Solved

No organiztion in Exchange 2010 ESM

Posted on 2011-03-24
52
420 Views
Last Modified: 2012-06-22
I just installed a 2010 SP1 Exchange server.
Running on Windows server 2008R2.
Most everything went pretty well...a few bumps, but it's running.
From the start, I have never seen any Organization listed in the System manager window.
I can log on to my 2003 ESM and see it fine.
Any ideas?
0
Comment
Question by:SeaSenor
  • 25
  • 24
  • 2
  • +1
52 Comments
 
LVL 17

Expert Comment

by:Sikhumbuzo Ntsada
Comment Utility
That should be under:

Start - All  Programs - MS Exchange S 2010 - ECM  
0
 
LVL 31

Expert Comment

by:MegaNuk3
Comment Utility
Check the event logs for errors, especially AD Topology ones...
0
 
LVL 10

Expert Comment

by:Muzafar Momin
Comment Utility
re-run forestprep and domainprep and the restart the exchange servers
0
 
LVL 31

Expert Comment

by:MegaNuk3
Comment Utility
You mean setup.com /PrepareAD
0
 
LVL 10

Expert Comment

by:Muzafar Momin
Comment Utility
yes try reruning
0
 
LVL 8

Author Comment

by:SeaSenor
Comment Utility
Re-ran setup.com /PrepareAD. Completed successfully. Restarted.
still nothing in the exchance organiztion.
The logs show no errors, and says the commands completed successfully.

Just to clarify:
When I select the 'organization configuration' in Exchange Management, it shows nothing.
attached is a screen shot.



 
screenshot---Copy.jpg
0
 
LVL 31

Expert Comment

by:MegaNuk3
Comment Utility
Are you expecting to see a federation trust in there or something ?
0
 
LVL 8

Author Comment

by:SeaSenor
Comment Utility
should i see anything?

I have a single domain, and a single site, with a single exch organization.

In exchange 2003 manager I see the organization name.
0
 
LVL 31

Accepted Solution

by:
MegaNuk3 earned 500 total points
Comment Utility
You won't see the Org name in E2k10 as everything is based on AD including routing.
0
 
LVL 8

Author Comment

by:SeaSenor
Comment Utility
i see... well I have have ran get-organizationconfig and it shows the org name etc... it all looks fine.

now i am dealing with the damn certificate headaches.

Invalid name on certificate.  sigh....

thanks
0
 
LVL 8

Author Comment

by:SeaSenor
Comment Utility
i also dont see my other exchange server (2003) listed in The 2010 manager. Should that be showing up... or the database for it?.....anything regarding the 2003 exchange?

everything for both servers (2010 and 2003) show up in the 2003 manager.

0
 
LVL 8

Author Comment

by:SeaSenor
Comment Utility
it was my understanding on the certificate, I should include the following:

mydomain
servername
servername.mydomain.com
autodiscover.mydomain.com
webmail.mydomain.com

I used webmail.mydomain.com as the common name, as mentioned in other reference so Outlook anywhere and other offsite access wouldn't have issues with the name.
Now my Outlook 2007 clients are getting the invalid name issue.

should i have used servername.mydomain.com instead for the common name?

I know that's off topic a little here, but there are a hundred certificate threads already, and I don't want to start another one.  If no one wants to answer that's fine.. I'll figure it out. I'm just ready to get this done. Very time consuming so far....for whaterver reason.. maybe i'm just dumb.
0
 
LVL 31

Expert Comment

by:MegaNuk3
Comment Utility
Check the certificate you have enabled for IIS because SP1 may have reset it to the self signed one

You will see mailboxes, contacts, DGs from e2k3 in the EMc and that is about it because the EMC should not be used to admin E2k3 servers and databases.
0
 
LVL 31

Expert Comment

by:MegaNuk3
Comment Utility
Time to test outlook autoconfig:
With outlook open, hold down CTRL key and right click on the Outlook icon in the bottom right hand side of your screen, then on the popup menu select the "Test Autoconfiguration". Select that, enter valid credentials and select the "autodiscover" option only and test.

Then check the URLs returned to see which ones don't match your cert.

Also do get-exchangecertificate | fl to check which Certs are enabled for what
0
 
LVL 8

Author Comment

by:SeaSenor
Comment Utility
I just installed the certificate 10 minutes ago, and assigned all services to it.  Do you mean assigned when you say enabled?
I had installed exchange w/sp1 from the disc.
Also ran the update rollup and stuff prior to the last cert install....


