Outlook 2007 / Exchange 2007 Issue
Hi,
Having an issue with a client Network we inherited. For some reason when a user opens up Outlook 2007 they are continually prompted to authenticate against autodiscover.domainname.co
For now I have just stopped the IIS sites so users can continue using Outlook in there office.
If any body can help on this issue then it would be much appreciated I can give more information if it is needed. Thank you in advance for any help.
Having an issue with a client Network we inherited. For some reason when a user opens up Outlook 2007 they are continually prompted to authenticate against autodiscover.domainname.co
For now I have just stopped the IIS sites so users can continue using Outlook in there office.
If any body can help on this issue then it would be much appreciated I can give more information if it is needed. Thank you in advance for any help.
ASKER
Hi,
Thank you for your swift response. The 3rd party SSL certificate only has one SAN on it and that is for there external website: webmail.domain.com. As the certificate is not a UC certificate I don't think the issuer would allow a extra SAN to be placed on there. However I have worked on a few servers that do not have a UC certificate and it works ok so I don't think this is the issue.
When I ping autodiscover.domain.com it resolves to the internal IP of the server which I believe is what it should do. As all the clients can ping autodiscover.domain.com and get the internal IP of the server why do we get errors when testing autoconfiguration in Outlook?
Since they use a ISA server do you think the error I get when testing OutlookwebServices has anything to do with there set up. I get the "the remote server returned an error: (407) Proxy Authentication Required". Then "The Autodiscover service could not be contacted".
Another note - when trying to browse https://autodiscover.domain.com/autodiscover/autodiscover.xml the page cannot load. Am I correct in thinking that the page should load up and display a load of XML text?
Exchange Server is not up to date with the latest SP3 as we have not long inherited it. This should not matter though should it?
Thank you for your swift response. The 3rd party SSL certificate only has one SAN on it and that is for there external website: webmail.domain.com. As the certificate is not a UC certificate I don't think the issuer would allow a extra SAN to be placed on there. However I have worked on a few servers that do not have a UC certificate and it works ok so I don't think this is the issue.
When I ping autodiscover.domain.com it resolves to the internal IP of the server which I believe is what it should do. As all the clients can ping autodiscover.domain.com and get the internal IP of the server why do we get errors when testing autoconfiguration in Outlook?
Since they use a ISA server do you think the error I get when testing OutlookwebServices has anything to do with there set up. I get the "the remote server returned an error: (407) Proxy Authentication Required". Then "The Autodiscover service could not be contacted".
Another note - when trying to browse https://autodiscover.domain.com/autodiscover/autodiscover.xml the page cannot load. Am I correct in thinking that the page should load up and display a load of XML text?
Exchange Server is not up to date with the latest SP3 as we have not long inherited it. This should not matter though should it?
Well it's firstly best to ensure you're working with an up to date server, to ensure any known issues are addressed and give you peace of mind long term. I'd recommend as a first step, have a full valid backup of the server and get the server up to the latest service pack.
Yes you're correct you don't need a UCC certificate, however if the additional SANs are not there, then you need to make sure the relevant SRV records are set up to ensure Outlook knows where to look.
Take a look at scenario 2 on the following link: http://technet.microsoft.c
In reply to your question, yes when visiting autodiscover.domain.com, you should have some XML text listed.
Yes you're correct you don't need a UCC certificate, however if the additional SANs are not there, then you need to make sure the relevant SRV records are set up to ensure Outlook knows where to look.
Take a look at scenario 2 on the following link: http://technet.microsoft.c
In reply to your question, yes when visiting autodiscover.domain.com, you should have some XML text listed.
ASKER
A valid Service Record exists in DNS which points to autodisocver.domain.com. When I visit autodisocver.domain.com I get an error saying IE cannot display this webpage. When testing OutlookwebServices via EMS I get "Found a valid service connection point" but then get the same error "Proxy Authentication requires".
Outlook knows where to look as it says it has found the correct URL through the SCP. JUst after that it fails and gives various errors.
Do you think the issue may be linked with ISA as that is the Proxy and Firewall for this network. Everything else seems ok with there set up. All the virtual directories have the correct permission and URL's it is just bizarre that the web services cannot be started as it causes Outlook to constantly prompt for password when trying to connect autodiscover.domain.com.
Thank you for all your help so far. If you require any more information I can give it.
Outlook knows where to look as it says it has found the correct URL through the SCP. JUst after that it fails and gives various errors.
Do you think the issue may be linked with ISA as that is the Proxy and Firewall for this network. Everything else seems ok with there set up. All the virtual directories have the correct permission and URL's it is just bizarre that the web services cannot be started as it causes Outlook to constantly prompt for password when trying to connect autodiscover.domain.com.
Thank you for all your help so far. If you require any more information I can give it.
Maybe a good idea to take a look at your ISA server. What version is your ISA server? How is the proxy setup on your network?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Because i found the solution.
Does the 3rd party SSL certificate have autodiscover.domain.com on it?
Should do, you may need to add an additional SAN on the certificate, if your provider allows.
If you ping autodiscover.domain.com internally, does it resolve to the external WAN IP or internal Exchange 2007 server?
If resolving externally, create a new forward lookup zone called autodiscover.domain.com and new root record to point to your Exchange 2007 server.
That most likely is your issue, apart from the usual, is your Exchange server up to date on SP3? Is Outlook 2003 on SP3?
Please let us know how you get along?