Publish Autodiscover Exchange 2007

We have tried to publish Exchange 2007 OWA,Active Sync, Outlook anywhere and most important Autodiscover. For the same we installed domain member TMG 2010 server.
TMG 2010 having SAN  certificate which we export from CAS 2007.
we successfully publish OWA,Active Sync, Outlook anywhere and all working fine.
But  when we tried to publish Autodiscover ( add separate rule for the same & done following changes in this rule, 1) Authundication Basic , public name autodiscover.xyz.com )

Yet we facing problem for Autodiscover. Kindly help me for publish autodiscover
arvindbhokseAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Shreedhar EtteTechnical ManagerCommented:

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
shajidaliCommented:
What is the problem you are facing?  Is Autodiscovery working Inside?

Go to this site https://www.testexchangeconnectivity.com/  run Microsoft Office Outlook Connectivity Tests -> Outlook Autodiscover.
If you can provide the results from test we can further help you resolve the issue.
arvindbhokseAuthor Commented:
Hi Shajidali
Find herewith Test result of ExRCA
ExRCA.txt
Learn Ruby Fundamentals

This course will introduce you to Ruby, as well as teach you about classes, methods, variables, data structures, loops, enumerable methods, and finishing touches.

shajidaliCommented:
Could you provide me the TMG Rule for Autodiscovery while I look the ExRCA results
arvindbhokseAuthor Commented:
Authondication        Basic
Public  name            autodiscover.pssgl.com
All users

shajidaliCommented:
Add to public name mail.pssgl.com

try navigating to the following url and login.

https://mail.pssgl.com/Autodiscover/Autodiscover.xml 
https://autodiscover.pssgl.com/Autodiscover/Autodiscover.xml

Paste the Result here
arvindbhokseAuthor Commented:
shajidali

I change public name mail.pssgl.com

Navigating mail.pssgl.com but logon page not dispaly

<?xml version="1.0" encoding="utf-8" ?>
- <Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
- <Response>
- <Error Time="13:34:14.8439555" Id="1315781497">
  <ErrorCode>600</ErrorCode>
  <Message>Invalid Request</Message>
  <DebugData />
  </Error>
  </Response>
  </Autodiscover>

https://autodiscover.pssgl.com/Autodiscover/Autodiscover.xml Result


The page cannot be displayed  
Explanation: There is a problem with the page you are trying to reach and it cannot be displayed.

--------------------------------------------------------------------------------

Try the following:

Refresh page: Search for the page again by clicking the Refresh button. The timeout may have occurred due to Internet congestion.
Check spelling: Check that you typed the Web page address correctly. The address may have been mistyped.
Access from a link: If there is a link to the page you are looking for, try accessing the page from that link.

--------------------------------------------------------------------------------

Technical Information (for support personnel)

Error Code: 403 Forbidden. The server denied the specified Uniform Resource Locator (URL). Contact the server administrator. (12202)
 


arvindbhokseAuthor Commented:
If you add autodiscover.pssgl.com then it will ask for credintials

1)
<?xml version="1.0" encoding="utf-8" ?>
- <Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
- <Response>
- <Error Time="13:42:59.6341131" Id="1315781497">
  <ErrorCode>600</ErrorCode>
  <Message>Invalid Request</Message>
  <DebugData />
  </Error>
  </Response>
  </Autodiscover>

2)

<?xml version="1.0" encoding="utf-8" ?>
- <Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
- <Response>
- <Error Time="13:43:34.8680371" Id="1315781497">
  <ErrorCode>600</ErrorCode>
  <Message>Invalid Request</Message>
  <DebugData />
  </Error>
  </Response>
  </Autodiscover>


shajidaliCommented:
You should not change the Public Name just add the other. In your case both name should be there and it will resolve your issue
arvindbhokseAuthor Commented:
shajidali:
Not Luck !  Not working
shajidaliCommented:
At this point we have resolved the Issue with TMG. This look more like Internal Exchange Issue. Can you run the ExRCA again and give me the results?
arvindbhokseAuthor Commented:
shajidali
ExRCA.txt
shajidaliCommented:
Are you sure that this is the new ExRCA Report it looks like the old one with TMG Error which we have resolved. Also is the Autodiscovery working internally.

Can you run thison Powershell on exchange
 Test-OutlookWebServices -identity:itg@pssgl.com | ft * -AutoSize -Wrap
This will Test Autodiscovery

Also can you run the ExRCA again fresh from https://www.testexchangeconnectivity.com/  if you have not done it already.

arvindbhokseAuthor Commented:
shajidali

Internally working fine.
find herewith new ExRCA and powershell output

eXrca.txt
test-outlook1.txt
shajidaliCommented:
On the autodiscovery rule in TMG, in path /autodiscovery/* is Present I presume.

