Solved

Exchange 2010 , Out Of Office only works internally and not externally

Posted on 2011-03-21
30
1,250 Views
Last Modified: 2012-05-11
I Have Exchange 2010 Server running in Windows Server 2008. My problem are as follows:
-We are using Outlook 2007 and when you click Out of office assistant it gives u an error "your out of office settings cannot be displayed,because the server is currently unavailable. Try again later" .
- We can only set up Out Of Office Assistant using OWA. However the internal out of office works but the external out of office assistant doesnt. How can we solve this?

Facts :
I have no firewall installed for incoming/outgoing emails hence you can overlook this.

i will appreciate any feedback you have.

Charliecom
0
Comment
Question by:charliecom
  • 14
  • 12
  • 2
  • +1
30 Comments
 
LVL 33

Expert Comment

by:Busbar
ID: 35179011
did you set the webservices virtual directory external URL.
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 35179077
This is more than likely because you don't have an autodiscover.domainname.com (where domainname.com is the part after the @ in your email address) record in your SAN/UCC certificate? Outlook 2007/2010 uses this for Out of Office Assistant among other things.

if you have got the domain in your certificate then do you have an autodiscover.domainnamme.com A record configured?
0
 

Author Comment

by:charliecom
ID: 35179182
Thank you for your replys.
@Busbar : i have set the webservices Virtual Directory External URL as below:

[PS] C:\Windows\system32>Get-WebservicesVirtualDirectory -Server FSAL-EX.flysafarilink.local

Name                                    Server                                  InternalUrl
----                                    ------                                  -----------
EWS (Default Web Site)                  FSAL-EX                                 https://fsal-ex.flysafarilink.local/...


[PS] C:\Windows\system32>Get-webservicesvirtualdirectory | fl identity,internalurl,externalurl


Identity    : FSAL-EX\EWS (Default Web Site)
InternalUrl : https://fsal-ex.flysafarilink.local/EWS/Exchange.asmx
ExternalUrl : https://mail.flysafarilink.com/ews/exchange.asmx

@Demazter I have not configured an autodiscover.domainname.com a record however i will do that and see what happens.

Thanks you for your help.
0
 
LVL 33

Expert Comment

by:Busbar
ID: 35179756
I get SSL certificate error when I am accessing, do you have the external name in the certificate.
0
 
LVL 74

Assisted Solution

by:Glen Knight
Glen Knight earned 125 total points
ID: 35179765
You have a self signed certificate, you need to ensure you have a 3rd party certificate.  Or at the very least have the correct names in it.

The names are:

autodiscover.domainname.com (where domainname.com is the part after the @ in your email address)
owa.domainname.com (the Outlook Web App URL)
servername.domain.local (the internal fully qualified domain name of your server)
0
 
LVL 2

Expert Comment

by:imgir
ID: 35195397
DeMazter beat me to it again...

In a nutshell, Exchange 2007 and 2010 are WebDav based servers and as such require secure communications for any of the useful Outlook Anywhere features to work correctly. [Out of Office, Free Busy]

What you require is a UCC certificate that has the hosts demazter lists above as subject and subject alternate names (SAN) in the certificate.
Subject Alternative Name (SAN): Provide multiple identities which the certificate can authenticate. Systems that may operate under multiple identities, such as server farms, and some software platforms, such as Microsoft Exchange, may use SAN certificates to simplify the support of the environment.
Several Certificate providers support those certificates.
A useful reference is on Wikipedia http://en.wikipedia.org/wiki/Comparison_of_SSL_certificates_for_web_servers

You will also require an A record configured on your external DNS for autodiscover.domain.com that points to the same IP address as your OWA server host.

0
 

Author Comment

by:charliecom
ID: 35258293
Hi ,

I have tried both the solutions but nothing seems to work .

i even created an external DNS pointing to the mail server however it still doesnt work .

Would you b having  a different solution.

charlie
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 35258324
So you now have a 3rd party SAN/UCC certificate with the appropriate names in?

What names did you put in?
0
 

Author Comment

by:charliecom
ID: 35258580
I gave it the FQDN names
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 35258805
Can you post the names you entered?
0
 

Author Comment

by:charliecom
ID: 35259355
I generated it using this format.

