exchange server FQDN) (Exchange server name)"
Check the HTTP keep alive in IIS 7 in the following place:-
HTTP response headers on Default WebSite == set common headers.
If still the issue persists, please follow this steps:-
Delete and recreate the Autodiscover/ EWS Virtual Directories.
Remove-AutodiscoverVirtual
Remove-WebservicesVirtualD
new-AutodiscoverVirtualDir
new-WebservicesVirtualDire
And follow the kb-940726 again to set the InternalUri.
Perform IISreset.
And also please check whether you have 3.5 .netFramework, if yes please download and install the following hotfix.
KB- 958934
And Run Test EmailAutoconfiguration from outlook 2007 client, and please select only Autodiscover. Remove Guessmart and Secure Guess mart.
Please check out these steps and revert back if the issue persists.
Thanks.
Mohammed
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
maz_ee,
You legend.
I added NTLM to both Autodiscover and EWS.
Had a choice between:
1. Negotiate
2, Negotiate; Kerberos
Which should be selected?
I selected 2. and ran IISRESET. outlook starting to work with no prompts and out of office works.
However, testing from Command Shell still failrs with 401 Unauthorised.....? Ideas?
cheers
You legend.
I added NTLM to both Autodiscover and EWS.
Had a choice between:
1. Negotiate
2, Negotiate; Kerberos
Which should be selected?
I selected 2. and ran IISRESET. outlook starting to work with no prompts and out of office works.
However, testing from Command Shell still failrs with 401 Unauthorised.....? Ideas?
cheers
dan
can you copy paste the 401 errors.
Also - run this test again please and lets see if all issues are resolved.
[PS] C:\Windows\system32>Test-O utlookWebS ervices -Identity:cbond@domain.com | fl
thanks
can you copy paste the 401 errors.
Also - run this test again please and lets see if all issues are resolved.
[PS] C:\Windows\system32>Test-O
thanks
ASKER
hi - pls see below/code[PS] C:\Windows\system32>Test-O utlookWebS ervices |fl
Id : 1003
Type : Information
Message : About to test AutoDiscover with the e-mail address Administrator@domain.com.
Id : 1007
Type : Information
Message : Testing server V4PCMAIL.domain.local with the published name https://mail.domain.
com/EWS/exchange.asmx & https://mail.domain.com/EWS/Exchange.asmx.
Id : 1019
Type : Information
Message : Found a valid AutoDiscover service connection point. The AutoDiscover URL on this object
is https://mail.domain.com/Autodiscover/autodiscover.xml.
Id : 1013
Type : Error
Message : When contacting https://mail.domain.com/Autodiscover/autodiscover.xml received the er
ror The remote server returned an error: (401) Unauthorized.
Id : 1013
Type : Error
Message : When contacting https://mail.domain.com/Autodiscover/autodiscover.xml received the er
ror The specified target is unknown or unreachable
Id : 1006
Type : Error
Message : The Autodiscover service could not be contacted.
Id : 1003
Type : Information
Message : About to test AutoDiscover with the e-mail address Administrator@domain.com.
Id : 1007
Type : Information
Message : Testing server V4PCMAIL.domain.local with the published name https://mail.domain.
com/EWS/exchange.asmx & https://mail.domain.com/EWS/Exchange.asmx.
Id : 1019
Type : Information
Message : Found a valid AutoDiscover service connection point. The AutoDiscover URL on this object
is https://mail.domain.com/Autodiscover/autodiscover.xml.
Id : 1013
Type : Error
Message : When contacting https://mail.domain.com/Autodiscover/autodiscover.xml received the er
ror The remote server returned an error: (401) Unauthorized.
Id : 1013
Type : Error
Message : When contacting https://mail.domain.com/Autodiscover/autodiscover.xml received the er
ror The specified target is unknown or unreachable
Id : 1006
Type : Error
Message : The Autodiscover service could not be contacted.
[PS] C:\Windows\system32>Test-OutlookWebServices -Identity:cbond@domain.com | fl
Id : 1003
Type : Information
Message : About to test AutoDiscover with the e-mail address CBond@domain.com.
Id : 1013
Type : Error
Message : When contacting https://mail.domain.com/Autodiscover/autodiscover.xml received the er
ror The remote server returned an error: (401) Unauthorized.
Id : 1013
Type : Error
Message : When contacting https://mail.domain.com/Autodiscover/autodiscover.xml received the er
ror The specified target is unknown or unreachable
Id : 1006
Type : Error
Message : The Autodiscover service could not be contacted.
run this again please
Get-AutodiscoverVirtualDir ectory | fl
thanks
Get-AutodiscoverVirtualDir
thanks
ASKER
If I browse to https://mail.domain.com/Autodiscover/autodiscover.xml I am prompted for username and PW
If I cancel this prompt, I get HTTP Error 401.2 - Unauthorized
If I enter username / PW, it rejects them a few times and then returns - HTTP Error 401.1 - Unauthorized
Outlook IS working without prompts now though, and OOO IS available.
thanks
If I cancel this prompt, I get HTTP Error 401.2 - Unauthorized
If I enter username / PW, it rejects them a few times and then returns - HTTP Error 401.1 - Unauthorized
Outlook IS working without prompts now though, and OOO IS available.
thanks
when you ping mail.domain.com - does it show your external FQDN or internal ?
