Solved

Autodiscover.contoso.no error internal on SBS2008

Posted on 2010-09-14
23
632 Views
Last Modified: 2012-05-10
Hi

I Have a small Business server 2008 with 2 standards 2008 server.

And approx 30 clients XP, Vista and 7. With Outlook 2007.

when i changed the external IP on the mail server, everything works fine Except the when the clients start the Outlook internal (Lan), they get a autodiscover.contoso.no error.

I Have tried to rekey the certificate, but the same.

I can understand that you need a UC/SAN certificate to get the autodiscover to work external.

But i just changed a external IP to the mailserver (SBS2008).


Any Ideas, why this happens internaly?
0
Comment
Question by:Autoper
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 6
  • 5
  • +3
23 Comments
 
LVL 57

Expert Comment

by:Pete Long
ID: 33670471
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 33670475
sorry tte autodiscover note below point 2 :(
0
 
LVL 10

Expert Comment

by:dhruvarajp
ID: 33670655
ip address change does not require you to change the certificate.so you can go back to the older certificate
now.. ensure that your ip address is updated in associated hostnames in DNS
or delete the stale dns records for this server

Thank you
Dhruv
0
Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 
LVL 28

Expert Comment

by:sunnyc7
ID: 33670996
Can you run these commands from exchange and post back here

a) get-clientaccessserver | fl
b) get-autodiscovervirtualdirectory | Fl
c) Ping mail.domain.com --> where mail.domain.com - is your external FQDN which should resolve to public IP of your firewall.

thanks
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33671005
Also login to anyone of the workstations from where autodiscover doesnt work.

Go here
c:\Windows\System32\drivers\etc\
Right click on hosts file > open with notepad
see if there is an entry for your LAN IP / WAN IP with the fqdn in the end.

You need to delete it.
thanks
0
 

Author Comment

by:Autoper
ID: 33671028
Thanks Alot, give me a few hours, and i will do it.
0
 
LVL 32

Expert Comment

by:endital1097
ID: 33671170
internally your outlook clients are going to attempt to use autodiscover by hitting the service connection point defined in the value
get-clientaccessserver | fl AutoDiscoverServiceInternalUri

you need to ensure that the fqdn in that result appears in your certificate
to validate the certificate being used run
Get-ExchangeCertificate | where { $_.services.tostring().contains("IIS") -eq $true } | fl CertificateDomains
0
 

Author Comment

by:Autoper
ID: 33672081
Hi

get-clientaccessserver | fl


Name                           : VVGVEKSLER
OutlookAnywhereEnabled         : True
AutoDiscoverServiceCN          : VVGVEKSLER
AutoDiscoverServiceClassName   : ms-Exchange-AutoDiscover-Service
AutoDiscoverServiceInternalUri : https://remote.vvg.no/autodiscover/autodiscove
                                 r.xml
AutoDiscoverServiceGuid        : 77378f46-2c66-4aa9-a6a6-3e7a48b19596
AutoDiscoverSiteScope          : {Default-First-Site-Name}
IsValid                        : True
OriginatingServer              : VVGVEKSLER.vvg.local
ExchangeVersion                : 0.1 (8.0.535.0)
DistinguishedName              : CN=VVGVEKSLER,CN=Servers,CN=Exchange Administr
                                 ative Group (FYDIBOHF23SPDLT),CN=Administrativ
                                 e Groups,CN=First Organization,CN=Microsoft Ex
                                 change,CN=Services,CN=Configuration,DC=vvg,DC=
                                 local
Identity                       : VVGVEKSLER
Guid                           : 6585d486-54f2-43e8-a23f-84e1bcafde4e
ObjectCategory                 : vvg.local/Configuration/Schema/ms-Exch-Exchang
                                 e-Server
ObjectClass                    : {top, server, msExchExchangeServer}
WhenChanged                    : 13.09.2010 15:42:59
WhenCreated                    : 27.12.2009 14:50:11


get-autodiscovervirtualdirectory | Fl


Name                          : Autodiscover (SBS Web Applications)
InternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated}
ExternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated}
BasicAuthentication           : True
DigestAuthentication          : False
WindowsAuthentication         : True
MetabasePath                  : IIS://VVGVEKSLER.vvg.local/W3SVC/3/ROOT/Autodis
                                cover
Path                          : C:\Program Files\Microsoft\Exchange Server\Clie
                                ntAccess\Autodiscover
Server                        : VVGVEKSLER
InternalUrl                   : https://remote.vvg.no/Autodiscover/Autodiscover
                                .xml
ExternalUrl                   : https://remote.vvg.no/Autodiscover/Autodiscover
                                .xml
AdminDisplayName              :
ExchangeVersion               : 0.1 (8.0.535.0)
DistinguishedName             : CN=Autodiscover (SBS Web Applications),CN=HTTP,
                                CN=Protocols,CN=VVGVEKSLER,CN=Servers,CN=Exchan
                                ge Administrative Group (FYDIBOHF23SPDLT),CN=Ad
                                ministrative Groups,CN=First Organization,CN=Mi
                                crosoft Exchange,CN=Services,CN=Configuration,D
                                C=vvg,DC=local
Identity                      : VVGVEKSLER\Autodiscover (SBS Web Applications)
Guid                          : e01a053e-1bc7-4b21-823f-0b975827bb88
ObjectCategory                : vvg.local/Configuration/Schema/ms-Exch-Auto-Dis
                                cover-Virtual-Directory
ObjectClass                   : {top, msExchVirtualDirectory, msExchAutoDiscove
                                rVirtualDirectory}
WhenChanged                   : 28.12.2009 19:24:13
WhenCreated                   : 27.12.2009 14:53:51
OriginatingServer             : VVGVEKSLER.vvg.local
IsValid                       : True

