Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 643
  • Last Modified:

Autodiscover.contoso.no error internal on SBS2008

Hi

I Have a small Business server 2008 with 2 standards 2008 server.

And approx 30 clients XP, Vista and 7. With Outlook 2007.

when i changed the external IP on the mail server, everything works fine Except the when the clients start the Outlook internal (Lan), they get a autodiscover.contoso.no error.

I Have tried to rekey the certificate, but the same.

I can understand that you need a UC/SAN certificate to get the autodiscover to work external.

But i just changed a external IP to the mailserver (SBS2008).


Any Ideas, why this happens internaly?
0
Autoper
Asked:
Autoper
  • 8
  • 6
  • 5
  • +3
1 Solution
 
Pete LongTechnical ConsultantCommented:
0
 
Pete LongTechnical ConsultantCommented:
sorry tte autodiscover note below point 2 :(
0
 
dhruvarajpCommented:
ip address change does not require you to change the certificate.so you can go back to the older certificate
now.. ensure that your ip address is updated in associated hostnames in DNS
or delete the stale dns records for this server

Thank you
Dhruv
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
sunnyc7Commented:
Can you run these commands from exchange and post back here

a) get-clientaccessserver | fl
b) get-autodiscovervirtualdirectory | Fl
c) Ping mail.domain.com --> where mail.domain.com - is your external FQDN which should resolve to public IP of your firewall.

thanks
0
 
sunnyc7Commented:
Also login to anyone of the workstations from where autodiscover doesnt work.

Go here
c:\Windows\System32\drivers\etc\
Right click on hosts file > open with notepad
see if there is an entry for your LAN IP / WAN IP with the fqdn in the end.

You need to delete it.
thanks
0
 
AutoperAuthor Commented:
Thanks Alot, give me a few hours, and i will do it.
0
 
endital1097Commented:
internally your outlook clients are going to attempt to use autodiscover by hitting the service connection point defined in the value
get-clientaccessserver | fl AutoDiscoverServiceInternalUri

you need to ensure that the fqdn in that result appears in your certificate
to validate the certificate being used run
Get-ExchangeCertificate | where { $_.services.tostring().contains("IIS") -eq $true } | fl CertificateDomains
0
 
AutoperAuthor Commented:
Hi

get-clientaccessserver | fl


Name                           : VVGVEKSLER
OutlookAnywhereEnabled         : True
AutoDiscoverServiceCN          : VVGVEKSLER
AutoDiscoverServiceClassName   : ms-Exchange-AutoDiscover-Service
AutoDiscoverServiceInternalUri : https://remote.vvg.no/autodiscover/autodiscove
                                 r.xml
AutoDiscoverServiceGuid        : 77378f46-2c66-4aa9-a6a6-3e7a48b19596
AutoDiscoverSiteScope          : {Default-First-Site-Name}
IsValid                        : True
OriginatingServer              : VVGVEKSLER.vvg.local
ExchangeVersion                : 0.1 (8.0.535.0)
DistinguishedName              : CN=VVGVEKSLER,CN=Servers,CN=Exchange Administr
                                 ative Group (FYDIBOHF23SPDLT),CN=Administrativ
                                 e Groups,CN=First Organization,CN=Microsoft Ex
                                 change,CN=Services,CN=Configuration,DC=vvg,DC=
                                 local
Identity                       : VVGVEKSLER
Guid                           : 6585d486-54f2-43e8-a23f-84e1bcafde4e
ObjectCategory                 : vvg.local/Configuration/Schema/ms-Exch-Exchang
                                 e-Server
ObjectClass                    : {top, server, msExchExchangeServer}
WhenChanged                    : 13.09.2010 15:42:59
WhenCreated                    : 27.12.2009 14:50:11


get-autodiscovervirtualdirectory | Fl


Name                          : Autodiscover (SBS Web Applications)
InternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated}
ExternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated}
BasicAuthentication           : True
DigestAuthentication          : False
WindowsAuthentication         : True
MetabasePath                  : IIS://VVGVEKSLER.vvg.local/W3SVC/3/ROOT/Autodis
                                cover
Path                          : C:\Program Files\Microsoft\Exchange Server\Clie
                                ntAccess\Autodiscover
Server                        : VVGVEKSLER
InternalUrl                   : https://remote.vvg.no/Autodiscover/Autodiscover
                                .xml
ExternalUrl                   : https://remote.vvg.no/Autodiscover/Autodiscover
                                .xml
AdminDisplayName              :
ExchangeVersion               : 0.1 (8.0.535.0)
DistinguishedName             : CN=Autodiscover (SBS Web Applications),CN=HTTP,
                                CN=Protocols,CN=VVGVEKSLER,CN=Servers,CN=Exchan
                                ge Administrative Group (FYDIBOHF23SPDLT),CN=Ad
                                ministrative Groups,CN=First Organization,CN=Mi
                                crosoft Exchange,CN=Services,CN=Configuration,D
                                C=vvg,DC=local
Identity                      : VVGVEKSLER\Autodiscover (SBS Web Applications)
Guid                          : e01a053e-1bc7-4b21-823f-0b975827bb88
ObjectCategory                : vvg.local/Configuration/Schema/ms-Exch-Auto-Dis
                                cover-Virtual-Directory
ObjectClass                   : {top, msExchVirtualDirectory, msExchAutoDiscove
                                rVirtualDirectory}
WhenChanged                   : 28.12.2009 19:24:13
WhenCreated                   : 27.12.2009 14:53:51
OriginatingServer             : VVGVEKSLER.vvg.local
IsValid                       : True

