• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1409
  • Last Modified:

Exchange 2010 , Out Of Office only works internally and not externally

I Have Exchange 2010 Server running in Windows Server 2008. My problem are as follows:
-We are using Outlook 2007 and when you click Out of office assistant it gives u an error "your out of office settings cannot be displayed,because the server is currently unavailable. Try again later" .
- We can only set up Out Of Office Assistant using OWA. However the internal out of office works but the external out of office assistant doesnt. How can we solve this?

Facts :
I have no firewall installed for incoming/outgoing emails hence you can overlook this.

i will appreciate any feedback you have.

Charliecom
0
charliecom
Asked:
charliecom
  • 14
  • 12
  • 2
  • +1
3 Solutions
 
BusbarSolutions ArchitectCommented:
did you set the webservices virtual directory external URL.
0
 
Glen KnightCommented:
This is more than likely because you don't have an autodiscover.domainname.com (where domainname.com is the part after the @ in your email address) record in your SAN/UCC certificate? Outlook 2007/2010 uses this for Out of Office Assistant among other things.

if you have got the domain in your certificate then do you have an autodiscover.domainnamme.com A record configured?
0
 
charliecomAuthor Commented:
Thank you for your replys.
@Busbar : i have set the webservices Virtual Directory External URL as below:

[PS] C:\Windows\system32>Get-WebservicesVirtualDirectory -Server FSAL-EX.flysafarilink.local

Name                                    Server                                  InternalUrl
----                                    ------                                  -----------
EWS (Default Web Site)                  FSAL-EX                                 https://fsal-ex.flysafarilink.local/...


[PS] C:\Windows\system32>Get-webservicesvirtualdirectory | fl identity,internalurl,externalurl


Identity    : FSAL-EX\EWS (Default Web Site)
InternalUrl : https://fsal-ex.flysafarilink.local/EWS/Exchange.asmx
ExternalUrl : https://mail.flysafarilink.com/ews/exchange.asmx

@Demazter I have not configured an autodiscover.domainname.com a record however i will do that and see what happens.

Thanks you for your help.
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
BusbarSolutions ArchitectCommented:
I get SSL certificate error when I am accessing, do you have the external name in the certificate.
0
 
Glen KnightCommented:
You have a self signed certificate, you need to ensure you have a 3rd party certificate.  Or at the very least have the correct names in it.

The names are:

autodiscover.domainname.com (where domainname.com is the part after the @ in your email address)
owa.domainname.com (the Outlook Web App URL)
servername.domain.local (the internal fully qualified domain name of your server)
0
 
imgirCommented:
DeMazter beat me to it again...

In a nutshell, Exchange 2007 and 2010 are WebDav based servers and as such require secure communications for any of the useful Outlook Anywhere features to work correctly. [Out of Office, Free Busy]

What you require is a UCC certificate that has the hosts demazter lists above as subject and subject alternate names (SAN) in the certificate.
Subject Alternative Name (SAN): Provide multiple identities which the certificate can authenticate. Systems that may operate under multiple identities, such as server farms, and some software platforms, such as Microsoft Exchange, may use SAN certificates to simplify the support of the environment.
Several Certificate providers support those certificates.
A useful reference is on Wikipedia http://en.wikipedia.org/wiki/Comparison_of_SSL_certificates_for_web_servers

You will also require an A record configured on your external DNS for autodiscover.domain.com that points to the same IP address as your OWA server host.

0
 
charliecomAuthor Commented:
Hi ,

I have tried both the solutions but nothing seems to work .

i even created an external DNS pointing to the mail server however it still doesnt work .

Would you b having  a different solution.

charlie
0
 
Glen KnightCommented:
So you now have a 3rd party SAN/UCC certificate with the appropriate names in?

What names did you put in?
0
 
charliecomAuthor Commented:
I gave it the FQDN names
0
 
Glen KnightCommented:
Can you post the names you entered?
0
 
charliecomAuthor Commented:
I generated it using this format.

