[Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

OWA and Activesync not working (Exchange 2007)

Posted on 2014-08-10
12
Medium Priority
?
576 Views
Last Modified: 2014-08-12
Getting "The resource you are looking for has been removed, had its name changed, or is temporarily unavailable." when trying to access OWA from outside and "HTTP Error 404.0 - Not Found" when trying from localhost. A little history... When it came time to renew the SSL Cert I realized that .local domains where no longer allowed. At this point I followed the instructions here: https://www.networking4all.com/en/support/ssl+certificates/manuals/microsoft/exchange+2007/modify+.local/

The new certificate was now able to be applied and email is flowing fine but access to OWA and cell phone use with active sync is not working.

If anyone else has experienced this and/or knows what I need to do to get it working again I'd really appreciate it!

Thanks.
0
Comment
Question by:korona102
  • 8
  • 4
12 Comments
 

Author Comment

by:korona102
ID: 40252135
This is the result of "get-WebServicesVirtualDirectory |fl"

I changed the actual names of the server and domain. I hope this helps.


InternalNLBBypassUrl                        : https://myserver.mydomain.local/EWS/Exchange.asmx
Name                                                   : EWS (SBS Web Applications)
InternalAuthenticationMethods        : {Ntlm, WindowsIntegrated, Basic}
ExternalAuthenticationMethods        : {Ntlm, WindowsIntegrated, Basic}
BasicAuthentication                            : True
DigestAuthentication                          : False
WindowsAuthentication                     : True
MetabasePath                                     : IIS://myserver.mydomain.local/W3SVC/3/ROOT/EWS
Path                                                     : C:\Program Files\Microsoft\Exchange Server\ClientAccess\exchweb\EWS
Server                                                  : myserver
InternalUrl                                          : https://remote.mydomain.com/ews/exchange.asmx
ExternalUrl                                          : https://remote.mydomain.com/EWS/Exchange.asmx
AdminDisplayName                           :
ExchangeVersion                                : 0.1 (8.0.535.0)
DistinguishedName                           : CN=EWS (SBS Web                           Applications),CN=HTTP,CN=Protocols,CN=myserver,CN=Servers,CN=Exchange Admin
                                istrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=First Organization,CN=Mic
                                rosoft Exchange,CN=Services,CN=Configuration,DC=mydomain,DC=local
Identity                                              : myserver\EWS (SBS Web Applications)
Guid                                                  : 59a0ec7b-2c08-4ebc-933c-2eed23b91d85
ObjectCategory                                : mydomain.local/Configuration/Schema/ms-Exch-Web-Services-Virtual-Directory
ObjectClass                                      : {top, msExchVirtualDirectory, msExchWebServicesVirtualDirectory}
WhenChanged                                   : 8/8/2014 7:07:59 PM
WhenCreated                                     : 3/27/2010 6:53:16 PM
OriginatingServer                               : myserver.mydomain.local
IsValid                                                  : True
0
 
LVL 19

Expert Comment

by:Adam Farage
ID: 40252402
Erm..

Two things:

1) is there an internal forwarding lookup zone for mydomain.com? This is important, since your actual domain is .local, and although it would work the issue here is that your traffic would go outside and then swing on in..

2) Is your PUBLIC DNS A records for remote.mydomain.com set properly?

3) Dont just recycle the IIS virtual directory, that sometimes wont fix this. Run the following:

IISRESET /NOFORCE

Open in new window


Once this is done, retest.
0
 

Author Comment

by:korona102
ID: 40252740
Thanks for the response Adam.

1) There is a forward lookup zone for remote.mydomain.com, not mydomain.com.
2) I believe the PUBLIC DNS A record is set properly. It has not been changed and was working prior to this. Should it have been modified?
3) I performed the IISRESET /NOFORCE. Symptoms remain the same.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 19

Expert Comment

by:Adam Farage
ID: 40253019
the forward lookup zone should be (technically) mydomain.com. This would allow you to add the autodiscover.mydomain.com and remote.mydomain.com in there. Since you said you had .local before, I would expect this not to exist unless you did a split domain setup previously.

