Jerry Dunning
asked on
Active Directory domain accounts locking out when MS Outlook is opened using Outlook Anywhere
All of our employees have MS Outlook 2007 and they are configured for Outlook Anywhere so that they can still use Outlook client using HTTP. Points to our https: OWA address
Proxy Authentication Settings: Basic Authentication
Some of our employees (some Win 7, some XP) when they are away from the office and not on our domain, they log onto their computer with the cached username and password. Then they Launch MS Outlook 2007 client and it will prompt them for their Domain credentials to authenticate to our Exchange Server. This is expected.
However, before they even enter their credentials the Domain account is locked. It locks the second they launch Outlook. I can unlock the account and they can then enter their Domain credentials and it connects fine.
If the users log onto the computer, and then VPN into our network before launching Outlook it works fine and does not lock the account. This is to be expected as well because they are essentially connected to our Domain at that point.
I have cleared IE Temp files, cookies, passwords, forms. Gone into the Control Panel user account mangement and checked for any "Stored user names and passwords" and there are none listed on any of these having problems.
So if it is using an old cached password somewhere I cannot find it. Our lockout policy is set to 3 failed attempts and they will not change this. But the account will lock instantly the second they open Outlook while not first on our network. Unlock it, and then they can log in and work fine. Any suggestions and help is appreciated.
Exchange Server 2010 Ver: 14.01.0289.001
MS Outlook 2007 SP2 MSO (12.0.6554.5001)
Proxy Authentication Settings: Basic Authentication
Some of our employees (some Win 7, some XP) when they are away from the office and not on our domain, they log onto their computer with the cached username and password. Then they Launch MS Outlook 2007 client and it will prompt them for their Domain credentials to authenticate to our Exchange Server. This is expected.
However, before they even enter their credentials the Domain account is locked. It locks the second they launch Outlook. I can unlock the account and they can then enter their Domain credentials and it connects fine.
If the users log onto the computer, and then VPN into our network before launching Outlook it works fine and does not lock the account. This is to be expected as well because they are essentially connected to our Domain at that point.
I have cleared IE Temp files, cookies, passwords, forms. Gone into the Control Panel user account mangement and checked for any "Stored user names and passwords" and there are none listed on any of these having problems.
So if it is using an old cached password somewhere I cannot find it. Our lockout policy is set to 3 failed attempts and they will not change this. But the account will lock instantly the second they open Outlook while not first on our network. Unlock it, and then they can log in and work fine. Any suggestions and help is appreciated.
Exchange Server 2010 Ver: 14.01.0289.001
MS Outlook 2007 SP2 MSO (12.0.6554.5001)
ASKER
Unfortunately I can only look at how our Outlook Anywhere settings are configured. The way the autodiscover was actually configured on the Exchange Server itself would have been set up by our AD team and I would have to engage them further to get that answer which might take some time. I can tell you that in Outlook itself it is pointing to the same external https: URL that we use to go to and log into OWA.
Does that help, or do you need the actual way it was configured on the exchange server itself?
Does that help, or do you need the actual way it was configured on the exchange server itself?
testexchangeconnectivity.c
there you can choose your autodiscover and outlook anywhere test and use some account of your domain.
post outcome here please
there you can choose your autodiscover and outlook anywhere test and use some account of your domain.
post outcome here please
ASKER
This is using a test account I set up not one of the affected users having the problem. And the optoin tested is: Outlook Anywhere (RPC over HTTP)
--------------------
Testing RPC/HTTP connectivity.
The RPC/HTTP test completed successfully.
Test Steps
ExRCA is attempting to test Autodiscover for quicktest@hdrinc.com.
Autodiscover was tested successfully.
Test Steps
Attempting each method of contacting the Autodiscover service.
The Autodiscover service was tested successfully.
Test Steps
Attempting to test potential Autodiscover URL https://hdrinc.com/AutoDiscover/AutoDiscover.xml
Testing of this potential Autodiscover URL failed.
Test Steps
Attempting to resolve the host name hdrinc.com in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 216.58.241.201
Testing TCP port 443 on host hdrinc.com to ensure it's listening and open.
The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
The certificate passed all validation requirements.
Test Steps
Validating the certificate name.
The certificate name was validated successfully.
Additional Details
Host name hdrinc.com was found in the Certificate Subject Alternative Name entry.
