Solved

Exchange 2007 Autodiscover settings stopping Out of Office replies from working

Posted on 2010-09-23
15
896 Views
Last Modified: 2012-05-10
Hello.  I'm not able to set an Outlook Out of Office message from any Outlook client on the network on a brand new SBS2008 server.  After doing some research, I think it might have something to do with the autodiscover settings not being correct.  Below is the result from test-outlookwebservices

Id      : 1003
Type    : Information
Message : About to test AutoDiscover with the e-mail address Administrator@IDS-
          eng.net.

Id      : 1007
Type    : Information
Message : Testing server IDS-01.ids.local with the published name https://sites
          /EWS/Exchange.asmx & https://mail.ids-eng.com/EWS/Exchange.asmx.

Id      : 1019
Type    : Information
Message : Found a valid AutoDiscover service connection point. The AutoDiscover
           URL on this object is https://sites/Autodiscover/Autodiscover.xml.

Id      : 1013
Type    : Error
Message : When contacting https://sites/Autodiscover/Autodiscover.xml received
          the error The remote server returned an error: (401) Unauthorized.

Id      : 1006
Type    : Error
Message : The Autodiscover service could not be contacted.

I do not have a third party SSL certificate yet.

I'm not too familiar with autodiscovery and dont really know where to look so any help would be awesome!  

0
Comment
Question by:JasonJewett
  • 7
  • 3
  • 2
  • +3
15 Comments
 
LVL 5

Expert Comment

by:smartsid
ID: 33751131
What is the error message you receive, while trying to set Out of Office in Outlook ?
0
 

Author Comment

by:JasonJewett
ID: 33751136
Your automatic reply settings cannot be displayed because ther server is currently unavailable.  Try again later.
0
 
LVL 26

Accepted Solution

by:
e_aravind earned 167 total points
ID: 33751137
From the external location
do you have the name resolution for autodiscover.ids-eng.com or autodiscover.domain.com

On the Iexplore
If you access the URL
https://sites/Autodiscover/Autodiscover.xml do you see any HTTP 600.

if yes, good!
If not, need to get the DNS, IE settings to reach the CAS server
0
 

Author Comment

by:JasonJewett
ID: 33751166
sorry - you lost me.
I cant ping autodiscover.ids-eng.net from inside the network, and I dont have an a record for autodiscover.ids-eng.net on the outside so it for sure won't work.  

Do I need to add a DNS entry so that autodiscover.ids-eng.net resolves to the server IP?

I get a SSL error going to https://<servername>/Autodiscover/Autodiscover.xml.  if i continue past that I get a authentication prompt that i cant get past no matter what username/pass I use.
0
 
LVL 9

Assisted Solution

by:v_9mhdrf
v_9mhdrf earned 166 total points
ID: 33751167
OOF not working

Please check the following steps mentioned below:-

Autodiscover = Basic + Windows Integrated + SSL Forced == Disable - Kernel Mode Authentication.
OAB= Windows Integrated = Disable - Kernel Mode Authentication.
EWS= Windows Integrated = Disable - Kernel Mode Authentication + SSL forced.

Follow the kb-940726, and run the following command on the server.

Set-ClientAccessServer -Identity CAS_Server_Name -AutodiscoverServiceInternalUri https://mail.contoso.com/autodiscover/autodiscover.xml

Set-WebServicesVirtualDirectory -Identity "CAS_Server_Name\EWS (Default Web Site)" -InternalUrl https://mail.contoso.com/ews/exchange.asmx

Set-OABVirtualDirectory -Identity "CAS_Server_name\oab (Default Web Site)" -InternalUrl https://mail.contoso.com/oab

Please run the following command in the management shell:-

test-outlookWebserivces | fl and see the result. If you get 401 Unauthorized please follow the below link and restart the server.

DisableLoopbackcheck registry.
key as per the article <http://support.microsoft.com/kb/896861>.


Then perform "SetSPN -a http/(Exchange server FQDN) (Exchange server name)"

Check the HTTP keep alive in IIS 7 in the following place:-
HTTP response headers on Default WebSite == set common headers.

