Exchange 2010 AutoDiscover / Outlook Anywhere issue

Having a strange problem with Outlook / Exchange 2010 here that I hope someone can help me through.

I have outlook set up on a number of company laptops, using outlook anywhere so that they work both inside and outside the corporate LAN.
on the internal LAN everything works fine, externally however Outlook refuses to connect, continually displaying a pop-up box asking for the username and password.... putting those in doesn't do anything, the message just re-appears.

After much testing, I have discovered that if I navigate within outlook to
accounts / more settings / connections tab / exchange proxy settings button

There's a section entitled connection settings - this is populated with the following
https://internal_server_name.domain.com
there's then a tick in the box saying "only connect to proxy servers that have.........

if I change the first box to https://mail.domain.com and remove the tick from the second box then everything works externally.

However, the moment the machines are plugged back into the LAN, the original settings re-populate.

This tells me it's something to do with the autodiscover file..... but I don't know exchange well enough to fiddle.

Can someone either help me sort the problem, or disable autodiscover somehow as (to my knowledge) we don;t actually need autodiscover to work.
dangermouse1977Asked:
Who is Participating?
 
RadweldConnect With a Mentor Commented:
The simple answer would be the external ip of your firewall, the ideal answer would be to the Dns alias your using fo outlook web access. As long as autodiscover resolves is dns to you internal server instead of the wrong one.
0
 
RadweldCommented:
You need to ensure you have a DNS entry for Autodiscover.yourdomain.com and that the public certificate installed on the client access server contains the subject of yourdomain.com and also subject alternative names of mail or webmail.yourdomain.com and autodiscover.yourdomain.com

As a helper, you can use the tools provided by https://www.testexchangeconnectivity.com/
0
 
dangermouse1977Author Commented:
OK, I understand the words you've written, but have absolutely no idea how to achieve any of the things you mention.

Any chance of a step by step for someone who's open exchange management console perhaps 3 times total!!
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
AkhaterConnect With a Mentor Commented:
Open Exchamge Mangement Console -> server configuration => Client Access  

on the right hand side select your server and right click properties

go to the last tab (outlook anywehre) what is written in the external host name ? make sure it is mail.domain.com and not internalname.domain.com
0
 
viveksahuCommented:
In adsiedit you need to remove the setting scp as per below.

CN=<CAS_server>,CN=AutoDiscover,CN=Protocols,CN=<CAS_Server>,CN=Servers,CN=Exchange Administrative Group, CN=AdministrativeGroup,CN=<Organization>,CN=Services,[Configuration Naming Context].

http://www.msexchange.org/articles_tutorials/exchange-server-2007/management-administration/configuring-outlook-2007-exchange-server-2007.html
0
 
RadweldCommented:
Dont do this "In adsiedit you need to remove the setting scp as per below."

This will prevent your clients auto configuring when on the domain, it doesnt resolve the problem.

Go to the Website https://www.testexchangeconnectivity.com/

From there run the test Outlook Anywhere (RPC over HTTP)

 Test Exchange
this will return to you some errors, you can cut and paste the results here and an Expert can help you resolve the problem.
0
 
dangermouse1977Author Commented:
OK, test has been run, I've pasted the results below.... there's something strange though, the IP address that it's returned is the IP address of the domain hosting company that used to host the POP mail on the domain months ago before we converted to an Internal exchange server..... not sure why that is?

Testing RPC/HTTP connectivity.
 The RPC/HTTP test failed.
 Test Steps
 ExRCA is attempting to test Autodiscover for d.mines@adc-international.com.
 Testing Autodiscover failed.
 Test Steps
 Attempting each method of contacting the Autodiscover service.
 The Autodiscover service couldn't be contacted successfully by any method.
 Test Steps
 Attempting to test potential Autodiscover URL https://adc-international.com/AutoDiscover/AutoDiscover.xml
 Testing of this potential Autodiscover URL failed.
 Test Steps
 Attempting to resolve the host name adc-international.com in DNS.
 The host name resolved successfully.
 Additional Details
 IP addresses returned: 84.18.207.37

Testing TCP port 443 on host adc-international.com to ensure it's listening and open.
 The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
 The SSL certificate failed one or more certificate validation checks.
 Test Steps
 ExRCA is attempting to obtain the SSL certificate from remote server adc-international.com on port 443.
 ExRCA wasn't able to obtain the remote SSL certificate.
 Additional Details
 The certificate couldn't be validated because SSL negotiation wasn't successful. This could have occurred as a result of a network error or because of a problem with the certificate installation.





