keith li
asked on
Can not connect Outlook Anywhere in exchange 2013
Dear All
Currently i have a exchange 2013, and i,m planning to setup outlook anywhere, already applied a 3rd party certificate from startcom and successfully imported to the exchange server, and below is the screenshot from exchange 2013 and outlook 2013, any area i have done wrong ? from outlook 2013 i wont be able to connect to outlook anywhere, Hope anyone can help with this, Thanks !
Keith
Currently i have a exchange 2013, and i,m planning to setup outlook anywhere, already applied a 3rd party certificate from startcom and successfully imported to the exchange server, and below is the screenshot from exchange 2013 and outlook 2013, any area i have done wrong ? from outlook 2013 i wont be able to connect to outlook anywhere, Hope anyone can help with this, Thanks !
Keith
On pictire no.3 could you click on services. Need to verify does the certificate had been assigned to any services
Yes, it is correct, could you run connectivity analyzer again, and upload the full of testing in xml format
ASKER
There you go in english version
<?xml version="1.0" encoding="UTF-8"?>
-<testresult elapsedMilliseconds="28025 " additionaldetails="" resultdescription="The Outlook connectivity test completed successfully." testdescription="Testing Outlook connectivity." contentUrl="" errorid="00000000-0000-000 0-0000-000 000000000" status="SuccessWithWarning s">
-<children>
-<testresult elapsedMilliseconds="3652" additionaldetails="" resultdescription="Autodis cover was tested successfully." testdescription="The Microsoft Connectivity Analyzer is attempting to test Autodiscover for keith@gemmali.hk." contentUrl="" errorid="00000000-0000-000 0-0000-000 000000000" status="SuccessWithWarning s">
-<children>
-<testresult elapsedMilliseconds="3652" additionaldetails="" resultdescription="The Autodiscover service was tested successfully." testdescription="Attemptin g each method of contacting the Autodiscover service." contentUrl="" errorid="00000000-0000-000 0-0000-000 000000000" status="SuccessWithWarning s">
-<children>
-<testresult elapsedMilliseconds="3651" additionaldetails="" resultdescription="Testing of the Autodiscover URL was successful." testdescription="Attemptin g to test potential Autodiscover URL https://gemmali.hk:443/Autodiscover/Autodiscover.xml" contentUrl="" errorid="00000000-0000-000 0-0000-000 000000000" status="SuccessWithWarning s">
-<children>
-<testresult elapsedMilliseconds="497" additionaldetails="IP addresses returned: 113.28.54.219" resultdescription="The host name resolved successfully." testdescription="Attemptin g to resolve the host name gemmali.hk in DNS." contentUrl="" errorid="00000000-0000-000 0-0000-000 000000000" status="Success">
<children/>
</testresult>
-<testresult elapsedMilliseconds="433" additionaldetails="" resultdescription="The port was opened successfully." testdescription="Testing TCP port 443 on host gemmali.hk to ensure it's listening and open." contentUrl="" errorid="00000000-0000-000 0-0000-000 000000000" status="Success">
<children/>
</testresult>
-<testresult elapsedMilliseconds="428" additionaldetails="" resultdescription="The certificate passed all validation requirements." testdescription="Testing the SSL certificate to make sure it's valid." contentUrl="" errorid="734044ef-11c2-4e3 0-9ee6-450 d49e9d92c" status="SuccessWithWarning s">
-<children>
-<testresult elapsedMilliseconds="334" additionaldetails="Remote Certificate Subject: E=piaakit@hotmail.com, CN=webmail.gemmali.hk, C=HK, Description=yJfW7J71X96VnY R1, Issuer: CN=StartCom Class 1 Primary Intermediate Server CA, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL." resultdescription="The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate." testdescription="The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server gemmali.hk on port 443." contentUrl="" errorid="00000000-0000-000 0-0000-000 000000000" status="Success">
<children/>
</testresult>
-<testresult elapsedMilliseconds="1" additionaldetails="Host name gemmali.hk was found in the Certificate Subject Alternative Name entry." resultdescription="The certificate name was validated successfully." testdescription="Validatin g the certificate name." contentUrl="" errorid="00000000-0000-000 0-0000-000 000000000" status="Success">
<children/>
</testresult>
-<testresult additionaldetails="" resultdescription="The certificate is trusted and all certificates are present in the chain." testdescription="Certifica te trust is being validated." contentUrl="" errorid="734044ef-11c2-4e3 0-9ee6-450 d49e9d92c" status="SuccessWithWarning s">
-<children>
-<testresult elapsedMilliseconds="37" additionaldetails="A total of 1 chains were built. The highest quality chain ends in root certificate CN=StartCom Certification Authority, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL." resultdescription="One or more certificate chains were constructed successfully." testdescription="The Microsoft Connectivity Analyzer is attempting to build certificate chains for certificate E=piaakit@hotmail.com, CN=webmail.gemmali.hk, C=HK, Description=yJfW7J71X96VnY R1." contentUrl="" errorid="00000000-0000-000 0-0000-000 000000000" status="Success">
<children/>
</testresult>
-<testresult elapsedMilliseconds="5" additionaldetails="The Microsoft Connectivity Analyzer can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the "Update Root Certificates" feature isn't enabled." resultdescription="Potenti al compatibility problems were identified with some versions of Windows." testdescription="Analyzing the certificate chains for compatibility problems with versions of Windows." contentUrl="" errorid="1339c33a-8f21-427 b-a323-4ce e1a13f517" status="Warning">
<children/>
</testresult>
</children>
