Solved

No organiztion in Exchange 2010 ESM

Posted on 2011-03-24
52
461 Views
Last Modified: 2012-06-22
I just installed a 2010 SP1 Exchange server.
Running on Windows server 2008R2.
Most everything went pretty well...a few bumps, but it's running.
From the start, I have never seen any Organization listed in the System manager window.
I can log on to my 2003 ESM and see it fine.
Any ideas?
0
Comment
Question by:SeaSenor
  • 25
  • 24
  • 2
  • +1
52 Comments
 
LVL 17

Expert Comment

by:Sikhumbuzo Ntsada
ID: 35212989
That should be under:

Start - All  Programs - MS Exchange S 2010 - ECM  
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35213444
Check the event logs for errors, especially AD Topology ones...
0
 
LVL 10

Expert Comment

by:Muzafar Momin
ID: 35213561
re-run forestprep and domainprep and the restart the exchange servers
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35213654
You mean setup.com /PrepareAD
0
 
LVL 10

Expert Comment

by:Muzafar Momin
ID: 35213985
yes try reruning
0
 
LVL 8

Author Comment

by:SeaSenor
ID: 35216066
Re-ran setup.com /PrepareAD. Completed successfully. Restarted.
still nothing in the exchance organiztion.
The logs show no errors, and says the commands completed successfully.

Just to clarify:
When I select the 'organization configuration' in Exchange Management, it shows nothing.
attached is a screen shot.



 
screenshot---Copy.jpg
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35216546
Are you expecting to see a federation trust in there or something ?
0
 
LVL 8

Author Comment

by:SeaSenor
ID: 35216618
should i see anything?

I have a single domain, and a single site, with a single exch organization.

In exchange 2003 manager I see the organization name.
0
 
LVL 31

Accepted Solution

by:
MegaNuk3 earned 500 total points
ID: 35216761
You won't see the Org name in E2k10 as everything is based on AD including routing.
0
 
LVL 8

Author Comment

by:SeaSenor
ID: 35216814
i see... well I have have ran get-organizationconfig and it shows the org name etc... it all looks fine.

now i am dealing with the damn certificate headaches.

Invalid name on certificate.  sigh....

thanks
0
 
LVL 8

Author Comment

by:SeaSenor
ID: 35216877
i also dont see my other exchange server (2003) listed in The 2010 manager. Should that be showing up... or the database for it?.....anything regarding the 2003 exchange?

everything for both servers (2010 and 2003) show up in the 2003 manager.

0
 
LVL 8

Author Comment

by:SeaSenor
ID: 35216924
it was my understanding on the certificate, I should include the following:

mydomain
servername
servername.mydomain.com
autodiscover.mydomain.com
webmail.mydomain.com

I used webmail.mydomain.com as the common name, as mentioned in other reference so Outlook anywhere and other offsite access wouldn't have issues with the name.
Now my Outlook 2007 clients are getting the invalid name issue.

should i have used servername.mydomain.com instead for the common name?

I know that's off topic a little here, but there are a hundred certificate threads already, and I don't want to start another one.  If no one wants to answer that's fine.. I'll figure it out. I'm just ready to get this done. Very time consuming so far....for whaterver reason.. maybe i'm just dumb.
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35216948
Check the certificate you have enabled for IIS because SP1 may have reset it to the self signed one

You will see mailboxes, contacts, DGs from e2k3 in the EMc and that is about it because the EMC should not be used to admin E2k3 servers and databases.
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35216974
Time to test outlook autoconfig:
With outlook open, hold down CTRL key and right click on the Outlook icon in the bottom right hand side of your screen, then on the popup menu select the "Test Autoconfiguration". Select that, enter valid credentials and select the "autodiscover" option only and test.

Then check the URLs returned to see which ones don't match your cert.

Also do get-exchangecertificate | fl to check which Certs are enabled for what
0
 
LVL 8

Author Comment

by:SeaSenor
ID: 35216978
I just installed the certificate 10 minutes ago, and assigned all services to it.  Do you mean assigned when you say enabled?
I had installed exchange w/sp1 from the disc.
Also ran the update rollup and stuff prior to the last cert install....


