Autodiscover

Verify the SSL configuration on the Autodiscover Virtual directory. It should be set to ignore client certificates. Restart IIS after the change.

Already set on ignore

When you browse to the Autodiscover directory that is the expected error. Nothing wrong here. That is because you are not Outlook, running a query to get the information.

If you got anything other than an error then I would say something was wrong.

What were you trying to achieve?

Simon.

Davorin. Not in office till Monday will post then.

Simon. I am trying to use out of office. It says cannot connect to server

The test you did doesn't prove anything for trying to resolve Out of Office issues. The only reason to browse to the Autodiscover site is to verify if you have SSL certificate issues.

The primary reasons that Autodiscover fails (and therefore OOTO doesn't work) are

- SSL trust issues.
- DNS issues
- The value of get-clientaccessserver | select identity, autodiscoverserviceinternaluri is wrong.

You have attempted to use the .local address, which means you are either using a self signed certificate or no certificate at all. Internal addresses are not allowed on trusted SSL certificates, so you need to use a split DNS system so that the external host names resolve internally and Exchange is adjusted to match.

http://semb.ee/hostnames

Simon.

Am back in office.

OS is Server 2012
Exchange is 2013
Error in Event Log is

Protocol /Autodiscover failed to process request from identity NT AUTHORITY\SYSTEM. Exception: Microsoft.Exchange.Data.Directory.ADTopologyUnexpectedException: Unexpected error when calling the Microsoft Exchange Active Directory Topology service on server 'TopologyClientTcpEndpoint (localhost)'. Error details: Access is denied.. ---> System.ServiceModel.Security.SecurityAccessDeniedException: Access is denied.

Server stack trace:
   at System.ServiceModel.Channels.ServiceChannel.ThrowIfFaultUnderstood(Message reply, MessageFault fault, String action, MessageVersion version, FaultConverter faultConverter)
   at System.ServiceModel.Channels.ServiceChannel.HandleReply(ProxyOperationRuntime operation, ProxyRpc& rpc)
   at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
   at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)

Exception rethrown at [0]:
   at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
   at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
   at Microsoft.Exchange.Data.Directory.TopologyDiscovery.ITopologyClient.GetServersForRole(String partitionFqdn, List`1 currentlyUsedServers, ADServerRole role, Int32 serversRequested)
   at Microsoft.Exchange.Data.Directory.ServiceTopologyProvider.<>c__DisplayClass10.<InternalGetServersForRole>b__f(IPooledServiceProxy`1 proxy)
   at Microsoft.Exchange.Net.ServiceProxyPool`1.TryCallServiceWithRetry(Action`1 action, String debugMessage, WCFConnectionStateTuple proxyToUse, Int32 numberOfRetries, Boolean doNotReturnProxyOnSuccess, Exception& exception)
   --- End of inner exception stack trace ---
   at Microsoft.Exchange.Data.Directory.ServiceTopologyProvider.GetConfigDCInfo(String partitionFqdn, Boolean throwOnFailure)
   at Microsoft.Exchange.Data.Directory.TopologyProvider.PopulateConfigNamingContexts(String partitionFqdn)
   at Microsoft.Exchange.Data.Directory.TopologyProvider.GetConfigurationNamingContext(String partitionFqdn)
   at Microsoft.Exchange.Data.Directory.ADSession.GetConfigurationNamingContext(String partitionFqdn)
   at Microsoft.Exchange.Data.Directory.ADDataSession.GetNamingContext(ADNamingContext adNamingContext)
   at Microsoft.Exchange.Data.Directory.ADDataSession.GetConnection(String preferredServer, Boolean isWriteOperation, String optionalBaseDN, ADObjectId& rootId, ADScope scope)
   at Microsoft.Exchange.Data.Directory.ADDataSession.GetReadConnection(String preferredServer, String optionalBaseDN, ADObjectId& rootId, ADRawEntry scopeDeteriminingObject, DualSearchMode dualSearchMode)
   at Microsoft.Exchange.Data.Directory.ADDataSession.Find(ADObjectId rootId, String optionalBaseDN, ADObjectId readId, QueryScope scope, QueryFilter filter, SortBy sortBy, Int32 maxResults, IEnumerable`1 properties, CreateObjectDelegate objectCreator, CreateObjectsDelegate arrayCreator, Boolean includeDeletedObjects)
   at Microsoft.Exchange.Data.Directory.ADDataSession.Find[TResult](ADObjectId rootId, QueryScope scope, QueryFilter filter, SortBy sortBy, Int32 maxResults, IEnumerable`1 properties, Boolean includeDeletedObjects)
   at Microsoft.Exchange.Data.Directory.SystemConfiguration.ADTopologyConfigurationSession.FindLocalServer()
   at Microsoft.Exchange.Data.Directory.SystemConfiguration.LocalServer.GetServer()
   at Microsoft.Exchange.Security.Authentication.BackendRehydrationModule.IsTokenSerializationAllowed(WindowsIdentity windowsIdentity)
   at Microsoft.Exchange.Security.Authentication.BackendRehydrationModule.ProcessRequest(HttpContext httpContext)
   at Microsoft.Exchange.Security.Authentication.BackendRehydrationModule.OnAuthenticateRequest(Object source, EventArgs args).