If still the issue persists, please follow this steps:-

Delete and recreate the Autodiscover/ EWS Virtual Directories.
Remove-AutodiscoverVirtualDirectory -identity "CAS server name\Autodiscover (Default Web Site)"
Remove-WebservicesVirtualDirectory -identity "CAS server name\EWS (Default Web Site)"

new-AutodiscoverVirtualDirectory
new-WebservicesVirtualDirectory
And follow the kb-940726 again to set the InternalUri.
Perform IISreset.

And also please check whether you have 3.5 .netFramework, if yes please download and install the following hotfix.
KB- 958934

And Run Test EmailAutoconfiguration  from outlook 2007 client, and please select only Autodiscover. Remove Guessmart and Secure Guess mart.

Please check out these steps and revert back if the issue persists.

Thanks,
Mohammed:)
0
 
LVL 3

Assisted Solution

by:MrPaulT
MrPaulT earned 167 total points
ID: 33751180
Do you have auto-discover setup for you domain name? If your auto-discover points to an IP make sure you have your A record point to the correct IP.

Try this:

1. open command prompt
2. type nslookup autodiscover.domain.com (this should return the below)

Non-authoritative answer:
Name:      autodiscover.domain.com
Address: xx.xx.xx.xxx

0
 

Author Comment

by:JasonJewett
ID: 33751204
MrPaulT:  NS lookup didnt respond to autodiscover.domain.com so i added an A record to point to the server IP and now it does.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 

Author Comment

by:JasonJewett
ID: 33751226
v_9mhdrf:  thanks.  Lot to do - I'll let you know what happens.
Autodiscover = Basic + Windows Integrated + SSL Forced == Disable - Kernel Mode Authentication.
OAB= Windows Integrated = Disable - Kernel Mode Authentication.
EWS= Windows Integrated = Disable - Kernel Mode Authentication + SSL forced.

Where are these in IIS7?

0
 
LVL 9

Expert Comment

by:v_9mhdrf
ID: 33751238
If you are using Windows 2008 server then you will have IIS 7 in Administrative Tools.
And you have to highlight the Autodiscover directory in features view you would find the icons with Authentication/ SSL settings.

When you click the Authenticatio icon, you would find the multiple Authentications.
Click on Windows Integrated Authentication and on the extreme right hand side top, you will find Advance settings, click on it and there you will find Kernel Mode Authentication.

But if you have Exchange 2007 sp1 Roll up update 5 or later then you dont have worry about kernel mode, however to confirm please check it.

Hope it helps!

Thanks
0
 

Author Comment

by:JasonJewett
ID: 33751291
v_9mhdrf:  thanks.  
Just to confirm:
Autodiscover:  Basic = yes  Windows = yes  SSL = Yes.   No Kernel Mode
OAB: Basic = no (mine is yes now), Windows = Yes.   SSL = no. (mine is yes now)   No Kernel Mode  
EWS: Basic = no (mine is yes now), Windows = Yes.  SSL = Yes.   No Kernel Mode

I dont have an SSL cert and I get prompted for one often.  Could that have anything to do with this?

0
 
LVL 9

Expert Comment

by:v_9mhdrf
ID: 33751362
You dont have SSL cert in Exchange 2007?  
In Exchange 2007 Cert is default created and make sure that you have the SSL is Enabled on the server.
And please disable Basic auth from OAB virtual directory.

Check out and revert with SSL cert info....
0
 
LVL 32

Expert Comment

by:endital1097
ID: 33753396
0
 

Author Comment

by:JasonJewett
ID: 33890370
still no luck.  I'll keep trying.
0
 
LVL 32

Expert Comment

by:endital1097
ID: 33890572
can you post results from the tests and/or cmdlets
0
 

Author Comment

by:JasonJewett
ID: 34386787
Sorry to abandon this.  I needed to add Autodiscover A records in DNS and that seemed to help. I didnt have the correct A records before.
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
In this video we show how to create a User Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Mailb…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now