The test indicates EWS is having some issue.
Is Exchange server also using TMG for browsing or internet access? If so can you configure the IE to bypass Proxy for Local Address and add exception for below url to not use proxy.

Can you browse to following sites from internal Network.
https://mail.pssgl.com/Autodiscover/Autodiscover.xml 
https://autodiscover.pssgl.com/Autodiscover/Autodiscover.xml
https://exsr01.pssgl.local/Autodiscover/Autodiscover.xml

If you are getting 403 Forbidden error while browsing these site from TMG you need to fix it so that doesn't use TMG for these site locally.
arvindbhokseAuthor Commented:
autodiscovery rule in TMG, in path /autodiscovery/* is Present

We are using tmg for only publish Exchange 2007 CAS
shajidaliCommented:
Are able to browse to above mentioned URL internally?

Is TMG single legged or have two nic. How is it connected to exchange.
arvindbhokseAuthor Commented:
We are able to browse above mention urls internally

TMG having 2 NIC, Internal and External.

We have done followingw way
1)      Give precise names to your NICs, avoid use of default names like "network connection #1" that Windows proposes after installation.

2)      Rename you NICs with names like "Internal",  and "External".

3)      Start by configure the external NIC: give IP address and mask matching with what your ISP give to you. Configure IP gateway on this NIC. THE EXTERNAL NIC IS THE ONLY NIC THAT MUST HAVE A IP GATEWAY CONFIGURED! Don't configure DNS servers for now.
Configure you internal NIC: IP address and mask only for now.

4)      Now about DNS
If your ISA server must be member of internal domain then ISA must be able to resolve external DNS names to give access to Internet but also resolve internal names to locate domain controllers... For my part, in this situation, I install DNS service on ISA server and configure this DNS service with no DNS zone but only DNS forwarders: I use a conditional forwarder for Active Directory domain suffix "mydomain.local" and mention IP addresses of internal DNS servers, then I add a unconditional forwarder to external DNS servers. Finally, I configure all NICs to use 127.0.0.1 as DNS server.
Doing that, ISA server use its own DNS service to resolve any dns name. If the DNS suffix of the name matches with domain dns name then the conditional forwarder send the request to an internal DNS server, else it sends the request to the external DNS.

When you have done that, and have validated the DNS resolution by doing some ping on internal and external DNS names, you can join the domain (if your ISA need to be a member).
5)      Then you can install ISA. It's easy. During installation, ISA server installation wizard will detect multiple NICs and will ask you for internal IP ranges. You must include all IP ranges that are not externals (meaning Internal  ip ranges). You can easily indicate these ranges by selecting all internal NICs. ISA will automatically generate ip ranges by looking at NIC configuration and IP routes.
JuusoConnectaCommented:
Same question, have you tried autodiscover internally ?

If it resolves internally we can state that autodiscover functionality is enabled and working and issue is most likely isolated to your TMG.
If it does not resolve issue is most likely in your exchange server and also (maybe) within your TMG.

If you ping autodiscover.yourdomain.com do you get TMG public ip address ?

Also do the following in EMS:
Set-WebServicesVirtualDirectory –Identity ExchangeServerName\EWS (default web site) -ExternalURL https://webmail.exchange14.nl/ews/exchange.asmx

Set-ClientAccessServer -Identity ExchangeServerName -AutodiscoverServiceInternalUri https://webmail.netent.com/autodiscover/autodiscover.xml
arvindbhokseAuthor Commented:
JuusoConnecta

Yes, Autodiscover internally working fine. Even If before TMG, same work from outside also.
shajidaliCommented:
What is the Default Gateway on Exchange? Is it TMG?

Internally how do you achive Internet name resolution? By Root hint or using Internal DNS to use ISA as forwarders?

As per ExRCA the TMG is blocking it but when we use the url directly from outside it works so it pass the TMG without any problem.

The Test-OutlookWebServices show error for EWS service which is responsible for Autodiscovery and the error indicated is 403: Forbidden.  The the error ExRCA is also showing is from 403: Forbidden (and thinks it is from TMG) which kind of indicates the exchange server is trying to connect to the service via TMG and TMG is blocking it.

To check more on this on the TMG Logs and Report put a filter for client ip = exsr01's ip and start query and then Run the ExRCA and  monitor for traffic being denied.

Also let us also look at the config on exchange get-autodiscovervirtualdirectory |fl

It is working internal fine because of Autodiscover SCP published in the AD.
arvindbhokseAuthor Commented:

shajidali

We publish Autodiscover using the http://clintboessen.blogspot.com/2010/10/autodiscover-issue-with-isa2006-or.html

Finally I made a one change , instead of 2 Access Rule ( one for Outlook any where and one for Autodiscover ), I create single access rule for  both & in public name add both mail.pssgl.com and autodiscover.pssgl.com and it works.

Thanks
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.