Solved

Exchange 2010 Outlook Anywhere not working

Posted on 2010-09-10
41
1,148 Views
Last Modified: 2012-05-10
Need help with configuring Outlook Anywhere.

I have the certs setup and went through typical setup, but is not working.

I have a UCC Cert with the following domain names:
outlook.company.com ==> for outlookanywhere
email.company.com ==> owa
autodiscover.company.com

all three names are configured on ExchGateway.company.local which is the CAS/HUB Role.

set all configs via
enable-outlookwhere
set-outlookprovider
and tested via testexchangeconnectivity.com

test results intermittently work.
0
Comment
Question by:jetli87
  • 14
  • 11
  • 9
  • +2
41 Comments
 
LVL 49

Accepted Solution

by:
Akhater earned 400 total points
ID: 33650489
go to https://www.testexchangeconnectivity.com/ and run the test paste the results
0
 
LVL 32

Expert Comment

by:endital1097
ID: 33650570
Will be online tonite if not resolved
0
 
LVL 1

Author Comment

by:jetli87
ID: 33650594
ok, everything isn't working because my autodiscover is not configured properly.

I had ran the test locally on the network and it works fine, but obviously remote it doesn't so that has been throwing me off.

Here's the result of autodiscover test:


 Attempting to test Autodiscover for exch2010@company.com 

  Testing Autodiscover failed. 

   Test Steps 

   ExRCA is attempting each method of contacting the Autodiscover service. 

  The Autodiscover service couldn't be contacted successfully by any method. 

   Test Steps 

   Attempting to test potential AutoDiscover URL https://company.com/AutoDiscover/AutoDiscover.xml 

  Testing of this potential Autodiscover URL failed. 

   Test Steps 

   Attempting to resolve the host name company.com in DNS. 

  Host successfully resolved 

   Additional Details 

  IP(s) returned: 74.s.x.149 

 

 Testing TCP Port 443 on host company.com to ensure it is listening and open. 

  The port was opened successfully. 

 ExRCA is testing the SSL certificate to make sure it's valid. 

  The SSL certificate failed one or more certificate validation checks. 

   Test Steps 

   The certificate name is being validated. 

  Certificate name validation failed. 

   Tell me more about this issue and how to resolve it 

   Additional Details 

  Host name company.com does not match any name found on the server certificate CN=mail.company.com, OU=Domain Control Validated, O=mail.company.com 

 

 

 

 

 

 Attempting to test potential AutoDiscover URL https://autodiscover.company.com/AutoDiscover/AutoDiscover.xml 

  Testing of this potential Autodiscover URL failed. 

   Test Steps 

   Attempting to resolve the host name autodiscover.company.com in DNS. 

  Host successfully resolved 

   Additional Details 

  IP(s) returned: 74.x.x.158 

 

 Testing TCP Port 443 on host autodiscover.company.com to ensure it is listening and open. 

  The port was opened successfully. 

 ExRCA is testing the SSL certificate to make sure it's valid. 

  The certificate passed all validation requirements. 

   Test Steps 

   The certificate name is being validated. 

  Successfully validated the certificate name 

   Additional Details 

  Found hostname autodiscover.company.com in Certificate Subject Alternative Name entry 

 

 Certificate trust is being validated. 

  The test passed with some warnings encountered. Please expand the additional details. 

   Additional Details 

  Only able to build certificate chain when using the Root Certificate Update functionality from Windows Update. Your server may not be properly configured to send down the required intermediate certificates to complete the chain. Consult the certificate installation instructions or FAQ's from your Certificate Authority for more information. 

 

 The certificate date is being confirmed to ensure the certificate is valid. 

  Date validation passed. The certificate hasn't expired. 

   Additional Details 

  Certificate is valid: NotBefore = 9/8/2010 2:07:56 AM, NotAfter = 9/8/2012 2:07:56 AM" 

 

 

 

 The IIS configuration is being checked for client certificate authentication. 

  Client certificate authentication wasn't detected. 

   Additional Details 

  Accept/Require Client Certificates not configured. 

 

 ExRCA is attempting to send an Autodiscover POST request to potential Autodiscover URLs. 

  Autodiscover settings weren't obtained when the Autodiscover POST request was sent. 

   Test Steps 

   Attempting to Retrieve XML AutoDiscover Response from url https://autodiscover.company.com/AutoDiscover/AutoDiscover.xml for user exch2010@starpointproperties.com 

  Failed to obtain AutoDiscover XML response. 

   Additional Details 

  A Web Exception occurred because an HTTP 401 - Unauthorized response was received from Unknown 

  

 ExRCA is attempting to contact the Autodiscover service using the HTTP redirect method. 

  The attempt to contact Autodiscover using the HTTP Redirect method failed. 

   Test Steps 

   Attempting to resolve the host name autodiscover.company.com in DNS. 

