Server and mailbox name verification popup when opening Outlook connecting to Exchange 2010

Everytime a user opens Outlook 2007 or 2010 this box(attached image) pops up asking to verify the Microsoft Exchange server name and mailbox name. The users information is alutomatically filled in and clicking ok makes the box go away but it will eventually pop up again or when outlook is closed and re-opened. Any ideas on what is causing this? Let me know if you need any more information. This was not happening intially but around the time Autodiscover was configured this starting showing up.

Environment:

One Exchange 2010 server recently migrated from old 2007 server to new 2010 server. All users have been moved over to 2010. 2007 is no longer used.

Happens to all users on both Outlook 2007 and 2010

Exchange 2010 server holds mailbox, cas, and hub role.

Server 2008 R2 screenshot of pop up
LVL 1
mydarkpassengerAsked:
Who is Participating?
 
Praveen BalanConnect With a Mentor Solution ArchitectCommented:
there is an option, which is discussed in the below article.
http://blogs.pointbridge.com/Blogs/olson_andy/Pages/Post.aspx?_ID=19m  (I have not tried this).

to ensure that there are no issues with the virtual directories, you may reset it to default.
http://technet.microsoft.com/en-us/library/ff629372.aspx

note all the necessary URLs you may requires, because all values will go back to default after you reset the Client Access Virtual Directories...

0
 
Shivkumar SharmaOperations Delivery ManagerCommented:
Refer this article religiously which is for 2007 but should work for 2010

http://www.exchange-genie.com/2007/07/exchange-2007-autodiscover-service-part-1/
0
 
mydarkpassengerAuthor Commented:
I just went over the link you sent but was not able to find a resolution to my issue. It appears Autodiscover is working, I am able to setup new Outlook profiles with it easily and no error messages. Any other ideas?

0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
Shivkumar SharmaOperations Delivery ManagerCommented:
0
 
mydarkpassengerAuthor Commented:
These links don't appear to relate to my issue.
0
 
Praveen BalanSolution ArchitectCommented:
few questions,

-Is the issue happens with only cached mode profiles or both online and cached mode ?
- Did you complete migrating all including public folders ?
- Check the Outlook connectivity (ctrl + right click on outlook icon and click Test connectivity), see if this have any poitings to old server
- Did you create the auto discover URL matching with 2007, or is it different ?

(if you feel the issue started after publishing the autodiscover, remove it temporarly and test it)

post results,
-Praveen
0
 
mydarkpassengerAuthor Commented:
It only happens in cached mode. Online mode does not show the pop up.
Migration is fully completed
The test does not show any references to the old exchange server
Autodiscover was not in use in Exchange 2007
0
 
Shivkumar SharmaOperations Delivery ManagerCommented:
Autodiscover should be setup properly in Exchange 2007 server, Thats why I send the post

Refer this article religiously which is for 2007 but should work for 2010

http://www.exchange-genie.com/2007/07/exchange-2007-autodiscover-service-part-1/
0
 
mydarkpassengerAuthor Commented:
I went through these and all my settings appear to be correct. I don't have Exchange 2007 in my environment anymore. Only Exchange 2010.
0
 
Praveen BalanSolution ArchitectCommented:
can you post the auto discover details ?

->run this cmdlet - Get-ClientAccessServer |fl Auto*,Origi*,Identity,Fqdn
      (run in all cas servers  you have, please let me know if you have CAS array configured).
->run Get-MailboxDatabase "DB02" |fl Exchange*,rpc*,server*,Master*
      (replace the database name with your DB name)

also let me know the server name shows when you do the auto-configuration for one such profile(the details on the image has been erased in the question).

The reason could be the mismatch between your Autodiscover and client access server stamping on DB. Post the results to check further.

