OWA and Activesync not working (Exchange 2007)

Getting "The resource you are looking for has been removed, had its name changed, or is temporarily unavailable." when trying to access OWA from outside and "HTTP Error 404.0 - Not Found" when trying from localhost. A little history... When it came time to renew the SSL Cert I realized that .local domains where no longer allowed. At this point I followed the instructions here: https://www.networking4all.com/en/support/ssl+certificates/manuals/microsoft/exchange+2007/modify+.local/

The new certificate was now able to be applied and email is flowing fine but access to OWA and cell phone use with active sync is not working.

If anyone else has experienced this and/or knows what I need to do to get it working again I'd really appreciate it!

Thanks.
korona102Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

korona102Author Commented:
This is the result of "get-WebServicesVirtualDirectory |fl"

I changed the actual names of the server and domain. I hope this helps.


InternalNLBBypassUrl                        : https://myserver.mydomain.local/EWS/Exchange.asmx
Name                                                   : EWS (SBS Web Applications)
InternalAuthenticationMethods        : {Ntlm, WindowsIntegrated, Basic}
ExternalAuthenticationMethods        : {Ntlm, WindowsIntegrated, Basic}
BasicAuthentication                            : True
DigestAuthentication                          : False
WindowsAuthentication                     : True
MetabasePath                                     : IIS://myserver.mydomain.local/W3SVC/3/ROOT/EWS
Path                                                     : C:\Program Files\Microsoft\Exchange Server\ClientAccess\exchweb\EWS
Server                                                  : myserver
InternalUrl                                          : https://remote.mydomain.com/ews/exchange.asmx
ExternalUrl                                          : https://remote.mydomain.com/EWS/Exchange.asmx
AdminDisplayName                           :
ExchangeVersion                                : 0.1 (8.0.535.0)
DistinguishedName                           : CN=EWS (SBS Web                           Applications),CN=HTTP,CN=Protocols,CN=myserver,CN=Servers,CN=Exchange Admin
                                istrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=First Organization,CN=Mic
                                rosoft Exchange,CN=Services,CN=Configuration,DC=mydomain,DC=local
Identity                                              : myserver\EWS (SBS Web Applications)
Guid                                                  : 59a0ec7b-2c08-4ebc-933c-2eed23b91d85
ObjectCategory                                : mydomain.local/Configuration/Schema/ms-Exch-Web-Services-Virtual-Directory
ObjectClass                                      : {top, msExchVirtualDirectory, msExchWebServicesVirtualDirectory}
WhenChanged                                   : 8/8/2014 7:07:59 PM
WhenCreated                                     : 3/27/2010 6:53:16 PM
OriginatingServer                               : myserver.mydomain.local
IsValid                                                  : True
0
Adam FarageEnterprise ArchCommented:
Erm..

Two things:

1) is there an internal forwarding lookup zone for mydomain.com? This is important, since your actual domain is .local, and although it would work the issue here is that your traffic would go outside and then swing on in..

2) Is your PUBLIC DNS A records for remote.mydomain.com set properly?

3) Dont just recycle the IIS virtual directory, that sometimes wont fix this. Run the following:

IISRESET /NOFORCE

Open in new window


Once this is done, retest.
0
korona102Author Commented:
Thanks for the response Adam.

1) There is a forward lookup zone for remote.mydomain.com, not mydomain.com.
2) I believe the PUBLIC DNS A record is set properly. It has not been changed and was working prior to this. Should it have been modified?
3) I performed the IISRESET /NOFORCE. Symptoms remain the same.
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Adam FarageEnterprise ArchCommented:
the forward lookup zone should be (technically) mydomain.com. This would allow you to add the autodiscover.mydomain.com and remote.mydomain.com in there. Since you said you had .local before, I would expect this not to exist unless you did a split domain setup previously.