Certificate trust is being validated.
The certificate is trusted and all certificates are present in the chain.
Additional Details
The certificate chain has been validated up to a trusted root. Root = OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US.
Testing the certificate date to confirm the certificate is valid.
Date validation passed. The certificate hasn't expired.
Additional Details
The certificate is valid. NotBefore = 11/4/2010 3:49:06 PM, NotAfter = 11/4/2011 3:49:06 PM
Checking the IIS configuration for client certificate authentication.
Client certificate authentication wasn't detected.
Additional Details
Accept/Require Client Certificates isn't configured.
Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
Autodiscover settings weren't obtained when the Autodiscover POST request was sent.
Test Steps
ExRCA is attempting to retrieve an XML Autodiscover response from URL https://hdrinc.com/AutoDiscover/AutoDiscover.xml for user quicktest@hdrinc.com.
ExRCA failed to obtain an Autodiscover XML response.
Additional Details
The Autodiscover XML response received by ExRCA was invalid. Exception: Exception details:
Message: There is an error in XML document (1, 50).
Type: System.InvalidOperationExc
Stack trace:
at System.Xml.Serialization.X
at System.Xml.Serialization.X
at Microsoft.Exchange.Tools.E
Exception details:
Message: There is an error in XML document (1, 50).
Type: System.InvalidOperationExc
Stack trace:
at System.Xml.Serialization.X
at System.Xml.Serialization.X
at Microsoft.Exchange.Tools.E
Attempting to test potential Autodiscover URL https://autodiscover.hdrinc.com/AutoDiscover/AutoDiscover.xml
Testing of the Autodiscover URL was successful.
Test Steps
Attempting to resolve the host name autodiscover.hdrinc.com in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 64.253.166.40
Testing TCP port 443 on host autodiscover.hdrinc.com to ensure it's listening and open.
The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
The certificate passed all validation requirements.
Test Steps
Validating the certificate name.
The certificate name was validated successfully.
Additional Details
Host name autodiscover.hdrinc.com was found in the Certificate Subject Alternative Name entry.
Certificate trust is being validated.
The certificate is trusted and all certificates are present in the chain.
Additional Details
The certificate chain has been validated up to a trusted root. Root = OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US.
Testing the certificate date to confirm the certificate is valid.
Date validation passed. The certificate hasn't expired.
Additional Details
The certificate is valid. NotBefore = 6/28/2010 5:22:20 PM, NotAfter = 6/28/2013 5:22:20 PM
Checking the IIS configuration for client certificate authentication.
Client certificate authentication wasn't detected.
Additional Details
Accept/Require Client Certificates isn't configured.
Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
ExRCA successfully retrieved Autodiscover settings by sending an Autodiscover POST.
Test Steps
ExRCA is attempting to retrieve an XML Autodiscover response from URL https://autodiscover.hdrinc.com/AutoDiscover/AutoDiscover.xml for user quicktest@hdrinc.com.
The Autodiscover XML response was successfully retrieved.
Additional Details
Autodiscover Account Settings
XML response:
<?xml version="1.0"?>
<Autodiscover xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
<Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">
<User>
<DisplayName>QuickTest Exchange</DisplayName>
<LegacyDN>/o=HDR/ou=Exchan
<DeploymentId>e3b3a52a-73c
</User>
<Account>
<AccountType>email</Accoun
<Action>settings</Action>
<Protocol>
<Type>EXCH</Type>
<Server>outlook.intranet.h
<ServerDN>/o=HDR/ou=Exchan
<ServerVersion>738180DA</S
<MdbDN>/o=HDR/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Confi
<ASUrl>https://omac-inexcas04.intranet.hdr/EWS/Exchange.asmx</ASUrl>
<OOFUrl>https://omac-inexcas04.intranet.hdr/EWS/Exchange.asmx</OOFUrl>
<OABUrl>http://omac-inexcas04.intranet.hdr/OAB/dd7f68a9-c5f0-446c-9681-4cc0f25d6741/</OABUrl>
<UMUrl>https://omac-inexcas04.intranet.hdr/EWS/UM2007Legacy.asmx</UMUrl>
<Port>0</Port>
<DirectoryPort>0</Director
<ReferralPort>0</ReferralP
<PublicFolderServer>OMAC-I
<AD>omac-dcomane05.intrane
<EwsUrl>https://omac-inexcas04.intranet.hdr/EWS/Exchange.asmx</EwsUrl>
<EcpUrl>https://omac-inexcas04.intranet.hdr/ecp/</EcpUrl>
<EcpUrl-um>?p=customize/vo
<EcpUrl-aggr>?p=personalse
<EcpUrl-mt>PersonalSetting
<EcpUrl-ret>?p=organize/re
</Protocol>
<Protocol>
<Type>EXPR</Type>
<Server>hdrwebmail.hdrinc.