New-ExchangeCertificate -FriendlyName "Exchange 2010 Certificate" -IncludeServerFQDN -DomainName mail.flysafarilink.com,autodiscover.flysafarilink.com -GenerateRequest -PrivateKeyExportable $true
0
 
Glen KnightCommented:
Any particular reason why you didn't use the wizard in the exchange console? It's there to avoid mistakes.
0
 
charliecomAuthor Commented:
I initially created it using the EMS then i wrongly input the external domain name after which i started afresh using the console and set everything correctly.

I believe i set it up the right way and this is just but a brief description of the same.

While assigning the certificate i enabled SMTP & IIS which are the basic requirements i had. I am still open to more suggestions .

thanks,Again
0
 
Glen KnightCommented:
You need the external name, autodiscover record and the internal fully qualified domain name, you don't have all these.

Did you restart IIS after setting the certificate up? From outside what IP address does the autodiscover.domainname.com resolve to when you ping it?

Canyou goto https://www.testexchangeconnectivity.com/  and run the autodiscover test.  Post the results.
0
 
charliecomAuthor Commented:
Exchange Web Services service account access verification
  ExRCA failed to complete all tests with the service account.
   Test Steps
   ExRCA is attempting to test Autodiscover for it@flysafarilink.com.
  Autodiscover was tested successfully.
   Test Steps
   Attempting each method of contacting the Autodiscover service.
  The Autodiscover service was tested successfully.
   Test Steps
   Attempting to test potential Autodiscover URL https://flysafarilink.com/AutoDiscover/AutoDiscover.xml 
  Testing of this potential Autodiscover URL failed.
   Test Steps
   Attempting to resolve the host name flysafarilink.com in DNS.
  The host name resolved successfully.
   Additional Details
  IP addresses returned: 216.139.210.121
 
 Testing TCP port 443 on host flysafarilink.com to ensure it's listening and open.
  The specified port is either blocked, not listening, or not producing the expected response.
   Tell me more about this issue and how to resolve it
   Additional Details
  A network error occurred while communicating with the remote host.
Exception details:
Message: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 216.139.210.121:443
Type: System.Net.Sockets.SocketException
Stack trace:
at System.Net.Sockets.TcpClient.Connect(String hostname, Int32 port)
at Microsoft.Exchange.Tools.ExRca.Tests.TcpPortTest.PerformTestReally()
 
 
 
 
 Attempting to test potential Autodiscover URL https://autodiscover.flysafarilink.com/AutoDiscover/AutoDiscover.xml 
  Testing of the Autodiscover URL was successful.
   Test Steps
   Attempting to resolve the host name autodiscover.flysafarilink.com in DNS.
  The host name resolved successfully.
   Additional Details
  IP addresses returned: 41.215.37.138
 
 Testing TCP port 443 on host autodiscover.flysafarilink.com to ensure it's listening and open.
  The port was opened successfully.
 Testing the SSL certificate to make sure it's valid.
  The certificate passed all validation requirements.
   Test Steps
   Validating the certificate name.
  The certificate name was validated successfully.
   Additional Details
  Host name autodiscover.flysafarilink.com was found in the Certificate Subject Alternative Name entry.
 
 Testing the certificate date to confirm the certificate is valid.
  Date validation passed. The certificate hasn't expired.
   Additional Details
  The certificate is valid. NotBefore = 3/30/2011 2:12:00 PM, NotAfter = 3/29/2013 2:12:00 PM
 
 
 
 Checking the IIS configuration for client certificate authentication.
  Client certificate authentication wasn't detected.
   Additional Details
  Accept/Require Client Certificates isn't configured.
 
 Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
  ExRCA successfully retrieved Autodiscover settings by sending an Autodiscover POST.
   Test Steps
   ExRCA is attempting to retrieve an XML Autodiscover response from URL https://autodiscover.flysafarilink.com/AutoDiscover/AutoDiscover.xml for user it@flysafarilink.com.
  The Autodiscover XML response was successfully retrieved.
   Additional Details
  Autodiscover Account Settings
XML response:
<?xml version="1.0"?>
<Autodiscover xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
<Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">
<User>
<DisplayName>Safarilink - IT</DisplayName>
<LegacyDN>/o=Safarilink/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=Safarilink - IT</LegacyDN>
<DeploymentId>faeb5a43-0c7d-47f8-a2c2-e91090355627</DeploymentId>
</User>
<Account>
<AccountType>email</AccountType>
<Action>settings</Action>
<Protocol>
<Type>EXCH</Type>
<Server>FSAL-EX.flysafarilink.local</Server>
<ServerDN>/o=Safarilink/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=FSAL-EX</ServerDN>
<ServerVersion>7380827F</ServerVersion>
<MdbDN>/o=Safarilink/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=FSAL-EX/cn=Microsoft Private MDB</MdbDN>
<ASUrl>https://fsal-ex.flysafarilink.local/EWS/Exchange.asmx</ASUrl>
<OOFUrl>https://fsal-ex.flysafarilink.local/EWS/Exchange.asmx</OOFUrl>
<OABUrl>http://fsal-ex.flysafarilink.local/OAB/3cbad96f-1634-4047-a29b-9195cd99a984/</OABUrl>
<UMUrl>https://fsal-ex.flysafarilink.local/EWS/UM2007Legacy.asmx</UMUrl>
<Port>0</Port>
<DirectoryPort>0</DirectoryPort>
<ReferralPort>0</ReferralPort>
<PublicFolderServer>FSAL-EX.flysafarilink.local</PublicFolderServer>
<AD>FSAL-EX.flysafarilink.local</AD>
<EwsUrl>https://fsal-ex.flysafarilink.local/EWS/Exchange.asmx</EwsUrl>
<EcpUrl>https://fsal-ex.flysafarilink.local/ecp</EcpUrl>
<EcpUrl-um>?p=customize/voicemail.aspx&amp;exsvurl=1</EcpUrl-um>
<EcpUrl-aggr>?p=personalsettings/EmailSubscriptions.slab&amp;exsvurl=1</EcpUrl-aggr>
<EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?exsvurl=1&amp;IsOWA=&lt;IsOWA&gt;&amp;MsgID=&lt;MsgID&gt;&amp;Mbx=&lt;Mbx&gt;</EcpUrl-mt>
<EcpUrl-sms>?p=sms/textmessaging.slab&amp;exsvurl=1</EcpUrl-sms>
</Protocol>
<Protocol>
<Type>EXPR</Type>
<Server>mail.flysafarilink.com</Server>
<ASUrl>https://mail.flysafarilink.com/ews/exchange.asmx</ASUrl>
<OOFUrl>https://mail.flysafarilink.com/ews/exchange.asmx</OOFUrl>
<OABUrl>https://mail.flysafarilink.com/OAB/3cbad96f-1634-4047-a29b-9195cd99a984/</OABUrl>
<UMUrl>https://mail.flysafarilink.com/ews/UM2007Legacy.asmx</UMUrl>
<Port>0</Port>
<DirectoryPort>0</DirectoryPort>
<ReferralPort>0</ReferralPort>
<SSL>On</SSL>
<AuthPackage>Basic</AuthPackage>
<EwsUrl>https://mail.flysafarilink.com/ews/exchange.asmx</EwsUrl>
<EcpUrl>https://mail.flysafarilink.com/ecp</EcpUrl>
<EcpUrl-um>?p=customize/voicemail.aspx&amp;exsvurl=1</EcpUrl-um>
<EcpUrl-aggr>?p=personalsettings/EmailSubscriptions.slab&amp;exsvurl=1</EcpUrl-aggr>
<EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?exsvurl=1&amp;IsOWA=&lt;IsOWA&gt;&amp;MsgID=&lt;MsgID&gt;&amp;Mbx=&lt;Mbx&gt;</EcpUrl-mt>
<EcpUrl-sms>?p=sms/textmessaging.slab&amp;exsvurl=1</EcpUrl-sms>
</Protocol>
<Protocol>
<Type>WEB</Type>
<Port>0</Port>
<DirectoryPort>0</DirectoryPort>
<ReferralPort>0</ReferralPort>
<Internal>
<OWAUrl AuthenticationMethod="Basic, Fba">https://fsal-ex.flysafarilink.local/owa/</OWAUrl>
<Protocol>
<Type>EXCH</Type>
<ASUrl>https://fsal-ex.flysafarilink.local/EWS/Exchange.asmx</ASUrl>
</Protocol>
</Internal>
<External>
<OWAUrl AuthenticationMethod="Fba">https://mail.flysafarilink.com/owa/</OWAUrl>
<Protocol>
<Type>EXPR</Type>
<ASUrl>https://mail.flysafarilink.com/ews/exchange.asmx</ASUrl>
</Protocol>
</External>
</Protocol>
</Account>
</Response>
</Autodiscover>
 
