Solved

exchange 2010 autodiscover uses the wrong external url

Posted on 2011-09-28
21
1,173 Views
Last Modified: 2012-05-12
Hello I have two exchange 2010 servers, and two offices. (chicago and ohio)

The chicago server was created first and uses the external url
https://email2010.domain.com/

ohio uses
https://email2.domain.com

I'm seeing in exchange logs that ohio users are using https://email2010.domain.com  and getting a http error of 500 when their outlook client tries to use autodiscover to connect via outook anywhere.  How can I make users of the ohio server use email2 for autodiscover?

When I type

Set-WebServicesVirtualDirectory -identity "ohio2010\EWS (Default Web Site)" -externalurl https://email2.domain.com/EWS/Exchange.asmx -BasicAuthentication:$True

the exchange shell accepts this but when I test with a:
test-outlookwebservices -identity:myuser@domain.com  I see more autodiscover entries for email2010 than email2.  Yes it still suceeds, but I think that this is still my problem when users are out of the office.

Outlook will keep bothering users for their passwords.
0
Comment
Question by:inferno521
  • 10
  • 8
  • 3
21 Comments
 
LVL 49

Expert Comment

by:Akhater
ID: 36812709
in which part of exchange logs are you seeing that they are using the wrong url ?

ews has nothing to do with autodiscover, and this is surely not the reason why you are being prompted for the username and pass
0
 
LVL 16

Expert Comment

by:Auric1983
ID: 36814503
Test Autodiscover and outlook anywhere using ww.testexchangeconnectivity.com using both a user located in chicago and a user located in Ohio.  th is will help us determine where the problem lies.
0
 
LVL 1

Author Comment

by:inferno521
ID: 36815373
Akhater:

I'm looking at the oof logs, located at C:\Users\myuser\AppData\Local\Temp\outlook logging

For me it works, I moved my mailbox from chicago to ohio and I can use outlook anywhere or not, and when asked to login, it says that I'm logging into email2.mydomain.com  which is normal.  For the promblem users they are on the ohio server and usually get email2010.mydomain.com

So how do I set the autodiscover for users of the Ohio server
0
 
LVL 16

Expert Comment

by:Auric1983
ID: 36815381

inferno

If you run the "MS Outlook Anywhere" test on https://www.testexchangeconnectivity.com/ for a user located in Ohio it should help us out.

Just to confirm, Ohio & Chicago are in the same AD Forest?
0
 
LVL 49

Expert Comment

by:Akhater
ID: 36815392
" For the promblem users they are on the ohio server and usually get email2010.mydomain.com"

when you say this you mean in the outlook anywhere configuration of outlook it is pointing to the wrong server?
0
 
LVL 1

Author Comment

by:inferno521
ID: 36815744
Auric1983:

It fails for me(as an ohio user) with whats below
Host email2.mydomain.com/owa couldn't be resolved in DNS InfoDomainNonexistent.

for a chicago user it does the samething but with email2010.mydomain.com/owa

Though it is operating fine.

The severs are in the same domain and forest.
0
 
LVL 1

Author Comment

by:inferno521
ID: 36815754
Akhater:

The outlook anywhere configurmation is fine.  I put in the correct url and authentication, and save it and restart outlook.  Outlook will just try the wrong url usually, or when the users are in the office it will frequently ask them to enter in their username/password, and that box keeps popping up, though it lets the user work despite that
0
 
LVL 16

Accepted Solution

by:
Auric1983 earned 250 total points
ID: 36815778

Can you verify that you have external dns records for autodiscover.domain.com email2010.domain.com email2.domain.com etc.

0
 
LVL 49

Expert Comment

by:Akhater
ID: 36816073
It looks lke you have some missing external dns record, please give a test username and password in each site so i can help more.

If you want there is a way to contact me on my profile in case you dint want to share these publically
0
 
LVL 49

Expert Comment

by:Akhater
ID: 36818190
ok the first problem you have is that, in your external dns record you have a * record so autodiscover.domain.com is not  being resolved to the correct IP

can you please create a record in your external zone called autodiscover.domain.com and pointing to the same ip as email2010.domain.com ?
0
Being driven mad by email signature updates?