-Praveen
0
 
mydarkpassengerAuthor Commented:
AutoDiscoverServiceCN          : XMAIL02
AutoDiscoverServiceClassName   : ms-Exchange-AutoDiscover-Service
AutoDiscoverServiceInternalUri : https://exchange.xxx.com/autodiscover/autodiscover.xml
AutoDiscoverServiceGuid        : 77378f46-2c66-4aa9-a6a6-3e7a48b19596
AutoDiscoverSiteScope          : {Default-First-Site-Name}
OriginatingServer              : XDC01.xxx.local
Identity                       : XMAIL02
Fqdn                           : XMAIL02.xxx.local



ExchangeLegacyDN                : /o=XXX/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=
                                  Servers/cn=XMAIL02/cn=Microsoft Private MDB
ExchangeVersion                 : 0.10 (14.0.100.0)
RpcClientAccessServer           : XMAIL02.carolinata.local
Servers                         : {XMAIL02}
Server                          : XMAIL02
ServerName                      : XMAIL02
MasterServerOrAvailabilityGroup : XMAIL02
MasterType                      : Server

The populated server name would be XMAIL02.xxx.local

No cas array configured. Only one CAS server. CAS/HUB/Mailbox all on one server which is XMAIL02
0
 
Praveen BalanSolution ArchitectCommented:
okay, it looks like you have to modify the AutoDiscoverServiceInternalUri to match with the CAS server fqdn.

Set-ClientAccessServer -Identity "XMAIL02.xxx.local" -AutoDiscoverServiceInternalUri "https://xMAIL02.xxx.local/autodiscover/autodiscover.xml"

(replace with your correct server details)...

could be that the outlook unable to locate the CAS server details using DNS resolution...

check the result after this(you can always set it back in case run into issues).


-Praveen
0
 
Praveen BalanSolution ArchitectCommented:
ensure that the CAS server FQDN is used in the service internal URi  (XMAIL02.carolinata.local)... (missed out to mention)...

-Praveen
0
 
mydarkpassengerAuthor Commented:
The problem with doing that is I then receive certificate warnings in Outlook saying the names do not match. My cert is for exchange.xxx.com. I don't have a third party cert for xmail02.carolinata.local. Would self signed from my internal CA work?
0
 
mydarkpassengerAuthor Commented:
I just made the change you suggested and I am not seeing any certificate issues yet. However I am still seeing my original issue with the pop up box.
0
 
Praveen BalanSolution ArchitectCommented:
do the changes on all InternalUri (OWA,OAB, EWS) etc... (you may use management console to do the modification - or follow the commands below).

Set-WebServicesVirtualDirectory -Identity "CAS_Server_Name\EWS (Default Web Site)" -InternalUrl https://xmail02.carolinata.local/ews/exchange.asmx

Set-OABVirtualDirectory -Identity "CAS_Server_name\oab (Default Web Site)" -InternalUrl https://xmail02.carolinata.local/oab

and complete and IISReset (or recycle the MSExchangeAutodiscoverAppPool under the application pool of IIS)

check the outlook connectivity and ensure it is not trying to connect to xxx.com or any other unknown servers(look at the log tab under the test outlook connectivity window), ....

get the results after the changes,

Get-ClientAccessServer |fl Auto*,Origi*,Identity,Fqdn
Get-OABVirtualDirectory -Server xmail02 |fl int*,external*,OriginatingServer
Get-WebServicesVirtualDirectory -Server WIN-IJJKA6ARRKB |fl int*,external*

-Praveen
0
 
mydarkpassengerAuthor Commented:
Once i made this change. I now see the original pop up box as well as a certificate warning stating the name on the security certificate is invalid or does not match the name of the site.

server name is XMAIL02.carolinata.local
cert name is exchange.xxx.com
0
 
Praveen BalanSolution ArchitectCommented:
Could you post the result requested earlier(get cmdlets)... also the outlook connection details as mentioned in the previous post.

create a new profile on the outlook(or a new machine), see the error..

Please note that the certificate warning will be there until unless you buy or configure internal root CA to match with the internalURL of auto-discover(XMAIL02.carolinata.local).