ASKER
here you go for Get-AutodiscoverVirtualDir ectory | fl
[PS] C:\Windows\system32>Get-AutodiscoverVirtualDirectory | fl
Name : Autodiscover (Default Web Site)
InternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated}
ExternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated}
BasicAuthentication : True
DigestAuthentication : False
WindowsAuthentication : True
MetabasePath : IIS://V4PCMAIL.domain.local/W3SVC/1/ROOT/Autodiscover
Path : D:\Program Files\Microsoft\Exchange Server\ClientAccess\Autodiscove
r
Server : V4PCMAIL
InternalUrl : https://mail.domain.com/Autodiscover/Autodiscover.xml
ExternalUrl : https://mail.domain.com/Autodiscover/Autodiscover.xml
AdminDisplayName :
ExchangeVersion : 0.1 (8.0.535.0)
DistinguishedName : CN=Autodiscover (Default Web Site),CN=HTTP,CN=Protocols,CN=V4PCMAIL
,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=A
dministrative Groups,CN=First Organization,CN=Microsoft Exchange,CN
=Services,CN=Configuration,DC=domain,DC=local
Identity : V4PCMAIL\Autodiscover (Default Web Site)
Guid : 11517374-a800-4dbd-9df7-2e7e0a7c8cdf
ObjectCategory : domain.local/Configuration/Schema/ms-Exch-Auto-Discover-Virtual
-Directory
ObjectClass : {top, msExchVirtualDirectory, msExchAutoDiscoverVirtualDirectory}
WhenChanged : 07/09/2010 21:16:55
WhenCreated : 14/08/2010 19:09:09
OriginatingServer : v4PCFILE.domain.local
IsValid : True
ASKER
yes, ping resolves fine (internal)
Microsoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Users\sproutit>ping mail.domain
Pinging mail.domain [128.10.20.1] with 32 bytes of data:
Reply from 128.10.20.1: bytes=32 time<1ms TTL=128
Reply from 128.10.20.1: bytes=32 time<1ms TTL=128
Reply from 128.10.20.1: bytes=32 time<1ms TTL=128
Reply from 128.10.20.1: bytes=32 time<1ms TTL=128
Ping statistics for 128.10.20.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
C:\Users\sproutit>
Also
get-webservicesvirtualdire ctory | fl
thanks
get-webservicesvirtualdire
thanks
Dan
start > run > appwiz.cpl
Check windows updates installed.
See if this kb is installed
KB948609
If it is there - uninstall it.
then try this again
Test-OutlookWebServices -Identity:cbond@domain.com | fl
thanks
start > run > appwiz.cpl
Check windows updates installed.
See if this kb is installed
KB948609
If it is there - uninstall it.
then try this again
Test-OutlookWebServices -Identity:cbond@domain.com
thanks
ASKER
get-webservicesvirtualdire ctory | fl
[PS] C:\Windows\system32>get-webservicesvirtualdirectory | fl
InternalNLBBypassUrl : https://v4pcmail.domain.local/ews/exchange.asmx
Name : EWS (Default Web Site)
InternalAuthenticationMethods : {Ntlm, WindowsIntegrated, Basic}
ExternalAuthenticationMethods : {Ntlm, WindowsIntegrated, Basic}
BasicAuthentication : True
DigestAuthentication : False
WindowsAuthentication : True
MetabasePath : IIS://V4PCMAIL.domain.local/W3SVC/1/ROOT/EWS
Path : D:\Program Files\Microsoft\Exchange Server\ClientAccess\exchweb\EWS
Server : V4PCMAIL
InternalUrl : https://mail.domain/EWS/exchange.asmx
ExternalUrl : https://mail.domain/EWS/Exchange.asmx
AdminDisplayName :
ExchangeVersion : 0.1 (8.0.535.0)
DistinguishedName : CN=EWS (Default Web Site),CN=HTTP,CN=Protocols,CN=V4PCMAIL,CN=Serve
rs,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administra
tive Groups,CN=First Organization,CN=Microsoft Exchange,CN=Services
,CN=Configuration,DC=domain,DC=local
Identity : V4PCMAIL\EWS (Default Web Site)
Guid : 2ac6b1d9-5818-45bd-a1fb-b6ef41bb352c
ObjectCategory : domain.local/Configuration/Schema/ms-Exch-Web-Services-Virtual-
Directory
ObjectClass : {top, msExchVirtualDirectory, msExchWebServicesVirtualDirectory}
WhenChanged : 07/09/2010 16:00:50
WhenCreated : 14/08/2010 19:09:19
OriginatingServer : v4PCFILE.domain.local
IsValid : True
ASKER
KB948609 is not installed.
Hello dankilleen,
Plz. follow these steps to get a successful output when using the shell cmd
# Click Start, click Run, type regedit, and then click OK.
# In Registry Editor, locate and then click the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\ CurrentCon trolSet\Co ntrol\Lsa
# Right-click Lsa, point to New, and then click DWORD Value.
# Type DisableLoopbackCheck, and then press ENTER.
# Right-click DisableLoopbackCheck, and then click Modify.
# In the Value data box, type 1, and then click OK.
# Quit Registry Editor, and then restart your computer.
Then run the shell cmd and it would not give any errors :)
Plz. follow these steps to get a successful output when using the shell cmd
# Click Start, click Run, type regedit, and then click OK.
# In Registry Editor, locate and then click the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\
# Right-click Lsa, point to New, and then click DWORD Value.
# Type DisableLoopbackCheck, and then press ENTER.
# Right-click DisableLoopbackCheck, and then click Modify.
# In the Value data box, type 1, and then click OK.
# Quit Registry Editor, and then restart your computer.
Then run the shell cmd and it would not give any errors :)
get-autodiscovervirtualdir
questions ?
a) single exchange server or a CAS array ?
b) did you install UCC/SAN cert of self-signed
thanks