 
 
 
 
 
 
 
 
 Ensuring that the test mailbox folder is empty and accessible.
  ExRCA couldn't confirm that the folder is accessible and empty.
   Additional Details
  "Inbox" folder in mailbox "it@flysafarilink.com" isn't empty.
Last EWS request:
<Trace Tag="EwsRequest" Tid="13" Time="2011-03-30 15:38:21Z" Version="14.02.5123.000">
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:m="http://schemas.microsoft.com/exchange/services/2006/messages" xmlns:t="http://schemas.microsoft.com/exchange/services/2006/types" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Header>
<t:RequestServerVersion Version="Exchange2007_SP1" />
<t:TimeZoneContext>
<t:TimeZoneDefinition Id="Pacific Standard Time" />
</t:TimeZoneContext>
</soap:Header>
<soap:Body>
<m:GetFolder>
<m:FolderShape>
<t:BaseShape>AllProperties</t:BaseShape>
</m:FolderShape>
<m:FolderIds>
<t:DistinguishedFolderId Id="inbox">
<t:Mailbox>
<t:EmailAddress>it@flysafarilink.com</t:EmailAddress>
</t:Mailbox>
</t:DistinguishedFolderId>
</m:FolderIds>
</m:GetFolder>
</soap:Body>
</soap:Envelope>
</Trace>