The last thing I would check is the firewall / DNS. It is hard to troubleshoot this without the real FQDN for us to do some testing, but check out testexchangeconnectivity.com and let us know what those reports show as.
0
 

Author Comment

by:korona102
ID: 40253071
Thanks again Adam. I really need to get this working so here is the real FQDN: remote.whitestarllc.com
0
 

Author Comment

by:korona102
ID: 40253090
The Microsoft Connectivity Analyzer is testing Exchange ActiveSync.
The Exchange ActiveSync test failed.
Additional Details
Elapsed Time: 4177 ms.
Test Steps
Attempting the Autodiscover and Exchange ActiveSync test (if requested).
Testing of Autodiscover for Exchange ActiveSync failed.
Additional Details
Elapsed Time: 4173 ms.
Test Steps
Attempting each method of contacting the Autodiscover service.
The Autodiscover service couldn't be contacted successfully by any method.
Additional Details
Elapsed Time: 4173 ms.
Test Steps
Attempting to test potential Autodiscover URL https://whitestarllc.com:443/Autodiscover/Autodiscover.xml
Testing of this potential Autodiscover URL failed.
Additional Details
Elapsed Time: 745 ms.
Test Steps
Attempting to resolve the host name whitestarllc.com in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 192.185.144.27
Elapsed Time: 281 ms.
Testing TCP port 443 on host whitestarllc.com to ensure it's listening and open.
The port was opened successfully.
Additional Details
Elapsed Time: 237 ms.
Testing the SSL certificate to make sure it's valid.
The SSL certificate failed one or more certificate validation checks.
Additional Details
Elapsed Time: 226 ms.
Test Steps
The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server whitestarllc.com on port 443.
The Microsoft Connectivity Analyzer wasn't able to obtain the remote SSL certificate.
Additional Details
The certificate couldn't be validated because SSL negotiation wasn't successful. This could have occurred as a result of a network error or because of a problem with the certificate installation.
Elapsed Time: 161 ms.
Attempting to test potential Autodiscover URL https://autodiscover.whitestarllc.com:443/Autodiscover/Autodiscover.xml
Testing of this potential Autodiscover URL failed.
Additional Details
Elapsed Time: 758 ms.
Test Steps
Attempting to resolve the host name autodiscover.whitestarllc.com in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 192.185.144.27
Elapsed Time: 268 ms.
Testing TCP port 443 on host autodiscover.whitestarllc.com to ensure it's listening and open.
The port was opened successfully.
Additional Details
Elapsed Time: 275 ms.
Testing the SSL certificate to make sure it's valid.
The SSL certificate failed one or more certificate validation checks.
Additional Details
Elapsed Time: 214 ms.
Test Steps
The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server autodiscover.whitestarllc.com on port 443.
The Microsoft Connectivity Analyzer wasn't able to obtain the remote SSL certificate.
Additional Details
The certificate couldn't be validated because SSL negotiation wasn't successful. This could have occurred as a result of a network error or because of a problem with the certificate installation.
Elapsed Time: 154 ms.
Attempting to contact the Autodiscover service using the HTTP redirect method.
The attempt to contact Autodiscover using the HTTP Redirect method failed.
Additional Details
Elapsed Time: 2589 ms.
Test Steps
Attempting to resolve the host name autodiscover.whitestarllc.com in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 192.185.144.27
Elapsed Time: 34 ms.
Testing TCP port 80 on host autodiscover.whitestarllc.com to ensure it's listening and open.
The port was opened successfully.
Additional Details
Elapsed Time: 126 ms.
The Microsoft Connectivity Analyzer is checking the host autodiscover.whitestarllc.com for an HTTP redirect to the Autodiscover service.
The redirect (HTTP 301/302) response was received successfully.
Additional Details
Redirect URL: https://cpanelemaildiscovery.cpanel.net/autodiscover/autodiscover.xmlHTTP Response Headers: Connection: keep-alive Content-Length: 0 Content-Type: application/xml Date: Mon, 11 Aug 2014 13:26:05 GMT Location: https://cpanelemaildiscovery.cpanel.net/autodiscover/autodiscover.xml Server: nginx/1.6.1
Elapsed Time: 278 ms.
Attempting to test potential Autodiscover URL https://cpanelemaildiscovery.cpanel.net/autodiscover/autodiscover.xml
Testing of this potential Autodiscover URL failed.
Additional Details
Elapsed Time: 2150 ms.
Test Steps
Attempting to resolve the host name cpanelemaildiscovery.cpanel.net in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 208.74.123.82, 208.74.124.130, 208.74.124.133, 208.74.125.50, 208.74.125.51
Elapsed Time: 170 ms.
