Solved

OAB and autodiscover 2010 not working

Posted on 2011-09-19
14
2,398 Views
Last Modified: 2012-05-12
Hi

my customer environment is consist of 4 exchange 2010 Sp1, where 2 node exchange 2010 as Mailbox and 2 node exchange 2010 as CAS/HUB

After migrating the current environment from exchange 200 to exchange 2010 SP1(rolluup3)
OAB download and Autodiscover is not working

I follow the setting in the below document, but still OAB i& Autodiscover still persist
http://blogs.technet.com/b/exchange/archive/2010/09/23/3411146.aspx

for autodiscover from external- When i try to configure autodiscover from outlook 2010, it keeps prompting for password and it will never succeded. When i configure the setting using manual configuration evetrhying working fine
attached auodiscover.jpeg from outlook for reference

for OAB (Internal/External).- No error but its not working. the only error is when i try to browse https://mail.XXXXX.com.sg/OAB. i am keep reqeusting for authenthication , once keying
401 - Unauthorized: Access is denied due to invalid credentials.
You do not have permission to view this directory or page using the credentials that you supplied.

Regards
Ramkumar.A autodiscover-Exchange 2010
0
Comment
Question by:ramkumara
  • 7
  • 7
14 Comments
 
LVL 10

Expert Comment

by:scriven_j
ID: 36565687
In IIS drill down to server, sites, OAB and click on Authentication.  Everything should be disabled apart from Windows Authentication.  Check this is correct before we look at anything else.
0
 
LVL 10

Expert Comment

by:scriven_j
ID: 36565696
Also in Exchange, Drill down to Server Configuration, Client Access and select the Offline Address Book Distribution tab.  Right-click on OAB, Select Properties and check that the internal and external addresses are as expected.
0
 

Author Comment

by:ramkumara
ID: 36565787
Hi Scriven

In IIS OAB authentication is already selected as recommended by you

Internal and external URL are correctly configured.
0
 
LVL 10

Expert Comment

by:scriven_j
ID: 36565808
Can you run through these tests:-

https://www.testexchangeconnectivity.com/

(Outlook Autodiscover) and post the expanded results here please.

Thanks!
0
 

Author Comment

by:ramkumara
ID: 36585166
ExRCA is attempting to test Autodiscover for xxxxxx@xxxxxx.com.
 Autodiscover was tested successfully.
 Test Steps
 Attempting each method of contacting the Autodiscover service.
 The Autodiscover service was tested successfully.
 Test Steps
 Attempting to test potential Autodiscover URL https://xxxxxx.com/AutoDiscover/AutoDiscover.xml
 Testing of this potential Autodiscover URL failed.
 Test Steps      
 Attempting to resolve the host name xxxxxx.com in DNS.
 The host name resolved successfully.
 Additional Details
 IP addresses returned: XXX.XXX.XXX.XXX

Testing TCP port 443 on host xxxxxx.com to ensure it's listening and open.
 The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
 The SSL certificate failed one or more certificate validation checks.
 Test Steps
 ExRCA is attempting to obtain the SSL certificate from remote server xxxxxx.com on port 443.
 ExRCA successfully obtained the remote SSL certificate.
 Additional Details
 Remote Certificate Subject: E=support@webvisions.com, CN=dummy.webvis.net, OU=Technical Support, O=Webvisions, L=Singapore, S=Singapore, C=SG, Issuer: E=ca@snakeoil.dom, CN=Snake Oil CA, OU=Certificate Authority, O="Snake Oil, Ltd", L=Snake Town, S=Snake Desert, C=XY.

Validating the certificate name.
 Certificate name validation failed.
  Tell me more about this issue and how to resolve it
 Additional Details
 Host name xxxxxx.com doesn't match any name found on the server certificate E=support@webvisions.com, CN=dummy.webvis.net, OU=Technical Support, O=Webvisions, L=Singapore, S=Singapore, C=SG.