Attempting to test potential Autodiscover URL https://autodiscover.adc-international.com/AutoDiscover/AutoDiscover.xml
 Testing of this potential Autodiscover URL failed.
 Test Steps
 Attempting to resolve the host name autodiscover.adc-international.com in DNS.
 The host name resolved successfully.
 Additional Details
 IP addresses returned: 84.18.207.37

Testing TCP port 443 on host autodiscover.adc-international.com to ensure it's listening and open.
 The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
 The SSL certificate failed one or more certificate validation checks.
 Test Steps
 ExRCA is attempting to obtain the SSL certificate from remote server autodiscover.adc-international.com on port 443.
 ExRCA wasn't able to obtain the remote SSL certificate.
 Additional Details
 The certificate couldn't be validated because SSL negotiation wasn't successful. This could have occurred as a result of a network error or because of a problem with the certificate installation.





Attempting to contact the Autodiscover service using the HTTP redirect method.
 The attempt to contact Autodiscover using the HTTP Redirect method failed.
 Test Steps
 Attempting to resolve the host name autodiscover.adc-international.com in DNS.
 The host name resolved successfully.
 Additional Details
 IP addresses returned: 84.18.207.37

Testing TCP port 80 on host autodiscover.adc-international.com to ensure it's listening and open.
 The port was opened successfully.
ExRCA is checking the host autodiscover.adc-international.com for an HTTP redirect to the Autodiscover service.
 ExRCA failed to get an HTTP redirect response for Autodiscover.
 Additional Details
 A Web exception occurred because an HTTP 400 - BadRequest response was received from Unknown.



Attempting to contact the Autodiscover service using the DNS SRV redirect method.
 ExRCA failed to contact the Autodiscover service using the DNS SRV redirect method.
 Test Steps
 Attempting to locate SRV record _autodiscover._tcp.adc-international.com in DNS.
 The Autodiscover SRV record wasn't found in DNS.
  Tell me more about this issue and how to resolve it
0
 
dangermouse1977Author Commented:
I should probably mention that the ISP who own that IP address still host the web presence attached to the domain and the domain is registered through them.
Our exchange server is internal though and should be on 94.200.114.*** address
0
 
RadweldCommented:
You need to contact the ISP and get them to modify the autodiscover record in public dns to alias the owa address. You can goto the ip of the firewall but like mx records it's not best practice.
0
 
dangermouse1977Author Commented:
OK, so what exactly do I need to ask the ISP to do,

ie: Dear ISP... please alter the autodiscover record for our domain in public DNS to alias ????????
 
are they looking for an IP address, a domain name or.....?
0
 
AkhaterCommented:
did you go where I told you ? did you check the settings I asked you to ?
0
 
dangermouse1977Author Commented:
@ Akhater

I went there and it did say internal name, so I changed it to mail.domain.com but the error still persists
0
 
AkhaterCommented:
Good you changed it this is one step closer to solving your problem.

what do you mean the error persists, when you connect a computer what are the settings by outlook now ? it should be the mail.domain.com and not internalname.domain.com
0
 
dangermouse1977Author Commented:
OK, thanks for the help, I'm actually in Dubai, so Friday / Saturday am not in the office as it's our weekend.
I'll pick this up again on Sunday morning and try and work through to a solution.
Thanks again
0
 
dangermouse1977Author Commented:
I've accepted both answers as I'm not sure which change actually fixed the issue, either way everything is now functioning as it should.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.