0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35217021
Sounds good, restart outlook and check I'd you still get the prompt, if so, do the autoconfig test
0
 
LVL 8

Author Comment

by:SeaSenor
ID: 35217141
autoconfiguration was unable to determin my settings!
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35217423
Ok did it give any error codes? Did it find the SCP?

Also try
Test-outlookwebServices | fl
0
 
LVL 8

Author Comment

by:SeaSenor
ID: 35217489
Test-outlookwebServices | fl    failed miserably.

I don't have the firewall rules opened yet to this server for one thing, and the DNS settings are still pointing to my ex2003 server for OWA.

The autoconfiguration test did find the SCP  but this test did not.

I'm submitting a name change for the certificate right now. I think that problem may be the FQDN.

On the cert it reads:   mailserver.mydomain.com
the FQDN is:  mailserver.subdomain.mydomain.com
I'll see how that goes.
That may be the case for autodiscover as well.

0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35217727
You can get round that if you have internal DNS and have an A record for autodiscover.mydomain.com and point it at your CAS servers internal IP address.

Then do get-clientAccessServer | Set-ClientAccessServer -autodiscoverserviceinternaluri "https://autodiscover.mydomain.com/autodiscover/autodiscover.XML"
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35217767
Otherwise have a look at putting in SRV records internally and externally:
Add an external DNS SRV record that points to an external name on your cert, which resolves to the external IP address of your CAS server:
http://support.microsoft.com/kb/940881
0
 
LVL 8

Author Comment

by:SeaSenor
ID: 35235266
the name change fixed the internal cert error.  It was easy to do with godaddy....as most cert authorities would be I imagine.

I currently have my ISP pointing a name (webmail.mydomin.com) to an external IP address .. Then I NAT that through our firewall to the exchange 2003 box.
I assume I can just change the NAT policy and point it to my exchange 2010 box.

0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35236924
yep, just change NAT to point to your Exchange 2010 box and as long as the cert is installed there and you have set your ExternalURL values to webmail.mydomain.com you should be fine.
0
 
LVL 8

Author Comment

by:SeaSenor
ID: 35258301
Thanks MegaNuk3....

Quite a few different variations in setup vs. 2003. I still have a laundry list of items to check/configure.

Do i need any internal DNS settings really?  I can send/recieve mail, internally/externally.

I cannot get the autoconfigure to run right though. It finds the SCP but autodiscover fails.

.
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35258394
What error are you getting with the SCP?
0
 
LVL 8

Author Comment

by:SeaSenor
ID: 35258491
well .... here is whats going on.

when I create a user/mailbox...it makes the email address of:  user@subdomain.mydomain.com

I also had to include that on the certificate to clear the 'name not found' error....at least I did without adding any DNS entrys into my local DNS servers.

However, if I run the autoconfigure (autodiscover)... it fails against that email address.
It succeeds if I remove the subdomain from the address:   user@mydomain.com



0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35258634
In the outlook autoconfig test check the autodiscover URL that is being returned by the SCP, see if you can open that URL in IE without a certificate prompt

You should see an error code after the SCP test like 0x80072F0C? What is your error code?
0
 
LVL 8

Author Comment

by:SeaSenor
ID: 35258707
it finds the SCP no matter which email address I use.
When it attempts autodiscover is when it fails...but only if i include the subdomain in the address.

0x800C8203 is the code for the autodiscover failure



0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35259587
Ok and if you open the URL in IE do you get a error 600 invalid request?

Does your mailbox have that e-mail address ? @subdomain.mydomain.com
0
 
LVL 8

Author Comment

by:SeaSenor
ID: 35259725
No the primary SMTP address does not contain the subdomain....when I open/run autoconfigure, it puts that address in by default. Also, when I create a new user/mailbox, it uses the subdomain as part of the user prinicpal name.
I have to remove the subdomain manually in autoconfigure and run the test.

which URL are you referring to?
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35259785
0
 
LVL 8

Author Comment

by:SeaSenor
ID: 35259848
well it does not resolve without the subdomain in the URL.
It gives me a login prompt with the subdomain in the URL, and when I login, it displays the following code:


<?xml version="1.0" encoding="UTF-8"?>
-<Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006"> -<Response> -<Error Id="1150048357" Time="10:37:53.6964668"> <ErrorCode>600</ErrorCode> <Message>Invalid Request</Message> <DebugData/> </Error> </Response> </Autodiscover>
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35260022
Ok did it give you a cert prompt?

