Exchange 2010 Outlook Anywhere & External Autodiscovery
Hi,
Looking for some help in troubleshooting an issue I have with Outlook Anywhere and External Autodiscovery on our Exchange 2010 setup. We have 2 AD sites (same domain) with both sites having 2 combined CAS/HT servers and seperate mailbox servers. For the sake of this question, lets split them into site A and site B. Although we are due to implement HLB at both sites soon, it's not currently setup yet. However, the DNS address that will be used by clients to point to the CAS array is setup, but just pointing at a single CAS/HT server for now.
Services that are working fine are: OWA+ECP (Internally and Externally), OAB (Internally and Externally), Internal Autodiscovery but not external autodiscovery, Outlook Anywhere for clients with mailboxes at site A work fine, but not for users with mailboxes at site B.
I'm unsure whether the issue with External Autodiscovery is linked to OA not working?
Outlook Anywhere
For users who's mailbox is at site B, when you open Outlook (2010), it sometimes looks like it connects, but then it quickly goes back to a disconnected state. Microsoft RCA reports the following:
Testing RPC/HTTP connectivity.
The RPC/HTTP test failed.
Test Steps
Attempting to resolve the host name webmail.company.com in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 1.2.3.4
Testing TCP port 443 on host webmail.company.com to ensure it's listening and open.
The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
The certificate passed all validation requirements.
Test Steps
The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server webmail.company.com on port 443.
The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
Additional Details
Remote Certificate Subject: CN=webmail.company.com, OU=Domain Control Validated, Issuer: SERIALNUMBER=888888, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US.
Validating the certificate name.
The certificate name was validated successfully.
Additional Details
Host name webmail.company.com was found in the Certificate Subject Common name.
Certificate trust is being validated.
The certificate is trusted and all certificates are present in the chain.
Test Steps
The Microsoft Connectivity Analyzer is attempting to build certificate chains for certificate CN=webmail.company.com, OU=Domain Control Validated.
One or more certificate chains were constructed successfully.
Additional Details
A total of 1 chains were built. The highest quality chain ends in root certificate OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US.
Analyzing the certificate chains for compatibility problems with versions of Windows.
Potential compatibility problems were identified with some versions of Windows.
Additional Details
The Microsoft Connectivity Analyzer can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the "Update Root Certificates" feature isn't enabled.
Testing the certificate date to confirm the certificate is valid.
Date validation passed. The certificate hasn't expired.
Additional Details
The certificate is valid. NotBefore = 4/18/2013 8:30:36 AM, NotAfter = 4/12/2016 4:21:45 PM
Checking the IIS configuration for client certificate authentication.
Client certificate authentication wasn't detected.
Additional Details
Accept/Require Client Certificates isn't configured.
Testing HTTP Authentication Methods for URL https://webmail.company.com/rpc/rpcproxy.dll?ExSvrNLB.ad.local:6002.
The HTTP authentication methods are correct.
Additional Details
The Microsoft Connectivity Analyzer found all expected authentication methods and no disallowed methods. Methods found: Negotiate, NTLM
Testing SSL mutual authentication with the RPC proxy server.
Mutual authentication was verified successfully.
Additional Details
Certificate common name webmail.company.com matches msstd:webmail.company.com.
Attempting to ping RPC proxy webmail.company.com.
RPC Proxy can't be pinged.
Additional Details
An HTTP 401 Unauthorized response was received from the remote Unknown server. This is usually the result of an incorrect username or password. If you are attempting to log onto an Office 365 service, ensure you are using your full User Principal Name (UPN).
Headers received:
Connection: Keep-Alive
Content-Length: 58
Content-Type: text/html
Date: Wed, 25 Sep 2013 14:28:41 GMT
Server: Microsoft-IIS/7.5
WWW-Authenticate: Negotiate,NTLM
X-Powered-By: ASP.NET
--------------------------
External Autodiscovery
Results of MS RCA:
--------------------------
The Microsoft Connectivity Analyzer is attempting to test Autodiscover for joe.bloggs@company.com.
Testing Autodiscover failed.
Test Steps
Attempting each method of contacting the Autodiscover service.
The Autodiscover service couldn't be contacted successfully by any method.
