Solved

Autodiscover.contoso.no error internal on SBS2008

Posted on 2010-09-14
23
623 Views
Last Modified: 2012-05-10
Hi

I Have a small Business server 2008 with 2 standards 2008 server.

And approx 30 clients XP, Vista and 7. With Outlook 2007.

when i changed the external IP on the mail server, everything works fine Except the when the clients start the Outlook internal (Lan), they get a autodiscover.contoso.no error.

I Have tried to rekey the certificate, but the same.

I can understand that you need a UC/SAN certificate to get the autodiscover to work external.

But i just changed a external IP to the mailserver (SBS2008).


Any Ideas, why this happens internaly?
0
Comment
Question by:Autoper
  • 8
  • 6
  • 5
  • +3
23 Comments
 
LVL 57

Expert Comment

by:Pete Long
ID: 33670471
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 33670475
sorry tte autodiscover note below point 2 :(
0
 
LVL 10

Expert Comment

by:dhruvarajp
ID: 33670655
ip address change does not require you to change the certificate.so you can go back to the older certificate
now.. ensure that your ip address is updated in associated hostnames in DNS
or delete the stale dns records for this server

Thank you
Dhruv
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33670996
Can you run these commands from exchange and post back here

a) get-clientaccessserver | fl
b) get-autodiscovervirtualdirectory | Fl
c) Ping mail.domain.com --> where mail.domain.com - is your external FQDN which should resolve to public IP of your firewall.

thanks
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33671005
Also login to anyone of the workstations from where autodiscover doesnt work.

Go here
c:\Windows\System32\drivers\etc\
Right click on hosts file > open with notepad
see if there is an entry for your LAN IP / WAN IP with the fqdn in the end.

You need to delete it.
thanks
0
 

Author Comment

by:Autoper
ID: 33671028
Thanks Alot, give me a few hours, and i will do it.
0
 
LVL 32

Expert Comment

by:endital1097
ID: 33671170
internally your outlook clients are going to attempt to use autodiscover by hitting the service connection point defined in the value
get-clientaccessserver | fl AutoDiscoverServiceInternalUri

you need to ensure that the fqdn in that result appears in your certificate
to validate the certificate being used run
Get-ExchangeCertificate | where { $_.services.tostring().contains("IIS") -eq $true } | fl CertificateDomains
0
 

Author Comment

by:Autoper
ID: 33672081
Hi

get-clientaccessserver | fl


Name                           : VVGVEKSLER
OutlookAnywhereEnabled         : True
AutoDiscoverServiceCN          : VVGVEKSLER
AutoDiscoverServiceClassName   : ms-Exchange-AutoDiscover-Service
AutoDiscoverServiceInternalUri : https://remote.vvg.no/autodiscover/autodiscove
                                 r.xml
AutoDiscoverServiceGuid        : 77378f46-2c66-4aa9-a6a6-3e7a48b19596
AutoDiscoverSiteScope          : {Default-First-Site-Name}
IsValid                        : True
OriginatingServer              : VVGVEKSLER.vvg.local
ExchangeVersion                : 0.1 (8.0.535.0)
DistinguishedName              : CN=VVGVEKSLER,CN=Servers,CN=Exchange Administr
                                 ative Group (FYDIBOHF23SPDLT),CN=Administrativ
                                 e Groups,CN=First Organization,CN=Microsoft Ex
                                 change,CN=Services,CN=Configuration,DC=vvg,DC=
                                 local
Identity                       : VVGVEKSLER
Guid                           : 6585d486-54f2-43e8-a23f-84e1bcafde4e
ObjectCategory                 : vvg.local/Configuration/Schema/ms-Exch-Exchang
                                 e-Server
ObjectClass                    : {top, server, msExchExchangeServer}
WhenChanged                    : 13.09.2010 15:42:59
WhenCreated                    : 27.12.2009 14:50:11


get-autodiscovervirtualdirectory | Fl


Name                          : Autodiscover (SBS Web Applications)
InternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated}
ExternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated}
BasicAuthentication           : True
DigestAuthentication          : False
WindowsAuthentication         : True
MetabasePath                  : IIS://VVGVEKSLER.vvg.local/W3SVC/3/ROOT/Autodis
                                cover
Path                          : C:\Program Files\Microsoft\Exchange Server\Clie
                                ntAccess\Autodiscover
Server                        : VVGVEKSLER
InternalUrl                   : https://remote.vvg.no/Autodiscover/Autodiscover
                                .xml
ExternalUrl                   : https://remote.vvg.no/Autodiscover/Autodiscover
                                .xml
AdminDisplayName              :
ExchangeVersion               : 0.1 (8.0.535.0)
DistinguishedName             : CN=Autodiscover (SBS Web Applications),CN=HTTP,
                                CN=Protocols,CN=VVGVEKSLER,CN=Servers,CN=Exchan
                                ge Administrative Group (FYDIBOHF23SPDLT),CN=Ad
                                ministrative Groups,CN=First Organization,CN=Mi
                                crosoft Exchange,CN=Services,CN=Configuration,D
                                C=vvg,DC=local
Identity                      : VVGVEKSLER\Autodiscover (SBS Web Applications)
Guid                          : e01a053e-1bc7-4b21-823f-0b975827bb88
ObjectCategory                : vvg.local/Configuration/Schema/ms-Exch-Auto-Dis
                                cover-Virtual-Directory
ObjectClass                   : {top, msExchVirtualDirectory, msExchAutoDiscove
                                rVirtualDirectory}
WhenChanged                   : 28.12.2009 19:24:13
WhenCreated                   : 27.12.2009 14:53:51
OriginatingServer             : VVGVEKSLER.vvg.local
IsValid                       : True