</testresult>
-<testresult elapsedMilliseconds="0" additionaldetails="The certificate is valid. NotBefore = 10/17/2014 9:10:05 PM, NotAfter = 10/19/2015 4:36:33 AM" resultdescription="Date validation passed. The certificate hasn't expired." testdescription="Testing the certificate date to confirm the certificate is valid." contentUrl="" errorid="00000000-0000-000 0-0000-000 000000000" status="Success">
<children/>
</testresult>
</children>
</testresult>
-<testresult elapsedMilliseconds="627" additionaldetails="Accept/ Require Client Certificates isn't configured." resultdescription="Client certificate authentication wasn't detected." testdescription="Checking the IIS configuration for client certificate authentication." contentUrl="" errorid="00000000-0000-000 0-0000-000 000000000" status="Success">
<children/>
</testresult>
-<testresult elapsedMilliseconds="1664" additionaldetails="" resultdescription="The Microsoft Connectivity Analyzer successfully retrieved Autodiscover settings by sending an Autodiscover POST." testdescription="Attemptin g to send an Autodiscover POST request to potential Autodiscover URLs." contentUrl="" errorid="00000000-0000-000 0-0000-000 000000000" status="Success">
-<children>
-<testresult elapsedMilliseconds="1663" additionaldetails="Autodis cover Account Settings XML response: <?xml version="1.0"?> <Autodiscover xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006"> <Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a"> <User> <DisplayName>keith li</DisplayName> <LegacyDN>/o=pro/ou=Exchan ge Administrative Group (FYDIBOHF23SPDLT)/cn=Recip ients/cn=2 1e53d57fa3 d4a8c8fd9f 7159db06e6 1-keith li</LegacyDN> <DeploymentId>b9fd9747-305 9-44b3-9c6 9-7dda73a2 4d80</Depl oymentId> </User> <Account> <AccountType>email</Accoun tType> <Action>settings</Action> <Protocol> <Type>EXCH</Type> <Server>d24b9d17-f357-4a3b -bf4b-0344 cb48e3b2@g emmali.hk< /Server> <ServerDN>/o=pro/ou=Exchan ge Administrative Group (FYDIBOHF23SPDLT)/cn=Confi guration/c n=Servers/ cn=d24b9d1 7-f357-4a3 b-bf4b-034 4cb48e3b2@ gemmali.hk </ServerDN > <ServerVersion>73C08204</S erverVersi on> <MdbDN>/o=pro/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Confi guration/c n=Servers/ cn=d24b9d1 7-f357-4a3 b-bf4b-034 4cb48e3b2@ gemmali.hk /cn=Micros oft Private MDB</MdbDN> <ASUrl>https://exserver.proserv.com/EWS/Exchange.asmx</ASUrl> <OOFUrl>https://exserver.proserv.com/EWS/Exchange.asmx</OOFUrl> <OABUrl>https://exserver.proserv.com/OAB/e804bf95-f608-4cc0-94bf-86d6595ab3f6/</OABUrl> <UMUrl>https://exserver.proserv.com/EWS/UM2007Legacy.asmx</UMUrl> <Port>0</Port> <DirectoryPort>0</Director yPort> <ReferralPort>0</ReferralP ort> <PublicFolderServer>exserv er.proserv .com</Publ icFolderSe rver> <AD>exserver.proserv.com</ AD> <EwsUrl>https://exserver.proserv.com/EWS/Exchange.asmx</EwsUrl> <EmwsUrl>https://exserver.proserv.com/EWS/Exchange.asmx</EmwsUrl> <EcpUrl>https://exserver.proserv.com/ecp/</EcpUrl> <EcpUrl-um>?rfr=olk&p= customize/ voicemail. aspx&e xsvurl=1&a mp;realm=p roserv.com </EcpUrl-u m> <EcpUrl-aggr>?rfr=olk& p=personal settings/E mailSubscr iptions.sl ab&exs vurl=1& ;realm=pro serv.com</ EcpUrl-agg r> <EcpUrl-mt>PersonalSetting s/Delivery Report.asp x?rfr=olk& amp;exsvur l=1&Is OWA=<Is OWA>&am p;MsgID=&l t;MsgID> ;&Mbx= <Mbx> ;&real m=proserv. com</EcpUr l-mt> <EcpUrl-ret>?rfr=olk&p =organize/ retentionp olicytags. slab&e xsvurl=1&a mp;realm=p roserv.com </EcpUrl-r et> <EcpUrl-sms>?rfr=olk&p =sms/textm essaging.s lab&ex svurl=1&am p;realm=pr oserv.com< /EcpUrl-sm s> <EcpUrl-publish>customize/ calendarpu blishing.s lab?rfr=ol k&exsv url=1& FldID=< FldID>& amp;realm= proserv.co m</EcpUrl- publish> <EcpUrl-photo>PersonalSett ings/EditA ccount.asp x?rfr=olk& amp;chgPho to=1&e xsvurl=1&a mp;realm=p roserv.com </EcpUrl-p hoto> <EcpUrl-tm>?rfr=olk&ft r=TeamMail box&ex svurl=1&am p;realm=pr oserv.com< /EcpUrl-tm > <EcpUrl-tmCreating>?rfr=ol k&ftr= TeamMailbo xCreating& amp;SPUrl= <SPUrl& gt;&Ti tle=<Ti tle>&am p;SPTMAppU rl=<SPT MAppUrl> ;&exsv url=1& realm=pros erv.com</E cpUrl-tmCr eating> <EcpUrl-tmEditing>?rfr=olk &ftr=T eamMailbox Editing&am p;Id=<I d>& exsvurl=1& amp;realm= proserv.co m</EcpUrl- tmEditing> <EcpUrl-extinstall>Extensi on/Install edExtensio ns.slab?rf r=olk& exsvurl=1& amp;realm= proserv.co m</EcpUrl- extinstall > <ServerExclusiveConnect>of f</ServerE xclusiveCo nnect> </Protocol> <Protocol> <Type>EXPR</Type> <Server>webmail.gemmali.hk </Server> <Port>0</Port> <DirectoryPort>0</Director yPort> <ReferralPort>0</ReferralP ort> <SSL>On</SSL> <AuthPackage>Ntlm</AuthPac kage> <ServerExclusiveConnect>on </ServerEx clusiveCon nect> </Protocol> <Protocol> <Type>WEB</Type> <Port>0</Port> <DirectoryPort>0</Director yPort> <ReferralPort>0</ReferralP ort> <Internal> <OWAUrl AuthenticationMethod="Basi c, Fba">https://exserver.proserv.com/owa/</OWAUrl> <Protocol> <Type>EXCH</Type> <ASUrl>https://exserver.proserv.com/EWS/Exchange.asmx</ASUrl> </Protocol> </Internal> </Protocol> <Protocol> <Type>EXHTTP</Type> <Server>exserver.proserv.c om</Server > <ASUrl>https://exserver.proserv.com/EWS/Exchange.asmx</ASUrl> <OOFUrl>https://exserver.proserv.com/EWS/Exchange.asmx</OOFUrl> <OABUrl>https://exserver.proserv.com/OAB/e804bf95-f608-4cc0-94bf-86d6595ab3f6/</OABUrl> <UMUrl>https://exserver.proserv.com/EWS/UM2007Legacy.asmx</UMUrl> <Port>0</Port> <DirectoryPort>0</Director yPort> <ReferralPort>0</ReferralP ort> <SSL>On</SSL> <AuthPackage>Ntlm</AuthPac kage> <EwsUrl>https://exserver.proserv.com/EWS/Exchange.asmx</EwsUrl> <EmwsUrl>https://exserver.proserv.com/EWS/Exchange.asmx</EmwsUrl> <EcpUrl>https://exserver.proserv.com/ecp/</EcpUrl> <EcpUrl-um>?rfr=olk&p= customize/ voicemail. aspx&e xsvurl=1&a mp;realm=p roserv.com </EcpUrl-u m> <EcpUrl-aggr>?rfr=olk& p=personal settings/E mailSubscr iptions.sl