Test Steps
Attempting to test potential Autodiscover URL https://company.com/AutoDiscover/AutoDiscover.xml
Testing of this potential Autodiscover URL failed.
Test Steps
Attempting to resolve the host name company.com in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 4.5.6.7
Testing TCP port 443 on host company.com to ensure it's listening and open.
The specified port is either blocked, not listening, or not producing the expected response.
Tell me more about this issue and how to resolve it
Additional Details
A network error occurred while communicating with the remote host.
Attempting to test potential Autodiscover URL https://autodiscover.company.com/AutoDiscover/AutoDiscover.xml
Testing of this potential Autodiscover URL failed.
Test Steps
Attempting to resolve the host name autodiscover.company.com in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 1.2.3.4
Testing TCP port 443 on host autodiscover.company.com to ensure it's listening and open.
The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
The certificate passed all validation requirements.
Test Steps
The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server autodiscover.company.com on port 443.
The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
Additional Details
Remote Certificate Subject: CN=webmail.company.com, OU=Domain Control Validated, Issuer: SERIALNUMBER=88888888, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US.
Validating the certificate name.
The certificate name was validated successfully.
Additional Details
Host name autodiscover.company.com was found in the Certificate Subject Alternative Name entry.
Testing the certificate date to confirm the certificate is valid.
Date validation passed. The certificate hasn't expired.
Additional Details
The certificate is valid. NotBefore = 4/18/2013 8:30:36 AM, NotAfter = 4/12/2016 4:21:45 PM
Checking the IIS configuration for client certificate authentication.
Client certificate authentication wasn't detected.
Additional Details
Accept/Require Client Certificates isn't configured.
Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
Autodiscover settings weren't obtained when the Autodiscover POST request was sent.
Test Steps
The Microsoft Connectivity Analyzer is attempting to retrieve an XML Autodiscover response from URL https://autodiscover.company.com/AutoDiscover/AutoDiscover.xml for user joe.bloggs@company.com.
The Microsoft Connectivity Analyzer failed to obtain an Autodiscover XML response.
Additional Details
An HTTP 500 response was returned from Unknown.
Headers received:
Connection: Keep-Alive
Content-Length: 0
Cache-Control: private
Date: Wed, 25 Sep 2013 14:34:13 GMT
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Attempting to contact the Autodiscover service using the HTTP redirect method.
The attempt to contact Autodiscover using the HTTP Redirect method failed.
Test Steps
Attempting to resolve the host name autodiscover.company.com in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 1.2.3.4
Testing TCP port 80 on host autodiscover.company.com to ensure it's listening and open.
The port was opened successfully.
The Microsoft Connectivity Analyzer is checking the host autodiscover.company.com for an HTTP redirect to the Autodiscover service.
The redirect (HTTP 301/302) response was received successfully.
Additional Details
Redirect URL: https://autodiscover.company.com/Autodiscover/Autodiscover.xml
Attempting to test potential Autodiscover URL https://autodiscover.company.com/Autodiscover/Autodiscover.xml
Testing of this potential Autodiscover URL failed.
Test Steps
Attempting to resolve the host name autodiscover.company.com in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 1.2.3.4
Testing TCP port 443 on host autodiscover.company.com to ensure it's listening and open.
The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
The certificate passed all validation requirements.
Test Steps
The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server autodiscover.company.com on port 443.
The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
Additional Details
Remote Certificate Subject: CN=webmail.company.com, OU=Domain Control Validated, Issuer: SERIALNUMBER=8888888, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US.
Validating the certificate name.
The certificate name was validated successfully.
Additional Details
Host name autodiscover.company.com was found in the Certificate Subject Alternative Name entry.
Testing the certificate date to confirm the certificate is valid.
Date validation passed. The certificate hasn't expired.
Additional Details
The certificate is valid. NotBefore = 4/18/2013 8:30:36 AM, NotAfter = 4/12/2016 4:21:45 PM
Checking the IIS configuration for client certificate authentication.
Client certificate authentication wasn't detected.
Additional Details
Accept/Require Client Certificates isn't configured.
Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
Autodiscover settings weren't obtained when the Autodiscover POST request was sent.