Last EWS response:
<Trace Tag="EwsResponse" Tid="13" Time="2011-03-30 15:38:33Z" Version="14.02.5123.000">
<?xml version="1.0" encoding="utf-8"?>
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/">
<s:Header>
<h:ServerVersionInfo MajorVersion="14" MinorVersion="0" MajorBuildNumber="722" MinorBuildNumber="0" Version="Exchange2010" xmlns:h="http://schemas.microsoft.com/exchange/services/2006/types" xmlns="http://schemas.microsoft.com/exchange/services/2006/types" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" />
</s:Header>
<s:Body xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<m:GetFolderResponse xmlns:m="http://schemas.microsoft.com/exchange/services/2006/messages" xmlns:t="http://schemas.microsoft.com/exchange/services/2006/types">
<m:ResponseMessages>
<m:GetFolderResponseMessage ResponseClass="Success">
<m:ResponseCode>NoError</m:ResponseCode>
<m:Folders>
<t:Folder>
<t:FolderId Id="AQMkADlhZmVhYzQ2LWNmNjctNDE1OS05MjllLWQyNmIyNzg4ADQxMGEALgAAAy+nxfYXsi1Ijtwhz2CCBIkBAJ9Ydn4l/ftKkMCm4T/OlQMAAAMlAAAA" ChangeKey="AQAAABYAAACfWHZ+Jf37SpDApuE/zpUDAAAxLk66" />
<t:ParentFolderId Id="AQMkADlhZmVhYzQ2LWNmNjctNDE1OS05MjllLWQyNmIyNzg4ADQxMGEALgAAAy+nxfYXsi1Ijtwhz2CCBIkBAJ9Ydn4l/ftKkMCm4T/OlQMAAAMiAAAA" ChangeKey="AQAAAA==" />
<t:FolderClass>IPF.Note</t:FolderClass>
<t:DisplayName>Inbox</t:DisplayName>
<t:TotalCount>3971</t:TotalCount>
<t:ChildFolderCount>1</t:ChildFolderCount>
<t:EffectiveRights>
<t:CreateAssociated>true</t:CreateAssociated>
<t:CreateContents>true</t:CreateContents>
<t:CreateHierarchy>true</t:CreateHierarchy>
<t:Delete>true</t:Delete>
<t:Modify>true</t:Modify>
<t:Read>true</t:Read>
</t:EffectiveRights>
<t:PermissionSet>
<t:Permissions>
<t:Permission>
<t:UserId>
<t:DistinguishedUser>Default</t:DistinguishedUser>
</t:UserId>
<t:CanCreateItems>false</t:CanCreateItems>
<t:CanCreateSubFolders>false</t:CanCreateSubFolders>
<t:IsFolderOwner>false</t:IsFolderOwner>
<t:IsFolderVisible>false</t:IsFolderVisible>
<t:IsFolderContact>false</t:IsFolderContact>
<t:EditItems>None</t:EditItems>
<t:DeleteItems>None</t:DeleteItems>
<t:ReadItems>None</t:ReadItems>
<t:PermissionLevel>None</t:PermissionLevel>
</t:Permission>
<t:Permission>
<t:UserId>
<t:DistinguishedUser>Anonymous</t:DistinguishedUser>
</t:UserId>
<t:CanCreateItems>false</t:CanCreateItems>
<t:CanCreateSubFolders>false</t:CanCreateSubFolders>
<t:IsFolderOwner>false</t:IsFolderOwner>
<t:IsFolderVisible>false</t:IsFolderVisible>
<t:IsFolderContact>false</t:IsFolderContact>
<t:EditItems>None</t:EditItems>
<t:DeleteItems>None</t:DeleteItems>
<t:ReadItems>None</t:ReadItems>
<t:PermissionLevel>None</t:PermissionLevel>
</t:Permission>
</t:Permissions>
</t:PermissionSet>
<t:UnreadCount>1</t:UnreadCount>
</t:Folder>
</m:Folders>
</m:GetFolderResponseMessage>
</m:ResponseMessages>
</m:GetFolderResponse>
</s:Body>
</s:Envelope>
</Trace>
 
 The autodiscover.domainname.com  resolves to 41.215.37.138

 
 
0
 
Glen KnightCommented:
Excellent, so autodiscover is working.

Next thing to check is the setting in alanhardisty's guide here: http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_2861-Activesync-Working-But-Only-For-Some-Users-On-Exchange-2007-2010.html
0
 
charliecomAuthor Commented:
I have alreasdy tried this and unfortunately its not working .

I am not giving up on the probable options if you have any more.

Charlie
0
 
Glen KnightCommented:
What does the exchange best practice analyser report?
0
 
charliecomAuthor Commented:
best-practices analyzer report
Please look at the anlysed report
0
 
Glen KnightCommented:
do you have 2 active network cards on this server?
0
 
charliecomAuthor Commented:
Yes i do
0
 
Glen KnightCommented:
This is an unsupported configuration as is multiple gateways, this is more than likely the cause of your problem.
0
 
charliecomAuthor Commented:
So what do you suggest i should do to correct this?
0
 
Glen KnightCommented:
You need to disable one of the network cards and restart the server so that all services are bound to the single network card.
0
 
charliecomAuthor Commented:
I have disabled the network card and restarted the server however the Out Of Office assistant still doesnt send externally.
0
 
Glen KnightCommented:
doesn't SEND externally? Or does not WORK externaly?!?

All along we have been investigating why your external users cannot use the Out Of Office? Are you saying that what's happening is the out of office is not being sent to external users?
0
 
charliecomAuthor Commented:
I mean that my out of office does not send automatic replies to external users when i enable the out of office assistant using outlook or OWA .

Are we on the same page?
0
 
Glen KnightCommented:
you say in your initial question "your out of office settings cannot be displayed,because the server is currently unavailable. Try again later"
This is what I have been trying to resolve.

When using Outlook 2007 with Exchange 2010 there is an option in the out of office assitant (this is the same within OWA) to enable the external out of office, have you done this?
0
 
Glen KnightCommented:
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 14
  • 12
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now