New-ExchangeCertificate -FriendlyName "Exchange 2010 Certificate" -IncludeServerFQDN -DomainName mail.flysafarilink.com,autodiscover.flysafarilink.com -GenerateRequest -PrivateKeyExportable $true
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 35259394
Any particular reason why you didn't use the wizard in the exchange console? It's there to avoid mistakes.
0
 

Author Comment

by:charliecom
ID: 35259596
I initially created it using the EMS then i wrongly input the external domain name after which i started afresh using the console and set everything correctly.

I believe i set it up the right way and this is just but a brief description of the same.

While assigning the certificate i enabled SMTP & IIS which are the basic requirements i had. I am still open to more suggestions .

thanks,Again
0
 
LVL 74

Assisted Solution

by:Glen Knight
Glen Knight earned 125 total points
ID: 35259662
You need the external name, autodiscover record and the internal fully qualified domain name, you don't have all these.

Did you restart IIS after setting the certificate up? From outside what IP address does the autodiscover.domainname.com resolve to when you ping it?

Canyou goto https://www.testexchangeconnectivity.com/  and run the autodiscover test.  Post the results.
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 

Author Comment

by:charliecom
ID: 35259882
Exchange Web Services service account access verification
  ExRCA failed to complete all tests with the service account.
   Test Steps
   ExRCA is attempting to test Autodiscover for it@flysafarilink.com.
  Autodiscover was tested successfully.
   Test Steps
   Attempting each method of contacting the Autodiscover service.
  The Autodiscover service was tested successfully.
   Test Steps
   Attempting to test potential Autodiscover URL https://flysafarilink.com/AutoDiscover/AutoDiscover.xml
  Testing of this potential Autodiscover URL failed.
   Test Steps
   Attempting to resolve the host name flysafarilink.com in DNS.
  The host name resolved successfully.
   Additional Details
  IP addresses returned: 216.139.210.121
 
 Testing TCP port 443 on host flysafarilink.com to ensure it's listening and open.
  The specified port is either blocked, not listening, or not producing the expected response.
   Tell me more about this issue and how to resolve it
   Additional Details
  A network error occurred while communicating with the remote host.
Exception details:
Message: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 216.139.210.121:443
Type: System.Net.Sockets.SocketException
Stack trace:
at System.Net.Sockets.TcpClient.Connect(String hostname, Int32 port)
at Microsoft.Exchange.Tools.ExRca.Tests.TcpPortTest.PerformTestReally()
 
 
 
 
 Attempting to test potential Autodiscover URL https://autodiscover.flysafarilink.com/AutoDiscover/AutoDiscover.xml
  Testing of the Autodiscover URL was successful.
   Test Steps
   Attempting to resolve the host name autodiscover.flysafarilink.com in DNS.
  The host name resolved successfully.
   Additional Details
  IP addresses returned: 41.215.37.138
 
 Testing TCP port 443 on host autodiscover.flysafarilink.com to ensure it's listening and open.
  The port was opened successfully.
 Testing the SSL certificate to make sure it's valid.
  The certificate passed all validation requirements.
   Test Steps
   Validating the certificate name.
  The certificate name was validated successfully.
   Additional Details
  Host name autodiscover.flysafarilink.com was found in the Certificate Subject Alternative Name entry.
 
 Testing the certificate date to confirm the certificate is valid.
  Date validation passed. The certificate hasn't expired.
   Additional Details
  The certificate is valid. NotBefore = 3/30/2011 2:12:00 PM, NotAfter = 3/29/2013 2:12:00 PM
 
 
 
 Checking the IIS configuration for client certificate authentication.
  Client certificate authentication wasn't detected.
   Additional Details
  Accept/Require Client Certificates isn't configured.
 
 Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
  ExRCA successfully retrieved Autodiscover settings by sending an Autodiscover POST.
   Test Steps
   ExRCA is attempting to retrieve an XML Autodiscover response from URL https://autodiscover.flysafarilink.com/AutoDiscover/AutoDiscover.xml for user it@flysafarilink.com.
  The Autodiscover XML response was successfully retrieved.
   Additional Details
  Autodiscover Account Settings
XML response:
<?xml version="1.0"?>
<Autodiscover xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
<Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">
<User>
<DisplayName>Safarilink - IT</DisplayName>
<LegacyDN>/o=Safarilink/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=Safarilink - IT</LegacyDN>
<DeploymentId>faeb5a43-0c7d-47f8-a2c2-e91090355627</DeploymentId>
</User>
<Account>
<AccountType>email</AccountType>
<Action>settings</Action>
<Protocol>
<Type>EXCH</Type>
<Server>FSAL-EX.flysafarilink.local</Server>
<ServerDN>/o=Safarilink/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=FSAL-EX</ServerDN>
<ServerVersion>7380827F</ServerVersion>
<MdbDN>/o=Safarilink/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=FSAL-EX/cn=Microsoft Private MDB</MdbDN>
<ASUrl>https://fsal-ex.flysafarilink.local/EWS/Exchange.asmx</ASUrl>
<OOFUrl>https://fsal-ex.flysafarilink.local/EWS/Exchange.asmx</OOFUrl>
<OABUrl>http://fsal-ex.flysafarilink.local/OAB/3cbad96f-1634-4047-a29b-9195cd99a984/</OABUrl>
<UMUrl>https://fsal-ex.flysafarilink.local/EWS/UM2007Legacy.asmx</UMUrl>
<Port>0</Port>
<DirectoryPort>0</DirectoryPort>
<ReferralPort>0</ReferralPort>
<PublicFolderServer>FSAL-EX.flysafarilink.local</PublicFolderServer>
<AD>FSAL-EX.flysafarilink.local</AD>
<EwsUrl>https://fsal-ex.flysafarilink.local/EWS/Exchange.asmx</EwsUrl>
<EcpUrl>https://fsal-ex.flysafarilink.local/ecp</EcpUrl>
<EcpUrl-um>?p=customize/voicemail.aspx&amp;exsvurl=1</EcpUrl-um>
<EcpUrl-aggr>?p=personalsettings/EmailSubscriptions.slab&amp;exsvurl=1</EcpUrl-aggr>
<EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?exsvurl=1&amp;IsOWA=&lt;IsOWA&gt;&amp;MsgID=&lt;MsgID&gt;&amp;Mbx=&lt;Mbx&gt;</EcpUrl-mt>
<EcpUrl-sms>?p=sms/textmessaging.slab&amp;exsvurl=1</EcpUrl-sms>
</Protocol>
<Protocol>
<Type>EXPR</Type>
<Server>mail.flysafarilink.com</Server>
<ASUrl>https://mail.flysafarilink.com/ews/exchange.asmx</ASUrl>
<OOFUrl>https://mail.flysafarilink.com/ews/exchange.asmx</OOFUrl>
<OABUrl>https://mail.flysafarilink.com/OAB/3cbad96f-1634-4047-a29b-9195cd99a984/</OABUrl>
<UMUrl>https://mail.flysafarilink.com/ews/UM2007Legacy.asmx</UMUrl>
<Port>0</Port>
<DirectoryPort>0</DirectoryPort>
<ReferralPort>0</ReferralPort>
<SSL>On</SSL>
<AuthPackage>Basic</AuthPackage>
<EwsUrl>https://mail.flysafarilink.com/ews/exchange.asmx</EwsUrl>
<EcpUrl>https://mail.flysafarilink.com/ecp</EcpUrl>
<EcpUrl-um>?p=customize/voicemail.aspx&amp;exsvurl=1</EcpUrl-um>
<EcpUrl-aggr>?p=personalsettings/EmailSubscriptions.slab&amp;exsvurl=1</EcpUrl-aggr>
<EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?exsvurl=1&amp;IsOWA=&lt;IsOWA&gt;&amp;MsgID=&lt;MsgID&gt;&amp;Mbx=&lt;Mbx&gt;</EcpUrl-mt>
<EcpUrl-sms>?p=sms/textmessaging.slab&amp;exsvurl=1</EcpUrl-sms>
</Protocol>
<Protocol>
<Type>WEB</Type>
<Port>0</Port>
<DirectoryPort>0</DirectoryPort>
<ReferralPort>0</ReferralPort>
<Internal>
<OWAUrl AuthenticationMethod="Basic, Fba">https://fsal-ex.flysafarilink.local/owa/</OWAUrl>
<Protocol>
<Type>EXCH</Type>
<ASUrl>https://fsal-ex.flysafarilink.local/EWS/Exchange.asmx</ASUrl>
</Protocol>
</Internal>
<External>
<OWAUrl AuthenticationMethod="Fba">https://mail.flysafarilink.com/owa/</OWAUrl>
<Protocol>
<Type>EXPR</Type>
<ASUrl>https://mail.flysafarilink.com/ews/exchange.asmx</ASUrl>
</Protocol>
</External>
</Protocol>
</Account>
</Response>
</Autodiscover>
 