Test Steps
The Microsoft Connectivity Analyzer is attempting to retrieve an XML Autodiscover response from URL https://autodiscover.company.com/Autodiscover/Autodiscover.xml for user joe.bloggs@company.com.
The Microsoft Connectivity Analyzer failed to obtain an Autodiscover XML response.
Additional Details
An HTTP 500 response was returned from Unknown.
Headers received:
Connection: Keep-Alive
Content-Length: 0
Cache-Control: private
Date: Wed, 25 Sep 2013 14:34:14 GMT
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Attempting to contact the Autodiscover service using the DNS SRV redirect method.
The Microsoft Connectivity Analyzer failed to contact the Autodiscover service using the DNS SRV redirect method.
Test Steps
Attempting to locate SRV record _autodiscover._tcp.company
The Autodiscover SRV record wasn't found in DNS.
Tell me more about this issue and how to resolve it
--------------------------
Any ideas welcome!
Thanks
Tony
Looking for some help in troubleshooting an issue I have with Outlook Anywhere and External Autodiscovery on our Exchange 2010 setup. We have 2 AD sites (same domain) with both sites having 2 combined CAS/HT servers and seperate mailbox servers. For the sake of this question, lets split them into site A and site B. Although we are due to implement HLB at both sites soon, it's not currently setup yet. However, the DNS address that will be used by clients to point to the CAS array is setup, but just pointing at a single CAS/HT server for now.
Services that are working fine are: OWA+ECP (Internally and Externally), OAB (Internally and Externally), Internal Autodiscovery but not external autodiscovery, Outlook Anywhere for clients with mailboxes at site A work fine, but not for users with mailboxes at site B.
I'm unsure whether the issue with External Autodiscovery is linked to OA not working?
Outlook Anywhere
For users who's mailbox is at site B, when you open Outlook (2010), it sometimes looks like it connects, but then it quickly goes back to a disconnected state. Microsoft RCA reports the following:
Testing RPC/HTTP connectivity.
The RPC/HTTP test failed.
Test Steps
Attempting to resolve the host name webmail.company.com in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 1.2.3.4
Testing TCP port 443 on host webmail.company.com to ensure it's listening and open.
The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
The certificate passed all validation requirements.
Test Steps
The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server webmail.company.com on port 443.
The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
Additional Details
Remote Certificate Subject: CN=webmail.company.com, OU=Domain Control Validated, Issuer: SERIALNUMBER=888888, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US.
Validating the certificate name.
The certificate name was validated successfully.
Additional Details
Host name webmail.company.com was found in the Certificate Subject Common name.
Certificate trust is being validated.
The certificate is trusted and all certificates are present in the chain.
Test Steps
The Microsoft Connectivity Analyzer is attempting to build certificate chains for certificate CN=webmail.company.com, OU=Domain Control Validated.
One or more certificate chains were constructed successfully.
Additional Details
A total of 1 chains were built. The highest quality chain ends in root certificate OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US.
Analyzing the certificate chains for compatibility problems with versions of Windows.
Potential compatibility problems were identified with some versions of Windows.
Additional Details
The Microsoft Connectivity Analyzer can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the "Update Root Certificates" feature isn't enabled.
Testing the certificate date to confirm the certificate is valid.
Date validation passed. The certificate hasn't expired.
Additional Details
The certificate is valid. NotBefore = 4/18/2013 8:30:36 AM, NotAfter = 4/12/2016 4:21:45 PM
Checking the IIS configuration for client certificate authentication.
Client certificate authentication wasn't detected.
Additional Details
Accept/Require Client Certificates isn't configured.
Testing HTTP Authentication Methods for URL https://webmail.company.com/rpc/rpcproxy.dll?ExSvrNLB.ad.local:6002.
The HTTP authentication methods are correct.
Additional Details
The Microsoft Connectivity Analyzer found all expected authentication methods and no disallowed methods. Methods found: Negotiate, NTLM
Testing SSL mutual authentication with the RPC proxy server.
Mutual authentication was verified successfully.
Additional Details
Certificate common name webmail.company.com matches msstd:webmail.company.com.
Attempting to ping RPC proxy webmail.company.com.