<ASUrl>https://hdrwebmail.hdrinc.com/ews/exchange.asmx</ASUrl>
<OOFUrl>https://hdrwebmail.hdrinc.com/ews/exchange.asmx</OOFUrl>
<OABUrl>https://hdrwebmail.hdrinc.com/OAB/dd7f68a9-c5f0-446c-9681-4cc0f25d6741/</OABUrl>
<UMUrl>https://hdrwebmail.hdrinc.com/ews/UM2007Legacy.asmx</UMUrl>
<Port>0</Port>
<DirectoryPort>0</Director
<ReferralPort>0</ReferralP
<SSL>On</SSL>
<AuthPackage>Basic</AuthPa
<EwsUrl>https://hdrwebmail.hdrinc.com/ews/exchange.asmx</EwsUrl>
<EcpUrl>https://hdrwebmail.hdrinc.com/ecp/</EcpUrl>
<EcpUrl-um>?p=customize/vo
<EcpUrl-aggr>?p=personalse
<EcpUrl-mt>PersonalSetting
<EcpUrl-ret>?p=organize/re
</Protocol>
<Protocol>
<Type>WEB</Type>
<Port>0</Port>
<DirectoryPort>0</Director
<ReferralPort>0</ReferralP
<Internal>
<OWAUrl AuthenticationMethod="Basi
<OWAUrl AuthenticationMethod="Basi
<OWAUrl AuthenticationMethod="Basi
<Protocol>
<Type>EXCH</Type>
<ASUrl>https://omac-inexcas04.intranet.hdr/EWS/Exchange.asmx</ASUrl>
</Protocol>
</Internal>
<External>
<OWAUrl AuthenticationMethod="Fba"
<Protocol>
<Type>EXPR</Type>
<ASUrl>https://hdrwebmail.hdrinc.com/ews/exchange.asmx</ASUrl>
</Protocol>
</External>
</Protocol>
</Account>
</Response>
</Autodiscover>
Autodiscover settings for Outlook Anywhere are being validated.
ExRCA validated the Outlook Anywhere Autodiscover settings.
Attempting to resolve the host name hdrwebmail.hdrinc.com in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 64.253.166.40
Testing TCP port 443 on host hdrwebmail.hdrinc.com to ensure it's listening and open.
The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
The certificate passed all validation requirements.
Test Steps
Validating the certificate name.
The certificate name was validated successfully.
Additional Details
Host name hdrwebmail.hdrinc.com was found in the Certificate Subject Common name.
Certificate trust is being validated.
The certificate is trusted and all certificates are present in the chain.
Additional Details
The certificate chain has been validated up to a trusted root. Root = OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US.
Testing the certificate date to confirm the certificate is valid.
Date validation passed. The certificate hasn't expired.
Additional Details
The certificate is valid. NotBefore = 6/28/2010 5:22:20 PM, NotAfter = 6/28/2013 5:22:20 PM
Checking the IIS configuration for client certificate authentication.
Client certificate authentication wasn't detected.
Additional Details
Accept/Require Client Certificates isn't configured.
Testing HTTP Authentication Methods for URL https://hdrwebmail.hdrinc.com/rpc/rpcproxy.dll.
The HTTP authentication methods are correct.
Additional Details
ExRCA found all expected authentication methods and no disallowed methods. Methods found: Basic
Testing SSL mutual authentication with the RPC proxy server.
Mutual authentication was verified successfully.
Additional Details
Certificate common name hdrwebmail.hdrinc.com matches msstd:hdrwebmail.hdrinc.co
Attempting to ping RPC proxy hdrwebmail.hdrinc.com.
RPC Proxy was pinged successfully.
Additional Details
Completed with HTTP status 200 - OK
Attempting to ping RPC endpoint 6001 (Exchange Information Store) on server outlook.intranet.hdr.