When i Ping remote.vvg.no from the Exchange server i get an internal IP.
When i Ping autodiscover.vvg.no i get the external IP to the Exchange server

Checked the host file on client, nothing there of relevance.


thanks in Advance.
0
 
endital1097Commented:
can you verify that remote.vvg.no is a subject on the certificate
Get-ExchangeCertificate | where { $_.services.tostring().contains("IIS") -eq $true } | fl CertificateDomains
0
 
AutoperAuthor Commented:
Hi, yes i can verify that the subject remote.vvg.no is in the certificate

CN=remote.vvg.no : Services: IP.WS

Thanks
0
 
endital1097Commented:
the external ip change should have no impact
can you ping remote.vvg.no to an internal ip address

also what happens when you browse to the following in IE
https://remote.vvg.no/autodiscover/autodiscover.xml
0
 
AutoperAuthor Commented:
Hi, yea your right, it shuld not have had ann impact.

When i browse to the following https://remote.vvg.no/autodiscover/autodiscover.xml
 in IE. I get Login for screen.

But when i have a look, in the login screen it says. mail.velvaeregrosisten.no

And in the External DNS for VVG.no
You have:
remote.vvg.no ->cname-> mail.velvaeregrosisten.no
autodiscover.vvg.no ->cname-> remote.vvg.no

Can this have something to do with it. But it worked before i changed external IP. So no, But?

I'm just lost here. Thank you fore your time.




0
 
sunnyc7Commented:
whats your external domain name ?

mxtoolbox returns no MX records

http://www.mxtoolbox.com/SuperTool.aspx?action=mx:velvaeregrosisten.no

This goes to softcom.dk ?
http://www.mxtoolbox.com/SuperTool.aspx?action=mx:vvg.no

0
 
endital1097Commented:
did you get a certificate warning before the login prompt?
0
 
AutoperAuthor Commented:
Hi

Sorry for the miss spell on velvaeregrossisten.no (missing an "s")

try this: http://www.mxtoolbox.com/SuperTool.aspx?action=mx:velvaeregrosisten.no

Do not get an certificate warning external before login prompt. Just the autodiscover.vvg.no on internal.

https://remote.vvg.no/owa/auth/logon.aspx?url=https://remote.vvg.no/owa/&reason=0 works perfect.

Thnx



0
 
AutoperAuthor Commented:
Hi

Checked out the link. And did hes solution. But No.

After i ran the IAMW   it failed on the "set up your internet address" on all three.

And when i try to restart the IIS, i get ann unexpected error.

So something is wrong with the system, i think.

But i'm probaly going to buy a UC/SAN certificate, and se if that will do the trick, and if not open a MS case.

But still listening to suggestion.

Thanks



0
 
AutoperAuthor Commented:
Hi Again

Just a small thing from Digicert:

When the remote.contoso.com and autodiscover.contoso.com. Do not have the same IP.

In my case. from internal. remote have ann internal ip and autodiscover have an external ip. You will get an certificate error.

So how do i change it so when the it goes for autodiscover.contoso.no i want it to get an internal ip, and not an external.?

Do i crate a Zone in the internal DNS called contoso.com and put in a cname for autodiscover in this zone?



0
 
endital1097Commented:
That is not true
the cert must contain the fqdn in the url
no dependency on ip
0
 
sunnyc7Commented:
remote internal IP we created because you didnt have the UCC/SAN SSL.
We can delete the dns entry later.
and the fqdn's dont have any dependency on IP @ as endital said
It needs internal + external fqdn's
0
 
AutoperAuthor Commented:
ok , agree with you there.  

Thanks. Enough time on this. SBS2008 = US/SAN certificate. Not my money, just time:)

Or mayby a swing migration, if possible.

Thanks for all the reply and help.

0
 
sunnyc7Commented:
autoper
let me know where you are with this issue now.

thanks
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

  • 8
  • 6
  • 5
  • +3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now