ab&exs vurl=1& ;realm=pro serv.com</ EcpUrl-agg r> <EcpUrl-mt>PersonalSetting s/Delivery Report.asp x?rfr=olk& amp;exsvur l=1&Is OWA=<Is OWA>&am p;MsgID=&l t;MsgID> ;&Mbx= <Mbx> ;&real m=proserv. com</EcpUr l-mt> <EcpUrl-ret>?rfr=olk&p =organize/ retentionp olicytags. slab&e xsvurl=1&a mp;realm=p roserv.com </EcpUrl-r et> <EcpUrl-sms>?rfr=olk&p =sms/textm essaging.s lab&ex svurl=1&am p;realm=pr oserv.com< /EcpUrl-sm s> <EcpUrl-publish>customize/ calendarpu blishing.s lab?rfr=ol k&exsv url=1& FldID=< FldID>& amp;realm= proserv.co m</EcpUrl- publish> <EcpUrl-photo>PersonalSett ings/EditA ccount.asp x?rfr=olk& amp;chgPho to=1&e xsvurl=1&a mp;realm=p roserv.com </EcpUrl-p hoto> <EcpUrl-tm>?rfr=olk&ft r=TeamMail box&ex svurl=1&am p;realm=pr oserv.com< /EcpUrl-tm > <EcpUrl-tmCreating>?rfr=ol k&ftr= TeamMailbo xCreating& amp;SPUrl= <SPUrl& gt;&Ti tle=<Ti tle>&am p;SPTMAppU rl=<SPT MAppUrl> ;&exsv url=1& realm=pros erv.com</E cpUrl-tmCr eating> <EcpUrl-tmEditing>?rfr=olk &ftr=T eamMailbox Editing&am p;Id=<I d>& exsvurl=1& amp;realm= proserv.co m</EcpUrl- tmEditing> <EcpUrl-extinstall>Extensi on/Install edExtensio ns.slab?rf r=olk& exsvurl=1& amp;realm= proserv.co m</EcpUrl- extinstall > <ServerExclusiveConnect>On </ServerEx clusiveCon nect> </Protocol> <Protocol> <Type>EXHTTP</Type> <Server>webmail.gemmali.hk </Server> <Port>0</Port> <DirectoryPort>0</Director yPort> <ReferralPort>0</ReferralP ort> <SSL>On</SSL> <AuthPackage>Ntlm</AuthPac kage> <ServerExclusiveConnect>On </ServerEx clusiveCon nect> </Protocol> </Account> </Response> </Autodiscover> HTTP Response Headers: request-id: ce72b72d-7070-43e1-b460-a2 dd0ac646e6 X-TargetBEServer: exserver.proserv.com X-DiagInfo: EXSERVER Persistent-Auth: true X-FEServer: EXSERVER Content-Length: 6563 Cache-Control: private Content-Type: text/xml; charset=utf-8 Date: Sun, 19 Oct 2014 03:51:23 GMT Set-Cookie: X-BackEndCookie=S-1-5-21-5 80020277-2 009073952- 2329768111 -1132=u56L np2ejJqBzp 7Km5qdxsbS y83JzdLLzM nL0sfMmprS ncqenJzGzs bPyJnPgYHO z9DOxtDNz8 7L38vFz87F zczfvrI=; expires=Sun, 19-Oct-2014 04:01:23 GMT; path=/Autodiscover; secure; HttpOnly Server: Microsoft-IIS/8.5 X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET " resultdescription="The Autodiscover XML response was successfully retrieved." testdescription="The Microsoft Connectivity Analyzer is attempting to retrieve an XML Autodiscover response from URL https://gemmali.hk:443/Autodiscover/Autodiscover.xml for user keith@gemmali.hk." contentUrl="" errorid="00000000-0000-000 0-0000-000 000000000" status="Success">
<children/>
</testresult>
</children>
</testresult>
</children>
</testresult>
</children>
</testresult>
</children>
</testresult>
-<testresult elapsedMilliseconds="0" additionaldetails="" resultdescription="The Microsoft Connectivity Analyzer validated the Outlook Autodiscover settings." testdescription="Autodisco ver settings for Outlook connectivity are being validated." contentUrl="" errorid="00000000-0000-000 0-0000-000 000000000" status="Success">
<children/>
</testresult>
-<testresult elapsedMilliseconds="24371 " additionaldetails="HTTP Response Headers: request-id: adf04e97-b95f-4e50-b033-80 8333541fe7 X-FEServer: EXSERVER Content-Length: 0 Date: Sun, 19 Oct 2014 03:51:25 GMT Server: Microsoft-IIS/8.5 WWW-Authenticate: NTLM X-Powered-By: ASP.NET " resultdescription="RPC over HTTP connectivity was verified successfully." testdescription="Testing RPC over HTTP connectivity to server webmail.gemmali.hk" contentUrl="" errorid="734044ef-11c2-4e3 0-9ee6-450 d49e9d92c" status="SuccessWithWarning s">
-<children>
-<testresult elapsedMilliseconds="421" additionaldetails="IP addresses returned: 113.28.54.219" resultdescription="The host name resolved successfully." testdescription="Attemptin g to resolve the host name webmail.gemmali.hk in DNS." contentUrl="" errorid="00000000-0000-000 0-0000-000 000000000" status="Success">
<children/>
</testresult>
-<testresult elapsedMilliseconds="366" additionaldetails="" resultdescription="The port was opened successfully." testdescription="Testing TCP port 443 on host webmail.gemmali.hk to ensure it's listening and open." contentUrl="" errorid="00000000-0000-000 0-0000-000 000000000" status="Success">
<children/>
</testresult>
-<testresult elapsedMilliseconds="393" additionaldetails="" resultdescription="The certificate passed all validation requirements." testdescription="Testing the SSL certificate to make sure it's valid." contentUrl="" errorid="734044ef-11c2-4e3 0-9ee6-450 d49e9d92c" status="SuccessWithWarning s">
-<children>
-<testresult elapsedMilliseconds="307" additionaldetails="Remote Certificate Subject: E=piaakit@hotmail.com, CN=webmail.gemmali.hk, C=HK, Description=yJfW7J71X96VnY R1, Issuer: CN=StartCom Class 1 Primary Intermediate Server CA, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL." resultdescription="The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate." testdescription="The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server webmail.gemmali.hk on port 443." contentUrl="" errorid="00000000-0000-000 0-0000-000 000000000" status="Success">
<children/>
</testresult>
-<testresult elapsedMilliseconds="0" additionaldetails="Host name webmail.gemmali.hk was found in the Certificate Subject Common name." resultdescription="The certificate name was validated successfully." testdescription="Validatin g the certificate name." contentUrl="" errorid="00000000-0000-000 0-0000-000 000000000" status="Success">
<children/>
</testresult>
-<testresult additionaldetails="" resultdescription="The certificate is trusted and all certificates are present in the chain." testdescription="Certifica te trust is being validated." contentUrl="" errorid="734044ef-11c2-4e3 0-9ee6-450 d49e9d92c" status="SuccessWithWarning s">
