• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 686
  • Last Modified:

OOA/autoconfigure not working--won't authenticate?

Hey,

So I have server 08, running exchange 07, with IIS7.

Users aren't able to open OOA locally, it gives an error about not seeing the server and testing autoconfigure comes back saying unable to configure. And from my understanding autoconfigure has to work before OOA will.

So i played around with IIS for a bit and got https:\\remote.empirecoachline.com\autodiscover\autodiscover.xml to resolve to the xml document which it wasnt doing before. The issue I seem to be having now is that when i test autoconfiguration it seems to be giving authentication errors. Same when i try browsing the site using IIS from the server. I've tried a few different authentication methods for the sites in IIS but no luck yet.

Test Autoconfiguration isn't outputting anything to XML so I attached a screen cap.

 output from test autoconfiguration
0
sdragoninc
Asked:
sdragoninc
  • 4
  • 4
2 Solutions
 
BusbarCommented:
do you have the entry remote.empirecoachline.com resolvable in your dns, do you have this set in your DNS and this name in the assigned SSL certificate?! check this guide
http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_3002-Exchange-2007-2010-Web-services-and-Autodiscover-Ultimate-Troubleshooting-Guide.html
0
 
Alan HardistyCommented:
When Exchange was installed - did you buy an SSL certificate (SAN / UCC) with the following names included:

remote.yourexternaldomain.com
autodiscover.yourexternaldomain.com
internalservername.internaldomainname.local
internalservername

Did you also create an Autodiscover A record in your Domains External DNS Control Panel - NOT on DNS internally?

If you have - then something is broken - if you haven't - then I would recommend you visit GoDaddy.com and buy a real certificate and that will resolve all of your issues.
0
 
sdragonincAuthor Commented:
i'm somewhat of a newbie so bear with me....thanks.

we are using self signed...will that not work? the url is resolvable in dns and if you go to the website it brings up the remote.empirecoachline.com certificate which was assigned in iis.

subject of cert is remote.domain.com

subject alternative names for the cert are

domain.com
remote.domain.com
server.domain.local
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
Alan HardistyCommented:
Self-signed can work - if you tweak the heck out of the settings in Exchange - and I have not done this, nor can I guide you.  Busbar might be able to.

I always buy and install a 3rd party SSL certificate and NEVER get this sort of error.

As a workaround - you could add an SRV record pointing to remote.domain.com - not sure if that will resolve the issue, but it stands a good chance:

http://support.microsoft.com/kb/940881
0
 
sdragonincAuthor Commented:
thanks. I'm going to get a 3rd part cert and try it out, no luck with the srv record.
0
 
Alan HardistyCommented:
Okay - shout if you need any help.
0
 
sdragonincAuthor Commented:
we ended up just using web access for the ooa since no  one wanted to spend the money on a certificate.
0
 
sdragonincAuthor Commented:
unable to test out possible solutions due to not wanting to pay money for the certificate. used a workaround that still leaves autodiscover broken.
0
 
Alan HardistyCommented:
You can buy an SSL cert for a year for $60 - is that too much money?
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

  • 4
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now