The endpoint was pinged successfully.
Additional Details
RPC Status Ok (0) returned in 575 ms.
Testing the Name Service Provider Interface (NSPI) on the Exchange Mailbox server.
The NSPI interface was tested successfully.
Test Steps
Attempting to ping RPC endpoint 6004 (NSPI Proxy Interface) on server outlook.intranet.hdr.
The endpoint was pinged successfully.
Additional Details
RPC Status Ok (0) returned in 902 ms.
Testing NSPI "Check Name" for user quicktest@hdrinc.com against server outlook.intranet.hdr.
Check Name succeeded.
Additional Details
DisplayName: QuickTest Exchange, LegDN: /o=HDR/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recip
Testing the Referral service on the Exchange Mailbox server.
The Referral service was tested successfully.
Test Steps
Attempting to ping RPC endpoint 6002 (Referral Interface) on server outlook.intranet.hdr.
The endpoint was pinged successfully.
Additional Details
RPC Status Ok (0) returned in 902 ms.
Attempting to perform referral for user /o=HDR/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recip
ExRCA successfully got the referral.
Additional Details
The server returned by the Referral service: outlook.intranet.hdr
Testing the Exchange Information Store on the Mailbox server.
ExRCA successfully tested the Information Store.
Test Steps
Attempting to ping RPC endpoint 6001 (Exchange Information Store) on server outlook.intranet.hdr.
The endpoint was pinged successfully.
Additional Details
RPC Status Ok (0) returned in 871 ms.
Attempting to log on to the Exchange Information Store.
ExRCA successfully logged on to the Information Store.
--------------------
Testing RPC/HTTP connectivity.
The RPC/HTTP test completed successfully.
Test Steps
ExRCA is attempting to test Autodiscover for quicktest@hdrinc.com.
Autodiscover was tested successfully.
Test Steps
Attempting each method of contacting the Autodiscover service.
The Autodiscover service was tested successfully.
Test Steps
Attempting to test potential Autodiscover URL https://hdrinc.com/AutoDiscover/AutoDiscover.xml
Testing of this potential Autodiscover URL failed.
Test Steps
Attempting to resolve the host name hdrinc.com in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 216.58.241.201
Testing TCP port 443 on host hdrinc.com to ensure it's listening and open.
The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
The certificate passed all validation requirements.
Test Steps
Validating the certificate name.
The certificate name was validated successfully.
Additional Details
Host name hdrinc.com was found in the Certificate Subject Alternative Name entry.
Certificate trust is being validated.
The certificate is trusted and all certificates are present in the chain.
Additional Details
The certificate chain has been validated up to a trusted root. Root = OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US.
Testing the certificate date to confirm the certificate is valid.
Date validation passed. The certificate hasn't expired.
Additional Details
The certificate is valid. NotBefore = 11/4/2010 3:49:06 PM, NotAfter = 11/4/2011 3:49:06 PM
Checking the IIS configuration for client certificate authentication.
Client certificate authentication wasn't detected.
Additional Details
Accept/Require Client Certificates isn't configured.
Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
Autodiscover settings weren't obtained when the Autodiscover POST request was sent.
Test Steps
ExRCA is attempting to retrieve an XML Autodiscover response from URL https://hdrinc.com/AutoDiscover/AutoDiscover.xml for user quicktest@hdrinc.com.
ExRCA failed to obtain an Autodiscover XML response.
Additional Details
The Autodiscover XML response received by ExRCA was invalid. Exception: Exception details:
Message: There is an error in XML document (1, 50).
Type: System.InvalidOperationExc
Stack trace:
at System.Xml.Serialization.X
at System.Xml.Serialization.X
at Microsoft.Exchange.Tools.E
Exception details:
Message: There is an error in XML document (1, 50).
Type: System.InvalidOperationExc
Stack trace:
at System.Xml.Serialization.X
at System.Xml.Serialization.X
at Microsoft.Exchange.Tools.E
Attempting to test potential Autodiscover URL https://autodiscover.hdrinc.com/AutoDiscover/AutoDiscover.xml
Testing of the Autodiscover URL was successful.
Test Steps
Attempting to resolve the host name autodiscover.hdrinc.com in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 64.253.166.40
Testing TCP port 443 on host autodiscover.hdrinc.com to ensure it's listening and open.
The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
The certificate passed all validation requirements.