-Praveen
0
 
Praveen BalanSolution ArchitectCommented:
you may follow the below article, if you wish to use https://exchange.xxx.com as your internal URL to avoid the certificate warning(no need to buy additional certificates).. (Split DNS concept)..

http://www.msexchange.org/articles_tutorials/exchange-server-2010/management-administration/exchange-autodiscover-part2.html

-Praveen
0
 
mydarkpassengerAuthor Commented:
AutoDiscoverServiceCN          : XMAIL02
AutoDiscoverServiceClassName   : ms-Exchange-AutoDiscover-Service
AutoDiscoverServiceInternalUri : https://Xmail02.xxx.local/autodiscover/autodiscover.xml
AutoDiscoverServiceGuid        : 77378f46-2c66-4aa9-a6a6-3e7a48b19596
AutoDiscoverSiteScope          : {Default-First-Site-Name}
OriginatingServer              : XDC01.xxx.local
Identity                       : XMAIL02
Fqdn                           : XMAIL02.xxx.local



InternalUrl                   : https://xmail02.xxx.local/oab
InternalAuthenticationMethods : {WindowsIntegrated}
ExternalUrl                   : https://exchange.xxx.com/OAB
ExternalAuthenticationMethods : {WindowsIntegrated}
OriginatingServer             : xDC01.xxx.local



InternalNLBBypassUrl          : https://xmail02.xxx.local/ews/exchange.asmx
InternalAuthenticationMethods : {Ntlm, WindowsIntegrated, WSSecurity}
InternalUrl                   : https://xmail02.xxx.local/ews/exchange.asmx
ExternalAuthenticationMethods : {Ntlm, WindowsIntegrated, WSSecurity}
ExternalUrl                   : https://exchange.xxx.com/ews/exchange.asmx

I have confirmed the Outlook test autoconfig is not pointing to any external domains

created a new profile and the error remains

I will change my internal urls back to resolve the certificate warning
0
 
Praveen BalanSolution ArchitectCommented:
okay, you may change the URLs to resolve the certificate warning,

I would suggest to create a internal DNS zone(Split DNS) named xxx.com and create A record for exchange.xxx.com poiting to the local IP address.. (as mentioned in the http://www.msexchange.org/articles_tutorials/exchange-server-2010/management-administration/exchange-autodiscover-part2.html post)

If the results are the same, I would request other experts to comment if they have any suggestions..

0
 
mydarkpassengerAuthor Commented:
Cert issue is fixed and I was already using the split DNS.
0
 
mydarkpassengerAuthor Commented:
Could there be any correlation to the Autodiscovervirtualdirectory internal URL/External URL settings?
0
 
Praveen BalanSolution ArchitectCommented:
when you set the internal URL, it updates the SCP in the sites and services of AD.

When any user launches outlook 2007 or newer versions, it will search Active Directory for a Service Connection Point (SCP) record. Each cas server registers it,...

So, finally you may check the SCP information from the AD sites and services, and ensure it matches with the changes we did on the autodiscover configuration. The changes we do using Set cmdlets normally updates correctly(I tried few time now in my LAB), however just in case.

http://www.howexchangeworks.com/2011/07/service-connection-point-scp-in.html

Also verify that the DNS resolves all the auto-discover URLs correctly.

0
 
Praveen BalanSolution ArchitectCommented:
hope you have single site in AD, if more than 1 AD site that has to be corrected in SCP details (keywords).
0
 
mydarkpassengerAuthor Commented:
Is there anyway I can clear out (set to blank) the internal and external url for the autodiscovery virtual directory? I believe around the time when I set these I started seeing this issue.

Only one active directory site.
0
 
Shivkumar SharmaConnect With a Mentor Operations Delivery ManagerCommented:
Autodiscover should be setup properly in Exchange 2007 server, Thats why I send the post

Refer this article religiously which is for 2007 but should work for 2010

http://www.exchange-genie.com/2007/07/exchange-2007-autodiscover-service-part-1/

Again telling you follow the above article to set it blank (In fron of External URL) dont mention anything
0
 
mydarkpassengerAuthor Commented:
Are there any logs I can check to see if the clients are having trouble connecting to the server via Autodiscover?
0
 
Shivkumar SharmaOperations Delivery ManagerCommented:
0
 
mydarkpassengerAuthor Commented:
I think I'm going to setup an additional cas server and point clients to it to see if a clean autodiscover config does the trick. Thanks for all the help
0
 
assafmanzurCommented:
The problem is connecting to public folder..
the public folder not supperted on xp client connected to PF2013 CU7
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.