Having to make a change to your users’ email signatures, yet again? Feel like your head is going to explode? Rely on an Exclaimer email signature management solution to make the process simple!

 
LVL 49

Expert Comment

by:Akhater
ID: 36818211
second problem you have the ecp external URL on email2010.domain.com is wrong
0
 
LVL 49

Expert Comment

by:Akhater
ID: 36818238
please ignore the ecp url part for now, fix the dns thanks
0
 
LVL 49

Expert Comment

by:Akhater
ID: 36818278
after the first tests it looks like your only issue is the DNS record of autodiscover

please fix the autodiscover record to point to the correct IP it should fix it
0
 
LVL 49

Assisted Solution

by:Akhater
Akhater earned 250 total points
ID: 36818393
ok your DNS issue is now solved but you have another issue

Exchange is using a * certificate to fix this please run the below on Chicago server


Set-OutlookProvider -Identity EXPR -CertPrincipalName msstd:*.domain.com


you did say you are facing this issue ONLY when users are OUT of office right ?
0
 
LVL 1

Author Comment

by:inferno521
ID: 36891978
okay I made the change, I'm still waiting for the ohio users to tell me if its better or not.  I also had them go to the credential manager in windows 7 and delete what's listed for outlook,, because why not.
0
 
LVL 49

Expert Comment

by:Akhater
ID: 36892702
OK things are better autodidcover is now working fine

It seems you had 2010 rtm and upgraded to sp1 is that so ?

what outlook version are your clients running ? and which version of windows ?
0
 
LVL 1

Author Comment

by:inferno521
ID: 36893793
I'm not sure about the upgrades, I started after this was in place.

Clients are using either outlook 2007 or 2010, and windows xp, vista, or 7.

One user in ohio is still asked every few minutes to login, though he can still work fine.  And a user who connect to the ohio network via a ssl vpn could not connect to outlook(but could connect to OWA).  but once he disconnected from the VPN outlook anywhere worked fine
0
 
LVL 1

Author Comment

by:inferno521
ID: 36893876
I'm thinking that when the external IP of the ohio server was change 2 weeks ago, it messed up something DNS wise, and autodiscovering users and those who VPNed into ohio couldn't connect to the server.  I have just deleted the DNS host a on the DNS server for email2.mydomain.com that was point to the internal IP of the server and put one in the for the external IP of the server.
0
 
LVL 49

Expert Comment

by:Akhater
ID: 36894550
when they are prompted for a user/pass they are being asked to logon to which server?
0
 
LVL 1

Author Comment

by:inferno521
ID: 36903917
Deleting the host a record that has the internal IP of my ohio server in the email2.mydomain.com zone causes send/receive on mac office 2011 to fail, but it still works on windows clients.  OWA also fails for all ohio users in the office but the url works for any user at any other site.

Also statically assigning 8.8.8.8 as the dns server, doesn't fix owa for ohio users. Adding the host a record for the internal ip of the ohio server fixes the problem immediately.  Is the problem not with exchange, but with a router/switch/firewall?
0
 
LVL 1

Author Closing Comment

by:inferno521
ID: 36916951
I think adding autodiscover to my external DNS and doing a Set-OutlookProvider -Identity EXPR -CertPrincipalName msstd:*.domain.com helped.

But I believe that main problem was that something was being cached locally at the ohio office.  New computers, I shipped 3 to that office, didn't have this problem at all.  So some DNS setting was not being updated.  Flushing the DNS didn't work, but I did delete the host a records for my internal dns and readd them.  Now everyone is fine.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
How to track email to IP address 13 36
SPF record 3 27
exchange, outlook 8 54
IronPort on cloud MX recored 9 20
Lotus Notes – formerly IBM Notes – is an email client application, while IBM Domino (earlier Lotus Domino) is an email server. The client possesses a set of features that are even more advanced as compared to that of Outlook. Likewise, IBM Domino is…
Utilizing an array to gracefully append to a list of EmailAddresses
In this video we show how to create a Distribution Group in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >>…
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…

929 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now