Do get-clientaccessServer |fl autodiscoverserviceinternaluri
And see if that URL is valid or not
0
 
LVL 8

Author Comment

by:SeaSenor
ID: 35260083
no cert prompt.

get-clientaccessServer |fl autodiscoverserviceinternaluri    returns the following:

emailserver.subdomain.mydomain.com/Autodiscover/Autodiscover.xml



0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35260348
Ok, as a test can you add the UPN as an additional email address on the mailbox?
0
 
LVL 8

Author Comment

by:SeaSenor
ID: 35260403
i added it.... the only test I tried was autodiscover... which suceeded.
0
 
LVL 31

Assisted Solution

by:MegaNuk3
MegaNuk3 earned 500 total points
ID: 35260845
Apparently it is an issue in the Dec 2010 / jan 2011 updates for outlook 2007 / 2010 respectively where outlook is picking up the UPN instead of the email address to try and autodiscover against. To prove it, you can uninstall the outlook update and setup a new outlook profile and see if the email address is picked up and not the UPN.

In the test did you add the email address as a secondary SMTP?
0
 
LVL 8

Author Comment

by:SeaSenor
ID: 35260884
yes i did add the email address as the secondary smtp.

I'll check the update and see if it will uninstall....
good job on the research...
you have more than earned your points here. I wish I could double them for you.
0
 
LVL 8

Author Comment

by:SeaSenor
ID: 35260938
KB-2412171 ???   or a different one?
do you have that info?
0
 
LVL 8

Assisted Solution

by:SeaSenor
SeaSenor earned 0 total points
ID: 35261018
yes that was it... i unistalled KB-2412171 and it only picks up the email address and not the UPN

0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35261175
Unfortunately, I dont think there is a MS article about it yet...
So you could do one if 4 things:
1.) uninstall the hotfix - long process
2.) change it to email address when setting up new profiles
3.) edit the default address policy or create a new one to add a secondary smtp address to everyones mailbox so that they have a email address that matches the UPN- this will be hard to do if you are using some weird account name standard
4.) add internal SRV record - I am not entirely sure this will work, but it will get round the issue of contacting the SCP
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35261192
Thanks for the points. Feel free to post your new question link into this one and I will see if I can answer it ;-)
0
 
LVL 8

Author Comment

by:SeaSenor
ID: 35261198
All email flow works properly....even prior to removing the update.

I can set up email on client machines, etc.... I have not tested any calender/free/busy items yet.

0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35261323
Try set an out of office message, that is a good test of autodiscover, EWS & availability service
0
 
LVL 8

Author Comment

by:SeaSenor
ID: 35261394
Works perfectly... I also successfully sent/accepted meeting requests.

0
 
LVL 8

Author Comment

by:SeaSenor
ID: 35261477
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35261496
Sounds good. You can also go into the meeting and then look at the attendee availability which will show you free/busy info via the Availability service
0
 
LVL 8

Author Comment

by:SeaSenor
ID: 35261686
it doens't show the free/busy info for mailboxes on the ex2003 server. Only the 2010 server
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35262752
To see the FB from the E2k3 server you need to replicate the E2k3 FB folder to E2k10
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35263164
Or check PF Referrals on the RGC cause it should work over them.
Do EMS
Get-RoutingGroupConnector | fl
And look for referrals
0
 
LVL 8

Author Closing Comment

by:SeaSenor
ID: 35312596
Thanks MegaNuk3
Much appreciated.

I'll start another thread with other questions.
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35312707
Thanks for the points.

For anyone reading this question the UPN autodiscover issue is resolved in Feb 2011 updates for Outlook 2007 / 2010
0

Featured Post

Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question