-<children>
-<testresult elapsedMilliseconds="39" additionaldetails="A total of 1 chains were built. The highest quality chain ends in root certificate CN=StartCom Certification Authority, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL." resultdescription="One or more certificate chains were constructed successfully." testdescription="The Microsoft Connectivity Analyzer is attempting to build certificate chains for certificate E=piaakit@hotmail.com, CN=webmail.gemmali.hk, C=HK, Description=yJfW7J71X96VnY R1." contentUrl="" errorid="00000000-0000-000 0-0000-000 000000000" status="Success">
<children/>
</testresult>
-<testresult elapsedMilliseconds="5" additionaldetails="The Microsoft Connectivity Analyzer can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the "Update Root Certificates" feature isn't enabled." resultdescription="Potenti al compatibility problems were identified with some versions of Windows." testdescription="Analyzing the certificate chains for compatibility problems with versions of Windows." contentUrl="" errorid="1339c33a-8f21-427 b-a323-4ce e1a13f517" status="Warning">
<children/>
</testresult>
</children>
</testresult>
-<testresult elapsedMilliseconds="0" additionaldetails="The certificate is valid. NotBefore = 10/17/2014 9:10:05 PM, NotAfter = 10/19/2015 4:36:33 AM" resultdescription="Date validation passed. The certificate hasn't expired." testdescription="Testing the certificate date to confirm the certificate is valid." contentUrl="" errorid="00000000-0000-000 0-0000-000 000000000" status="Success">
<children/>
</testresult>
</children>
</testresult>
-<testresult elapsedMilliseconds="635" additionaldetails="Accept/ Require Client Certificates isn't configured." resultdescription="Client certificate authentication wasn't detected." testdescription="Checking the IIS configuration for client certificate authentication." contentUrl="" errorid="00000000-0000-000 0-0000-000 000000000" status="Success">
<children/>
</testresult>
-<testresult elapsedMilliseconds="465" additionaldetails="The Microsoft Connectivity Analyzer found all expected authentication methods and no disallowed methods. Methods found: NTLM HTTP Response Headers: request-id: adf04e97-b95f-4e50-b033-80 8333541fe7 X-FEServer: EXSERVER Content-Length: 0 Date: Sun, 19 Oct 2014 03:51:25 GMT Server: Microsoft-IIS/8.5 WWW-Authenticate: NTLM X-Powered-By: ASP.NET " resultdescription="The HTTP authentication methods are correct." testdescription="Testing HTTP Authentication Methods for URL https://webmail.gemmali.hk/rpc/rpcproxy.dll?d24b9d17-f357-4a3b-bf4b-0344cb48e3b2@gemmali.hk:6002." contentUrl="" errorid="00000000-0000-000 0-0000-000 000000000" status="Success">
<children/>
</testresult>
-<testresult elapsedMilliseconds="1745" additionaldetails="" resultdescription="RPC Proxy was pinged successfully." testdescription="Attemptin g to ping RPC proxy webmail.gemmali.hk." contentUrl="" errorid="00000000-0000-000 0-0000-000 000000000" status="Success">
<children/>
</testresult>
-<testresult elapsedMilliseconds="912" additionaldetails="The endpoint responded in 921 ms." resultdescription="The endpoint was pinged successfully." testdescription="Attemptin g to ping the MAPI Mail Store endpoint with identity: d24b9d17-f357-4a3b-bf4b-03 44cb48e3b2 @gemmali.h k:6001." contentUrl="" errorid="00000000-0000-000 0-0000-000 000000000" status="Success">
<children/>
</testresult>
-<testresult elapsedMilliseconds="6938" additionaldetails="" resultdescription="The address book endpoint was tested successfully." testdescription="Testing the MAPI Address Book endpoint on the Exchange server." contentUrl="" errorid="00000000-0000-000 0-0000-000 000000000" status="SuccessWithWarning s">
-<children>
-<testresult elapsedMilliseconds="2040" additionaldetails="The endpoint responded in 31 ms." resultdescription="The endpoint was pinged successfully." testdescription="Attemptin g to ping the MAPI Address Book endpoint with identity: d24b9d17-f357-4a3b-bf4b-03 44cb48e3b2 @gemmali.h k:6004." contentUrl="" errorid="00000000-0000-000 0-0000-000 000000000" status="Success">
<children/>
</testresult>
-<testresult elapsedMilliseconds="2645" additionaldetails="The address book Bind operation returned ecNotSupported. This typically indicates that your server requires encryption. The Microsoft Connectivity Analyzer will attempt the Address Book test again with encryption. NSPI Status: 2147746050 " resultdescription="The test passed with some warnings encountered. Please expand the additional details." testdescription="Testing the address book "Check Name" operation for user keith@gemmali.hk against server d24b9d17-f357-4a3b-bf4b-03 44cb48e3b2 @gemmali.h k." contentUrl="http://go.microsoft.com/?linkid=9843838" errorid="90fbd7ee-f1d5-4bb 2-8231-700 fa746d294" status="Warning">
<children/>
</testresult>
-<testresult elapsedMilliseconds="2252" additionaldetails="Display Name: keith li, LegDN: /o=pro/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recip ients/cn=2 1e53d57fa3 d4a8c8fd9f 7159db06e6 1-keith li" resultdescription="Check Name succeeded." testdescription="Testing the address book "Check Name" operation for user keith@gemmali.hk against server d24b9d17-f357-4a3b-bf4b-03 44cb48e3b2 @gemmali.h k." contentUrl="" errorid="00000000-0000-000 0-0000-000 000000000" status="Success">
<children/>
</testresult>
</children>
</testresult>
-<testresult elapsedMilliseconds="8066" additionaldetails="" resultdescription="The Referral service was tested successfully." testdescription="Testing the MAPI Referral service on the Exchange Server." contentUrl="" errorid="00000000-0000-000 0-0000-000 000000000" status="Success">
-<children>