Test Steps
Validating the certificate name.
The certificate name was validated successfully.
Additional Details
Host name autodiscover.hdrinc.com was found in the Certificate Subject Alternative Name entry.
Certificate trust is being validated.
The certificate is trusted and all certificates are present in the chain.
Additional Details
The certificate chain has been validated up to a trusted root. Root = OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US.
Testing the certificate date to confirm the certificate is valid.
Date validation passed. The certificate hasn't expired.
Additional Details
The certificate is valid. NotBefore = 6/28/2010 5:22:20 PM, NotAfter = 6/28/2013 5:22:20 PM
Checking the IIS configuration for client certificate authentication.
Client certificate authentication wasn't detected.
Additional Details
Accept/Require Client Certificates isn't configured.
Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
ExRCA successfully retrieved Autodiscover settings by sending an Autodiscover POST.
Test Steps
ExRCA is attempting to retrieve an XML Autodiscover response from URL https://autodiscover.hdrinc.com/AutoDiscover/AutoDiscover.xml for user quicktest@hdrinc.com.
The Autodiscover XML response was successfully retrieved.
Additional Details
Autodiscover Account Settings
XML response:
<?xml version="1.0"?>
<Autodiscover xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
<Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">
<User>
<DisplayName>QuickTest Exchange</DisplayName>
<LegacyDN>/o=HDR/ou=Exchan
<DeploymentId>e3b3a52a-73c
</User>
<Account>
<AccountType>email</Accoun
<Action>settings</Action>
<Protocol>
<Type>EXCH</Type>
<Server>outlook.intranet.h
<ServerDN>/o=HDR/ou=Exchan
<ServerVersion>738180DA</S
<MdbDN>/o=HDR/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Confi
<ASUrl>https://omac-inexcas04.intranet.hdr/EWS/Exchange.asmx</ASUrl>
<OOFUrl>https://omac-inexcas04.intranet.hdr/EWS/Exchange.asmx</OOFUrl>
<OABUrl>http://omac-inexcas04.intranet.hdr/OAB/dd7f68a9-c5f0-446c-9681-4cc0f25d6741/</OABUrl>
<UMUrl>https://omac-inexcas04.intranet.hdr/EWS/UM2007Legacy.asmx</UMUrl>
<Port>0</Port>
<DirectoryPort>0</Director
<ReferralPort>0</ReferralP
<PublicFolderServer>OMAC-I
<AD>omac-dcomane05.intrane
<EwsUrl>https://omac-inexcas04.intranet.hdr/EWS/Exchange.asmx</EwsUrl>
<EcpUrl>https://omac-inexcas04.intranet.hdr/ecp/</EcpUrl>
<EcpUrl-um>?p=customize/vo
<EcpUrl-aggr>?p=personalse
<EcpUrl-mt>PersonalSetting
<EcpUrl-ret>?p=organize/re
</Protocol>
<Protocol>
<Type>EXPR</Type>
<Server>hdrwebmail.hdrinc.
<ASUrl>https://hdrwebmail.hdrinc.com/ews/exchange.asmx</ASUrl>
<OOFUrl>https://hdrwebmail.hdrinc.com/ews/exchange.asmx</OOFUrl>
<OABUrl>https://hdrwebmail.hdrinc.com/OAB/dd7f68a9-c5f0-446c-9681-4cc0f25d6741/</OABUrl>
<UMUrl>https://hdrwebmail.hdrinc.com/ews/UM2007Legacy.asmx</UMUrl>
<Port>0</Port>
<DirectoryPort>0</Director
<ReferralPort>0</ReferralP
<SSL>On</SSL>
<AuthPackage>Basic</AuthPa
<EwsUrl>https://hdrwebmail.hdrinc.com/ews/exchange.asmx</EwsUrl>
<EcpUrl>https://hdrwebmail.hdrinc.com/ecp/</EcpUrl>
<EcpUrl-um>?p=customize/vo
<EcpUrl-aggr>?p=personalse
<EcpUrl-mt>PersonalSetting
<EcpUrl-ret>?p=organize/re
</Protocol>
<Protocol>
<Type>WEB</Type>
<Port>0</Port>
<DirectoryPort>0</Director
<ReferralPort>0</ReferralP
<Internal>
<OWAUrl AuthenticationMethod="Basi
<OWAUrl AuthenticationMethod="Basi
<OWAUrl AuthenticationMethod="Basi
<Protocol>
<Type>EXCH</Type>
<ASUrl>https://omac-inexcas04.intranet.hdr/EWS/Exchange.asmx</ASUrl>
</Protocol>
</Internal>
<External>
<OWAUrl AuthenticationMethod="Fba"
<Protocol>
<Type>EXPR</Type>
<ASUrl>https://hdrwebmail.hdrinc.com/ews/exchange.asmx</ASUrl>
</Protocol>
</External>
</Protocol>
</Account>
</Response>
</Autodiscover>
Autodiscover settings for Outlook Anywhere are being validated.
