Matt72127
asked on
Exchange 2007 SP3 Outlook Anywhere problems and wildcard certificate
Hello,
my config is 2 CAS servers loadbalanced under webmail.domain.com pointing to hardware loadbalancer IP address. Also autodiscover.domain.com points to the same ip address. SSL certificate used for Exchange is issued for *.domain.com and have SAN *.domain.com, domain.com.
Doing Test-OutlookWebServices I receive:
Id : 1003
Type : Information
Message : About to test AutoDiscover with the e-mail address Administrator@domain.com.
Id : 1007
Type : Information
Message : Testing server CAS1.domain.com with the published name https://webmail.domain.com/ews/exchange.asmx & https://webmail.domain.com/EWS/Exchange.asmx.
Id : 1019
Type : Information
Message : Found a valid AutoDiscover service connection point. The AutoDiscover URL on this object is https://webmail.domain.com/autodiscover/autodiscover.xml.
Id : 1006
Type : Information
Message : The Autodiscover service was contacted at https://webmail.domain.com/autodiscover/autodiscover.xml.
Id : 1016
Type : Success
Message : [EXCH]-Successfully contacted the AS service at https://webmail.domain.com/ews/exchange.asmx. The elapsed time was 171 milliseconds.
Id : 1015
Type : Success
Message : [EXCH]-Successfully contacted the OAB service at https://webmail.domain.com/ews/exchange.asmx. The elapsed time was 0 milliseconds.
Id : 1014
Type : Success
Message : [EXCH]-Successfully contacted the UM service at https://cas1.domain.com/UnifiedMessaging/Service.asmx. The elapsed time was 15 milliseconds.
Id : 1016
Type : Success
Message : [EXPR]-Successfully contacted the AS service at https://webmail.domain.com/EWS/Exchange.asmx. The elapsed time was 109 milliseconds.
Id : 1015
Type : Success
Message : [EXPR]-Successfully contacted the OAB service at https://webmail.domain.com/EWS/Exchange.asmx. The elapsed time was 0 milliseconds.
Id : 1014
Type : Information
Message : [EXPR]-The UM is not configured for this user.
Id : 1017
Type : Success
Message : [EXPR]-Successfully contacted the RPC/HTTP service at https://webmail.domain.com/Rpc. The elapsed time was 187 milliseconds.
Id : 1006
Type : Success
Message : The Autodiscover service was tested successfully.
For domain-joined clients everything works perfectly but when I try to configure Outlook 2010 on machine outside the domain with dns configured to resolve webmail.domain.com and autodiscover.domain.com autodiscover properly configure Outlook to use Rpc over HTTP, profile is created but after this I receive instant prompt for login and cannot open mailbox. Is this a problem with my wildcard certificate or should I try toggling authorization setting on IIS.
To answer question why internal and external url is the same - I publish exchange only in WAN (no access from internet, so also www.testexchangeconnectivity.com is not usable for me) and unfortunately out AD domain is the same as smtp domain so for easier config I made just one url - maybe this is wrong.
my config is 2 CAS servers loadbalanced under webmail.domain.com pointing to hardware loadbalancer IP address. Also autodiscover.domain.com points to the same ip address. SSL certificate used for Exchange is issued for *.domain.com and have SAN *.domain.com, domain.com.
Doing Test-OutlookWebServices I receive:
Id : 1003
Type : Information
Message : About to test AutoDiscover with the e-mail address Administrator@domain.com.
Id : 1007
Type : Information
Message : Testing server CAS1.domain.com with the published name https://webmail.domain.com/ews/exchange.asmx & https://webmail.domain.com/EWS/Exchange.asmx.
Id : 1019
Type : Information
Message : Found a valid AutoDiscover service connection point. The AutoDiscover URL on this object is https://webmail.domain.com/autodiscover/autodiscover.xml.
Id : 1006
Type : Information
Message : The Autodiscover service was contacted at https://webmail.domain.com/autodiscover/autodiscover.xml.
Id : 1016
Type : Success
Message : [EXCH]-Successfully contacted the AS service at https://webmail.domain.com/ews/exchange.asmx. The elapsed time was 171 milliseconds.
Id : 1015
Type : Success
Message : [EXCH]-Successfully contacted the OAB service at https://webmail.domain.com/ews/exchange.asmx. The elapsed time was 0 milliseconds.
Id : 1014
Type : Success
Message : [EXCH]-Successfully contacted the UM service at https://cas1.domain.com/UnifiedMessaging/Service.asmx. The elapsed time was 15 milliseconds.
Id : 1016
Type : Success
Message : [EXPR]-Successfully contacted the AS service at https://webmail.domain.com/EWS/Exchange.asmx. The elapsed time was 109 milliseconds.
Id : 1015
Type : Success
Message : [EXPR]-Successfully contacted the OAB service at https://webmail.domain.com/EWS/Exchange.asmx. The elapsed time was 0 milliseconds.
Id : 1014
Type : Information
Message : [EXPR]-The UM is not configured for this user.
Id : 1017
Type : Success
Message : [EXPR]-Successfully contacted the RPC/HTTP service at https://webmail.domain.com/Rpc. The elapsed time was 187 milliseconds.
Id : 1006
Type : Success
Message : The Autodiscover service was tested successfully.
For domain-joined clients everything works perfectly but when I try to configure Outlook 2010 on machine outside the domain with dns configured to resolve webmail.domain.com and autodiscover.domain.com autodiscover properly configure Outlook to use Rpc over HTTP, profile is created but after this I receive instant prompt for login and cannot open mailbox. Is this a problem with my wildcard certificate or should I try toggling authorization setting on IIS.
To answer question why internal and external url is the same - I publish exchange only in WAN (no access from internet, so also www.testexchangeconnectivity.com is not usable for me) and unfortunately out AD domain is the same as smtp domain so for easier config I made just one url - maybe this is wrong.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks a lot, this is really helpfull
the certificate issued to name is *.domain.com
but ur outlook anywhere url will be webmail.domain.com
there is a mismatch in the URLS thats the reason why this is happening