Solved

Exchange 2003/2010 coexistence: Outlook Anywhere fails when using Autodiscover to detect settings

Posted on 2011-03-20
11
1,910 Views
Last Modified: 2012-08-13
Hi,
We are running an Exchange 2003/2010 environment with one back-end EX2003 and one CAS/HUB/MBX 2010 server. None of the 2003 mailboxes have been migrated. I created a mailbox on EX2010 and tried running the ExRCA Outlook Anywhere (RPC over HTTP) for the EX2010 mailbox user. If I choose "Use Autodiscover to detect settings", the test fails with the following error:
Testing NSPI "Check Name" for user user@domain.com against server SERVER.domain.internal.
  An error occurred while attempting to resolve the name.
   Additional Details
  The name could not be matched to a name in the address list.
Do you have any suggestions?
PL
 
0
Comment
Question by:PascalLavallee
  • 6
  • 3
  • 2
11 Comments
 
LVL 4

Expert Comment

by:Tekyguy
ID: 35176106
Can you post the error messages from ExRCA?
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 35176217
Have you created an autodiscover.domainname.com in your external DNS? Does the same name appear in your SAN/UCC certificate? Have you got a 3rd party SAN/UCC certificate?

If the answer to any of the above is no then autodiscover will not work.
0
 

Author Comment

by:PascalLavallee
ID: 35176224
Please find below:

Testing RPC/HTTP connectivity.
 The RPC/HTTP test failed.
 Test Steps
 ExRCA is attempting to test Autodiscover for user@domain.com.
 Autodiscover was tested successfully.
 Test Steps
 Attempting each method of contacting the Autodiscover service.
 The Autodiscover service was tested successfully.
 Test Steps
 Attempting to test potential Autodiscover URL https://domain.com/AutoDiscover/AutoDiscover.xml
 Testing of this potential Autodiscover URL failed.
 Test Steps
 Attempting to resolve the host name domain.com in DNS.
 The host name resolved successfully.
 Additional Details
 IP addresses returned: x.x.x.x

Testing TCP port 443 on host domain.com to ensure it's listening and open.
 The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
 The SSL certificate failed one or more certificate validation checks.
 Test Steps
 Validating the certificate name.
 Certificate name validation failed.
  Tell me more about this issue and how to resolve it
 Additional Details
 Host name domain.com doesn't match any name found on the server certificate CN=mail.domain.com, OU=Domain Control Validated, O=mail.domain.com.

Attempting to test potential Autodiscover URL https://autodiscover.domain.com/AutoDiscover/AutoDiscover.xml
 Testing of the Autodiscover URL was successful.
 Test Steps
 Attempting to resolve the host name autodiscover.domain.com in DNS.
 The host name resolved successfully.
 Additional Details
 IP addresses returned: x.x.x.x

Testing TCP port 443 on host autodiscover.domain.com to ensure it's listening and open.
 The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
 The certificate passed all validation requirements.
 Test Steps
 Validating the certificate name.
 The certificate name was validated successfully.
 Additional Details
 Host name autodiscover.domain.com was found in the Certificate Subject Alternative Name entry.

Certificate trust is being validated.
 The test passed with some warnings encountered. Please expand the additional details.
 Additional Details
 ExRCA can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the "Update Root Certificates" feature isn't enabled.

Testing the certificate date to confirm the certificate is valid.
 Date validation passed. The certificate hasn't expired.
 Additional Details
 The certificate is valid. NotBefore = 3/19/2011 8:44:10 AM, NotAfter = 3/19/2012 7:33:44 AM

Checking the IIS configuration for client certificate authentication.
 Client certificate authentication wasn't detected.
 Additional Details
 Accept/Require Client Certificates isn't configured.

Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
 ExRCA successfully retrieved Autodiscover settings by sending an Autodiscover POST.
 Test Steps
 ExRCA is attempting to retrieve an XML Autodiscover response from URL https://autodiscover.domain.com/AutoDiscover/AutoDiscover.xml for user user@domain.com.
 The Autodiscover XML response was successfully retrieved.
 Additional Details
 Autodiscover Account Settings
XML response:
<?xml version="1.0"?>
<Autodiscover xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
<Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">
<User>
<DisplayName>First LastName</DisplayName>
<LegacyDN>/o=Company/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=First LastName</LegacyDN>
<DeploymentId>b558273b-a44b-492d-b666-45d82e230220</DeploymentId>
</User>
<Account>
<AccountType>email</AccountType>
<Action>settings</Action>
<Protocol>
<Type>EXCH</Type>
<Server>SERVER.domain.internal</Server>
<ServerDN>/o=Company/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=SERVER</ServerDN>
<ServerVersion>738180DA</ServerVersion>
<MdbDN>/o=Company/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=SERVER/cn=Microsoft Private MDB</MdbDN>
<ASUrl>https://SERVER.domain.internal/EWS/Exchange.asmx</ASUrl>
<OOFUrl>https://SERVER.domain.internal/EWS/Exchange.asmx</OOFUrl>
<OABUrl>Public Folder</OABUrl>
<UMUrl>https://SERVER.domain.internal/EWS/UM2007Legacy.asmx</UMUrl>
<Port>0</Port>
<DirectoryPort>0</DirectoryPort>
<ReferralPort>0</ReferralPort>
<PublicFolderServer>SERVER.domain.internal</PublicFolderServer>
<AD>SERVER.domain.internal</AD>
<EwsUrl>https://SERVER.domain.internal/EWS/Exchange.asmx</EwsUrl>
<EcpUrl>https://SERVER.domain.internal/ecp/</EcpUrl>
<EcpUrl-um>?p=customize/voicemail.aspx&amp;exsvurl=1</EcpUrl-um>
<EcpUrl-aggr>?p=personalsettings/EmailSubscriptions.slab&amp;exsvurl=1</EcpUrl-aggr>
<EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?exsvurl=1&amp;IsOWA=&lt;IsOWA&gt;&amp;MsgID=&lt;MsgID&gt;&amp;Mbx=&lt;Mbx&gt;</EcpUrl-mt>
<EcpUrl-ret>?p=organize/retentionpolicytags.slab&amp;exsvurl=1</EcpUrl-ret>
<EcpUrl-sms>?p=sms/textmessaging.slab&amp;exsvurl=1</EcpUrl-sms>
</Protocol>
<Protocol>
<Type>EXPR</Type>
<Server>mail.domain.com</Server>
<ASUrl>https://mail.domain.com/ews/exchange.asmx</ASUrl>
<OOFUrl>https://mail.domain.com/ews/exchange.asmx</OOFUrl>
<OABUrl>Public Folder</OABUrl>
<UMUrl>https://mail.domain.com/ews/UM2007Legacy.asmx</UMUrl>
<Port>0</Port>
<DirectoryPort>0</DirectoryPort>
<ReferralPort>0</ReferralPort>
<SSL>On</SSL>
<AuthPackage>Basic</AuthPackage>
<EwsUrl>https://mail.domain.com/ews/exchange.asmx</EwsUrl>
<EcpUrl>https://mail.domain.com/ECP/</EcpUrl>
<EcpUrl-um>?p=customize/voicemail.aspx&amp;exsvurl=1</EcpUrl-um>
<EcpUrl-aggr>?p=personalsettings/EmailSubscriptions.slab&amp;exsvurl=1</EcpUrl-aggr>
<EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?exsvurl=1&amp;IsOWA=&lt;IsOWA&gt;&amp;MsgID=&lt;MsgID&gt;&amp;Mbx=&lt;Mbx&gt;</EcpUrl-mt>
<EcpUrl-ret>?p=organize/retentionpolicytags.slab&amp;exsvurl=1</EcpUrl-ret>
<EcpUrl-sms>?p=sms/textmessaging.slab&amp;exsvurl=1</EcpUrl-sms>
</Protocol>
<Protocol>
<Type>WEB</Type>
<Port>0</Port>
<DirectoryPort>0</DirectoryPort>
<ReferralPort>0</ReferralPort>
<Internal>
<OWAUrl AuthenticationMethod="Basic, Fba">https://SERVER.domain.internal/owa/</OWAUrl>
<Protocol>
<Type>EXCH</Type>
<ASUrl>https://SERVER.domain.internal/EWS/Exchange.asmx</ASUrl>
</Protocol>
</Internal>
<External>
<OWAUrl AuthenticationMethod="Fba">https://mail.domain.com/owa/</OWAUrl>
<Protocol>
<Type>EXPR</Type>
<ASUrl>https://mail.domain.com/ews/exchange.asmx</ASUrl>
</Protocol>
</External>
</Protocol>
</Account>
</Response>
</Autodiscover>

Autodiscover settings for Outlook Anywhere are being validated.
 ExRCA validated the Outlook Anywhere Autodiscover settings.
Attempting to resolve the host name mail.domain.com in DNS.
 The host name resolved successfully.
 Additional Details
 IP addresses returned: x.x.x.x

Testing TCP port 443 on host mail.domain.com to ensure it's listening and open.
 The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
 The certificate passed all validation requirements.
 Test Steps
 Validating the certificate name.
 The certificate name was validated successfully.
 Additional Details
 Host name mail.domain.com was found in the Certificate Subject Common name.

Certificate trust is being validated.
 The test passed with some warnings encountered. Please expand the additional details.
 Additional Details
 ExRCA can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the "Update Root Certificates" feature isn't enabled.