Testing TCP port 443 on host cpanelemaildiscovery.cpanel.net to ensure it's listening and open.
The port was opened successfully.
Additional Details
Elapsed Time: 162 ms.
Testing the SSL certificate to make sure it's valid.
The certificate passed all validation requirements.
Additional Details
Elapsed Time: 384 ms.
Test Steps
The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server cpanelemaildiscovery.cpanel.net on port 443.
The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
Additional Details
Remote Certificate Subject: CN=*.cpanel.net, OU=Domain Control Validated, Issuer: CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US.
Elapsed Time: 241 ms.
Validating the certificate name.
The certificate name was validated successfully.
Additional Details
The host name that was found, cpanelemaildiscovery.cpanel.net, is a wildcard certificate match for common name *.cpanel.net.
Elapsed Time: 0 ms.
Certificate trust is being validated.
The certificate is trusted and all certificates are present in the chain.
Test Steps
The Microsoft Connectivity Analyzer is attempting to build certificate chains for certificate CN=*.cpanel.net, OU=Domain Control Validated.
One or more certificate chains were constructed successfully.
Additional Details
A total of 2 chains were built. The highest quality chain ends in root certificate OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US.
Elapsed Time: 44 ms.
Analyzing the certificate chains for compatibility problems with versions of Windows.
Potential compatibility problems were identified with some versions of Windows.
Additional Details
The Microsoft Connectivity Analyzer can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the "Update Root Certificates" feature isn't enabled.
Elapsed Time: 6 ms.
Testing the certificate date to confirm the certificate is valid.
Date validation passed. The certificate hasn't expired.
Additional Details
The certificate is valid. NotBefore = 4/29/2014 3:54:32 PM, NotAfter = 10/18/2016 5:19:12 AM
Elapsed Time: 0 ms.
Checking the IIS configuration for client certificate authentication.
Client certificate authentication wasn't detected.
Additional Details
Accept/Require Client Certificates isn't configured.
Elapsed Time: 291 ms.
Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
Autodiscover settings weren't obtained when the Autodiscover POST request was sent.
Additional Details
Elapsed Time: 1141 ms.
Test Steps
The Microsoft Connectivity Analyzer is attempting to retrieve an XML Autodiscover response from URL https://cpanelemaildiscovery.cpanel.net/autodiscover/autodiscover.xml for user mkelly@whitestarllc.com.
The Autodiscover XML response was successfully retrieved.
Additional Details
An HTTPS redirect was received in response to the Autodiscover request. The redirect URL is https://exchange.whitestarllc.com/autodiscover/autodiscover.xml.HTTP Response Headers: Connection: close Content-Length: 0 Content-Type: text/xml Date: Mon, 11 Aug 2014 13:26:04 GMT Location: https://exchange.whitestarllc.com/autodiscover/autodiscover.xml Server: Apache/2.2.23 (Unix) mod_ssl/2.2.23 OpenSSL/0.9.8e-fips-rhel5 mod_perl/2.0.5 Perl/v5.8.8
Elapsed Time: 348 ms.
Attempting to test potential Autodiscover URL https://exchange.whitestarllc.com/autodiscover/autodiscover.xml
Testing of this potential Autodiscover URL failed.
Additional Details
Elapsed Time: 792 ms.
Test Steps
Attempting to resolve the host name exchange.whitestarllc.com in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 192.185.144.27
Elapsed Time: 370 ms.
Testing TCP port 443 on host exchange.whitestarllc.com to ensure it's listening and open.
The port was opened successfully.
Additional Details
Elapsed Time: 233 ms.
Testing the SSL certificate to make sure it's valid.
The SSL certificate failed one or more certificate validation checks.
Additional Details
Elapsed Time: 188 ms.
Test Steps
The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server exchange.whitestarllc.com on port 443.
The Microsoft Connectivity Analyzer wasn't able to obtain the remote SSL certificate.
Additional Details
The certificate couldn't be validated because SSL negotiation wasn't successful. This could have occurred as a result of a network error or because of a problem with the certificate installation.
Elapsed Time: 124 ms.
Attempting to contact the Autodiscover service using the DNS SRV redirect method.
The Microsoft Connectivity Analyzer failed to contact the Autodiscover service using the DNS SRV redirect method.
Additional Details
Elapsed Time: 80 ms.
Test Steps
Attempting to locate SRV record _autodiscover._tcp.whitestarllc.com in DNS.
The Autodiscover SRV record wasn't found in DNS.
Tell me more about this issue and how to resolve it
Additional Details
Elapsed Time: 80 ms.
0
 