RPC Proxy can't be pinged.
Additional Details
An HTTP 401 Unauthorized response was received from the remote Unknown server. This is usually the result of an incorrect username or password. If you are attempting to log onto an Office 365 service, ensure you are using your full User Principal Name (UPN).
Headers received:
Connection: Keep-Alive
Content-Length: 58
Content-Type: text/html
Date: Wed, 25 Sep 2013 14:28:41 GMT
Server: Microsoft-IIS/7.5
WWW-Authenticate: Negotiate,NTLM
X-Powered-By: ASP.NET
--------------------------
External Autodiscovery
Results of MS RCA:
--------------------------
The Microsoft Connectivity Analyzer is attempting to test Autodiscover for joe.bloggs@company.com.
Testing Autodiscover failed.
Test Steps
Attempting each method of contacting the Autodiscover service.
The Autodiscover service couldn't be contacted successfully by any method.
Test Steps
Attempting to test potential Autodiscover URL https://company.com/AutoDiscover/AutoDiscover.xml
Testing of this potential Autodiscover URL failed.
Test Steps
Attempting to resolve the host name company.com in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 4.5.6.7
Testing TCP port 443 on host company.com to ensure it's listening and open.
The specified port is either blocked, not listening, or not producing the expected response.
Tell me more about this issue and how to resolve it
Additional Details
A network error occurred while communicating with the remote host.
Attempting to test potential Autodiscover URL https://autodiscover.company.com/AutoDiscover/AutoDiscover.xml
Testing of this potential Autodiscover URL failed.
Test Steps
Attempting to resolve the host name autodiscover.company.com in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 1.2.3.4
Testing TCP port 443 on host autodiscover.company.com to ensure it's listening and open.
The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
The certificate passed all validation requirements.
Test Steps
The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server autodiscover.company.com on port 443.
The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
Additional Details
Remote Certificate Subject: CN=webmail.company.com, OU=Domain Control Validated, Issuer: SERIALNUMBER=88888888, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US.
Validating the certificate name.
The certificate name was validated successfully.
Additional Details
Host name autodiscover.company.com was found in the Certificate Subject Alternative Name entry.
Testing the certificate date to confirm the certificate is valid.
Date validation passed. The certificate hasn't expired.
Additional Details
The certificate is valid. NotBefore = 4/18/2013 8:30:36 AM, NotAfter = 4/12/2016 4:21:45 PM
Checking the IIS configuration for client certificate authentication.
Client certificate authentication wasn't detected.
Additional Details
Accept/Require Client Certificates isn't configured.
Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
Autodiscover settings weren't obtained when the Autodiscover POST request was sent.
Test Steps
The Microsoft Connectivity Analyzer is attempting to retrieve an XML Autodiscover response from URL https://autodiscover.company.com/AutoDiscover/AutoDiscover.xml for user joe.bloggs@company.com.
The Microsoft Connectivity Analyzer failed to obtain an Autodiscover XML response.
Additional Details
An HTTP 500 response was returned from Unknown.
Headers received:
Connection: Keep-Alive
Content-Length: 0
Cache-Control: private
Date: Wed, 25 Sep 2013 14:34:13 GMT
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Attempting to contact the Autodiscover service using the HTTP redirect method.
The attempt to contact Autodiscover using the HTTP Redirect method failed.
Test Steps
Attempting to resolve the host name autodiscover.company.com in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 1.2.3.4
Testing TCP port 80 on host autodiscover.company.com to ensure it's listening and open.
The port was opened successfully.
The Microsoft Connectivity Analyzer is checking the host autodiscover.company.com for an HTTP redirect to the Autodiscover service.
The redirect (HTTP 301/302) response was received successfully.
Additional Details
Redirect URL: https://autodiscover.company.com/Autodiscover/Autodiscover.xml
Attempting to test potential Autodiscover URL https://autodiscover.company.com/Autodiscover/Autodiscover.xml
Testing of this potential Autodiscover URL failed.
Test Steps
Attempting to resolve the host name autodiscover.company.com in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 1.2.3.4
Testing TCP port 443 on host autodiscover.company.com to ensure it's listening and open.