  Host successfully resolved 

   Additional Details 

  IP(s) returned: 74.x.x.158 

 

 Testing TCP Port 80 on host autodiscover.company.com to ensure it is listening and open. 

  The port was opened successfully. 

 Checking Host autodiscover.company.com for an HTTP redirect to AutoDiscover 

  ExRCA failed to get an HTTP redirect response for Autodiscover. 

   Additional Details 

  An HTTP 403 forbidden response was received. The response appears to have come from Unknown. Body is: You do not have permission to view this directory or page. 

 

 

 ExRCA is attempting to contact the Autodiscover service using the DNS SRV redirect method. 

  Failed to contact AutoDiscover using the DNS SRV redirect method. 

   Test Steps 

 

 

 

 

 

Open in new window

0
 
LVL 32

Expert Comment

by:endital1097
ID: 33650623
Does your cert include either
Domain.com
Autodiscover.domain.com
0
 
LVL 49

Expert Comment

by:Akhater
ID: 33650653
your error is here  

A Web Exception occurred because an HTTP 401 - Unauthorized response was received from Unknown

401 usually means user/pass incorrect

did you try to use user@domain.com or domain\user ?
0
 
LVL 1

Author Comment

by:jetli87
ID: 33650680
tried both methods user@domain and domain\user.

For sure the userpass is fine...If I vpn and run the same test, all is well.

The firewall is configured with the right accesslist:  allowing incoming on ports 80 & 443 directed internally to the CAS/Hub Server.

All external DNS entries are pointed the pub IP which is configured for NAT on the firewall.
0
 
LVL 1

Author Comment

by:jetli87
ID: 33650685
yes, forgot to mention autodiscover is included on cert.
0
 
LVL 49

Assisted Solution

by:Akhater
Akhater earned 400 total points
ID: 33650706
from outside try to open https://autodiscover.company.com/AutoDiscover/AutoDiscover.xml


what is the reply after you enter user/pass ?
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33650744
dude @ you are still on mobile.

jetli87 - who hosts your DNS
do they support SRV records ?
autodiscover.domain.com > where does it point to ?
0
 
LVL 32

Expert Comment

by:endital1097
ID: 33650779
Cert contains autodiscover so is there anA record in DNS for it
0
 
LVL 49

Expert Comment

by:Akhater
ID: 33650788
@endital1097 @sunnyc7

guys look at the report all is working fine the SANs are fine and the IP are fine it is just failing at

ExRCA is attempting to send an Autodiscover POST request to potential Autodiscover URLs.
  Autodiscover settings weren't obtained when the Autodiscover POST request was sent.
   Test Steps
   Attempting to Retrieve XML AutoDiscover Response from url https://autodiscover.company.com/AutoDiscover/AutoDiscover.xml
  Failed to obtain AutoDiscover XML response.
   Additional Details
  A Web Exception occurred because an HTTP 401 - Unauthorized response was received from Unknown
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33650803
akhater point
I was reading from jetli's previous question.

shouldnt it be
https://mail.domain.com/AutoDiscover/AutoDiscover.xml
0
 
LVL 32

Expert Comment

by:endital1097
ID: 33650816
Not externally

Is basic authentication enabled
0
 
LVL 49

Assisted Solution

by:Akhater
Akhater earned 400 total points
ID: 33650823
if they autodiscover is not setup using SRV records it will indeed be https://autodiscover.company.com/AutoDiscover/AutoDiscover.xml

jetli87 please try to open  https://autodiscover.company.com/AutoDiscover/AutoDiscover.xml  and enter username/pass what is the result
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33650824
jim I think we did that @jetli's last case - basic and NTLM enabled through set-outlookanywhere.

jetli87 please confirm

set-outlookanywhere | fl
IISauthentication field - is it basic or basic, ntlm
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33650828
I am out guys.
Akhater your ball.
Jim - get a break.
0
 
LVL 1

Author Comment

by:jetli87
ID: 33650834
Sorry, stepped out...will get back to everyone in an hour.
0
 
LVL 1

Author Comment

by:jetli87
ID: 33651154
so from the outside, autodiscover.company.com/AutoDiscover/AutoDiscover.xml

will not resolve, though i know it's not dns because autodiscover.company.com goes to IIS page.

internally, the link request for username/password and I tried the test user credentials via upn or domain/user and can't login...

IIS Authentication = NTLM

0
 
LVL 49

Expert Comment

by:Akhater
ID: 33651168
from outside autodiscover.company.com/autodiscover/autodiscover.xml does prompt for a user/pass however i don't know the pass to test it

however entering a user/pass should let you login and this is your problem
0
 
LVL 49

Assisted Solution

by:Akhater
Akhater earned 400 total points
ID: 33651179
open EMS and run

get-AutodiscoverVirtualDirectory | set-AutodiscoverVirtualDirectory -basicauthentication $true

and run the testexchangeconnectivity again
0
Don't lose your head updating email signatures!