-<testresult elapsedMilliseconds="5442" additionaldetails="The endpoint responded in 422 ms." resultdescription="The endpoint was pinged successfully." testdescription="Attemptin g to ping the MAPI Referral Service endpoint with identity: d24b9d17-f357-4a3b-bf4b-03 44cb48e3b2 @gemmali.h k:6002." contentUrl="" errorid="00000000-0000-000 0-0000-000 000000000" status="Success">
<children/>
</testresult>
-<testresult elapsedMilliseconds="2624" additionaldetails="The server returned by the Referral service: d24b9d17-f357-4a3b-bf4b-03 44cb48e3b2 @gemmali.h k" resultdescription="We got the address book server successfully." testdescription="Attemptin g to perform referral for user /o=pro/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recip ients/cn=2 1e53d57fa3 d4a8c8fd9f 7159db06e6 1-keith li on server d24b9d17-f357-4a3b-bf4b-03 44cb48e3b2 @gemmali.h k." contentUrl="" errorid="00000000-0000-000 0-0000-000 000000000" status="Success">
<children/>
</testresult>
</children>
</testresult>
-<testresult elapsedMilliseconds="3200" additionaldetails="" resultdescription="The address book endpoint was tested successfully." testdescription="Testing the MAPI Address Book endpoint on the Exchange server." contentUrl="" errorid="00000000-0000-000 0-0000-000 000000000" status="Success">
-<children>
-<testresult elapsedMilliseconds="862" additionaldetails="The endpoint responded in 859 ms." resultdescription="The endpoint was pinged successfully." testdescription="Attemptin g to ping the MAPI Address Book endpoint with identity: d24b9d17-f357-4a3b-bf4b-03 44cb48e3b2 @gemmali.h k:6004." contentUrl="" errorid="00000000-0000-000 0-0000-000 000000000" status="Success">
<children/>
</testresult>
-<testresult elapsedMilliseconds="2338" additionaldetails="Display Name: keith li, LegDN: /o=pro/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recip ients/cn=2 1e53d57fa3 d4a8c8fd9f 7159db06e6 1-keith li" resultdescription="Check Name succeeded." testdescription="Testing the address book "Check Name" operation for user keith@gemmali.hk against server d24b9d17-f357-4a3b-bf4b-03 44cb48e3b2 @gemmali.h k." contentUrl="" errorid="00000000-0000-000 0-0000-000 000000000" status="Success">
<children/>
</testresult>
</children>
</testresult>
-<testresult elapsedMilliseconds="1224" additionaldetails="" resultdescription="We successfully tested the Mail Store endpoint." testdescription="Testing the MAPI Mail Store endpoint on the Exchange server." contentUrl="" errorid="00000000-0000-000 0-0000-000 000000000" status="Success">
-<children>
-<testresult elapsedMilliseconds="506" additionaldetails="The endpoint responded in 500 ms." resultdescription="The endpoint was pinged successfully." testdescription="Attemptin g to ping the MAPI Mail Store endpoint with identity: d24b9d17-f357-4a3b-bf4b-03 44cb48e3b2 @gemmali.h k:6001." contentUrl="" errorid="00000000-0000-000 0-0000-000 000000000" status="Success">
<children/>
</testresult>
-<testresult elapsedMilliseconds="718" additionaldetails="" resultdescription="We were able to log on to the Mailbox." testdescription="Attemptin g to log on to the Mailbox." contentUrl="" errorid="00000000-0000-000 0-0000-000 000000000" status="Success">
<children/>
</testresult>
</children>
</testresult>
</children>
</testresult>
</children>
</testresult>
<?xml version="1.0" encoding="UTF-8"?>
-<testresult elapsedMilliseconds="28025
-<children>
-<testresult elapsedMilliseconds="3652"
-<children>
-<testresult elapsedMilliseconds="3652"
-<children>
-<testresult elapsedMilliseconds="3651"
-<children>
-<testresult elapsedMilliseconds="497" additionaldetails="IP addresses returned: 113.28.54.219" resultdescription="The host name resolved successfully." testdescription="Attemptin
<children/>
</testresult>
-<testresult elapsedMilliseconds="433" additionaldetails="" resultdescription="The port was opened successfully." testdescription="Testing TCP port 443 on host gemmali.hk to ensure it's listening and open." contentUrl="" errorid="00000000-0000-000
<children/>
</testresult>
-<testresult elapsedMilliseconds="428" additionaldetails="" resultdescription="The certificate passed all validation requirements." testdescription="Testing the SSL certificate to make sure it's valid." contentUrl="" errorid="734044ef-11c2-4e3
-<children>
-<testresult elapsedMilliseconds="334" additionaldetails="Remote Certificate Subject: E=piaakit@hotmail.com, CN=webmail.gemmali.hk, C=HK, Description=yJfW7J71X96VnY
<children/>
</testresult>
-<testresult elapsedMilliseconds="1" additionaldetails="Host name gemmali.hk was found in the Certificate Subject Alternative Name entry." resultdescription="The certificate name was validated successfully." testdescription="Validatin
<children/>
</testresult>
-<testresult additionaldetails="" resultdescription="The certificate is trusted and all certificates are present in the chain." testdescription="Certifica
-<children>
-<testresult elapsedMilliseconds="37" additionaldetails="A total of 1 chains were built. The highest quality chain ends in root certificate CN=StartCom Certification Authority, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL." resultdescription="One or more certificate chains were constructed successfully." testdescription="The Microsoft Connectivity Analyzer is attempting to build certificate chains for certificate E=piaakit@hotmail.com, CN=webmail.gemmali.hk, C=HK, Description=yJfW7J71X96VnY
<children/>
</testresult>
-<testresult elapsedMilliseconds="5" additionaldetails="The Microsoft Connectivity Analyzer can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the "Update Root Certificates" feature isn't enabled." resultdescription="Potenti
<children/>
</testresult>
</children>
</testresult>
-<testresult elapsedMilliseconds="0" additionaldetails="The certificate is valid. NotBefore = 10/17/2014 9:10:05 PM, NotAfter = 10/19/2015 4:36:33 AM" resultdescription="Date validation passed. The certificate hasn't expired." testdescription="Testing the certificate date to confirm the certificate is valid." contentUrl="" errorid="00000000-0000-000