The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
The certificate passed all validation requirements.
Test Steps
The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server autodiscover.company.com on port 443.
The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
Additional Details
Remote Certificate Subject: CN=webmail.company.com, OU=Domain Control Validated, Issuer: SERIALNUMBER=8888888, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US.
Validating the certificate name.
The certificate name was validated successfully.
Additional Details
Host name autodiscover.company.com was found in the Certificate Subject Alternative Name entry.
Testing the certificate date to confirm the certificate is valid.
Date validation passed. The certificate hasn't expired.
Additional Details
The certificate is valid. NotBefore = 4/18/2013 8:30:36 AM, NotAfter = 4/12/2016 4:21:45 PM
Checking the IIS configuration for client certificate authentication.
Client certificate authentication wasn't detected.
Additional Details
Accept/Require Client Certificates isn't configured.
Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
Autodiscover settings weren't obtained when the Autodiscover POST request was sent.
Test Steps
The Microsoft Connectivity Analyzer is attempting to retrieve an XML Autodiscover response from URL https://autodiscover.company.com/Autodiscover/Autodiscover.xml for user joe.bloggs@company.com.
The Microsoft Connectivity Analyzer failed to obtain an Autodiscover XML response.
Additional Details
An HTTP 500 response was returned from Unknown.
Headers received:
Connection: Keep-Alive
Content-Length: 0
Cache-Control: private
Date: Wed, 25 Sep 2013 14:34:14 GMT
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Attempting to contact the Autodiscover service using the DNS SRV redirect method.
The Microsoft Connectivity Analyzer failed to contact the Autodiscover service using the DNS SRV redirect method.
Test Steps
Attempting to locate SRV record _autodiscover._tcp.company
The Autodiscover SRV record wasn't found in DNS.
Tell me more about this issue and how to resolve it
--------------------------
Any ideas welcome!
Thanks
Tony
suriyaehnop
Kindly look for this url http://support.microsoft.com/kb/940881
Autodiscover.example.com can only point at one location.
Does the second site have its own URL? If not then you are going to need to use proxying. That means no external URL configured in the second site.
Are you trying to use the same URLs across both sites?
Simon.
Does the second site have its own URL? If not then you are going to need to use proxying. That means no external URL configured in the second site.
Are you trying to use the same URLs across both sites?
Simon.
ASKER
Hi Simon - Sorry, forgot one (major) thing.... we have a TMG 2010 server in a DMZ which handles all web services (OWA, ECP, EWS, Autodiscovery etc). So the External URL on all CAS servers is null (blank), as per Microsoft recommendations. Effectively, non of the CAS servers are internet facing.
ASKER
Also - we have this in the TMG log for the client that tries to connect to OA...
Allowed Connection TMG-SERVER 25/09/2013 17:01:48
Log type: Web Proxy (Reverse)
Status: 401 Unauthorized
Rule: Outlook Anywhere
Source: External (1.1.1.1:49704)
Destination: Local Host (<internal-IP-of-CAS-serve
Request: RPC_OUT_DATA http://webmail.company.com/rpc/rpcproxy.dll?CAS-Array-name.domain.Local:6001
Filter information: Req ID: 0c8eb2ce; Compression: client=No, server=No, compress rate=0% decompress rate=0% ; FBA cookie: exists=no, valid=no, updated=no, logged off=no, client type=unknown, user activity=yes
Protocol: https
User: anonymous
.....and.....
Allowed Connection TMG-SERVER 25/09/2013 17:03:08
Log type: Web Proxy (Reverse)
Status: 500 Internal Server Error
Rule: Outlook Anywhere
Source: External (1.1.1.1:49644)
Destination: Local Host (<internal-IP-of-CAS-serve
Request: POST http://autodiscover.company.com/autodiscover/autodiscover.xml
Filter information: Req ID: 0c8eb2e5; Compression: client=No, server=No, compress rate=0% decompress rate=0% ; FBA cookie: exists=no, valid=no, updated=no, logged off=no, client type=unknown, user activity=yes
Protocol: https
User: anonymous
Allowed Connection TMG-SERVER 25/09/2013 17:01:48
Log type: Web Proxy (Reverse)
Status: 401 Unauthorized
Rule: Outlook Anywhere
Source: External (1.1.1.1:49704)
Destination: Local Host (<internal-IP-of-CAS-serve
Request: RPC_OUT_DATA http://webmail.company.com/rpc/rpcproxy.dll?CAS-Array-name.domain.Local:6001
Filter information: Req ID: 0c8eb2ce; Compression: client=No, server=No, compress rate=0% decompress rate=0% ; FBA cookie: exists=no, valid=no, updated=no, logged off=no, client type=unknown, user activity=yes
Protocol: https
User: anonymous
.....and.....
