Solved

autddiscover issue with outlook anywhere?

Posted on 2011-03-22
22
528 Views
Last Modified: 2012-05-11
Hello experts,

I have an issue where my users have in there sync folder of outlook the following error:

14:29:58 Microsoft Exchange offline address book
14:29:58 Not downloading Offline address book files.  A server (URL) could not be located.
14:29:58 0X8004010F

I did some research and it pointed me to the autodiscover feature and that my SSL cert did not have the SAN feature in it with autodiscover. Sooo, I bought a new SAN cert with all the domain names that are required and added an A record to my external DNS pointing to autodiscover.doman.com and hoped it would resolve the issue.
Well, it still is not syncing as it should. When I run the Test Email Configuration tool in Outlook it show under the log tab:

autodiscover to httpsL//domanname/autodiscover/autodiscover.xml FAILED (0x800C8203)
autodiscover to httpsL//autodiscover.domanname/autodiscover/autodiscover.xml succeeded (0x000000)

When I run the Exchange Remote Connectivity Analyzer tool it shows the following erros:

Attempting to test potential Autodiscover URL https://domainname.com/AutoDiscover/AutoDiscover.xml
Testing of this potential Autodiscover URL failed.
Certificate trust is being validated.

The test passed with some warnings encountered. Please expand the additional details.
Additional Details
  ExRCA can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the "Update Root Certificates" feature isn't enabled
 
Testing TCP port 443 on host domainname.com to ensure it's listening and open.
  The specified port is either blocked, not listening, or not producing the expected response.
   Tell me more about this issue and how to resolve it
   Additional Details
  A network error occurred while communicating with the remote host.
Exception details:
Message: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 77.59.198.72:443
Type: System.Net.Sockets.SocketException
Stack trace:
at System.Net.Sockets.TcpClient.Connect(String hostname, Int32 port)
at Microsoft.Exchange.Tools.ExRca.Tests.TcpPortTest.PerformTestReally()
 
Now in the above error the IP address that is specified is not to my remote site or mail server. It is the IP address provided by my domain host.

Can anyone give me any insight on what I may be overlooking or missing??
0
Comment
Question by:sbodnar
  • 13
  • 9
22 Comments
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35192590
Can you verify that URL?
httpsL//domanname/autodiscover/autodiscover.xml ?

You seem to have a "L" after https
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35192609
Does OAB download work on internal clients or not?
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35192644
Also autodiscover.doman.com should be pointing at the external IP address of your CAS server, can you confirm that if you ping it externally it resolves to the Internet IP address of your CAS?
0
 

Author Comment

by:sbodnar
ID: 35192707
MegaNuk3,

I had a typo when I typed out the URL with the L. So please disregard that mistake.

How can I check if OAB download works on internal clients??

It does point to an external IP address of the CAS server but now I notice that when I ping either the autodiscover.domainname.com or remote.domainname.com neither one will respond. They are both timing out?
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35192780
Are you pinging them from inside the network?

In internal outlook try tools --> download address book
0
 

Author Comment

by:sbodnar
ID: 35192829
no, I jumped on a box that has a completely different outside IP address on it.

When logged in on a domain connected computer and going to tools ---> download address book the outlook send/receive progress bar pops up and sticks at processing. Bottom right hand corner it says "offline address book connecting to Microsoft Exchange" and the progress bar doesnt move.
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35192896
Do get-OABVirtualDirectory | fl
Look at the internalURL, externalURL and authentication values.

An easy way to resolve the OAB download issue for internal clients is to Untick the 'Require SSL' box on the OAB virtual directory and the change the internal URL mentioned above to http:// this is how Exchange is by default
0
 

Author Comment

by:sbodnar
ID: 35193429
using the OAB command you specified shows both internal and external address's to be the same URL authentication method.

https://remote.domainname.com/OAB
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35194081
Is remote.domain.com on your cert and if you ping it internally does it resolve to the internal ip address of your CaS server ?
0
 

Author Comment

by:sbodnar
ID: 35197903
Yes it is on my cert and it resolves to my CAS server's IP address when I ping it
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35197925
Does it resolve to the INTERNAL IP address of your CAS?
0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 

Author Comment

by:sbodnar
ID: 35197935
yes, my 192. 168.xxx  address
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35198020
As per my earlier comment, change the internalURL to http://<internally resolvable name on cert>/owa and Untick the 'Require SSL' on the OAB VD. External clients will still connect over HTTPS as per the ExternalURL

Once the above works and your internal clients can download the OAB you can change it back to HTTPs again and see if it continues to work
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35198122
Owa should be OAB in the above comment
0
 

Author Comment

by:sbodnar
ID: 35198138
Where do I make the change that you specified in this statment?

"change the internalURL to http://<internally resolvable name on cert>/owa and Untick the 'Require SSL' on the OAB VD"
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35198222
IIS for the OAB VD 'Require SSL' setting

EMs:
Get-OABVirtualDirectory | set-OABVirtualDirectory -internalURL "http://<internal CAS FQDN>/OAB"
0
 

Accepted Solution

by:
sbodnar earned 0 total points
ID: 35199926
Figured it out!!!

Turns out that the issue was a security setting on the OAB file in C:\Program Files\Microsoft\Exchange Server\ClientAccess. You need to give read permission to  IIS_IUSRS under the security tab on the OAB folder which will propegate to web.config. Also, go into IIS and scroll to Web Applications and down to the OAB folder. Once there enable directory browsing and it will work.
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35199982
Thanks for your solution.
Did you try mine out? I have found mine to work too in these situations and then when you put ssl back on it normally continues to work...
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35200018
Directory browsing is disabled in the systems I am looking at for the OAB VD and subfolders... And we have no issues downloading the OAB with these settings.
0
 

Author Comment

by:sbodnar
ID: 35200038
I did attempt your solution and it still would not resolve so I dug deeper and found the issue.

The main resolution was giving IIS_IUSRS read privliges to the OAB folder.
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35200358
Ok, thanks.

Feel free to close this question.
0
 

Author Closing Comment

by:sbodnar
ID: 35252749
resolved the issue
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
Are you unable to connect or configure Hotmail email account in Microsoft Outlook 2010, 2007? Or Outlook.com emails are not downloading to Outlook? Lets’ see the problem and resolve Outlook Connector error syncing folder hierarchy (0x8004102A).
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now