We help IT Professionals succeed at work.

Exchange 2010 v14.11.0722.000 on Server 2008 R2 8GB RAM with 20 angry Windows 7 SP1 clients with Outlook 2010.

Treatmefair asked
Exchange 2010 v14.11.0722.000 on Server 2008 R2 8GB RAM with 20 angry Windows 7 SP1 clients with Outlook 2010.
Up front let me state that I am in no way an Exchange expert. The same holds true for IIS. That said, here’s the problem:
 Our SSL certificate was due to expire 12.30.11 (GoDaddy) and everything was functioning perfectly, Outlook client email, all mobile devices (iPhone & Android) and Outlook mail via a VPN connection.  I purchased a new UCC SSL certificate from GoDaddy and with their help installed it. Since that time nothing has functioned normally.
1.Constant password prompts from Outlook 2010 and loss of access to public calendars (meeting rooms)
a.If I export the new security cert. and import it to the client PC via control panel / user accounts / manage your credentials / certificate based credentials the password prompts seem to go away. If the client PC is a laptop the problem reoccurs when they VPN to check email from home.
2.None of the mobile devices will synch with Exchange. On an iPhone for example when I set up the Exchange account the account will verify in the first step then after entering the email.xxxx.com server name and the second verification I get Exchange Account Unable to verify Account Information.
3.Outlook Web Access seems to function normally.
Any and all assistance you can offer will be gratefully received. As I stated earlier I am a rookie at this. Server and client PC problems I can deal with but this Exchange problem has me fearing for my job. Thank you all in advance.
Richard Treat
P.S. Hopefully the attached screen shots from https://www.testexchangeconnectivity.com  will help. First test First test result Second testRemoteConnectivityD.JPG
Watch Question

Maen Abu-TabanjehNetwork Administrator, Network Consultant
Top Expert 2011

first step .. go to domain management , then DNS , if there is A record titled by autodiscover.domain.com then delete it and create new SRV recrod _tcp , call it autodiscover.domain.com and point to your real IP.
other point of certificate side , you need to included alternative names in new certificate :

alternative names :

these names should be exist on your SSL certificate.

do it and update me

Before you do anything can you remember if you assigned services to the new certificate after you assigned it?

Don't delete or re create anything just yet the connectivity test show an active sync test failing because of a failed password. Are you sure your entering the correct internal domain and username / password?

It's quite possible people's user accounts are now disabled so check a few users to see if this is the case, you can use powershell to find and unlock accounts later.


Jordannet & Radweld,
Thank you both for your reply. Services assigned are IMAP, POP, IIS, SMTP. Jordannet - I annot find a record record titled by autodiscover.domain.com Maybe I am looking in the wrong place. Radweld - The test was run on my account and it is not locked out. I ran more the than once with the same result.Also please see screen shots below. Thanks again
Richard DNS Alt names
Maen Abu-TabanjehNetwork Administrator, Network Consultant
Top Expert 2011

you missed something,i mean by domain dns not windows dns,but u r domain.com management host,u can find dns management of your domain in the domain host on control panel


I am in the Exchange server control panel\administrative tools\DNS. Am I in the right place (see screenshot) and if so where do I look for record titled autodiscover.domain.com

Just one thing. Active sync won't work an admin account, when your trying you mobile devices make sure it's a non admin account.
Steps Taken by me to Resolve Exchange Issues
-Disabled basic and WI from the DWS and left it as "anonymous" and removed redirection
-Removed the Basic authentication from EWS and left as "Windows Integrated"
-Did iisreset
-Tried to browse the DWS and it failed with error "Access Denied"
-Downloaded  all the hotfixes and installed on the server for the SP1 pre-requisites
-Ran the following cmd :
Import-Module ServerManager
Add-WindowsFeature NET-Framework,RSAT-ADDS,Web-Server,Web-Basic-Auth,Web-Windows-Auth,Web-Metabase,Web-Net-Ext,Web-Lgcy-Mgmt-Console,WAS-Process- Model,RSAT-Web-Server,Web-ISAPI-Ext,Web-Digest-Auth,Web-Dyn-Compression,NET-HTTP-Activation,Web-Asp-Net,Web-Client-Auth,Web-Dir-Browsing,Web-Http- Errors,Web-Http-Logging,Web-Http-Redirect,Web-Http-Tracing,Web-ISAPI-Filter,Web-Request-Monitor,Web-Static-Content,Web-WMI,RPC-Over-HTTP-Proxy -Restart
-Rebooted the server
-After the reboot installed the SP1 upgrade and it was successful and then rebooted the server again
-After the reboot tried to open EMC and it failed
-Removed the web.config file from the Default Web site and did IISRESET
-Checked the modules under the Default Web Site and found the kerbauth module present there
-So went ahead and removed the kerbauth module from the Default Web Site and did iisreset
-Tried to browse the Default Web Site this time and we got the default IIS 7 page
-Ran the following cmd:
Remove-AutodiscoverVirtualDirectory -Identity "XXX-EXCH\autodiscover (Default Web Site)"
Remove-webservicesvirtualdirectory -identity "XXX-EXCH\EWS (Default Web Site)"

-Did iisreset
 Download Netmon from below
Microsoft Network Monitor 3.4
1. Did the following on Client’s PC
2. Launch Netmon
 3. Go to View => Select Networks & select your NIC adapter
 4. Go to New => Capture & start the capture by clicking on the Start button
5. Reproduce the password popup issue four times
6. Stop the capture by clicking on the Stop button
 7. Save the capture
8. FTP capture file to Microsoft for evaluation
-For the OWA and ActiveSync issue:
-Ran the following command to remove and recreate the following :
Remove-OwaVirtualDirectory -Identity "XXX-EXCH\OWA (Default Web Site)"
remove-Activesyncvirtualdirectory -identity "XXX-EXCH\Microsoft-server-activesync (Default Web Site)"
-Did iisreset
-OWA (Outlook WEB Application)started working
-Checked on the user properties and found "allow Inheritable permission was removed" so went ahead and applied it
-ActiveSync (iPhones) started working


Solved it myself & I deserve an "A"