0
 
LVL 31

Expert Comment

by:MegaNuk3
Comment Utility
Sounds good, restart outlook and check I'd you still get the prompt, if so, do the autoconfig test
0
 
LVL 8

Author Comment

by:SeaSenor
Comment Utility
autoconfiguration was unable to determin my settings!
0
 
LVL 31

Expert Comment

by:MegaNuk3
Comment Utility
Ok did it give any error codes? Did it find the SCP?

Also try
Test-outlookwebServices | fl
0
 
LVL 8

Author Comment

by:SeaSenor
Comment Utility
Test-outlookwebServices | fl    failed miserably.

I don't have the firewall rules opened yet to this server for one thing, and the DNS settings are still pointing to my ex2003 server for OWA.

The autoconfiguration test did find the SCP  but this test did not.

I'm submitting a name change for the certificate right now. I think that problem may be the FQDN.

On the cert it reads:   mailserver.mydomain.com
the FQDN is:  mailserver.subdomain.mydomain.com
I'll see how that goes.
That may be the case for autodiscover as well.

0
 
LVL 31

Expert Comment

by:MegaNuk3
Comment Utility
You can get round that if you have internal DNS and have an A record for autodiscover.mydomain.com and point it at your CAS servers internal IP address.

Then do get-clientAccessServer | Set-ClientAccessServer -autodiscoverserviceinternaluri "https://autodiscover.mydomain.com/autodiscover/autodiscover.XML"
0
 
LVL 31

Expert Comment

by:MegaNuk3
Comment Utility
Otherwise have a look at putting in SRV records internally and externally:
Add an external DNS SRV record that points to an external name on your cert, which resolves to the external IP address of your CAS server:
http://support.microsoft.com/kb/940881
0
 
LVL 8

Author Comment

by:SeaSenor
Comment Utility
the name change fixed the internal cert error.  It was easy to do with godaddy....as most cert authorities would be I imagine.

I currently have my ISP pointing a name (webmail.mydomin.com) to an external IP address .. Then I NAT that through our firewall to the exchange 2003 box.
I assume I can just change the NAT policy and point it to my exchange 2010 box.

0
 
LVL 31

Expert Comment

by:MegaNuk3
Comment Utility
yep, just change NAT to point to your Exchange 2010 box and as long as the cert is installed there and you have set your ExternalURL values to webmail.mydomain.com you should be fine.
0
 
LVL 8

Author Comment

by:SeaSenor
Comment Utility
Thanks MegaNuk3....

Quite a few different variations in setup vs. 2003. I still have a laundry list of items to check/configure.

Do i need any internal DNS settings really?  I can send/recieve mail, internally/externally.

I cannot get the autoconfigure to run right though. It finds the SCP but autodiscover fails.

.
0
 
LVL 31

Expert Comment

by:MegaNuk3
Comment Utility
What error are you getting with the SCP?
0
 
LVL 8

Author Comment

by:SeaSenor
Comment Utility
well .... here is whats going on.

when I create a user/mailbox...it makes the email address of:  user@subdomain.mydomain.com

I also had to include that on the certificate to clear the 'name not found' error....at least I did without adding any DNS entrys into my local DNS servers.

However, if I run the autoconfigure (autodiscover)... it fails against that email address.
It succeeds if I remove the subdomain from the address:   user@mydomain.com



0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 31

Expert Comment

by:MegaNuk3
Comment Utility
In the outlook autoconfig test check the autodiscover URL that is being returned by the SCP, see if you can open that URL in IE without a certificate prompt

You should see an error code after the SCP test like 0x80072F0C? What is your error code?
0
 
LVL 8

Author Comment

by:SeaSenor
Comment Utility
it finds the SCP no matter which email address I use.
When it attempts autodiscover is when it fails...but only if i include the subdomain in the address.

0x800C8203 is the code for the autodiscover failure



0
 
LVL 31

Expert Comment

by:MegaNuk3
Comment Utility
Ok and if you open the URL in IE do you get a error 600 invalid request?

Does your mailbox have that e-mail address ? @subdomain.mydomain.com
0
 
LVL 8

Author Comment

by:SeaSenor
Comment Utility
No the primary SMTP address does not contain the subdomain....when I open/run autoconfigure, it puts that address in by default. Also, when I create a new user/mailbox, it uses the subdomain as part of the user prinicpal name.
I have to remove the subdomain manually in autoconfigure and run the test.

which URL are you referring to?
0
 
LVL 31

Expert Comment

by:MegaNuk3
Comment Utility
0
 
LVL 8

Author Comment

by:SeaSenor
Comment Utility
well it does not resolve without the subdomain in the URL.
It gives me a login prompt with the subdomain in the URL, and when I login, it displays the following code:


<?xml version="1.0" encoding="UTF-8"?>
-<Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006"> -<Response> -<Error Id="1150048357" Time="10:37:53.6964668"> <ErrorCode>600</ErrorCode> <Message>Invalid Request</Message> <DebugData/> </Error> </Response> </Autodiscover>
0
 
LVL 31

Expert Comment

by:MegaNuk3
Comment Utility
Ok did it give you a cert prompt?