Testing the certificate date to confirm the certificate is valid.
 Date validation passed. The certificate hasn't expired.
 Additional Details
 The certificate is valid. NotBefore = 3/19/2011 8:44:10 AM, NotAfter = 3/19/2012 7:33:44 AM

Checking the IIS configuration for client certificate authentication.
 Client certificate authentication wasn't detected.
 Additional Details
 Accept/Require Client Certificates isn't configured.

Testing HTTP Authentication Methods for URL https://mail.domain.com/rpc/rpcproxy.dll.
 The HTTP authentication methods are correct.
 Additional Details
 ExRCA found all expected authentication methods and no disallowed methods. Methods found: Basic

Testing SSL mutual authentication with the RPC proxy server.
 Mutual authentication was verified successfully.
 Additional Details
 Certificate common name mail.domain.com matches msstd:mail.domain.com.

Attempting to ping RPC proxy mail.domain.com.
 RPC Proxy was pinged successfully.
 Additional Details
 Completed with HTTP status 200 - OK

Attempting to ping RPC endpoint 6001 (Exchange Information Store) on server SERVER.domain.internal.
 The endpoint was pinged successfully.
 Additional Details
 RPC Status Ok (0) returned in 256 ms.

Testing the Name Service Provider Interface (NSPI) on the Exchange Mailbox server.
 An error occurred while testing the NSPI RPC endpoint.
 Test Steps
 Attempting to ping RPC endpoint 6004 (NSPI Proxy Interface) on server SERVER.domain.internal.
 The endpoint was pinged successfully.
 Additional Details
 RPC Status Ok (0) returned in 78 ms.

Testing NSPI "Check Name" for user user@domain.com against server SERVER.domain.internal.
 An error occurred while attempting to resolve the name.
  Tell me more about this issue and how to resolve it
 Additional Details
 The name could not be matched to a name in the address list.
0
 

Author Comment

by:PascalLavallee
ID: 35176242
demazter:

autodiscover.domain.com is an A record in our external DNS

autodiscover.domain.com appears in our UCC certificate

We got the certificate from a 1/3 party (godaddy)
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 35176264
According to this you don't have the correct names in your certificate:

 
Host name domain.com doesn't match any name found on the server certificate CN=mail.domain.com, OU=Domain Control Validated, O=mail.domain.com.
0
Too many email signature changes to deal with?

Are you constantly being asked to update your organization's email signatures? Do they take up too much of your time? Wouldn't you love to be able to manage all signatures from one central location, easily design them and deploy them quickly to users. Well, you can!

 

Author Comment

by:PascalLavallee
ID: 35176319
demazter:

I understand that https://domain.com/AutoDiscover/AutoDiscover.xml is the first URL contacted but domain.com points to the website server. We don't host the server. I don't recall seeing in Microsoft documents the need to include the root domain in the certificate, only the internal and external names of the Exchange servers. Just confirming here before I contact the certificate issuer and re-issue the certificate.
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 35176415
The names you need are at an absolute minimum:

SERVERNAME.domain.local (the internal fully qualified domain name)
OWA.domain.com (the OWA URL)
Autodiscover.domainname.com (where domainname.com is the part after the @ in the email address)
0
 

Author Comment

by:PascalLavallee
ID: 35176552
I have the following names attached to the certificate
legacy.domain.com
legacy.domain.local
mail.domain.com
server1.domain.internal
server2.domain.internal
autodiscover.domain.com
autodiscover.domain.internal
server1
server2

The last error of the test shows Testing NSPI "Check Name" for user user@domain.com. The name could not be matched to a name in the address list.

Any thoughts on this error?

Thank you.
0
 
LVL 4

Assisted Solution

by:Tekyguy
Tekyguy earned 250 total points
ID: 35177627
Sounds like the user doesn't exist.  If exchange 2010 setup as the front end, shouldn't you be able to authenticate with any of the users accounts in the 2003 server?
0
 

Accepted Solution

by:
PascalLavallee earned 0 total points
ID: 35183294
Thank you Tekyguy. Your comment helped me realize the user existed but it was set with the "Hide from Exchange Address Lists" attribute. Making the user visible took care of the error.
0
 

Author Closing Comment

by:PascalLavallee
ID: 35221235
I graded B because the comment was partially accurate. The user existed in Exchange but because it was hidden from the address lists, it was not visible to the connection process.
0

Featured Post

Too many email signature updates to deal with?

Do you feel like you are taking up all of your time constantly visiting users’ desks to make changes to email signatures? Wish you could manage all signatures from one central location, easily design them and deploy them quickly to users? Well, there is an easy way!

Join & Write a Comment

Local Continuous Replication is a cost effective and quick way of backing up Exchange server data. The following article describes the steps required to configure Local Continuous Replication. Also, the article tells you how to restore from a backup…
Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
In this video we show how to create a User Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Mailb…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now