<children/>
</testresult>
</children>
</testresult>
-<testresult elapsedMilliseconds="627" additionaldetails="Accept/
<children/>
</testresult>
-<testresult elapsedMilliseconds="1664"
-<children>
-<testresult elapsedMilliseconds="1663"
<children/>
</testresult>
</children>
</testresult>
</children>
</testresult>
</children>
</testresult>
</children>
</testresult>
-<testresult elapsedMilliseconds="0" additionaldetails="" resultdescription="The Microsoft Connectivity Analyzer validated the Outlook Autodiscover settings." testdescription="Autodisco
<children/>
</testresult>
-<testresult elapsedMilliseconds="24371
-<children>
-<testresult elapsedMilliseconds="421" additionaldetails="IP addresses returned: 113.28.54.219" resultdescription="The host name resolved successfully." testdescription="Attemptin
<children/>
</testresult>
-<testresult elapsedMilliseconds="366" additionaldetails="" resultdescription="The port was opened successfully." testdescription="Testing TCP port 443 on host webmail.gemmali.hk to ensure it's listening and open." contentUrl="" errorid="00000000-0000-000
<children/>
</testresult>
-<testresult elapsedMilliseconds="393" additionaldetails="" resultdescription="The certificate passed all validation requirements." testdescription="Testing the SSL certificate to make sure it's valid." contentUrl="" errorid="734044ef-11c2-4e3
-<children>
-<testresult elapsedMilliseconds="307" additionaldetails="Remote Certificate Subject: E=piaakit@hotmail.com, CN=webmail.gemmali.hk, C=HK, Description=yJfW7J71X96VnY
<children/>
</testresult>
-<testresult elapsedMilliseconds="0" additionaldetails="Host name webmail.gemmali.hk was found in the Certificate Subject Common name." resultdescription="The certificate name was validated successfully." testdescription="Validatin
<children/>
</testresult>
-<testresult additionaldetails="" resultdescription="The certificate is trusted and all certificates are present in the chain." testdescription="Certifica
-<children>
-<testresult elapsedMilliseconds="39" additionaldetails="A total of 1 chains were built. The highest quality chain ends in root certificate CN=StartCom Certification Authority, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL." resultdescription="One or more certificate chains were constructed successfully." testdescription="The Microsoft Connectivity Analyzer is attempting to build certificate chains for certificate E=piaakit@hotmail.com, CN=webmail.gemmali.hk, C=HK, Description=yJfW7J71X96VnY
<children/>
</testresult>
-<testresult elapsedMilliseconds="5" additionaldetails="The Microsoft Connectivity Analyzer can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the "Update Root Certificates" feature isn't enabled." resultdescription="Potenti
<children/>
</testresult>
</children>
</testresult>
-<testresult elapsedMilliseconds="0" additionaldetails="The certificate is valid. NotBefore = 10/17/2014 9:10:05 PM, NotAfter = 10/19/2015 4:36:33 AM" resultdescription="Date validation passed. The certificate hasn't expired." testdescription="Testing the certificate date to confirm the certificate is valid." contentUrl="" errorid="00000000-0000-000
<children/>
</testresult>
</children>
</testresult>
-<testresult elapsedMilliseconds="635" additionaldetails="Accept/
<children/>
</testresult>
-<testresult elapsedMilliseconds="465" additionaldetails="The Microsoft Connectivity Analyzer found all expected authentication methods and no disallowed methods. Methods found: NTLM HTTP Response Headers: request-id: adf04e97-b95f-4e50-b033-80
<children/>
</testresult>
-<testresult elapsedMilliseconds="1745"
<children/>
</testresult>
-<testresult elapsedMilliseconds="912" additionaldetails="The endpoint responded in 921 ms." resultdescription="The endpoint was pinged successfully." testdescription="Attemptin
<children/>
</testresult>
-<testresult elapsedMilliseconds="6938"
-<children>
-<testresult elapsedMilliseconds="2040"
<children/>
</testresult>
-<testresult elapsedMilliseconds="2645"
<children/>
</testresult>
-<testresult elapsedMilliseconds="2252"
<children/>
</testresult>
</children>
</testresult>
-<testresult elapsedMilliseconds="8066"
-<children>
-<testresult elapsedMilliseconds="5442"
<children/>
</testresult>
-<testresult elapsedMilliseconds="2624"
<children/>
</testresult>
</children>
</testresult>
-<testresult elapsedMilliseconds="3200"
-<children>
-<testresult elapsedMilliseconds="862" additionaldetails="The endpoint responded in 859 ms." resultdescription="The endpoint was pinged successfully." testdescription="Attemptin
<children/>
</testresult>
-<testresult elapsedMilliseconds="2338"
<children/>
</testresult>
</children>
</testresult>
-<testresult elapsedMilliseconds="1224"
-<children>
-<testresult elapsedMilliseconds="506" additionaldetails="The endpoint responded in 500 ms." resultdescription="The endpoint was pinged successfully." testdescription="Attemptin
<children/>
</testresult>
-<testresult elapsedMilliseconds="718" additionaldetails="" resultdescription="We were able to log on to the Mailbox." testdescription="Attemptin
<children/>
</testresult>
</children>
</testresult>
</children>
</testresult>
</children>
</testresult>
It seem that the testing for outlook anywhere is working fine.
Try to change the connection type in Outlook client from NTLN to Basic
Try to change the connection type in Outlook client from NTLN to Basic
ASKER
You mean in outlook client outlook anywhere set to basic ? How about in exchange 2013 also to basic ?
ASKER
Already tried to change from NTLN to Basic from server side and outlook client, also same error, anything i need to do ?