Allowed Connection TMG-SERVER 25/09/2013 17:03:08
Log type: Web Proxy (Reverse)
Status: 500 Internal Server Error
Rule: Outlook Anywhere
Source: External (1.1.1.1:49644)
Destination: Local Host (<internal-IP-of-CAS-serve
Request: POST http://autodiscover.company.com/autodiscover/autodiscover.xml
Filter information: Req ID: 0c8eb2e5; Compression: client=No, server=No, compress rate=0% decompress rate=0% ; FBA cookie: exists=no, valid=no, updated=no, logged off=no, client type=unknown, user activity=yes
Protocol: https
User: anonymous
Are you trying to use the same TMG server for both sites?
Simon.
Simon.
ASKER
Yes, there is only one TMG server. The Outlook Anywhere publishing rule has a server farm with all CAS servers in it (4 in total, 2 from site A and 2 from site B).
Pity you didn't mention TMG in the original question, as I wouldn't have touched it (never used TMG). It looks like the TMG is struggling to connect to the second server. Have you tested Outlook Anywhere internally to confirm it works for that second server?
Simon.
Simon.
ASKER
Hi Simon,
Would you not recommend using TMG to publish Exchange web services, or is it only because you’ve never used TMG? How would you test Outlook Anywhere internally… if I open Outlook then it connects directly to the CAS server (but not using RPC over HTTP). Can I force a client on the internal network to use RPC over HTTP to a particular CAS server?
Would you not recommend using TMG to publish Exchange web services, or is it only because you’ve never used TMG? How would you test Outlook Anywhere internally… if I open Outlook then it connects directly to the CAS server (but not using RPC over HTTP). Can I force a client on the internal network to use RPC over HTTP to a particular CAS server?
I haven't used it, so I cannot answer questions on it.
Recommending it is another matter - depends if you need the additional security it provides or not. Depends whether you are a target. If you are just selling widgets then probably not, if you are a bank or other financial group or someone with data that could be valuable, then maybe you do.
Exchange has a lot of testing tools built in - these all start in EMS with the test- command - so if you type test- and then press tab you will see them listed one at a time. You can get the full pramaters from Technet.
test-outlookwebservices, test-outlookconnectivity etc.
Simon.
Recommending it is another matter - depends if you need the additional security it provides or not. Depends whether you are a target. If you are just selling widgets then probably not, if you are a bank or other financial group or someone with data that could be valuable, then maybe you do.
Exchange has a lot of testing tools built in - these all start in EMS with the test- command - so if you type test- and then press tab you will see them listed one at a time. You can get the full pramaters from Technet.
test-outlookwebservices, test-outlookconnectivity etc.
Simon.
ASKER
Okay - thanks for your feedback Simon. One last question for you... since Microsoft don't support the use of CAS in a DMZ, what would you normally deploy for a reverse proxy for Exchange web services?
I haven't used a reverse proxy of any description for some time. Port 443 only straight thought to the CAS role.
Simon.
Simon.
ASKER
The use of TMG 2010 is a requirement for our company. Any further feedback on how to implement TMG 2010 as a reverse proxy server for Exchange 2010 would be very much welcomed...
Simon - many thanks for your input. Should anyone else be able to help, I will distribute the points accordingly when the question is answered.
Simon - many thanks for your input. Should anyone else be able to help, I will distribute the points accordingly when the question is answered.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Yep - I think you're right Simon.
I'll restructure the question and post as a Forefront-ISA topic.
Thanks again,
Tony
I'll restructure the question and post as a Forefront-ISA topic.
Thanks again,
Tony