AND ALSO

Process w3wp.exe (AutoDisc) (PID=12844). WCF request (Get Servers for purtills.local) to the Microsoft Exchange Active Directory Topology service on server (TopologyClientTcpEndpoint (localhost)) failed. Make sure that the service is running. In addition, make sure that the network ports that are used by Microsoft Exchange Active Directory Topology service are not blocked by a firewall. The WCF call was retried 1 time(s). Error Details
 System.ServiceModel.Security.SecurityAccessDeniedException: Access is denied.

Server stack trace:
   at System.ServiceModel.Channels.ServiceChannel.ThrowIfFaultUnderstood(Message reply, MessageFault fault, String action, MessageVersion version, FaultConverter faultConverter)
   at System.ServiceModel.Channels.ServiceChannel.HandleReply(ProxyOperationRuntime operation, ProxyRpc& rpc)
   at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
   at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)

Exception rethrown at [0]:
   at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
   at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
   at Microsoft.Exchange.Data.Directory.TopologyDiscovery.ITopologyClient.GetServersForRole(String partitionFqdn, List`1 currentlyUsedServers, ADServerRole role, Int32 serversRequested)
   at Microsoft.Exchange.Data.Directory.ServiceTopologyProvider.<>c__DisplayClass10.<InternalGetServersForRole>b__f(IPooledServiceProxy`1 proxy)
   at Microsoft.Exchange.Net.ServiceProxyPool`1.TryCallServiceWithRetry(Action`1 action, String debugMessage, WCFConnectionStateTuple proxyToUse, Int32 numberOfRetries, Boolean doNotReturnProxyOnSuccess, Exception& exception)

Which version of Exchange 2013 is it? RTM, CU1, CU2 or CU3?

Simon.

Not a hundred percent sure but i think it is RTM.

Also when i go to https://exchangeaserver.purtills.local/autodiscover/autodiscover.xml or https://mail.purtills.local/autodiscover/autodiscover.xml
now it ask for user / pass
i enter it and it shows a error 600 page

That is the expected behaviour.
You aren't Outlook, which means the result is not going to be valid.

If the server is at RTM I would start by installing CU3.

Simon.

Downloading CU3 now

after installing CU3 1 server (exchange) can send recieve emails (only the mailbox users that are hosted on that server can!) and our second server (exchangeaserver) cannot recieve or send emails. All emails to mailboxes on exchangeaserver are on the exchange server. This is the error i get in eventvwr when retrying to deliver emails out of Exchange ToolBox Queue Monitor.