Author Comment

by:korona102
ID: 40253248
I created the forward lookup zone of whitestarllc.com and placed these Host (A)'s in it:

remote
wsdc
autodiscover

all with the same internal IP.

Is that correct?
0
 

Author Comment

by:korona102
ID: 40253264
What's bothering me about this is that when I go to https://localhost/owa I'm getting "Server Error in Application 'Default Web Site'  - HTTP Error 404.0 - Not found.

If it's not working internally it certainly cannot work externally, right?
0
 
LVL 19

Expert Comment

by:Adam Farage
ID: 40253802
Correct, but when I go to autodiscover.company.com/autodiscover/autodiscover.xml I get the following error:

(Error code: ssl_error_rx_record_too_long)

I have never seen this error before, which shocks me honestly. I will look into that error, but I would recommend you look at that also. I would also recommend resetting the OWA virtual directory (http://technet.microsoft.com/en-us/library/ff629372%28v=exchg.141%29.aspx). Once that is done, reconfigure the OWA virtual directory.
0
 

Author Comment

by:korona102
ID: 40253910
Thanks for sticking with me :-) I'm trying to reset the OWA virtual directory using the EMC portion of the instructions you provided. In step #2 it says: "In the action pane, click Reset Client Access Virtual Directory."

That option is not there. See attached.
OWAVD.PNG
0
 

Author Comment

by:korona102
ID: 40254314
Progress...

I deleted and recreated the OWA Virtual Directory using Remove-OwaVirtualDirectory “owa (Default Web Site)” & New-OwaVirtualDirectory -OwaVersion “Exchange2007″ -Name “owa (Default Web Site)”

Then I configured the new one with the appropriate internal and external URLs.

OWA is now working.

Still trying to get ActiveSync to work though.
0
 
LVL 19

Accepted Solution

by:
Adam Farage earned 2000 total points
ID: 40254848
Do the same thing for ActiveSync. Sorry for the late reply, its been a crazy start of the week!

I would do the same for ActiveSync (the virtual directory reset). Something went wacky there when you did the certificate change, and I think should resolve it completely.
0

Featured Post

Vote for the Most Valuable Expert

It’s time to recognize experts that go above and beyond with helpful solutions and engagement on site. Choose from the top experts in the Hall of Fame or on the right rail of your favorite topic page. Look for the blue “Nominate” button on their profile to vote.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Mailbox Corruption is a nightmare every Exchange DBA wishes he never has. Recovering from it can be super-hectic if not entirely futile. And though techniques like the New-MailboxRepairRequest cmdlet have been designed to help with fixing minor corr…
There can be many situations demanding the conversion of Outlook OST files to PST format and as such, there is no shortage of automated tools to perform this conversion. However, what makes Stellar OST to PST converter stand above the rest? Let us e…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
Whether it be Exchange Server Crash Issues, Dirty Shutdown Errors or Failed to mount error, Stellar Phoenix Mailbox Exchange Recovery has always got your back. With the help of its easy to understand user interface and 3 simple steps recovery proced…
Suggested Courses

865 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question