ExRCA validated the Outlook Anywhere Autodiscover settings.
Attempting to resolve the host name hdrwebmail.hdrinc.com in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 64.253.166.40
Testing TCP port 443 on host hdrwebmail.hdrinc.com to ensure it's listening and open.
The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
The certificate passed all validation requirements.
Test Steps
Validating the certificate name.
The certificate name was validated successfully.
Additional Details
Host name hdrwebmail.hdrinc.com was found in the Certificate Subject Common name.
Certificate trust is being validated.
The certificate is trusted and all certificates are present in the chain.
Additional Details
The certificate chain has been validated up to a trusted root. Root = OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US.
Testing the certificate date to confirm the certificate is valid.
Date validation passed. The certificate hasn't expired.
Additional Details
The certificate is valid. NotBefore = 6/28/2010 5:22:20 PM, NotAfter = 6/28/2013 5:22:20 PM
Checking the IIS configuration for client certificate authentication.
Client certificate authentication wasn't detected.
Additional Details
Accept/Require Client Certificates isn't configured.
Testing HTTP Authentication Methods for URL https://hdrwebmail.hdrinc.com/rpc/rpcproxy.dll.
The HTTP authentication methods are correct.
Additional Details
ExRCA found all expected authentication methods and no disallowed methods. Methods found: Basic
Testing SSL mutual authentication with the RPC proxy server.
Mutual authentication was verified successfully.
Additional Details
Certificate common name hdrwebmail.hdrinc.com matches msstd:hdrwebmail.hdrinc.co
Attempting to ping RPC proxy hdrwebmail.hdrinc.com.
RPC Proxy was pinged successfully.
Additional Details
Completed with HTTP status 200 - OK
Attempting to ping RPC endpoint 6001 (Exchange Information Store) on server outlook.intranet.hdr.
The endpoint was pinged successfully.
Additional Details
RPC Status Ok (0) returned in 575 ms.
Testing the Name Service Provider Interface (NSPI) on the Exchange Mailbox server.
The NSPI interface was tested successfully.
Test Steps
Attempting to ping RPC endpoint 6004 (NSPI Proxy Interface) on server outlook.intranet.hdr.
The endpoint was pinged successfully.
Additional Details
RPC Status Ok (0) returned in 902 ms.
Testing NSPI "Check Name" for user quicktest@hdrinc.com against server outlook.intranet.hdr.
Check Name succeeded.
Additional Details
DisplayName: QuickTest Exchange, LegDN: /o=HDR/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recip
Testing the Referral service on the Exchange Mailbox server.
The Referral service was tested successfully.
Test Steps
Attempting to ping RPC endpoint 6002 (Referral Interface) on server outlook.intranet.hdr.
The endpoint was pinged successfully.
Additional Details
RPC Status Ok (0) returned in 902 ms.
Attempting to perform referral for user /o=HDR/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recip
ExRCA successfully got the referral.
Additional Details
The server returned by the Referral service: outlook.intranet.hdr
Testing the Exchange Information Store on the Mailbox server.
ExRCA successfully tested the Information Store.
Test Steps
Attempting to ping RPC endpoint 6001 (Exchange Information Store) on server outlook.intranet.hdr.
The endpoint was pinged successfully.
Additional Details
RPC Status Ok (0) returned in 871 ms.
Attempting to log on to the Exchange Information Store.
ExRCA successfully logged on to the Information Store.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Assistance and solution provided will likely resolve this issue, but this has to go through our Exchange and AD team and I don't have control over when this could be implimented or attempted. So I don't want to leave the question open at this point.
i suspect this happens because of the 4 ways outlook tries to contact your autodiscover VD.