Do get-clientaccessServer |fl autodiscoverserviceinternaluri
And see if that URL is valid or not
0
 
LVL 8

Author Comment

by:SeaSenor
Comment Utility
no cert prompt.

get-clientaccessServer |fl autodiscoverserviceinternaluri    returns the following:

emailserver.subdomain.mydomain.com/Autodiscover/Autodiscover.xml



0
 
LVL 31

Expert Comment

by:MegaNuk3
Comment Utility
Ok, as a test can you add the UPN as an additional email address on the mailbox?
0
 
LVL 8

Author Comment

by:SeaSenor
Comment Utility
i added it.... the only test I tried was autodiscover... which suceeded.
0
 
LVL 31

Assisted Solution

by:MegaNuk3
MegaNuk3 earned 500 total points
Comment Utility
Apparently it is an issue in the Dec 2010 / jan 2011 updates for outlook 2007 / 2010 respectively where outlook is picking up the UPN instead of the email address to try and autodiscover against. To prove it, you can uninstall the outlook update and setup a new outlook profile and see if the email address is picked up and not the UPN.

In the test did you add the email address as a secondary SMTP?
0
 
LVL 8

Author Comment

by:SeaSenor
Comment Utility
yes i did add the email address as the secondary smtp.

I'll check the update and see if it will uninstall....
good job on the research...
you have more than earned your points here. I wish I could double them for you.
0
 
LVL 8

Author Comment

by:SeaSenor
Comment Utility
KB-2412171 ???   or a different one?
do you have that info?
0
 
LVL 8

Assisted Solution

by:SeaSenor
SeaSenor earned 0 total points
Comment Utility
yes that was it... i unistalled KB-2412171 and it only picks up the email address and not the UPN

0
 
LVL 31

Expert Comment

by:MegaNuk3
Comment Utility
Unfortunately, I dont think there is a MS article about it yet...
So you could do one if 4 things:
1.) uninstall the hotfix - long process
2.) change it to email address when setting up new profiles
3.) edit the default address policy or create a new one to add a secondary smtp address to everyones mailbox so that they have a email address that matches the UPN- this will be hard to do if you are using some weird account name standard
4.) add internal SRV record - I am not entirely sure this will work, but it will get round the issue of contacting the SCP
0
 
LVL 31

Expert Comment

by:MegaNuk3
Comment Utility
Thanks for the points. Feel free to post your new question link into this one and I will see if I can answer it ;-)
0
 
LVL 8

Author Comment

by:SeaSenor
Comment Utility
All email flow works properly....even prior to removing the update.

I can set up email on client machines, etc.... I have not tested any calender/free/busy items yet.

0
 
LVL 31

Expert Comment

by:MegaNuk3
Comment Utility
Try set an out of office message, that is a good test of autodiscover, EWS & availability service
0
 
LVL 8

Author Comment

by:SeaSenor
Comment Utility
Works perfectly... I also successfully sent/accepted meeting requests.

0
 
LVL 8

Author Comment

by:SeaSenor
Comment Utility
0
 
LVL 31

Expert Comment

by:MegaNuk3
Comment Utility
Sounds good. You can also go into the meeting and then look at the attendee availability which will show you free/busy info via the Availability service
0
 
LVL 8

Author Comment

by:SeaSenor
Comment Utility
it doens't show the free/busy info for mailboxes on the ex2003 server. Only the 2010 server
0
 
LVL 31

Expert Comment

by:MegaNuk3
Comment Utility
To see the FB from the E2k3 server you need to replicate the E2k3 FB folder to E2k10
0
 
LVL 31

Expert Comment

by:MegaNuk3
Comment Utility
Or check PF Referrals on the RGC cause it should work over them.
Do EMS
Get-RoutingGroupConnector | fl
And look for referrals
0
 
LVL 8

Author Closing Comment

by:SeaSenor
Comment Utility
Thanks MegaNuk3
Much appreciated.

I'll start another thread with other questions.
0
 
LVL 31

Expert Comment

by:MegaNuk3
Comment Utility
Thanks for the points.

For anyone reading this question the UPN autodiscover issue is resolved in Feb 2011 updates for Outlook 2007 / 2010
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Join & Write a Comment

Utilizing an array to gracefully append to a list of EmailAddresses
Easy CSR creation in Exchange 2007,2010 and 2013
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now