Attempting to test potential Autodiscover URL https://autodiscover.xxxxxx.com/AutoDiscover/AutoDiscover.xml
 Testing of the Autodiscover URL was successful.
 Test Steps
 Attempting to resolve the host name autodiscover.xxxxxx.com in DNS.
 The host name resolved successfully.
 Additional Details
 IP addresses returned:

Testing TCP port 443 on host autodiscover.xxxxxx.com to ensure it's listening and open.
 The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
 The certificate passed all validation requirements.
 Test Steps
 ExRCA is attempting to obtain the SSL certificate from remote server autodiscover.xxxxxx.com on port 443.
 ExRCA successfully obtained the remote SSL certificate.
 Additional Details
 Remote Certificate Subject: CN=mail.xxxxxx.com.sg, OU=IT, O=Xxxxxx , L=Singapore, S=Singapore, C=SG, Issuer: CN=Xxxxxx Enterprise Root CA, DC=xxxxxx, DC=com.

Validating the certificate name.
 The certificate name was validated successfully.
 Additional Details
 Host name autodiscover.xxxxxx.com was found in the Certificate Subject Alternative Name entry.

Testing the certificate date to confirm the certificate is valid.
 Date validation passed. The certificate hasn't expired.
 Additional Details
 The certificate is valid. NotBefore = 8/3/2011 7:49:14 AM, NotAfter = 8/2/2013 7:49:14 AM



Checking the IIS configuration for client certificate authentication.
 Client certificate authentication wasn't detected.
 Additional Details
 Accept/Require Client Certificates isn't configured.

Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
 ExRCA successfully retrieved Autodiscover settings by sending an Autodiscover POST.
 Test Steps
 ExRCA is attempting to retrieve an XML Autodiscover response from URL https://autodiscover.xxxxxx.com/AutoDiscover/AutoDiscover.xml for user xxxxxx@xxxxxx.com.
 The Autodiscover XML response was successfully retrieved.
 Additional Details
 Autodiscover Account Settings
XML response:
<?xml version="1.0"?>
<Autodiscover xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
<Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">
<User>
<DisplayName>xxxxxx</DisplayName>
<LegacyDN>/O=XXXXXXXXXXXXXXXXXXXXX /cn=Recipients/cn=xxxxxx</LegacyDN>
<DeploymentId>74960eac-8056-4259-84d7-241d5eadb889</DeploymentId>
</User>
<Account>
<AccountType>email</AccountType>
<Action>settings</Action>
<Protocol>
<Type>EXCH</Type>
<Server>Xxxxxx-CAS.xxxxxx.com</Server>
<ServerDN>/o=; Partners/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=Xxxxxx-CAS.xxxxxx.com</ServerDN>
<ServerVersion>738180DA</ServerVersion>
<MdbDN>/o=; Partners/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=Xxxxxx-CAS.xxxxxx.com/cn=Microsoft Private MDB</MdbDN>
<ASUrl>https://xxxxxx-cas-1.xxxxxx.com/EWS/Exchange.asmx</ASUrl>
<OOFUrl>https://xxxxxx-cas-1.xxxxxx.com/EWS/Exchange.asmx</OOFUrl>
<OABUrl>https://xxxxxx-cas-1.xxxxxx.com.sg/OAB/59e64db0-7d4b-4c0e-a8c9-1560c8851a08/</OABUrl>
<UMUrl>https://xxxxxx-cas-1.xxxxxx.com/EWS/UM2007Legacy.asmx</UMUrl>
<Port>0</Port>
<DirectoryPort>0</DirectoryPort>
<ReferralPort>0</ReferralPort>
<PublicFolderServer>XXXXXX-MB-2.xxxxxx.com</PublicFolderServer>
<AD>XXXXXX-DC-2.xxxxxx.com</AD>
<EwsUrl>https://xxxxxx-cas-1.xxxxxx.com/EWS/Exchange.asmx</EwsUrl>
<EcpUrl>https://xxxxxx-cas-1.xxxxxx.com/ecp/</EcpUrl>
<EcpUrl-um>?p=customize/voicemail.aspx&amp;exsvurl=1</EcpUrl-um>
<EcpUrl-aggr>?p=personalsettings/EmailSubscriptions.slab&amp;exsvurl=1</EcpUrl-aggr>
<EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?exsvurl=1&amp;IsOWA=&lt;IsOWA&gt;&amp;MsgID=&lt;MsgID&gt;&amp;Mbx=&lt;Mbx&gt;</EcpUrl-mt>
<EcpUrl-ret>?p=organize/retentionpolicytags.slab&amp;exsvurl=1</EcpUrl-ret>
<EcpUrl-sms>?p=sms/textmessaging.slab&amp;exsvurl=1</EcpUrl-sms>
</Protocol>
<Protocol>
<Type>EXPR</Type>
<Server>autodiscover.xxxxxx.com</Server>
<ASUrl>https://mail.xxxxxx.com.sg/EWS/Exchange.asmx</ASUrl>
<OOFUrl>https://mail.xxxxxx.com.sg/EWS/Exchange.asmx</OOFUrl>
<OABUrl>https://mail.xxxxxx.com.sg/OAB/59e64db0-7d4b-4c0e-a8c9-1560c8851a08/</OABUrl>
<UMUrl>https://mail.xxxxxx.com.sg/EWS/UM2007Legacy.asmx</UMUrl>
<Port>0</Port>
<DirectoryPort>0</DirectoryPort>
<ReferralPort>0</ReferralPort>
<SSL>On</SSL>
<AuthPackage>Basic</AuthPackage>
<EwsUrl>https://mail.xxxxxx.com.sg/EWS/Exchange.asmx</EwsUrl>
</Protocol>
<Protocol>
<Type>WEB</Type>
<Port>0</Port>
<DirectoryPort>0</DirectoryPort>
<ReferralPort>0</ReferralPort>
<Internal>
<OWAUrl AuthenticationMethod="Basic, Fba">https://xxxxxx-cas-1.xxxxxx.com/owa/</OWAUrl>
<OWAUrl AuthenticationMethod="Basic, Fba">https://xxxxxx-cas-2.xxxxxx.com/owa/</OWAUrl>
<Protocol>
<Type>EXCH</Type>
<ASUrl>https://xxxxxx-cas-1.xxxxxx.com/EWS/Exchange.asmx</ASUrl>
</Protocol>
</Internal>
</Protocol>
</Account>
</Response>
</Autodiscover>