Log Name:      Application
Source:        MSExchange ADAccess
Date:          4/02/2014 5:08:43 PM
Event ID:      4027
Task Category: General
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      Exchange.purtills.local
Description:
Process w3wp.exe (PID=5992). WCF request (Get Servers for purtills.local) to the Microsoft Exchange Active Directory Topology service on server (TopologyClientTcpEndpoint (localhost)) failed. Make sure that the service is running. In addition, make sure that the network ports that are used by Microsoft Exchange Active Directory Topology service are not blocked by a firewall. The WCF call was retried 1 time(s). Error Details
 System.ServiceModel.Security.SecurityAccessDeniedException: Access is denied.

Server stack trace:
   at System.ServiceModel.Channels.ServiceChannel.ThrowIfFaultUnderstood(Message reply, MessageFault fault, String action, MessageVersion version, FaultConverter faultConverter)
   at System.ServiceModel.Channels.ServiceChannel.HandleReply(ProxyOperationRuntime operation, ProxyRpc& rpc)
   at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
   at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)

Exception rethrown at [0]:
   at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
   at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
   at Microsoft.Exchange.Data.Directory.TopologyDiscovery.ITopologyClient.GetServersForRole(String partitionFqdn, List`1 currentlyUsedServers, ADServerRole role, Int32 serversRequested)
   at Microsoft.Exchange.Data.Directory.ServiceTopologyProvider.<>c__DisplayClass10.<InternalGetServersForRole>b__f(IPooledServiceProxy`1 proxy)
   at Microsoft.Exchange.Net.ServiceProxyPool`1.TryCallServiceWithRetry(Action`1 action, String debugMessage, WCFConnectionStateTuple proxyToUse, Int32 numberOfRetries, Boolean doNotReturnProxyOnSuccess, Exception& exception)
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="MSExchange ADAccess" />
    <EventID Qualifiers="49156">4027</EventID>
    <Level>2</Level>
    <Task>1</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2014-02-04T06:08:43.000000000Z" />
    <EventRecordID>786407</EventRecordID>
    <Channel>Application</Channel>
    <Computer>Exchange.purtills.local</Computer>
    <Security />
  </System>
  <EventData>
    <Data>w3wp.exe</Data>
    <Data>5992</Data>
    <Data>Get Servers for purtills.local</Data>
    <Data>TopologyClientTcpEndpoint (localhost)</Data>
    <Data>1</Data>
    <Data>System.ServiceModel.Security.SecurityAccessDeniedException: Access is denied.

Server stack trace:
   at System.ServiceModel.Channels.ServiceChannel.ThrowIfFaultUnderstood(Message reply, MessageFault fault, String action, MessageVersion version, FaultConverter faultConverter)
   at System.ServiceModel.Channels.ServiceChannel.HandleReply(ProxyOperationRuntime operation, ProxyRpc&amp; rpc)
   at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
   at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)

Exception rethrown at [0]:
   at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
   at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData&amp; msgData, Int32 type)
   at Microsoft.Exchange.Data.Directory.TopologyDiscovery.ITopologyClient.GetServersForRole(String partitionFqdn, List`1 currentlyUsedServers, ADServerRole role, Int32 serversRequested)
   at Microsoft.Exchange.Data.Directory.ServiceTopologyProvider.&lt;&gt;c__DisplayClass10.&lt;InternalGetServersForRole&gt;b__f(IPooledServiceProxy`1 proxy)
   at Microsoft.Exchange.Net.ServiceProxyPool`1.TryCallServiceWithRetry(Action`1 action, String debugMessage, WCFConnectionStateTuple proxyToUse, Int32 numberOfRetries, Boolean doNotReturnProxyOnSuccess, Exception&amp; exception)</Data>
  </EventData>
</Event>

An access denied error is unusual.
Is there anything odd about the network or Exchange install? Using a service account for example? Is the network particularly locked down?
My instinct is this is something outside of Exchange. Did the install go through correctly? No errors or steps skipped?

Simon.

Successfully completed all steps

What about my other queries? Exchange usually works straight out of the box, unless the install was bad, or more commonly, there is something odd about the host network configuration.

Simon.

Network seems fine can ping both servers and ads from each exchange

Exchange is running again, reinstalled the CU3 update on offending server and sorted itself, so i assume something went wrong in the installation of CU3

still have same issue with autodiscover