• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3711
  • Last Modified:

OWA on Exchange 2010

Here is the setup:  Single Exchange 2010 server running on Windows 2008 R2.  SonicWall TZ210 with OS Enhanced.  I replaced our old Sonicwall Pro 2040 with Standard OS with the TZ 210 Enhanced OS.  Now my OWA is working.  I've setup the new SonicWall with the same firewall rules and added the NAT policies.  I'm still trying to figure out OS Enhanced so I'm not sure if I've done something wrong or forgot something.  When I run the testexchangeconnectivity.com test I get the following:
 ExRCA is testing Exchange ActiveSync.  
  The Exchange ActiveSync test failed.
   Test Steps
   Attempting the Autodiscover and Exchange ActiveSync test (if requested).
  Testing of Autodiscover for Exchange ActiveSync failed.
   Test Steps
   Attempting each method of contacting the Autodiscover service.
  The Autodiscover service couldn't be contacted successfully by any method.
   Test Steps
   Attempting to test potential Autodiscover URL https://mydomain.com/AutoDiscover/AutoDiscover.xml 
  Testing of this potential Autodiscover URL failed.
   Test Steps
   Attempting to resolve the host name mydomain in DNS.
  The host name resolved successfully.
   Additional Details
  IP addresses returned: 74.86.121.122
 
 Testing TCP port 443 on host mydomain.com to ensure it's listening and open.
  The port was opened successfully.
 Testing the SSL certificate to make sure it's valid.
  The certificate passed all validation requirements.
   Test Steps
   Validating the certificate name.
  The certificate name was validated successfully.
   Additional Details
  Host name mydomain.com was found in the Certificate Subject Common name.
 
 Testing the certificate date to confirm the certificate is valid.
  Date validation passed. The certificate hasn't expired.
   Additional Details
  The certificate is valid. NotBefore = 9/25/2010 12:32:22 PM, NotAfter = 9/25/2011 12:32:22 PM
 
 
 
 Checking the IIS configuration for client certificate authentication.
  Client certificate authentication wasn't detected.
   Additional Details
  Accept/Require Client Certificates isn't configured.
 
 Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
  Autodiscover settings weren't obtained when the Autodiscover POST request was sent.
   Test Steps
   ExRCA is attempting to retrieve an XML Autodiscover response from URL https://mydomain.com/AutoDiscover/AutoDiscover.xml for user ryan@mydomain.com.
  ExRCA failed to obtain an Autodiscover XML response.
   Additional Details
  The Autodiscover XML response received by ExRCA was invalid. Exception: Exception details:
Message: There is an error in XML document (1, 50).
Type: System.InvalidOperationException
Stack trace:
at System.Xml.Serialization.XmlSerializer.Deserialize(XmlReader xmlReader, String encodingStyle, XmlDeserializationEvents events)
at System.Xml.Serialization.XmlSerializer.Deserialize(Stream stream)
at Microsoft.Exchange.Tools.ExRca.Tests.AutoDiscover.AutoDiscoverGetXMLBase`2.Discover()
Exception details:
Message: There is an error in XML document (1, 50).
Type: System.InvalidOperationException
Stack trace:
at System.Xml.Serialization.XmlSerializer.Deserialize(XmlReader xmlReader, String encodingStyle, XmlDeserializationEvents events)
at System.Xml.Serialization.XmlSerializer.Deserialize(Stream stream)
at Microsoft.Exchange.Tools.ExRca.Tests.AutoDiscover.AutoDiscoverGetXMLBase`2.Discover()
 
 
 
 
 
 
 Attempting to test potential Autodiscover URL https://autodiscover.mydomain.com/AutoDiscover/AutoDiscover.xml 
  Testing of this potential Autodiscover URL failed.
   Test Steps
   Attempting to resolve the host name autodiscover.mydomain.com in DNS.
  The host name couldn't be resolved.
   Tell me more about this issue and how to resolve it
   Additional Details
  Host autodiscover.mydomain.com couldn't be resolved in DNS Exception details:
Message: The requested name is valid, but no data of the requested type was found
Type: System.Net.Sockets.SocketException
Stack trace:
at System.Net.Dns.GetAddrInfo(String name)
at System.Net.Dns.InternalGetHostByName(String hostName, Boolean includeIPv6)
at System.Net.Dns.GetHostAddresses(String hostNameOrAddress)
at Microsoft.Exchange.Tools.ExRca.Tests.ResolveHostTest.PerformTestReally()
.
 
 
 
 Attempting to contact the Autodiscover service using the HTTP redirect method.
  The attempt to contact Autodiscover using the HTTP Redirect method failed.
   Test Steps
   Attempting to resolve the host name autodiscover.sosb-ia.com in DNS.
  The host name couldn't be resolved.
   Tell me more about this issue and how to resolve it
   Additional Details
  Host autodiscover.mydomain.com couldn't be resolved in DNS Exception details:
Message: The requested name is valid, but no data of the requested type was found
Type: System.Net.Sockets.SocketException
Stack trace:
at System.Net.Dns.GetAddrInfo(String name)
at System.Net.Dns.InternalGetHostByName(String hostName, Boolean includeIPv6)
at System.Net.Dns.GetHostAddresses(String hostNameOrAddress)
at Microsoft.Exchange.Tools.ExRca.Tests.ResolveHostTest.PerformTestReally()
.
 
 
 
 Attempting to contact the Autodiscover service using the DNS SRV redirect method.
  ExRCA failed to contact the Autodiscover service using the DNS SRV redirect method.
   Test Steps
   Attempting to locate SRV record _autodiscover._tcp.mydomain.com in DNS.
  The Autodiscover SRV record wasn't found in DNS.
   Tell me more about this issue and how to resolve it
 
 
 
 
 
 
 
 
 
0
ryanthompson
Asked:
ryanthompson
  • 5
  • 2
  • 2
1 Solution
 
TasmantCommented:
you have the choice: http://technet.microsoft.com/en-us/library/bb124251.aspx
you didn't create the autodiscover.domain.com entry in DNS with your public IP assigned.
you didn't create the (A) record for the DNS zone itself with your public IP assigned
so no Url, domain.com/autodiscover, neither autodiscover.domain.com can be resolved with DNS.

more, did you configured your certificate with SAN (subject alternate name) to have:
- owa.domain.com (if this is the url of owa)
- domain.com or autodiscover.domain.com (one of the two)

to see if OWA works, you don't really need the autodiscover service, you can try to connect directly to https://owa.domain.com.


0
 
ryanthompsonAuthor Commented:
The SSL certificate was created with the following
autodiscover.mydomain.com
mailsvr1
mailsvr1.mydomain.local
sites

I have created the entries in DNS for autodiscover and for the public IP as well.

Like I said this worked fine until I switched SonicWalls.
0
SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

 
dexITCommented:
Did you add your Exchange server in DMZ on your SW?
0
 
ryanthompsonAuthor Commented:
No, the exchange server is not in the DMZ.
0
 
dexITCommented:
Did you setup any rules to route outside Ips to it's internal address?
0
 
ryanthompsonAuthor Commented:
Here are the rules:
Firewall Rules
NAT Policies
0
 
ryanthompsonAuthor Commented:
I had to change the HTTPS management port to something other than 443 on the SonicWall.  Once I did that everything started working.
0
 
ryanthompsonAuthor Commented:
I found a SonicWall article on this.
0

Featured Post

The Lifecycle Approach to Managing Security Policy

Managing application connectivity and security policies can be achieved more effectively when following a framework that automates repeatable processes and ensures that the right activities are performed in the right order.

  • 5
  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now