When i Ping remote.vvg.no from the Exchange server i get an internal IP.
When i Ping autodiscover.vvg.no i get the external IP to the Exchange server

Checked the host file on client, nothing there of relevance.


thanks in Advance.
0
 
LVL 32

Expert Comment

by:endital1097
ID: 33672192
can you verify that remote.vvg.no is a subject on the certificate
Get-ExchangeCertificate | where { $_.services.tostring().contains("IIS") -eq $true } | fl CertificateDomains
0
 

Author Comment

by:Autoper
ID: 33673633
Hi, yes i can verify that the subject remote.vvg.no is in the certificate

CN=remote.vvg.no : Services: IP.WS

Thanks
0
 
LVL 32

Expert Comment

by:endital1097
ID: 33673958
the external ip change should have no impact
can you ping remote.vvg.no to an internal ip address

also what happens when you browse to the following in IE
https://remote.vvg.no/autodiscover/autodiscover.xml
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 

Author Comment

by:Autoper
ID: 33674589
Hi, yea your right, it shuld not have had ann impact.

When i browse to the following https://remote.vvg.no/autodiscover/autodiscover.xml
 in IE. I get Login for screen.

But when i have a look, in the login screen it says. mail.velvaeregrosisten.no

And in the External DNS for VVG.no
You have:
remote.vvg.no ->cname-> mail.velvaeregrosisten.no
autodiscover.vvg.no ->cname-> remote.vvg.no

Can this have something to do with it. But it worked before i changed external IP. So no, But?

I'm just lost here. Thank you fore your time.




0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33674648
whats your external domain name ?

mxtoolbox returns no MX records

http://www.mxtoolbox.com/SuperTool.aspx?action=mx:velvaeregrosisten.no

This goes to softcom.dk ?
http://www.mxtoolbox.com/SuperTool.aspx?action=mx:vvg.no

0
 
LVL 32

Expert Comment

by:endital1097
ID: 33674812
did you get a certificate warning before the login prompt?
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33674834
0
 

Author Comment

by:Autoper
ID: 33675098
Hi

Sorry for the miss spell on velvaeregrossisten.no (missing an "s")

try this: http://www.mxtoolbox.com/SuperTool.aspx?action=mx:velvaeregrosisten.no

Do not get an certificate warning external before login prompt. Just the autodiscover.vvg.no on internal.

https://remote.vvg.no/owa/auth/logon.aspx?url=https://remote.vvg.no/owa/&reason=0 works perfect.

Thnx



0
 
LVL 19

Expert Comment

by:R--R
ID: 33675186
0
 

Author Comment

by:Autoper
ID: 33679871
Hi

Checked out the link. And did hes solution. But No.

After i ran the IAMW   it failed on the "set up your internet address" on all three.

And when i try to restart the IIS, i get ann unexpected error.

So something is wrong with the system, i think.

But i'm probaly going to buy a UC/SAN certificate, and se if that will do the trick, and if not open a MS case.

But still listening to suggestion.

Thanks



0
 

Author Comment

by:Autoper
ID: 33680801
Hi Again

Just a small thing from Digicert:

When the remote.contoso.com and autodiscover.contoso.com. Do not have the same IP.

In my case. from internal. remote have ann internal ip and autodiscover have an external ip. You will get an certificate error.

So how do i change it so when the it goes for autodiscover.contoso.no i want it to get an internal ip, and not an external.?

Do i crate a Zone in the internal DNS called contoso.com and put in a cname for autodiscover in this zone?



0
 
LVL 32

Expert Comment

by:endital1097
ID: 33680811
That is not true
the cert must contain the fqdn in the url
no dependency on ip
0
 
LVL 28

Accepted Solution

by:
sunnyc7 earned 500 total points
ID: 33680820
remote internal IP we created because you didnt have the UCC/SAN SSL.
We can delete the dns entry later.
and the fqdn's dont have any dependency on IP @ as endital said
It needs internal + external fqdn's
0
 

Author Comment

by:Autoper
ID: 33684978
ok , agree with you there.  

Thanks. Enough time on this. SBS2008 = US/SAN certificate. Not my money, just time:)

Or mayby a swing migration, if possible.

Thanks for all the reply and help.

0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33690963
autoper
let me know where you are with this issue now.

thanks
0

Featured Post

The curse of the end user strikes again      

You’ve updated all your end user’s email signatures. Hooray! But guess what? They’re playing around with the HTML, adding stupid taglines and ruining the imagery. Find out how you can save your signatures from end users today.

Join & Write a Comment

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
This Experts Exchange video Micro Tutorial shows how to tell Microsoft Office that a word is NOT spelled correctly. Microsoft Office has a built-in, main dictionary that is shared by Office apps, including Excel, Outlook, PowerPoint, and Word. When …

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now