Solved

exchange 2010 autodiscover uses the wrong external url

Posted on 2011-09-28
21
1,170 Views
Last Modified: 2012-05-12
Hello I have two exchange 2010 servers, and two offices. (chicago and ohio)

The chicago server was created first and uses the external url
https://email2010.domain.com/

ohio uses
https://email2.domain.com

I'm seeing in exchange logs that ohio users are using https://email2010.domain.com  and getting a http error of 500 when their outlook client tries to use autodiscover to connect via outook anywhere.  How can I make users of the ohio server use email2 for autodiscover?

When I type

Set-WebServicesVirtualDirectory -identity "ohio2010\EWS (Default Web Site)" -externalurl https://email2.domain.com/EWS/Exchange.asmx -BasicAuthentication:$True

the exchange shell accepts this but when I test with a:
test-outlookwebservices -identity:myuser@domain.com  I see more autodiscover entries for email2010 than email2.  Yes it still suceeds, but I think that this is still my problem when users are out of the office.

Outlook will keep bothering users for their passwords.
0
Comment
Question by:inferno521
  • 10
  • 8
  • 3
21 Comments
 
LVL 49

Expert Comment

by:Akhater
ID: 36812709
in which part of exchange logs are you seeing that they are using the wrong url ?

ews has nothing to do with autodiscover, and this is surely not the reason why you are being prompted for the username and pass
0
 
LVL 16

Expert Comment

by:Auric1983
ID: 36814503
Test Autodiscover and outlook anywhere using ww.testexchangeconnectivity.com using both a user located in chicago and a user located in Ohio.  th is will help us determine where the problem lies.
0
 
LVL 1

Author Comment

by:inferno521
ID: 36815373
Akhater:

I'm looking at the oof logs, located at C:\Users\myuser\AppData\Local\Temp\outlook logging

For me it works, I moved my mailbox from chicago to ohio and I can use outlook anywhere or not, and when asked to login, it says that I'm logging into email2.mydomain.com  which is normal.  For the promblem users they are on the ohio server and usually get email2010.mydomain.com

So how do I set the autodiscover for users of the Ohio server
0
 
LVL 16

Expert Comment

by:Auric1983
ID: 36815381

inferno

If you run the "MS Outlook Anywhere" test on https://www.testexchangeconnectivity.com/ for a user located in Ohio it should help us out.

Just to confirm, Ohio & Chicago are in the same AD Forest?
0
 
LVL 49

Expert Comment

by:Akhater
ID: 36815392
" For the promblem users they are on the ohio server and usually get email2010.mydomain.com"

when you say this you mean in the outlook anywhere configuration of outlook it is pointing to the wrong server?
0
 
LVL 1

Author Comment

by:inferno521
ID: 36815744
Auric1983:

It fails for me(as an ohio user) with whats below
Host email2.mydomain.com/owa couldn't be resolved in DNS InfoDomainNonexistent.

for a chicago user it does the samething but with email2010.mydomain.com/owa

Though it is operating fine.

The severs are in the same domain and forest.
0
 
LVL 1

Author Comment

by:inferno521
ID: 36815754
Akhater:

The outlook anywhere configurmation is fine.  I put in the correct url and authentication, and save it and restart outlook.  Outlook will just try the wrong url usually, or when the users are in the office it will frequently ask them to enter in their username/password, and that box keeps popping up, though it lets the user work despite that
0
 
LVL 16

Accepted Solution

by:
Auric1983 earned 250 total points
ID: 36815778

Can you verify that you have external dns records for autodiscover.domain.com email2010.domain.com email2.domain.com etc.

0
 
LVL 49

Expert Comment

by:Akhater
ID: 36816073
It looks lke you have some missing external dns record, please give a test username and password in each site so i can help more.

