?
Solved

Outlook 2007 / Exchange 2007 Issue

Posted on 2012-08-29
7
Medium Priority
?
759 Views
Last Modified: 2012-09-08
Hi,

Having an issue with a client Network we inherited. For some reason when a user opens up Outlook 2007 they are continually prompted to authenticate against autodiscover.domainname.com. Regardless of how many times users enter the correct credentials the box keeps reappearing. I have been troubleshooting the issue today and have realised that when the IIS Sites needed for Exchange Web Services are stopped this issue stops and Outlook works fine. Soon as the sites are started the issue with the password prompt reappears in Outlook. I have ran some tests today from both the Client Outlook and the Exchange Management Shell. Upon testing aoutoconfiguration settings in Outlook it says it auto discover to https://autodiscover.domainname.com failed (0x80004005). When I run the cmdlet test-outlookwebservices from the EMS it returns with an error: 407 Proxy Authentication required. The company has a valid 3rd party SSL certificate for use with OWA. For some reason they are also have 3 more self signed certificates that are used internally.

For now I have just stopped the IIS sites so users can continue using Outlook in there office.

If any body can help on this issue then it would be much appreciated I can give more information if it is needed. Thank you in advance for any help.
0
Comment
Question by:AshGhai
  • 4
  • 3
7 Comments
 
LVL 18

Expert Comment

by:Netflo
ID: 38346031
Hi,

Does the 3rd party SSL certificate have autodiscover.domain.com on it?
Should do, you may need to add an additional SAN on the certificate, if your provider allows.

If you ping autodiscover.domain.com internally, does it resolve to the external WAN IP or internal Exchange 2007 server?
If resolving externally, create a new  forward lookup zone called autodiscover.domain.com and new root record to point to your Exchange 2007 server.

That most likely is your issue, apart from the usual, is your Exchange server up to date on SP3? Is Outlook 2003 on SP3?

Please let us know how you get along?
0
 

Author Comment

by:AshGhai
ID: 38349278
Hi,

Thank you for your swift response. The 3rd party SSL certificate only has one SAN on it and that is for there external website: webmail.domain.com. As the certificate is not a UC certificate I don't think the issuer would allow a extra SAN to be placed on there. However I have worked on a few servers that do not have a UC certificate and it works ok so I don't think this is the issue.
When I ping autodiscover.domain.com it resolves to the internal IP of the server which I believe is what it should do. As all the clients can ping autodiscover.domain.com and get the internal IP of the server why do we get errors when testing autoconfiguration in Outlook?

Since they use a ISA server do you think the error I get when testing OutlookwebServices has anything to do with there set up. I get the "the remote server returned an error: (407) Proxy Authentication Required". Then "The Autodiscover service could not be contacted".
Another note - when trying to browse https://autodiscover.domain.com/autodiscover/autodiscover.xml the page cannot load. Am I correct in thinking that the page should load up and display a load of XML text?

Exchange Server is not up to date with the latest SP3 as we have not long inherited it. This should not matter though should it?
0
 
LVL 18

Expert Comment

by:Netflo
ID: 38349485
Well it's firstly best to ensure you're working with an up to date server, to ensure any known issues are addressed and give you peace of mind long term. I'd recommend as a first step, have a full valid backup of the server and get the server up to the latest service pack.

Yes you're correct you don't need a UCC certificate, however if the additional SANs are not there, then you need to make sure the relevant SRV records are set up to ensure Outlook knows where to look.

Take a look at scenario 2 on the following link: http://technet.microsoft.com/en-us/library/bb332063.aspx

In reply to your question, yes when visiting autodiscover.domain.com, you should have some XML text listed.
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 

Author Comment

by:AshGhai
ID: 38350020
A valid Service Record exists in DNS which points to autodisocver.domain.com. When I visit autodisocver.domain.com I get an error saying IE cannot display this webpage. When testing OutlookwebServices via EMS I get "Found a valid service connection point" but then get the same error "Proxy Authentication requires".

Outlook knows where to look as it says it has found the correct URL through the SCP. JUst after that it fails and gives various errors.

Do you think the issue may be linked with ISA as that is the Proxy and Firewall for this network. Everything else seems ok with there set up. All the virtual directories have the correct permission and URL's it is just bizarre that the web services cannot be started as it causes Outlook to constantly prompt for password when trying to connect autodiscover.domain.com.

Thank you for all your help so far. If you require any more information I can give it.
0
 
LVL 18

Expert Comment

by:Netflo
ID: 38352577
Maybe a good idea to take a look at your ISA server. What version is your ISA server? How is the proxy setup on your network?
0
 

Accepted Solution

by:
AshGhai earned 0 total points
ID: 38361812
Hi

i finally found the issue.. it was a simple fix, as usual!!..

Had to simply add an exception in the proxy settings on the IE to exclude *.internaldomain name

And that fixed the problem.

Thanks for all your help guys.

Ash
0
 

Author Closing Comment

by:AshGhai
ID: 38379010
Because i found the solution.
0

Featured Post

Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If something goes wrong with Exchange, your IT resources are in trouble.All Exchange server migration processes are not designed to be identical and though migrating email from on-premises Exchange mailbox to Cloud’s Office 365 is relatively simple…
Stellar Exchange Toolkit: this 5 in 1 toolkit comes loaded with mega-software tool. Here’s an introduction to tools’ usage and advantages:
how to add IIS SMTP to handle application/Scanner relays into office 365.
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…
Suggested Courses
Course of the Month16 days, 23 hours left to enroll

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question