jbmos2333
asked on
Exchange 2010 Autodiscover and Mac
I am converting from SBS Exchange 2007 to a new Exchange 2010 server. All of the testing was successful and we had a few PC users running on the new server prior to the primary cut over which was tonight.
After making the new Exchange 2010 server live. I ran into a host of weird problems. The autodiscover service keeps failing with internal error 500 or says in couldn't be contacted. Autodiscover is only responded to the internal server name and not the external server name in any of the responses. And all DNS records (including autodiscover dns) have had the IPs updated to reflect the server change.
Because autodiscover seems to be broken, all testing using https://www.testexchangeconnectivity.com fails. I have rebuilt autodiscover with EMS multiple times as well as followed the instructions here for a manual rebuild from the exchange CD: https://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_4962-7-Steps-to-AutoDiscover-Heaven.html
I have attached the test-outlookwebservices output for further review.
Ok here is the weird part. Everything except Mac laptops works perfectly. OWA works perfectly. SSL is responding correctly. Iphones and Droids connect. PCs connect using RPC over HTTP (Outlook Anywhere). PC Outlook of course will not auto config, but if you manually add the server settings, it works right.
The EWS with Mac Mail, Entourage, and Outlook 2011 just will not work. I assume its because everything responds with the internal server name versus the external name when queried.
I have double checked all server settings against another Exchange 2010 configuration that I have and cannot find anything wrong.
Looking for some ideas to get autodiscover working properly and the MACs connected to exchange. There were no issues with either of these on the Exchange 2007 server.
Thanks
Outlookwebservices.docx
Connectivity-Test-Failed.docx
After making the new Exchange 2010 server live. I ran into a host of weird problems. The autodiscover service keeps failing with internal error 500 or says in couldn't be contacted. Autodiscover is only responded to the internal server name and not the external server name in any of the responses. And all DNS records (including autodiscover dns) have had the IPs updated to reflect the server change.
Because autodiscover seems to be broken, all testing using https://www.testexchangeconnectivity.com fails. I have rebuilt autodiscover with EMS multiple times as well as followed the instructions here for a manual rebuild from the exchange CD: https://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_4962-7-Steps-to-AutoDiscover-Heaven.html
I have attached the test-outlookwebservices output for further review.
Ok here is the weird part. Everything except Mac laptops works perfectly. OWA works perfectly. SSL is responding correctly. Iphones and Droids connect. PCs connect using RPC over HTTP (Outlook Anywhere). PC Outlook of course will not auto config, but if you manually add the server settings, it works right.
The EWS with Mac Mail, Entourage, and Outlook 2011 just will not work. I assume its because everything responds with the internal server name versus the external name when queried.
I have double checked all server settings against another Exchange 2010 configuration that I have and cannot find anything wrong.
Looking for some ideas to get autodiscover working properly and the MACs connected to exchange. There were no issues with either of these on the Exchange 2007 server.
Thanks
Outlookwebservices.docx
Connectivity-Test-Failed.docx
ASKER
Last bit of info that i forgot. I have a wildcard cert installed.
Hi there,
from what i can see you have various problems:
Question 1: did you set the correct URL's in the CAS tabs in exchange
Question 2: did you make modify your DNS record extey (if needed)
Question 3: did you modify your firewall to NAT to the new server (since port 443 seems closed)
Question 4: did you follow the steps for using a wilcard certificate in exchange 2010?
from what i can see you have various problems:
Question 1: did you set the correct URL's in the CAS tabs in exchange
Question 2: did you make modify your DNS record extey (if needed)
Question 3: did you modify your firewall to NAT to the new server (since port 443 seems closed)
Question 4: did you follow the steps for using a wilcard certificate in exchange 2010?
ASKER
Here are the the responses.
1. Yes, the correct URL's have been set in the CAS Tabs. I have tried modifying the internal URL's to match the external urls for OWA, ECP etc. But the URL's are correct
2. The DNS records have all been modified to reflect the new server. This includes both internal and external.
3. Yes. The firewall has been updated. The only port 443 that is failing is the root external domain and that is pointing to a different IP for the main website. The external sub domains, mail, autodiscover are all point correctly with 443 open.
4. Yes, the wildcart cert with principal name was set.
All of the server settings pass the testexchaneconnetivity.com tests when the server settings are put in manually.
1. Yes, the correct URL's have been set in the CAS Tabs. I have tried modifying the internal URL's to match the external urls for OWA, ECP etc. But the URL's are correct
2. The DNS records have all been modified to reflect the new server. This includes both internal and external.
3. Yes. The firewall has been updated. The only port 443 that is failing is the root external domain and that is pointing to a different IP for the main website. The external sub domains, mail, autodiscover are all point correctly with 443 open.
