Solved

exchange 2010 autodiscover uses the wrong external url

Posted on 2011-09-28
21
1,180 Views
Last Modified: 2012-05-12
Hello I have two exchange 2010 servers, and two offices. (chicago and ohio)

The chicago server was created first and uses the external url
https://email2010.domain.com/

ohio uses
https://email2.domain.com

I'm seeing in exchange logs that ohio users are using https://email2010.domain.com  and getting a http error of 500 when their outlook client tries to use autodiscover to connect via outook anywhere.  How can I make users of the ohio server use email2 for autodiscover?

When I type

Set-WebServicesVirtualDirectory -identity "ohio2010\EWS (Default Web Site)" -externalurl https://email2.domain.com/EWS/Exchange.asmx -BasicAuthentication:$True

the exchange shell accepts this but when I test with a:
test-outlookwebservices -identity:myuser@domain.com  I see more autodiscover entries for email2010 than email2.  Yes it still suceeds, but I think that this is still my problem when users are out of the office.

Outlook will keep bothering users for their passwords.
0
Comment
Question by:inferno521
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 10
  • 8
  • 3
21 Comments
 
LVL 49

Expert Comment

by:Akhater
ID: 36812709
in which part of exchange logs are you seeing that they are using the wrong url ?

ews has nothing to do with autodiscover, and this is surely not the reason why you are being prompted for the username and pass
0
 
LVL 16

Expert Comment

by:Auric1983
ID: 36814503
Test Autodiscover and outlook anywhere using ww.testexchangeconnectivity.com using both a user located in chicago and a user located in Ohio.  th is will help us determine where the problem lies.
0
 
LVL 1

Author Comment

by:inferno521
ID: 36815373
Akhater:

I'm looking at the oof logs, located at C:\Users\myuser\AppData\Local\Temp\outlook logging

For me it works, I moved my mailbox from chicago to ohio and I can use outlook anywhere or not, and when asked to login, it says that I'm logging into email2.mydomain.com  which is normal.  For the promblem users they are on the ohio server and usually get email2010.mydomain.com

So how do I set the autodiscover for users of the Ohio server
0
Free eBook: Backup on AWS

Everything you need to know about backup and disaster recovery with AWS, for FREE!

 
LVL 16

Expert Comment

by:Auric1983
ID: 36815381

inferno

If you run the "MS Outlook Anywhere" test on https://www.testexchangeconnectivity.com/ for a user located in Ohio it should help us out.

Just to confirm, Ohio & Chicago are in the same AD Forest?
0
 
LVL 49

Expert Comment

by:Akhater
ID: 36815392
" For the promblem users they are on the ohio server and usually get email2010.mydomain.com"

when you say this you mean in the outlook anywhere configuration of outlook it is pointing to the wrong server?
0
 
LVL 1

Author Comment

by:inferno521
ID: 36815744
Auric1983:

It fails for me(as an ohio user) with whats below
Host email2.mydomain.com/owa couldn't be resolved in DNS InfoDomainNonexistent.

for a chicago user it does the samething but with email2010.mydomain.com/owa

Though it is operating fine.

The severs are in the same domain and forest.
0
 
LVL 1

Author Comment

by:inferno521
ID: 36815754
Akhater:

The outlook anywhere configurmation is fine.  I put in the correct url and authentication, and save it and restart outlook.  Outlook will just try the wrong url usually, or when the users are in the office it will frequently ask them to enter in their username/password, and that box keeps popping up, though it lets the user work despite that
0
 
LVL 16

Accepted Solution

by:
Auric1983 earned 250 total points
ID: 36815778

Can you verify that you have external dns records for autodiscover.domain.com email2010.domain.com email2.domain.com etc.

0
 
LVL 49

Expert Comment

by:Akhater
ID: 36816073
It looks lke you have some missing external dns record, please give a test username and password in each site so i can help more.