PLEASE NOTE :we are using internal CA certificate for autodiscover amd OWA
0
 
LVL 10

Accepted Solution

by:
scriven_j earned 500 total points
ID: 36902929
Sorry for the delay in responding.

Are you sure that you have EWS set to Basic and Windows Authentication as per your link?

<AuthPackage>Basic</AuthPackage>
<EwsUrl>https://mail.xxxxxx.com.sg/EWS/Exchange.asmx</EwsUrl>


It looks like it's only set to basic.... Can you double-check?  (You can double-check the setting in IIS)

If it needs to be changed, the command to set it would be something like:-

Set-WebServicesVirtualDirectory <CAS2010>\EWS* -ExternalURL https://mail.contoso.com/ews/exchange.asmx -BasicAuthentication $true -WindowsAuthentication $true

Open in new window





http://technet.microsoft.com/en-us/library/aa997233.aspx
0
 

Author Comment

by:ramkumara
ID: 36927348
Let me recheck and will update u ASAP
0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 
LVL 10

Expert Comment

by:scriven_j
ID: 37220034
Any update on this problem?
0
 

Author Comment

by:ramkumara
ID: 37295417
Hi

Sorry for the delay, The problem resolved, but partially. Currently when CAS/HUB server reboot the OAB folder permission reset. escpecially it lose IUSR read and execute permission.

I need to reapply this permission everytime when the server reboot inOAB folder. and i need to enable director browsing also.
 
0
 
LVL 10

Expert Comment

by:scriven_j
ID: 37297169

Can you confirm that you have set it using the command in my previous comment using the EMS and not using IIS.

If you set it in IIS, then Exchange will overwrite it like the behaviour you are seeing.
0
 

Author Comment

by:ramkumara
ID: 37304041
i tried to set in EMC still it reset also
0
 

Author Comment

by:ramkumara
ID: 37324411
hello any udpates
0
 
LVL 10

Expert Comment

by:scriven_j
ID: 37326454
I'm afraid I'm out of ideas. Click on Request Attention and ask for the question to be marked for attention so that other experts can look at it again.
0
 

Author Closing Comment

by:ramkumara
ID: 37384552
The solution is partiallay completed, still got some other issue left with OAB as mentioned below
0

Featured Post

Free book by J.Peter Bruzzese, Microsoft MVP

Are you using Office 365? Trying to set up email signatures but you’re struggling with transport rules and connectors? Let renowned Microsoft MVP J.Peter Bruzzese show you how in this exclusive e-book on Office 365 email signatures. Better yet, it’s free!

Join & Write a Comment

Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now