4. Yes, the wildcart cert with principal name was set.
All of the server settings pass the testexchaneconnetivity.com
http://www.windowsinfo.eu/?p=236
did you do this step to support the wildcard?
it's not enough to just put * in the principal name...
Sorry if you alredy answered, but did you also setup iternal dns with an A record for autodiscover, with the external hostname?
if you ping autodiscover.yourdomain.lo cal or .com, what is the reply both internal and external?
do the addresses resolve correctly?
did you do this step to support the wildcard?
it's not enough to just put * in the principal name...
Sorry if you alredy answered, but did you also setup iternal dns with an A record for autodiscover, with the external hostname?
if you ping autodiscover.yourdomain.lo
do the addresses resolve correctly?
ASKER
Yep. Both the wildcard and the internal dns for autodiscover are correct.
If you run the get command on the cert it will pull up the wildcard.
The www.testexchangeconnectivity.com site gets hung up everytime at:
ExRCA failed to obtain an Autodiscover XML response.
Additional Details
An HTTP 500 response was returned from Unknown.
Followed by:
ExRCA failed to get an HTTP redirect response for Autodiscover.
Additional Details
An HTTP 403 forbidden response was received. The response appears to have come from Unknown. Body of the response: You do not have permission to view this directory or page.
Which to me mean the authentication would be wrong on the autodiscover VD. But I have recreated the VD 5 times at least.
The exchange tester does validate the wild card cert.
If you run the get command on the cert it will pull up the wildcard.
The www.testexchangeconnectivity.com site gets hung up everytime at:
ExRCA failed to obtain an Autodiscover XML response.
Additional Details
An HTTP 500 response was returned from Unknown.
Followed by:
ExRCA failed to get an HTTP redirect response for Autodiscover.
Additional Details
An HTTP 403 forbidden response was received. The response appears to have come from Unknown. Body of the response: You do not have permission to view this directory or page.
Which to me mean the authentication would be wrong on the autodiscover VD. But I have recreated the VD 5 times at least.
The exchange tester does validate the wild card cert.
ASKER
Ok i think what is happening is the old exchange server 2007 on the SBS server is still trying to respond to the Autodiscover requests, even though the internal and external dns have been updated.
Also when i run the get-clienaccessserver command it shows the correct external autodiscover path on the old exchange server
and the autodiscover path on the new server is only set as the internal.
Once the rest of the mailboxes are moved off the old exchange server, i will be disabling all of its servers so it cant respond and then see what I get.
Everything checks out other than that.
Also when i run the get-clienaccessserver command it shows the correct external autodiscover path on the old exchange server
and the autodiscover path on the new server is only set as the internal.
Once the rest of the mailboxes are moved off the old exchange server, i will be disabling all of its servers so it cant respond and then see what I get.
Everything checks out other than that.
ASKER
Yep...confirmed that the SBS 2008 Exchange Server is still hijacking some of the autodiscover feature.
After re-enabling the service. exchange connectivity tests passed. Of course mailboxes won't work since they are moved.
I have to get rid of Exchange 2007, but have hesitant on what might break.
Going to stop all exchange services and sites and see if that helps. But this looks rooted in deeper.
After re-enabling the service. exchange connectivity tests passed. Of course mailboxes won't work since they are moved.
I have to get rid of Exchange 2007, but have hesitant on what might break.
Going to stop all exchange services and sites and see if that helps. But this looks rooted in deeper.
ASKER
OK after some difficulty removed all of the client access services from the exchange 2007 server. Switched from a wildcard cert. To SAN with all of the DNS names explicitly listed.
Recreated the autodiscover VD again thru the EMC in 2010.
Restarted IIS.
I am still consistently getting the 500 internal Server Error. Service Could not be contacted.
So everything manually configured is work except Autodiscover and EWS. Driving me crazy now.
Recreated the autodiscover VD again thru the EMC in 2010.
Restarted IIS.
I am still consistently getting the 500 internal Server Error. Service Could not be contacted.
So everything manually configured is work except Autodiscover and EWS. Driving me crazy now.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Very difficult transition where all of the normal tasks had passed except the Outlook Web Services.
ASKER
Now going to your server on https://<Internal_CAS_Name_on_Cert
That is what I get from our server which means it is responding correctly.
Almost seems like I am forgetting something in the setup. But not sure what at this point.