ASKER
Hope below result can help to figure out what went wrong
1. Result after run Get-OutlookAnywhere |fl and then post here.
RunspaceId : 87c401d9-284e-432f-acf9-ae 62e02a87eb
ServerName : EXSERVER
SSLOffloading : True
ExternalHostname : webmail.gemmali.hk
InternalHostname : exserver.proserv.com
ExternalClientAuthenticati onMethod : Basic
InternalClientAuthenticati onMethod : Basic
IISAuthenticationMethods : {Basic}
XropUrl :
ExternalClientsRequireSsl : True
InternalClientsRequireSsl : True
MetabasePath : IIS://exserver.proserv.com /W3SVC/1/R OOT/Rpc
Path : E:\exchange\FrontEnd\HttpP roxy\rpc
ExtendedProtectionTokenChe cking : None
ExtendedProtectionFlags : {}
ExtendedProtectionSPNList : {}
AdminDisplayVersion : Version 15.0 (Build 516.32)
Server : EXSERVER
AdminDisplayName :
ExchangeVersion : 0.20 (15.0.0.0)
Name : Rpc (Default Web Site)
DistinguishedName : CN=Rpc (Default Web Site),CN=HTTP,CN=Protocols ,CN=EXSERV ER,CN=Serv ers,CN=Exc han
Administrative Group (FYDIBOHF23SPDLT),CN=Admin istrative
Groups,CN=pro,CN=Microsoft Exchange,CN=Services,CN=Co nfiguratio n,DC=prose rv,DC=
Identity : EXSERVER\Rpc (Default Web Site)
Guid : 148c47b5-f47a-4f2e-98f6-27 23ebe8b33a
ObjectCategory : proserv.com/Configuration/ Schema/ms- Exch-Rpc-H ttp-Virtua l-Director y
ObjectClass : {top, msExchVirtualDirectory, msExchRpcHttpVirtualDirect ory}
WhenChanged : 10/19/2014 6:58:34 PM
WhenCreated : 10/15/2014 5:22:51 PM
WhenChangedUTC : 10/19/2014 10:58:34 AM
WhenCreatedUTC : 10/15/2014 9:22:51 AM
OrganizationId :
OriginatingServer : exserver.proserv.com
IsValid : True
ObjectState : Changed
2. Result after run Get-outlookprovider expr |fl and then post here.
RunspaceId : 87c401d9-284e-432f-acf9-ae 62e02a87eb
CertPrincipalName :
Server :
TTL : 1
OutlookProviderFlags : None
AdminDisplayName :
ExchangeVersion : 0.1 (8.0.535.0)
Name : EXPR
DistinguishedName : CN=EXPR,CN=Outlook,CN=Auto Discover,C N=Client Access,CN=pro,CN=Microsoft
Exchange,CN=Services,CN=Co nfiguratio n,DC=prose rv,DC=com
Identity : EXPR
Guid : f739ad04-3be2-4f48-8be3-4f f94a7c0a07
ObjectCategory : proserv.com/Configuration/ Schema/ms- Exch-Auto- Discover-C onfig
ObjectClass : {top, msExchAutoDiscoverConfig}
WhenChanged : 10/15/2014 5:13:15 PM
WhenCreated : 10/15/2014 5:13:15 PM
WhenChangedUTC : 10/15/2014 9:13:15 AM
WhenCreatedUTC : 10/15/2014 9:13:15 AM
OrganizationId :
OriginatingServer : exserver.proserv.com
IsValid : True
ObjectState : Unchanged
3. Result after run https://domian.com/rpc/rpcproxy.dll and then post the result here.
it prompt for login, after logged in, show empty page
4. After check settings on RPC virtual directory, if any redirection has been set there.
the check box was uncheck
1. Result after run Get-OutlookAnywhere |fl and then post here.
RunspaceId : 87c401d9-284e-432f-acf9-ae
ServerName : EXSERVER
SSLOffloading : True
ExternalHostname : webmail.gemmali.hk
InternalHostname : exserver.proserv.com
ExternalClientAuthenticati
InternalClientAuthenticati
IISAuthenticationMethods : {Basic}
XropUrl :
ExternalClientsRequireSsl : True
InternalClientsRequireSsl : True
MetabasePath : IIS://exserver.proserv.com
Path : E:\exchange\FrontEnd\HttpP
ExtendedProtectionTokenChe
ExtendedProtectionFlags : {}
ExtendedProtectionSPNList : {}
AdminDisplayVersion : Version 15.0 (Build 516.32)
Server : EXSERVER
AdminDisplayName :
ExchangeVersion : 0.20 (15.0.0.0)
Name : Rpc (Default Web Site)
DistinguishedName : CN=Rpc (Default Web Site),CN=HTTP,CN=Protocols
Administrative Group (FYDIBOHF23SPDLT),CN=Admin
Groups,CN=pro,CN=Microsoft
Identity : EXSERVER\Rpc (Default Web Site)
Guid : 148c47b5-f47a-4f2e-98f6-27
ObjectCategory : proserv.com/Configuration/
ObjectClass : {top, msExchVirtualDirectory, msExchRpcHttpVirtualDirect
WhenChanged : 10/19/2014 6:58:34 PM
WhenCreated : 10/15/2014 5:22:51 PM
WhenChangedUTC : 10/19/2014 10:58:34 AM
WhenCreatedUTC : 10/15/2014 9:22:51 AM
OrganizationId :
OriginatingServer : exserver.proserv.com
IsValid : True
ObjectState : Changed
2. Result after run Get-outlookprovider expr |fl and then post here.
RunspaceId : 87c401d9-284e-432f-acf9-ae
CertPrincipalName :
Server :
TTL : 1
OutlookProviderFlags : None
AdminDisplayName :
ExchangeVersion : 0.1 (8.0.535.0)
Name : EXPR
DistinguishedName : CN=EXPR,CN=Outlook,CN=Auto
Exchange,CN=Services,CN=Co
Identity : EXPR
Guid : f739ad04-3be2-4f48-8be3-4f
ObjectCategory : proserv.com/Configuration/
ObjectClass : {top, msExchAutoDiscoverConfig}
WhenChanged : 10/15/2014 5:13:15 PM
WhenCreated : 10/15/2014 5:13:15 PM
WhenChangedUTC : 10/15/2014 9:13:15 AM
WhenCreatedUTC : 10/15/2014 9:13:15 AM
OrganizationId :
OriginatingServer : exserver.proserv.com
IsValid : True
ObjectState : Unchanged
3. Result after run https://domian.com/rpc/rpcproxy.dll and then post the result here.
it prompt for login, after logged in, show empty page
4. After check settings on RPC virtual directory, if any redirection has been set there.
the check box was uncheck
Are you currently connecting to Exchange with Outlook? If so, then you are currently using Outlook Anywhere. It is the ONLY connection method for Outlook with Exchange 2013, even internally.
The feature either works or it does not.
Does OWA work? Do you get any authentication prompts?
Does Outlook work internally correctly? If so, which authentication method are you using? NTLM authentication can often be broken by firewalls, so you may have to use basic.
In most environments on Exchange 2013, the only "configuration" of Outlook Anywhere you need to do is set an external URL and open port 443.
Simon.
The feature either works or it does not.
