Solved

New Ex2010 Server Fails Remote Connectivity Tests - OWA Not Working

Posted on 2013-01-15
4
649 Views
Last Modified: 2013-01-24
Hello,

We have and Ex2007 and EX2010 server running together.   Some users moved over to new EX2010 server.   External DNS points to new server.   Users on EX2010 can send/receive email internally and externally no problems.   OWA and ActiveSync do not work.
 EX2007 users continue to work fine.
Looks like AutoDiscover service not configured properly on EX2010.

There is a conflict with autodiscover in that it always accesses the IP address of the server hosting our website and gets a certificate error, which may be part of the problem.   Here is the text from the test:

Attempting the Autodiscover and Exchange ActiveSync test (if requested).
       Testing of Autodiscover for Exchange ActiveSync failed.
                   Test Steps
                   Attempting each method of contacting the Autodiscover service.
       The Autodiscover service couldn't be contacted successfully by any method.
                   Test Steps
                   Attempting to test potential Autodiscover URL https://calvaryspringfield.org/AutoDiscover/AutoDiscover.xml
       Testing of this potential Autodiscover URL failed.
                   Test Steps

      Attempting to test potential Autodiscover URL https://autodiscover.calvaryspringfield.org/AutoDiscover/AutoDiscover.xml
       Testing of this potential Autodiscover URL failed.
                   Test Steps
                   Attempting to resolve the host name autodiscover.calvaryspringfield.org in DNS.
       The host name resolved successfully.
                   Additional Details

      Testing TCP port 443 on host autodiscover.calvaryspringfield.org to ensure it's listening and open.
       The port was opened successfully.
      Testing the SSL certificate to make sure it's valid.
       The certificate passed all validation requirements.
                   Test Steps

      Checking the IIS configuration for client certificate authentication.
       Client certificate authentication wasn't detected.
                   Additional Details

      Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
       Autodiscover settings weren't obtained when the Autodiscover POST request was sent.
                   Test Steps
                   ExRCA is attempting to retrieve an XML Autodiscover response from URL https://autodiscover.calvaryspringfield.org/AutoDiscover/AutoDiscover.xml for user azueck@calvaryspringfield.org.
       ExRCA failed to obtain an Autodiscover XML response.
                   Additional Details
       An HTTP 401 Unauthorized response was received from the remote Unknown server. This is usually the result of an incorrect username or password. If you are attempting to log onto an Office 365 service, ensure you are using your full User Principal Name (UPN).


Not sure what is happening here, but may be external DNS setting complicating the issue.
When I test to the EX2007 server it works.  For example if I enter calvaryspringfield.org in a browser URL, it redirects to our website, www.calvaryspringfield.org, which corresponds to the certificate error and I think why the user name is invalid, since it does not exist on their server.   The puzzling thing is why it works for a user on the EX2007 server.  I obviously have something wrong.....  Need help.  Please advise.  Thanks.
0
Comment
Question by:rstuemke
  • 2
4 Comments
 

Author Comment

by:rstuemke
ID: 38780120
OK.... update..... this problem has been around for awhile and cannot find answer.  BUT, today, I tried something else.

Our users in Active Directory are only allowed to logon to certain PCs.  As a result, I must also add to their account logon properties, the ability to log onto our Exchange Server.  They all had the EX2007 server in their list of PCs they can log onto and I added the new Exchange Server.   But they still cannot log on.  As a test, to help be get a handle on this, I modified a test account that was not working, to be able to log onto all computers.  The remote connectivity test worked.   Changed user account properties back to select PCs and it failed.  Repeated test with same results.   However, it only seems to work with one userid.

I did something....... not sure what..... used to be able to access EX2007 accounts thru EX2010 OWA.  Now cannot.  Get this error:  A server configuration change is temporarily preventing access to your account.
0
 
LVL 18

Accepted Solution

by:
suriyaehnop earned 500 total points
ID: 38781540
0
 
LVL 37

Expert Comment

by:ArneLovius
ID: 38782061
This might be of use http://technet.microsoft.com/en-gb/exdeploy2010/default.aspx#Index

Both the 2010 and the 207 CAS roles should be Internet accessible. The 2010 server should have a SAN certificate that covers autodisocover.domain.com, hostname.domain.com, the ful internal name and the internal short name, the 2007 server should have a SAN certificate that covers hostname.domain.com, its internal name and its internal short name

The 2007 needs to be publicly accessible as access to it is redirected not proxied.
0
 

Author Closing Comment

by:rstuemke
ID: 38814819
Thanks.  Sorry for delay in answering.  Was tied up with the server all week.
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question