Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1215
  • Last Modified:

exchange 2010 autodiscover uses the wrong external url

Hello I have two exchange 2010 servers, and two offices. (chicago and ohio)

The chicago server was created first and uses the external url
https://email2010.domain.com/

ohio uses
https://email2.domain.com

I'm seeing in exchange logs that ohio users are using https://email2010.domain.com  and getting a http error of 500 when their outlook client tries to use autodiscover to connect via outook anywhere.  How can I make users of the ohio server use email2 for autodiscover?

When I type

Set-WebServicesVirtualDirectory -identity "ohio2010\EWS (Default Web Site)" -externalurl https://email2.domain.com/EWS/Exchange.asmx -BasicAuthentication:$True

the exchange shell accepts this but when I test with a:
test-outlookwebservices -identity:myuser@domain.com  I see more autodiscover entries for email2010 than email2.  Yes it still suceeds, but I think that this is still my problem when users are out of the office.

Outlook will keep bothering users for their passwords.
0
inferno521
Asked:
inferno521
  • 10
  • 8
  • 3
2 Solutions
 
AkhaterCommented:
in which part of exchange logs are you seeing that they are using the wrong url ?

ews has nothing to do with autodiscover, and this is surely not the reason why you are being prompted for the username and pass
0
 
Auric1983Commented:
Test Autodiscover and outlook anywhere using ww.testexchangeconnectivity.com using both a user located in chicago and a user located in Ohio.  th is will help us determine where the problem lies.
0
 
inferno521Author Commented:
Akhater:

I'm looking at the oof logs, located at C:\Users\myuser\AppData\Local\Temp\outlook logging

For me it works, I moved my mailbox from chicago to ohio and I can use outlook anywhere or not, and when asked to login, it says that I'm logging into email2.mydomain.com  which is normal.  For the promblem users they are on the ohio server and usually get email2010.mydomain.com

So how do I set the autodiscover for users of the Ohio server
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
Auric1983Commented:

inferno

If you run the "MS Outlook Anywhere" test on https://www.testexchangeconnectivity.com/ for a user located in Ohio it should help us out.

Just to confirm, Ohio & Chicago are in the same AD Forest?
0
 
AkhaterCommented:
" For the promblem users they are on the ohio server and usually get email2010.mydomain.com"

when you say this you mean in the outlook anywhere configuration of outlook it is pointing to the wrong server?
0
 
inferno521Author Commented:
Auric1983:

It fails for me(as an ohio user) with whats below
Host email2.mydomain.com/owa couldn't be resolved in DNS InfoDomainNonexistent.

for a chicago user it does the samething but with email2010.mydomain.com/owa

Though it is operating fine.

The severs are in the same domain and forest.
0
 
inferno521Author Commented:
Akhater:

The outlook anywhere configurmation is fine.  I put in the correct url and authentication, and save it and restart outlook.  Outlook will just try the wrong url usually, or when the users are in the office it will frequently ask them to enter in their username/password, and that box keeps popping up, though it lets the user work despite that
0
 
Auric1983Commented:

Can you verify that you have external dns records for autodiscover.domain.com email2010.domain.com email2.domain.com etc.

0
 
AkhaterCommented:
It looks lke you have some missing external dns record, please give a test username and password in each site so i can help more.

If you want there is a way to contact me on my profile in case you dint want to share these publically
0
 
AkhaterCommented:
ok the first problem you have is that, in your external dns record you have a * record so autodiscover.domain.com is not  being resolved to the correct IP

can you please create a record in your external zone called autodiscover.domain.com and pointing to the same ip as email2010.domain.com ?
0
 
AkhaterCommented:
second problem you have the ecp external URL on email2010.domain.com is wrong
0
 
AkhaterCommented:
please ignore the ecp url part for now, fix the dns thanks
0
 
AkhaterCommented:
after the first tests it looks like your only issue is the DNS record of autodiscover

please fix the autodiscover record to point to the correct IP it should fix it
0
 
AkhaterCommented:
ok your DNS issue is now solved but you have another issue

Exchange is using a * certificate to fix this please run the below on Chicago server


Set-OutlookProvider -Identity EXPR -CertPrincipalName msstd:*.domain.com


you did say you are facing this issue ONLY when users are OUT of office right ?
0
 
inferno521Author Commented:
okay I made the change, I'm still waiting for the ohio users to tell me if its better or not.  I also had them go to the credential manager in windows 7 and delete what's listed for outlook,, because why not.
0
 
AkhaterCommented:
OK things are better autodidcover is now working fine

It seems you had 2010 rtm and upgraded to sp1 is that so ?

what outlook version are your clients running ? and which version of windows ?
0
 
inferno521Author Commented:
I'm not sure about the upgrades, I started after this was in place.

Clients are using either outlook 2007 or 2010, and windows xp, vista, or 7.

One user in ohio is still asked every few minutes to login, though he can still work fine.  And a user who connect to the ohio network via a ssl vpn could not connect to outlook(but could connect to OWA).  but once he disconnected from the VPN outlook anywhere worked fine
0
 
inferno521Author Commented:
I'm thinking that when the external IP of the ohio server was change 2 weeks ago, it messed up something DNS wise, and autodiscovering users and those who VPNed into ohio couldn't connect to the server.  I have just deleted the DNS host a on the DNS server for email2.mydomain.com that was point to the internal IP of the server and put one in the for the external IP of the server.
0
 
AkhaterCommented:
when they are prompted for a user/pass they are being asked to logon to which server?
0
 
inferno521Author Commented:
Deleting the host a record that has the internal IP of my ohio server in the email2.mydomain.com zone causes send/receive on mac office 2011 to fail, but it still works on windows clients.  OWA also fails for all ohio users in the office but the url works for any user at any other site.

Also statically assigning 8.8.8.8 as the dns server, doesn't fix owa for ohio users. Adding the host a record for the internal ip of the ohio server fixes the problem immediately.  Is the problem not with exchange, but with a router/switch/firewall?
0
 
inferno521Author Commented:
I think adding autodiscover to my external DNS and doing a Set-OutlookProvider -Identity EXPR -CertPrincipalName msstd:*.domain.com helped.

But I believe that main problem was that something was being cached locally at the ohio office.  New computers, I shipped 3 to that office, didn't have this problem at all.  So some DNS setting was not being updated.  Flushing the DNS didn't work, but I did delete the host a records for my internal dns and readd them.  Now everyone is fine.
0

Featured Post

Granular recovery for Microsoft Exchange

With Veeam Explorer for Microsoft Exchange you can choose the Exchange Servers and restore points you’re interested in, and Veeam Explorer will present the contents of those mailbox stores for browsing, searching and exporting.

  • 10
  • 8
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now