If you want there is a way to contact me on my profile in case you dint want to share these publically
0
 
LVL 49

Expert Comment

by:Akhater
ID: 36818190
ok the first problem you have is that, in your external dns record you have a * record so autodiscover.domain.com is not  being resolved to the correct IP

can you please create a record in your external zone called autodiscover.domain.com and pointing to the same ip as email2010.domain.com ?
0
 
LVL 49

Expert Comment

by:Akhater
ID: 36818211
second problem you have the ecp external URL on email2010.domain.com is wrong
0
 
LVL 49

Expert Comment

by:Akhater
ID: 36818238
please ignore the ecp url part for now, fix the dns thanks
0
 
LVL 49

Expert Comment

by:Akhater
ID: 36818278
after the first tests it looks like your only issue is the DNS record of autodiscover

please fix the autodiscover record to point to the correct IP it should fix it
0
 
LVL 49

Assisted Solution

by:Akhater
Akhater earned 250 total points
ID: 36818393
ok your DNS issue is now solved but you have another issue

Exchange is using a * certificate to fix this please run the below on Chicago server


Set-OutlookProvider -Identity EXPR -CertPrincipalName msstd:*.domain.com


you did say you are facing this issue ONLY when users are OUT of office right ?
0
 
LVL 1

Author Comment

by:inferno521
ID: 36891978
okay I made the change, I'm still waiting for the ohio users to tell me if its better or not.  I also had them go to the credential manager in windows 7 and delete what's listed for outlook,, because why not.
0
 
LVL 49

Expert Comment

by:Akhater
ID: 36892702
OK things are better autodidcover is now working fine

It seems you had 2010 rtm and upgraded to sp1 is that so ?

what outlook version are your clients running ? and which version of windows ?
0
 
LVL 1

Author Comment

by:inferno521
ID: 36893793
I'm not sure about the upgrades, I started after this was in place.

Clients are using either outlook 2007 or 2010, and windows xp, vista, or 7.

One user in ohio is still asked every few minutes to login, though he can still work fine.  And a user who connect to the ohio network via a ssl vpn could not connect to outlook(but could connect to OWA).  but once he disconnected from the VPN outlook anywhere worked fine
0
 
LVL 1

Author Comment

by:inferno521
ID: 36893876
I'm thinking that when the external IP of the ohio server was change 2 weeks ago, it messed up something DNS wise, and autodiscovering users and those who VPNed into ohio couldn't connect to the server.  I have just deleted the DNS host a on the DNS server for email2.mydomain.com that was point to the internal IP of the server and put one in the for the external IP of the server.
0
 
LVL 49

Expert Comment

by:Akhater
ID: 36894550
when they are prompted for a user/pass they are being asked to logon to which server?
0
 
LVL 1

Author Comment

by:inferno521
ID: 36903917
Deleting the host a record that has the internal IP of my ohio server in the email2.mydomain.com zone causes send/receive on mac office 2011 to fail, but it still works on windows clients.  OWA also fails for all ohio users in the office but the url works for any user at any other site.

Also statically assigning 8.8.8.8 as the dns server, doesn't fix owa for ohio users. Adding the host a record for the internal ip of the ohio server fixes the problem immediately.  Is the problem not with exchange, but with a router/switch/firewall?
0
 
LVL 1

Author Closing Comment

by:inferno521
ID: 36916951
I think adding autodiscover to my external DNS and doing a Set-OutlookProvider -Identity EXPR -CertPrincipalName msstd:*.domain.com helped.

But I believe that main problem was that something was being cached locally at the ohio office.  New computers, I shipped 3 to that office, didn't have this problem at all.  So some DNS setting was not being updated.  Flushing the DNS didn't work, but I did delete the host a records for my internal dns and readd them.  Now everyone is fine.
0

Featured Post

Resolve Critical IT Incidents Fast

If your data, services or processes become compromised, your organization can suffer damage in just minutes and how fast you communicate during a major IT incident is everything. Learn how to immediately identify incidents & best practices to resolve them quickly and effectively.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
Large Outlook files lead to various unwanted errors and corruption issues. Furthermore, large outlook files can also make Outlook take longer to start-up, search, navigate, and shut-down. So, In this article, i will discuss a method to make your Out…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question