[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

SBS 2008 revert back to initail settings

Posted on 2011-04-21
11
Medium Priority
?
545 Views
Last Modified: 2012-06-27
We recently installed SBS 2008 with Exchange 2007.  I purchased an SSL cert from Godaddy and installed that in IIS.  Everything was good - our Outlook 2007 clients connected to Exchange directly to the server via the internal server address and OWA & Activesync worked great from the Internet.
Today I added the POP3 connector.  SBS required me to run the "set up your internet address" wizard claiming it had not been done. Immediately following that Outlook started requiring a login which would not accept any credentials.  I changed autodiscover to be the fqdn of my server and that did not help.  If I try to set it back to internal it won't accept my servername as a valid identity.  
At this point Outlook is extremely slow to syncronize and will not finish syncronizing without a valid login, followed by an error related to the OAB not found.
How can I get things back to the way they were?  I wan't Outlook to sync with the internal address of my server.
0
Comment
Question by:Cybertronnh
  • 6
  • 5
11 Comments
 
LVL 31

Accepted Solution

by:
MegaNuk3 earned 2000 total points
ID: 35442412
What are the names on your cert? You need to make sure they resolve internally to the internal IP address of your server.

For example if the name on your cert is mail.mydomain.com then add an entry for that on your SBS server's DNS pointing it at the internal IP address of your SBS server

Then change the autodiscover URL with
Get-clientaccessserver | set-clientaccessserver -autodiscoverserviceinternaluri "https://mail.mydomain.com/autodiscover/autodiscover.XML"

Then set the OAB with
Get-OABVirtualDirectory | set-OABVirtualDirectory -internalUrl "https://mail.mydomain.com/OAB" -externalUrl "https://mail.mydomain.com/OAB"
0
 

Author Comment

by:Cybertronnh
ID: 35442669
It is a single domain cert pointing to remote.mydomain.com.  I changed the autodiscover to reference the fqdn https://remote.mydomain.com.  I am still getting a login prompt and it simply will not accept any credentials.
Ultimately I want autodiscover, ews, oab & um to point to the internal server name and use my ssl cert for OWA, exactly the way it was this morning before I ran that @#$% "set up your internet address" wizard.
Also, in the past when I have pointed the fqdn to the internal IP Outlook will start but will give an invalid cert message
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35442884
Is remote.mydomain.com resolvable internally to the internal IP address of your server?

Then all you should need to do is:
Get-clientaccessserver | set-clientaccessserver -autodiscoverserviceinternaluri "https://remote.mydomain.com/autodiscover/autodiscover.XML"
0
Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

 

Author Comment

by:Cybertronnh
ID: 35442958
I verified both at the server as well as this PC that remote.mydomain.com resolves to 192.168.1.2.  Still, when I create a new outlook profile at this pc it picks up the server info but then asks for login credentials.  I will not take anything I put in for login credentials - username, username@myinternaldomain.local, username@mydomain.com, or internaldomain\username
0
 

Author Comment

by:Cybertronnh
ID: 35442982
fwiw Outlook picks up username@mydomain.com during the autodiscovery process
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35443256
Time to test outlook autoconfig:
With outlook open, hold down CTRL key and right click on the Outlook icon in the bottom right hand side of your screen, then on the popup menu select the "Test Autoconfiguration". Select that, enter valid credentials and select the "autodiscover" option only and test.

Verify the autodiscover URL being found and tried is like the one I mentioned above
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35443284
Ensure Outlook is set to encrypt the connection between itself and the server. Please tell me that you are running SP3 for Exchange 2007 on this server?
0
 

Author Comment

by:Cybertronnh
ID: 35444184
I am not running sp3 on this server - it is a SBS 2008 & exchange service packs do not like to install.  That was a project to be tackled another day.  As for testing the autodiscover, at this point I can't configure a working Outlook profile so I can't test it.
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35444284
SP3 is really easy to install on SBS2008:
http://support.microsoft.com/kb/982423

You only need to see the Outlook icon in the system tray to be able to do the autoconfig test... Even during profile config or outlook profile prompt.
0
 

Author Comment

by:Cybertronnh
ID: 35444925
Thanks Megalluk3 for the link.  in the meantime, I contacted Microsoft.  We reset dns entries to point the external fqdn to the internal IP, set the virtual directories and autodiscover to point to that fqdn, and added one registry entry to HKLM/system/currentcontrolset/control/LSA DisableLoopBackCheck 1.  I bound my SSL cert to the SBS website and all is good now.  
It doesn't feel like the MS Tech did anything I didn't already try - both before you responded as well as after you gave me pretty much the same suggestions as what the MS Tech actually did - but I must have missed something along the way.
The one thing I do know I missed is I did not create the reverse pointer when I created the DNS entry the first time.
Thank you very much for you help.
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35444964
Glad you got it sorted, thanks fir the points and final solution
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Stellar Exchange Toolkit: this 5 in 1 toolkit comes loaded with mega-software tool. Here’s an introduction to tools’ usage and advantages:
Mailbox Corruption is a nightmare every Exchange DBA wishes he never has. Recovering from it can be super-hectic if not entirely futile. And though techniques like the New-MailboxRepairRequest cmdlet have been designed to help with fixing minor corr…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …
Suggested Courses
Course of the Month19 days, 15 hours left to enroll

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question