When i Ping remote.vvg.no from the Exchange server i get an internal IP.
When i Ping autodiscover.vvg.no i get the external IP to the Exchange server

Checked the host file on client, nothing there of relevance.


thanks in Advance.
0
 
LVL 32

Expert Comment

by:endital1097
ID: 33672192
can you verify that remote.vvg.no is a subject on the certificate
Get-ExchangeCertificate | where { $_.services.tostring().contains("IIS") -eq $true } | fl CertificateDomains
0
 

Author Comment

by:Autoper
ID: 33673633
Hi, yes i can verify that the subject remote.vvg.no is in the certificate

CN=remote.vvg.no : Services: IP.WS

Thanks
0
 
LVL 32

Expert Comment

by:endital1097
ID: 33673958
the external ip change should have no impact
can you ping remote.vvg.no to an internal ip address

also what happens when you browse to the following in IE
https://remote.vvg.no/autodiscover/autodiscover.xml
0
 

Author Comment

by:Autoper
ID: 33674589
Hi, yea your right, it shuld not have had ann impact.

When i browse to the following https://remote.vvg.no/autodiscover/autodiscover.xml
 in IE. I get Login for screen.

But when i have a look, in the login screen it says. mail.velvaeregrosisten.no

And in the External DNS for VVG.no
You have:
remote.vvg.no ->cname-> mail.velvaeregrosisten.no
autodiscover.vvg.no ->cname-> remote.vvg.no

Can this have something to do with it. But it worked before i changed external IP. So no, But?

I'm just lost here. Thank you fore your time.




0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33674648
whats your external domain name ?

mxtoolbox returns no MX records

http://www.mxtoolbox.com/SuperTool.aspx?action=mx:velvaeregrosisten.no

This goes to softcom.dk ?
http://www.mxtoolbox.com/SuperTool.aspx?action=mx:vvg.no

0
 
LVL 32

Expert Comment

by:endital1097
ID: 33674812
did you get a certificate warning before the login prompt?
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33674834
0
 

Author Comment

by:Autoper
ID: 33675098
Hi

Sorry for the miss spell on velvaeregrossisten.no (missing an "s")

try this: http://www.mxtoolbox.com/SuperTool.aspx?action=mx:velvaeregrosisten.no

Do not get an certificate warning external before login prompt. Just the autodiscover.vvg.no on internal.

https://remote.vvg.no/owa/auth/logon.aspx?url=https://remote.vvg.no/owa/&reason=0 works perfect.

Thnx



0
 
LVL 19

Expert Comment

by:R--R
ID: 33675186
0
 

Author Comment

by:Autoper
ID: 33679871
Hi

Checked out the link. And did hes solution. But No.

After i ran the IAMW   it failed on the "set up your internet address" on all three.

And when i try to restart the IIS, i get ann unexpected error.

So something is wrong with the system, i think.

But i'm probaly going to buy a UC/SAN certificate, and se if that will do the trick, and if not open a MS case.

But still listening to suggestion.

Thanks



0
 

Author Comment

by:Autoper
ID: 33680801
Hi Again

Just a small thing from Digicert:

When the remote.contoso.com and autodiscover.contoso.com. Do not have the same IP.

In my case. from internal. remote have ann internal ip and autodiscover have an external ip. You will get an certificate error.

So how do i change it so when the it goes for autodiscover.contoso.no i want it to get an internal ip, and not an external.?

Do i crate a Zone in the internal DNS called contoso.com and put in a cname for autodiscover in this zone?



0
 
LVL 32

Expert Comment

by:endital1097
ID: 33680811
That is not true
the cert must contain the fqdn in the url
no dependency on ip
0
 
LVL 28

Accepted Solution

by:
sunnyc7 earned 500 total points
ID: 33680820
remote internal IP we created because you didnt have the UCC/SAN SSL.
We can delete the dns entry later.
and the fqdn's dont have any dependency on IP @ as endital said
It needs internal + external fqdn's
0
 

Author Comment

by:Autoper
ID: 33684978
ok , agree with you there.  

Thanks. Enough time on this. SBS2008 = US/SAN certificate. Not my money, just time:)

Or mayby a swing migration, if possible.

Thanks for all the reply and help.

0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33690963
autoper
let me know where you are with this issue now.

thanks
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to resolve IMCEAEX NDRs in Exchange or Exchange Online related to invalid X500 addresses.
When you have clients or friends from around the world, it becomes a challenge to arrange a meeting or effectively manage your time. This is where Outlook's capability to show 2 time zones in one calendar comes in handy.
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
This Experts Exchange video Micro Tutorial shows how to tell Microsoft Office that a word is NOT spelled correctly. Microsoft Office has a built-in, main dictionary that is shared by Office apps, including Excel, Outlook, PowerPoint, and Word. When …

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question