 
 
 
 
 
 
 
 
 Ensuring that the test mailbox folder is empty and accessible.
  ExRCA couldn't confirm that the folder is accessible and empty.
   Additional Details
  "Inbox" folder in mailbox "it@flysafarilink.com" isn't empty.
Last EWS request:
<Trace Tag="EwsRequest" Tid="13" Time="2011-03-30 15:38:21Z" Version="14.02.5123.000">
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:m="http://schemas.microsoft.com/exchange/services/2006/messages" xmlns:t="http://schemas.microsoft.com/exchange/services/2006/types" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Header>
<t:RequestServerVersion Version="Exchange2007_SP1" />
<t:TimeZoneContext>
<t:TimeZoneDefinition Id="Pacific Standard Time" />
</t:TimeZoneContext>
</soap:Header>
<soap:Body>
<m:GetFolder>
<m:FolderShape>
<t:BaseShape>AllProperties</t:BaseShape>
</m:FolderShape>
<m:FolderIds>
<t:DistinguishedFolderId Id="inbox">
<t:Mailbox>
<t:EmailAddress>it@flysafarilink.com</t:EmailAddress>
</t:Mailbox>
</t:DistinguishedFolderId>
</m:FolderIds>
</m:GetFolder>
</soap:Body>
</soap:Envelope>
</Trace>

Last EWS response:
<Trace Tag="EwsResponse" Tid="13" Time="2011-03-30 15:38:33Z" Version="14.02.5123.000">
<?xml version="1.0" encoding="utf-8"?>
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/">
<s:Header>
<h:ServerVersionInfo MajorVersion="14" MinorVersion="0" MajorBuildNumber="722" MinorBuildNumber="0" Version="Exchange2010" xmlns:h="http://schemas.microsoft.com/exchange/services/2006/types" xmlns="http://schemas.microsoft.com/exchange/services/2006/types" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" />
</s:Header>
<s:Body xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<m:GetFolderResponse xmlns:m="http://schemas.microsoft.com/exchange/services/2006/messages" xmlns:t="http://schemas.microsoft.com/exchange/services/2006/types">
<m:ResponseMessages>
<m:GetFolderResponseMessage ResponseClass="Success">
<m:ResponseCode>NoError</m:ResponseCode>
<m:Folders>
<t:Folder>
<t:FolderId Id="AQMkADlhZmVhYzQ2LWNmNjctNDE1OS05MjllLWQyNmIyNzg4ADQxMGEALgAAAy+nxfYXsi1Ijtwhz2CCBIkBAJ9Ydn4l/ftKkMCm4T/OlQMAAAMlAAAA" ChangeKey="AQAAABYAAACfWHZ+Jf37SpDApuE/zpUDAAAxLk66" />
<t:ParentFolderId Id="AQMkADlhZmVhYzQ2LWNmNjctNDE1OS05MjllLWQyNmIyNzg4ADQxMGEALgAAAy+nxfYXsi1Ijtwhz2CCBIkBAJ9Ydn4l/ftKkMCm4T/OlQMAAAMiAAAA" ChangeKey="AQAAAA==" />
<t:FolderClass>IPF.Note</t:FolderClass>
<t:DisplayName>Inbox</t:DisplayName>
<t:TotalCount>3971</t:TotalCount>
<t:ChildFolderCount>1</t:ChildFolderCount>
<t:EffectiveRights>
<t:CreateAssociated>true</t:CreateAssociated>
<t:CreateContents>true</t:CreateContents>
<t:CreateHierarchy>true</t:CreateHierarchy>
<t:Delete>true</t:Delete>
<t:Modify>true</t:Modify>
<t:Read>true</t:Read>
</t:EffectiveRights>
<t:PermissionSet>
<t:Permissions>
<t:Permission>
<t:UserId>
<t:DistinguishedUser>Default</t:DistinguishedUser>
</t:UserId>
<t:CanCreateItems>false</t:CanCreateItems>
<t:CanCreateSubFolders>false</t:CanCreateSubFolders>
<t:IsFolderOwner>false</t:IsFolderOwner>
<t:IsFolderVisible>false</t:IsFolderVisible>
<t:IsFolderContact>false</t:IsFolderContact>
<t:EditItems>None</t:EditItems>
<t:DeleteItems>None</t:DeleteItems>
<t:ReadItems>None</t:ReadItems>
<t:PermissionLevel>None</t:PermissionLevel>
</t:Permission>
<t:Permission>
<t:UserId>
<t:DistinguishedUser>Anonymous</t:DistinguishedUser>
</t:UserId>
<t:CanCreateItems>false</t:CanCreateItems>
<t:CanCreateSubFolders>false</t:CanCreateSubFolders>
<t:IsFolderOwner>false</t:IsFolderOwner>
<t:IsFolderVisible>false</t:IsFolderVisible>
<t:IsFolderContact>false</t:IsFolderContact>
<t:EditItems>None</t:EditItems>
<t:DeleteItems>None</t:DeleteItems>
<t:ReadItems>None</t:ReadItems>
<t:PermissionLevel>None</t:PermissionLevel>
</t:Permission>
</t:Permissions>
</t:PermissionSet>
<t:UnreadCount>1</t:UnreadCount>
</t:Folder>
</m:Folders>
</m:GetFolderResponseMessage>
</m:ResponseMessages>
</m:GetFolderResponse>
</s:Body>
</s:Envelope>
</Trace>
 