If you want there is a way to contact me on my profile in case you dint want to share these publically
0
 
LVL 49

Expert Comment

by:Akhater
ID: 36818190
ok the first problem you have is that, in your external dns record you have a * record so autodiscover.domain.com is not  being resolved to the correct IP

can you please create a record in your external zone called autodiscover.domain.com and pointing to the same ip as email2010.domain.com ?
0
Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 
LVL 49

Expert Comment

by:Akhater
ID: 36818211
second problem you have the ecp external URL on email2010.domain.com is wrong
0
 
LVL 49

Expert Comment

by:Akhater
ID: 36818238
please ignore the ecp url part for now, fix the dns thanks
0
 
LVL 49

Expert Comment

by:Akhater
ID: 36818278
after the first tests it looks like your only issue is the DNS record of autodiscover

please fix the autodiscover record to point to the correct IP it should fix it
0
 
LVL 49

Assisted Solution

by:Akhater
Akhater earned 250 total points
ID: 36818393
ok your DNS issue is now solved but you have another issue

Exchange is using a * certificate to fix this please run the below on Chicago server


Set-OutlookProvider -Identity EXPR -CertPrincipalName msstd:*.domain.com


you did say you are facing this issue ONLY when users are OUT of office right ?
0
 
LVL 1

Author Comment

by:inferno521
ID: 36891978
okay I made the change, I'm still waiting for the ohio users to tell me if its better or not.  I also had them go to the credential manager in windows 7 and delete what's listed for outlook,, because why not.
0
 
LVL 49

Expert Comment

by:Akhater
ID: 36892702
OK things are better autodidcover is now working fine

It seems you had 2010 rtm and upgraded to sp1 is that so ?

what outlook version are your clients running ? and which version of windows ?
0
 
LVL 1

Author Comment

by:inferno521
ID: 36893793
I'm not sure about the upgrades, I started after this was in place.

Clients are using either outlook 2007 or 2010, and windows xp, vista, or 7.

One user in ohio is still asked every few minutes to login, though he can still work fine.  And a user who connect to the ohio network via a ssl vpn could not connect to outlook(but could connect to OWA).  but once he disconnected from the VPN outlook anywhere worked fine
0
 
LVL 1

Author Comment

by:inferno521
ID: 36893876
I'm thinking that when the external IP of the ohio server was change 2 weeks ago, it messed up something DNS wise, and autodiscovering users and those who VPNed into ohio couldn't connect to the server.  I have just deleted the DNS host a on the DNS server for email2.mydomain.com that was point to the internal IP of the server and put one in the for the external IP of the server.
0
 
LVL 49

Expert Comment

by:Akhater
ID: 36894550
when they are prompted for a user/pass they are being asked to logon to which server?
0
 
LVL 1

Author Comment

by:inferno521
ID: 36903917
Deleting the host a record that has the internal IP of my ohio server in the email2.mydomain.com zone causes send/receive on mac office 2011 to fail, but it still works on windows clients.  OWA also fails for all ohio users in the office but the url works for any user at any other site.

Also statically assigning 8.8.8.8 as the dns server, doesn't fix owa for ohio users. Adding the host a record for the internal ip of the ohio server fixes the problem immediately.  Is the problem not with exchange, but with a router/switch/firewall?
0
 
LVL 1

Author Closing Comment

by:inferno521
ID: 36916951
I think adding autodiscover to my external DNS and doing a Set-OutlookProvider -Identity EXPR -CertPrincipalName msstd:*.domain.com helped.

But I believe that main problem was that something was being cached locally at the ohio office.  New computers, I shipped 3 to that office, didn't have this problem at all.  So some DNS setting was not being updated.  Flushing the DNS didn't work, but I did delete the host a records for my internal dns and readd them.  Now everyone is fine.
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
This Experts Exchange video Micro Tutorial shows how to tell Microsoft Office that a word is NOT spelled correctly. Microsoft Office has a built-in, main dictionary that is shared by Office apps, including Excel, Outlook, PowerPoint, and Word. When …
This video discusses moving either the default database or any database to a new volume.

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now