The last thing I would check is the firewall / DNS. It is hard to troubleshoot this without the real FQDN for us to do some testing, but check out testexchangeconnectivity.com and let us know what those reports show as.
0
korona102Author Commented:
Thanks again Adam. I really need to get this working so here is the real FQDN: remote.whitestarllc.com
0
korona102Author Commented:
The Microsoft Connectivity Analyzer is testing Exchange ActiveSync.
The Exchange ActiveSync test failed.
Additional Details
Elapsed Time: 4177 ms.
Test Steps
Attempting the Autodiscover and Exchange ActiveSync test (if requested).
Testing of Autodiscover for Exchange ActiveSync failed.
Additional Details
Elapsed Time: 4173 ms.
Test Steps
Attempting each method of contacting the Autodiscover service.
The Autodiscover service couldn't be contacted successfully by any method.
Additional Details
Elapsed Time: 4173 ms.
Test Steps
Attempting to test potential Autodiscover URL https://whitestarllc.com:443/Autodiscover/Autodiscover.xml
Testing of this potential Autodiscover URL failed.
Additional Details
Elapsed Time: 745 ms.
Test Steps
Attempting to resolve the host name whitestarllc.com in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 192.185.144.27
Elapsed Time: 281 ms.
Testing TCP port 443 on host whitestarllc.com to ensure it's listening and open.
The port was opened successfully.
Additional Details
Elapsed Time: 237 ms.
Testing the SSL certificate to make sure it's valid.
The SSL certificate failed one or more certificate validation checks.
Additional Details
Elapsed Time: 226 ms.
Test Steps
The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server whitestarllc.com on port 443.
The Microsoft Connectivity Analyzer wasn't able to obtain the remote SSL certificate.
Additional Details
The certificate couldn't be validated because SSL negotiation wasn't successful. This could have occurred as a result of a network error or because of a problem with the certificate installation.
Elapsed Time: 161 ms.
Attempting to test potential Autodiscover URL https://autodiscover.whitestarllc.com:443/Autodiscover/Autodiscover.xml
Testing of this potential Autodiscover URL failed.
Additional Details
Elapsed Time: 758 ms.
Test Steps
Attempting to resolve the host name autodiscover.whitestarllc.com in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 192.185.144.27
Elapsed Time: 268 ms.
Testing TCP port 443 on host autodiscover.whitestarllc.com to ensure it's listening and open.
The port was opened successfully.
Additional Details
Elapsed Time: 275 ms.
Testing the SSL certificate to make sure it's valid.
The SSL certificate failed one or more certificate validation checks.
Additional Details
Elapsed Time: 214 ms.
Test Steps
The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server autodiscover.whitestarllc.com on port 443.
The Microsoft Connectivity Analyzer wasn't able to obtain the remote SSL certificate.
Additional Details
The certificate couldn't be validated because SSL negotiation wasn't successful. This could have occurred as a result of a network error or because of a problem with the certificate installation.
Elapsed Time: 154 ms.
Attempting to contact the Autodiscover service using the HTTP redirect method.
The attempt to contact Autodiscover using the HTTP Redirect method failed.
Additional Details
Elapsed Time: 2589 ms.
Test Steps
Attempting to resolve the host name autodiscover.whitestarllc.com in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 192.185.144.27
Elapsed Time: 34 ms.
Testing TCP port 80 on host autodiscover.whitestarllc.com to ensure it's listening and open.
The port was opened successfully.
Additional Details
Elapsed Time: 126 ms.
The Microsoft Connectivity Analyzer is checking the host autodiscover.whitestarllc.com for an HTTP redirect to the Autodiscover service.
The redirect (HTTP 301/302) response was received successfully.
Additional Details
Redirect URL: https://cpanelemaildiscovery.cpanel.net/autodiscover/autodiscover.xmlHTTP Response Headers: Connection: keep-alive Content-Length: 0 Content-Type: application/xml Date: Mon, 11 Aug 2014 13:26:05 GMT Location: https://cpanelemaildiscovery.cpanel.net/autodiscover/autodiscover.xml Server: nginx/1.6.1
Elapsed Time: 278 ms.
Attempting to test potential Autodiscover URL https://cpanelemaildiscovery.cpanel.net/autodiscover/autodiscover.xml
Testing of this potential Autodiscover URL failed.
Additional Details
Elapsed Time: 2150 ms.
Test Steps
Attempting to resolve the host name cpanelemaildiscovery.cpanel.net in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 208.74.123.82, 208.74.124.130, 208.74.124.133, 208.74.125.50, 208.74.125.51
Elapsed Time: 170 ms.
Testing TCP port 443 on host cpanelemaildiscovery.cpanel.net to ensure it's listening and open.
The port was opened successfully.
Additional Details
Elapsed Time: 162 ms.
Testing the SSL certificate to make sure it's valid.
The certificate passed all validation requirements.
Additional Details
Elapsed Time: 384 ms.
Test Steps
The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server cpanelemaildiscovery.cpanel.net on port 443.
The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
Additional Details
Remote Certificate Subject: CN=*.cpanel.net, OU=Domain Control Validated, Issuer: CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US.
Elapsed Time: 241 ms.
Validating the certificate name.
The certificate name was validated successfully.
Additional Details
The host name that was found, cpanelemaildiscovery.cpanel.net, is a wildcard certificate match for common name *.cpanel.net.
Elapsed Time: 0 ms.
Certificate trust is being validated.
The certificate is trusted and all certificates are present in the chain.
Test Steps
The Microsoft Connectivity Analyzer is attempting to build certificate chains for certificate CN=*.cpanel.net, OU=Domain Control Validated.
One or more certificate chains were constructed successfully.
Additional Details
A total of 2 chains were built. The highest quality chain ends in root certificate OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US.
Elapsed Time: 44 ms.
Analyzing the certificate chains for compatibility problems with versions of Windows.
Potential compatibility problems were identified with some versions of Windows.
Additional Details
The Microsoft Connectivity Analyzer can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the "Update Root Certificates" feature isn't enabled.
Elapsed Time: 6 ms.
Testing the certificate date to confirm the certificate is valid.
Date validation passed. The certificate hasn't expired.
Additional Details
The certificate is valid. NotBefore = 4/29/2014 3:54:32 PM, NotAfter = 10/18/2016 5:19:12 AM
Elapsed Time: 0 ms.
Checking the IIS configuration for client certificate authentication.
Client certificate authentication wasn't detected.
Additional Details
Accept/Require Client Certificates isn't configured.
Elapsed Time: 291 ms.
Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
Autodiscover settings weren't obtained when the Autodiscover POST request was sent.
Additional Details
Elapsed Time: 1141 ms.
Test Steps
The Microsoft Connectivity Analyzer is attempting to retrieve an XML Autodiscover response from URL https://cpanelemaildiscovery.cpanel.net/autodiscover/autodiscover.xml for user mkelly@whitestarllc.com.
The Autodiscover XML response was successfully retrieved.
Additional Details
An HTTPS redirect was received in response to the Autodiscover request. The redirect URL is https://exchange.whitestarllc.com/autodiscover/autodiscover.xml.HTTP Response Headers: Connection: close Content-Length: 0 Content-Type: text/xml Date: Mon, 11 Aug 2014 13:26:04 GMT Location: https://exchange.whitestarllc.com/autodiscover/autodiscover.xml Server: Apache/2.2.23 (Unix) mod_ssl/2.2.23 OpenSSL/0.9.8e-fips-rhel5 mod_perl/2.0.5 Perl/v5.8.8
Elapsed Time: 348 ms.
Attempting to test potential Autodiscover URL https://exchange.whitestarllc.com/autodiscover/autodiscover.xml
Testing of this potential Autodiscover URL failed.
Additional Details
Elapsed Time: 792 ms.
Test Steps
Attempting to resolve the host name exchange.whitestarllc.com in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 192.185.144.27
Elapsed Time: 370 ms.
Testing TCP port 443 on host exchange.whitestarllc.com to ensure it's listening and open.
The port was opened successfully.
Additional Details
Elapsed Time: 233 ms.
Testing the SSL certificate to make sure it's valid.
The SSL certificate failed one or more certificate validation checks.
Additional Details
Elapsed Time: 188 ms.
Test Steps
The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server exchange.whitestarllc.com on port 443.
The Microsoft Connectivity Analyzer wasn't able to obtain the remote SSL certificate.
Additional Details
The certificate couldn't be validated because SSL negotiation wasn't successful. This could have occurred as a result of a network error or because of a problem with the certificate installation.
Elapsed Time: 124 ms.
Attempting to contact the Autodiscover service using the DNS SRV redirect method.
The Microsoft Connectivity Analyzer failed to contact the Autodiscover service using the DNS SRV redirect method.
Additional Details
Elapsed Time: 80 ms.
Test Steps
Attempting to locate SRV record _autodiscover._tcp.whitestarllc.com in DNS.
The Autodiscover SRV record wasn't found in DNS.
Tell me more about this issue and how to resolve it
Additional Details
Elapsed Time: 80 ms.
0
korona102Author Commented:
I created the forward lookup zone of whitestarllc.com and placed these Host (A)'s in it:

remote
wsdc
autodiscover

all with the same internal IP.

Is that correct?
0
korona102Author Commented:
What's bothering me about this is that when I go to https://localhost/owa I'm getting "Server Error in Application 'Default Web Site'  - HTTP Error 404.0 - Not found.

If it's not working internally it certainly cannot work externally, right?
0
Adam FarageEnterprise ArchCommented:
Correct, but when I go to autodiscover.company.com/autodiscover/autodiscover.xml I get the following error:

(Error code: ssl_error_rx_record_too_long)

I have never seen this error before, which shocks me honestly. I will look into that error, but I would recommend you look at that also. I would also recommend resetting the OWA virtual directory (http://technet.microsoft.com/en-us/library/ff629372%28v=exchg.141%29.aspx). Once that is done, reconfigure the OWA virtual directory.
0
korona102Author Commented:
Thanks for sticking with me :-) I'm trying to reset the OWA virtual directory using the EMC portion of the instructions you provided. In step #2 it says: "In the action pane, click Reset Client Access Virtual Directory."

That option is not there. See attached.
OWAVD.PNG
0
korona102Author Commented:
Progress...

I deleted and recreated the OWA Virtual Directory using Remove-OwaVirtualDirectory “owa (Default Web Site)” & New-OwaVirtualDirectory -OwaVersion “Exchange2007″ -Name “owa (Default Web Site)”

Then I configured the new one with the appropriate internal and external URLs.

OWA is now working.

Still trying to get ActiveSync to work though.
0
Adam FarageEnterprise ArchCommented:
Do the same thing for ActiveSync. Sorry for the late reply, its been a crazy start of the week!

I would do the same for ActiveSync (the virtual directory reset). Something went wacky there when you did the certificate change, and I think should resolve it completely.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.