Does OWA work? Do you get any authentication prompts?
Does Outlook work internally correctly? If so, which authentication method are you using? NTLM authentication can often be broken by firewalls, so you may have to use basic.
In most environments on Exchange 2013, the only "configuration" of Outlook Anywhere you need to do is set an external URL and open port 443.
Simon.
ASKER
OWA work perfectly well, external URL and port 443 already oened in firewall, since this is a new installed exchange 2013 haven't tested the internal outlook yet, and both in outlook client and exchange 2013 is using basic authentication, will test the internal outlook will let you know !
ASKER
Just wonder in order to connect via outlook anywhere in remote network, do i need to connect the outlook client one time first in the same internal network as the exchange 2013 server, as i have tried to setup outlook anywhere in outlook client in remote site, and that outlook client had never connected with the exchange server in the past,
For a remote client to work correctly you MUST have Autodiscover working. Autodiscover is not optional.
That means either having Autodiscover.example.com in the SSL certificate and DNS, or using SRV records in your external DNS.
Simon.
That means either having Autodiscover.example.com in the SSL certificate and DNS, or using SRV records in your external DNS.
Simon.
ASKER
ASKER
Going by your first screenshot, you don't have autodiscover in the SSL certificate.
That means you need to configure an SRV record instead for external use and ensure that autodiscover.example.com does not resolve.
The second screen would only apply if the clients are not being updated with the latest root certificates.
Trust issues with the SSL certificate will stop Autodiscover from working correctly.
Simon.
That means you need to configure an SRV record instead for external use and ensure that autodiscover.example.com does not resolve.
The second screen would only apply if the clients are not being updated with the latest root certificates.
Trust issues with the SSL certificate will stop Autodiscover from working correctly.
Simon.
ASKER
does it means that i must have Autodiscover ssl certificate ? although i have a SRV Record for external autodiscover.example.com ? how do i apple another ssl certificate for autodiscover ? and i,m using 3rd party StartCom ssl certificate, hope you can help, thx !
If you have an SRV record in place, then you MUST ensure that Autodiscover.example.com does NOT resolve. That will force Outlook and other Autodiscover clients to attempt the other methods with no errors.
Simon.
Simon.
ASKER
This is the dns setting from one of my dns server, as i do not have SSL Certificate for autodiscover.example.com (for this part i do not need to do anything more in ssl certificate ? am i correct) as for the SRV record you mention, i do need to create SRV record in my external dns ? is below step correct to create SRV record in external dns ? and in order to make the outlook anywhere work, is it for all the steps i need to do ?
Create and Verify DNS SRV and A Records for Client Automatic Client Sign-in
You must create DNS SRV records in your internal DNS for every SIP domain. The procedure assumes that your internal DNS has zones for your SIP user domains.
To create a DNS SRV record
1. On the DNS server, click Start, click Control Panel, click Administrative Tools, and then click DNS.
2. In the console tree for your SIP domain, expand Forward Lookup Zones, and then right-click the SIP domain in which your Office Communications Server will be installed.
3. Click Other New Records.
4. In Select a resource record type, click Service Location (SRV), and then click Create Record.
5. Click Service, and then type _sipinternaltls.
6. Click Protocol, and then type _tcp.
7. Click Port Number, and then type 5061.
8. Click Host offering this service, and then type the FQDN of the pool.
9. Click OK.
10. Click Done.
Create and Verify DNS SRV and A Records for Client Automatic Client Sign-in
You must create DNS SRV records in your internal DNS for every SIP domain. The procedure assumes that your internal DNS has zones for your SIP user domains.
To create a DNS SRV record
1. On the DNS server, click Start, click Control Panel, click Administrative Tools, and then click DNS.
2. In the console tree for your SIP domain, expand Forward Lookup Zones, and then right-click the SIP domain in which your Office Communications Server will be installed.
3. Click Other New Records.
4. In Select a resource record type, click Service Location (SRV), and then click Create Record.
5. Click Service, and then type _sipinternaltls.
6. Click Protocol, and then type _tcp.
7. Click Port Number, and then type 5061.
8. Click Host offering this service, and then type the FQDN of the pool.
9. Click OK.
10. Click Done.
You have posted instructions for SIP, not Autodiscover. Autodiscover requires different records.
http://semb.ee/srv
Furthermore, you have a DNS entry for Autodiscover in your second screenshot. As I said above, you need to ensure that Autodiscover does NOT resolve. Otherwise you would need to get a paid certificate rather than a free one, so that you can get a Unified Communications, aka multiple domain certificate and include Autodiscover as one of the additional hosts.
Simon.
http://semb.ee/srv
Furthermore, you have a DNS entry for Autodiscover in your second screenshot. As I said above, you need to ensure that Autodiscover does NOT resolve. Otherwise you would need to get a paid certificate rather than a free one, so that you can get a Unified Communications, aka multiple domain certificate and include Autodiscover as one of the additional hosts.
Simon.
ASKER
Sorry simon i do not quite understand "you need to ensure that autodiscover does not resolve?does it means that i need to remove the external dns A record for autodiscover ? and i need SRV for autodiscover instead ?
Would like to ask is below link correct way to create Autodiscover record in my external dns ? once i have created this record, i can start to test the outlook anywhere ? sorry for asking so many question as i am new in exchange, Thanks!
http://support2.microsoft.com/kb/940881
Would like to ask is below link correct way to create Autodiscover record in my external dns ? once i have created this record, i can start to test the outlook anywhere ? sorry for asking so many question as i am new in exchange, Thanks!
http://support2.microsoft.com/kb/940881
I am not sure what else I can say.
For an SRV record to be used, the other methods have to fail.
For the other methods to fail that means the DNS entry for Autodiscover.example.com must not resolve. If it resolves to the Exchange server but is not on the SSL certificate, then it will fail on the SSL certificate, but the client will NOT attempt any other methods.
The KB article is correct for the SRV record.
Simon.
For an SRV record to be used, the other methods have to fail.
For the other methods to fail that means the DNS entry for Autodiscover.example.com must not resolve. If it resolves to the Exchange server but is not on the SSL certificate, then it will fail on the SSL certificate, but the client will NOT attempt any other methods.
The KB article is correct for the SRV record.
Simon.
ASKER
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
yes it is in external DNS, just wonder i have created 2 SRV record on my 2 external dns server, the outlook anywhere seem still can not connect, and confirmed the free SSL Certificate dont contain autodiscover, and i created SRV Record on my 2 external DNS record, i,m doing the correct steps right ?
ASKER