 The autodiscover.domainname.com  resolves to 41.215.37.138

 
 
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 35259933
Excellent, so autodiscover is working.

Next thing to check is the setting in alanhardisty's guide here: http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_2861-Activesync-Working-But-Only-For-Some-Users-On-Exchange-2007-2010.html
0
 

Author Comment

by:charliecom
ID: 35274387
I have alreasdy tried this and unfortunately its not working .

I am not giving up on the probable options if you have any more.

Charlie
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 35274410
What does the exchange best practice analyser report?
0
 

Author Comment

by:charliecom
ID: 35274909
best-practices analyzer report
Please look at the anlysed report
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 35274926
do you have 2 active network cards on this server?
0
 

Author Comment

by:charliecom
ID: 35274987
Yes i do
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 35275041
This is an unsupported configuration as is multiple gateways, this is more than likely the cause of your problem.
0
 

Author Comment

by:charliecom
ID: 35275084
So what do you suggest i should do to correct this?
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 35275088
You need to disable one of the network cards and restart the server so that all services are bound to the single network card.
0
 

Author Comment

by:charliecom
ID: 35276260
I have disabled the network card and restarted the server however the Out Of Office assistant still doesnt send externally.
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 35276367
doesn't SEND externally? Or does not WORK externaly?!?

All along we have been investigating why your external users cannot use the Out Of Office? Are you saying that what's happening is the out of office is not being sent to external users?
0
 

Author Comment

by:charliecom
ID: 35279342
I mean that my out of office does not send automatic replies to external users when i enable the out of office assistant using outlook or OWA .

Are we on the same page?
0
 
LVL 74

Accepted Solution

by:
Glen Knight earned 125 total points
ID: 35279390
you say in your initial question "your out of office settings cannot be displayed,because the server is currently unavailable. Try again later"
This is what I have been trying to resolve.

When using Outlook 2007 with Exchange 2010 there is an option in the out of office assitant (this is the same within OWA) to enable the external out of office, have you done this?
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 37459960
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

The curse of the end user strikes again      

You’ve updated all your end user’s email signatures. Hooray! But guess what? They’re playing around with the HTML, adding stupid taglines and ruining the imagery. Find out how you can save your signatures from end users today.

Join & Write a Comment

Resolve Outlook connectivity issues after moving mailbox to new Exchange 2016 server
Follow this checklist to learn more about the 15 things you should never include in an email signature from personal quotes, animated gifs and out-of-date marketing content.
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
This video discusses moving either the default database or any database to a new volume.

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now