Do your end users still have the wrong email signature? Do email signature updates bore you or fill you with a sense of dread? You can make this a whole lot easier on yourself by trusting an Exclaimer email signature management solution. Over 50 million users do...so should you!

 
LVL 1

Author Comment

by:jetli87
ID: 33651236
Quick question, ran

get-autodiscovervirtualdirectory | fl

InternalUrl & External Url are Null - should there be a setting there?
0
 
LVL 1

Author Comment

by:jetli87
ID: 33651247
and basicauthentication is already set to true
0
 
LVL 49

Expert Comment

by:Akhater
ID: 33651256
yes they should be NULL it is normal.

can you give me the password of your test user so I can do some tests ?
0
 
LVL 15

Expert Comment

by:Narayan_singh
ID: 33651285
ok... make sure there is only basic and Windows authentication sleceted in Autodiscover virtual directoy and there is no Annonymous authentication sleceted ... do it from IIS manager and see if you have options for basic and windows authentication if you do not have them then please install pre-requisite.

If above things are in place please remove autodiscover virtual directory and the re-create it.

get-autodiscovervirtualdirectory | remove-autodiscovervirtualdirectory

new-autodiscovervirtualdirectory

and again set the authentication tyoe like i mentioned.

then try to browse
https://localhost/autodiscover/autodiscover.xml
though u get cert erro just proceed with credentials and you should get error code 600 invalid
if you get that it should work from outside aswell

revert.
0
 
LVL 32

Expert Comment

by:endital1097
ID: 33651288
when you tried it from the outside you did try https://autodiscover.domain.com/autodiscover/autodiscover.xml

can you post the results for
Get-AutodiscoverVirtualDirectory | fl *Authen*
0
 
LVL 1

Author Comment

by:jetli87
ID: 33651347
ok whatever happened, autodiscover test is succeeding right now...Going through other tests.
0
 
LVL 15

Expert Comment

by:Narayan_singh
ID: 33651355
cool
0
 
LVL 49

Expert Comment

by:Akhater
ID: 33651356
:) good to know
0
 
LVL 32

Expert Comment

by:endital1097
ID: 33651359
it was my return :)
0
 
LVL 1

Author Comment

by:jetli87
ID: 33651439
ok so https-rpc is sorta working now.

I had to apply the below for the test to complete successful for on auto config

set-outlookprovider expr -certifedprincipalname "msstd:email.company.com"

now what's the correct config on outlook?  I can't get it work.

exchange server = outlook.company.com
on Exchange Proxy: outlook.company.com
Authenticatoin = ntlm

when i do checkname, i get prompted for username/pass and I've tried both upn and user/domain but it errors out.
0
 
LVL 32

Assisted Solution

by:endital1097
endital1097 earned 100 total points
ID: 33651451
exchange server is your cas server associated with your mailbox database
get-mailboxdatabase | fl name,rpc*

the proxy is
get-outlookanywhere | fl exter*

authentication = basic
0
 
LVL 1

Author Comment

by:jetli87
ID: 33651457
nevermind, got it to work...changed exchange server to local CAS DNS name.

0
 
LVL 49

Expert Comment

by:Akhater
ID: 33651460
Since you have autodiscover there is nothing to configure in outlook it should pick up the config alone
0
 
LVL 1

Author Comment

by:jetli87
ID: 33651463
last question, for login credentials on outlookanywhere, does Exchange 2010 accept either UPN or domain/user method?

or can you specify somewhere?

i used UPN and it worked ok.
0
 
LVL 49

Expert Comment

by:Akhater
ID: 33651466
Both should work
0
 
LVL 1

Author Comment

by:jetli87
ID: 33651518
is there a way to specify/restrict the login method?
0
 
LVL 32

Expert Comment

by:endital1097
ID: 33651543
remove the upn logon name within ad, otherwise no
0
 
LVL 1

Author Comment

by:jetli87
ID: 33651556
thanks for everyone's help.

will assign points shortly.
0
 
LVL 32

Expert Comment

by:endital1097
ID: 33651576
have a great weekend
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33652039
Wow. this is resolved. Just came back home.
Stuck in a traffic jam for 1.5 hrs and crossed 2 miles :(
0
 
LVL 1

Author Closing Comment

by:jetli87
ID: 33687582
Responses didn't directly resolved the issue but help lead me to fix it on my own.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Resolve Outlook connectivity issues after moving mailbox to new Exchange 2016 server
Local Continuous Replication is a cost effective and quick way of backing up Exchange server data. The following article describes the steps required to configure Local Continuous Replication. Also, the article tells you how to restore from a backup…
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now