Solved

exchange 2010

Posted on 2014-11-03
23
53 Views
Last Modified: 2014-11-08
Hi guys ,

I have issue with my exchange server , I jsut renew my certificate and everything works fine just have some issue with internally users outlook the get this message every 5 minutes in their outlook.

please see attachment error.exchange
0
Comment
Question by:Moti Mashiah
  • 16
  • 7
23 Comments
 
LVL 19

Assisted Solution

by:Adam Farage
Adam Farage earned 500 total points
ID: 40419802
What names are on the certificate, and what is the AutoDiscoverServiceInternalUri set to?

Run the following and post it here:

Get-ClientAccessServer | ServerName, AutoDiscoverServiceInternalUri

What most likely is going on is that the AutoDiscover SCP is set to the server name instead of autodiscover.company.com which should be on the certificate. Do the following:

- Make sure the SSL certificate has autodiscover.company.com listed as a subject alternative name
- Change the AutoDiscoverServiceInternalUri to autodiscover.company.com
Get-ClientAccessServer | Set-ClientAccessServer -AutoDiscoverServiceInternalUri https://autodiscover.company.com/autodiscover/autodiscover.xml

Open in new window

- Within internal DNS set an A record to point autodiscover.company.com to either a load balancer that is load balancing the CAS Array / CAS or to a single CAS if you only have one CAS.
0
 
LVL 1

Author Comment

by:Moti Mashiah
ID: 40420118
Hi ,

I typed the command you suggested
 Get-ClientAccessServer | Set-ClientAccessServer -AutoDiscoverServiceInternalUri https://autodiscover.company.com/autodiscover/autodiscover.xml

Open in new window


and still when I type Get-ClientAccessServer I'm getting my server name

[PS] C:\Windows\system32>Get-ClientAccessServer

Name
----
SRV-MX-01

Open in new window

0
 
LVL 1

Author Comment

by:Moti Mashiah
ID: 40420124
this is my SAN certificate info:

Common name: mail.althompson.com
SANs: mail.althompson.com, www.mail.althompson.com, mail2.althompson.com, autodiscover.althompson.com, legacy.althompson.com, mail3.althompson.com, althompson.com, www.mail.althompson.com
Valid from November 2, 2014 to November 4, 2015
Serial Number: 2b66609d0af392
Signature Algorithm: sha1WithRSAEncryption
Issuer: Go Daddy Secure Certification Authority
0
 
LVL 1

Author Comment

by:Moti Mashiah
ID: 40420132
where can i see the autodescover service actually when can I change the autodescovery serveice?
0
 
LVL 19

Assisted Solution

by:Adam Farage
Adam Farage earned 500 total points
ID: 40420145
Internal clients use the AutoDiscoverServiceInternalUri (which is really an Active Directory service connection point). You can view it by doing the following:

Get-ClientAccessServer | Select Name, AutoDiscoverServiceInternaluri
0
 
LVL 1

Author Comment

by:Moti Mashiah
ID: 40420153
k , now i see that i point to the right place:

 Identity                       : SRV-MX-01
AutoDiscoverServiceInternalUri : https://mail.althompson.com/Autodiscover/Autodiscover.xml

I did all the steps and still same issue - do i need to restart iis of some services after this change?
0
 
LVL 1

Author Comment

by:Moti Mashiah
ID: 40420173
Please , Help :) ...thanks ,
0
 
LVL 19

Expert Comment

by:Adam Farage
ID: 40420175
You shouldn't have to restart IIS since this is held within Active Directory. DNS is pointing to the Exchange server right? Did you all AD to replicate?

Can you check your other CAS services to make sure the InternalURL are correct?
0
 
LVL 1

Author Comment

by:Moti Mashiah
ID: 40420188
Actually I didn't do any internal DNS I point directly to the external IP as I do from external -
mail.althompson.com
0
 
LVL 1

Author Comment

by:Moti Mashiah
ID: 40420199
do you think I should do it like create another zone althompson.com and create mail.althompson.com and direct it to the internal exchange server?

It was working in the way I did before like when I directed to the external IP.

does it metter?
0
 
LVL 19

Assisted Solution

by:Adam Farage
Adam Farage earned 500 total points
ID: 40420208
There should be a forward lookup zone for althompson.com internally with an A record for mail and autodiscover pointing to the CAS endpoint (either a single CAS or a VIP of a load balancer)
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 
LVL 1

Author Comment

by:Moti Mashiah
ID: 40420217
I have it all working well from external just for my outlook it doesnt work even do when i change to -

https://mail.althompson.com/Autodiscover/Autodiscover.xml
0
 
LVL 19

Expert Comment

by:Adam Farage
ID: 40420219
it should be autodiscover.althompson.com/autodiscover/autodiscover.xml.
0
 
LVL 1

Author Comment

by:Moti Mashiah
ID: 40420223
This DNS above point to my server. I did the change and still internal outlook have this issue and getting this error certificate.
0
 
LVL 1

Author Comment

by:Moti Mashiah
ID: 40420226
OH k let me check. Thank you soo much for your help.
0
 
LVL 19

Expert Comment

by:Adam Farage
ID: 40420229
No problem. Let me know how it goes. If I don't respond then I am probably on my way home.
0
 
LVL 1

Accepted Solution

by:
Moti Mashiah earned 0 total points
ID: 40420231
0
 
LVL 1

Author Comment

by:Moti Mashiah
ID: 40420246
I really get confuse...Don't know what to do. people here call me every 5 minutes LOL...

please, let me know when you can help.

Thanks ,
0
 
LVL 1

Author Comment

by:Moti Mashiah
ID: 40420348
Hi I would like to ask if it could be an issue if I don't have the hierarchic in order

like my cert look like that:

Common name: mail.althompson.com
SANs: mail.althompson.com, www.mail.althompson.com, mail2.althompson.com, autodiscover.althompson.com, legacy.althompson.com, mail3.althompson.com, althompson.com, www.mail.althompson.com
Valid from November 2, 2014 to November 4, 2015
Serial Number: 2b66609d0af392
Signature Algorithm: sha1WithRSAEncryption
Issuer: Go Daddy Secure Certification Authority
0
 
LVL 1

Author Comment

by:Moti Mashiah
ID: 40420422
K solved thx for all your help.
0
 
LVL 19

Expert Comment

by:Adam Farage
ID: 40420662
How did you solve it?! :)
0
 
LVL 1

Author Comment

by:Moti Mashiah
ID: 40420710
Your autodiscover solution plus I went to the directories autodiscover and ews in IIS and change the ssl configuration to ignore.

Another things - I also created new DNS zone and make the auto-discover and Mail as internal record which was much better because I had some issue to resolved the external ip of the DNSs  kinda of wired.
I will still investigating what the issue with my DNS.
Thanks for your great help
0
 
LVL 1

Author Closing Comment

by:Moti Mashiah
ID: 40430076
thanks
0

Featured Post

Want to promote your upcoming event?

Are you going to an event? Are you going to be exhibiting at a tradeshow? Talking at a conference? Using a promotional banner in your email signature ensures that your organization’s most important contacts stay in the know and can potentially spread the word about the event.

Join & Write a Comment

Utilizing an array to gracefully append to a list of EmailAddresses
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
This video discusses moving either the default database or any database to a new volume.

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now