Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

exchange 2010

Posted on 2014-11-03
23
Medium Priority
?
65 Views
Last Modified: 2014-11-08
Hi guys ,

I have issue with my exchange server , I jsut renew my certificate and everything works fine just have some issue with internally users outlook the get this message every 5 minutes in their outlook.

please see attachment error.exchange
0
Comment
Question by:Moti Mashiah
  • 16
  • 7
23 Comments
 
LVL 19

Assisted Solution

by:Adam Farage
Adam Farage earned 2000 total points
ID: 40419802
What names are on the certificate, and what is the AutoDiscoverServiceInternalUri set to?

Run the following and post it here:

Get-ClientAccessServer | ServerName, AutoDiscoverServiceInternalUri

What most likely is going on is that the AutoDiscover SCP is set to the server name instead of autodiscover.company.com which should be on the certificate. Do the following:

- Make sure the SSL certificate has autodiscover.company.com listed as a subject alternative name
- Change the AutoDiscoverServiceInternalUri to autodiscover.company.com
Get-ClientAccessServer | Set-ClientAccessServer -AutoDiscoverServiceInternalUri https://autodiscover.company.com/autodiscover/autodiscover.xml

Open in new window

- Within internal DNS set an A record to point autodiscover.company.com to either a load balancer that is load balancing the CAS Array / CAS or to a single CAS if you only have one CAS.
0
 
LVL 1

Author Comment

by:Moti Mashiah
ID: 40420118
Hi ,

I typed the command you suggested
 Get-ClientAccessServer | Set-ClientAccessServer -AutoDiscoverServiceInternalUri https://autodiscover.company.com/autodiscover/autodiscover.xml

Open in new window


and still when I type Get-ClientAccessServer I'm getting my server name

[PS] C:\Windows\system32>Get-ClientAccessServer

Name
----
SRV-MX-01

Open in new window

0
 
LVL 1

Author Comment

by:Moti Mashiah
ID: 40420124
this is my SAN certificate info:

Common name: mail.althompson.com
SANs: mail.althompson.com, www.mail.althompson.com, mail2.althompson.com, autodiscover.althompson.com, legacy.althompson.com, mail3.althompson.com, althompson.com, www.mail.althompson.com
Valid from November 2, 2014 to November 4, 2015
Serial Number: 2b66609d0af392
Signature Algorithm: sha1WithRSAEncryption
Issuer: Go Daddy Secure Certification Authority
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 1

Author Comment

by:Moti Mashiah
ID: 40420132
where can i see the autodescover service actually when can I change the autodescovery serveice?
0
 
LVL 19

Assisted Solution

by:Adam Farage
Adam Farage earned 2000 total points
ID: 40420145
Internal clients use the AutoDiscoverServiceInternalUri (which is really an Active Directory service connection point). You can view it by doing the following:

Get-ClientAccessServer | Select Name, AutoDiscoverServiceInternaluri
0
 
LVL 1

Author Comment

by:Moti Mashiah
ID: 40420153
k , now i see that i point to the right place:

 Identity                       : SRV-MX-01
AutoDiscoverServiceInternalUri : https://mail.althompson.com/Autodiscover/Autodiscover.xml

I did all the steps and still same issue - do i need to restart iis of some services after this change?
0
 
LVL 1

Author Comment

by:Moti Mashiah
ID: 40420173
Please , Help :) ...thanks ,
0
 
LVL 19

Expert Comment

by:Adam Farage
ID: 40420175
You shouldn't have to restart IIS since this is held within Active Directory. DNS is pointing to the Exchange server right? Did you all AD to replicate?

Can you check your other CAS services to make sure the InternalURL are correct?
0
 
LVL 1

Author Comment

by:Moti Mashiah
ID: 40420188
Actually I didn't do any internal DNS I point directly to the external IP as I do from external -
mail.althompson.com
0
 
LVL 1

Author Comment

by:Moti Mashiah
ID: 40420199
do you think I should do it like create another zone althompson.com and create mail.althompson.com and direct it to the internal exchange server?

It was working in the way I did before like when I directed to the external IP.

does it metter?
0
 
LVL 19

Assisted Solution

by:Adam Farage
Adam Farage earned 2000 total points
ID: 40420208
There should be a forward lookup zone for althompson.com internally with an A record for mail and autodiscover pointing to the CAS endpoint (either a single CAS or a VIP of a load balancer)
0
 
LVL 1

Author Comment

by:Moti Mashiah
ID: 40420217
I have it all working well from external just for my outlook it doesnt work even do when i change to -

https://mail.althompson.com/Autodiscover/Autodiscover.xml
0
 
LVL 19

Expert Comment

by:Adam Farage
ID: 40420219
it should be autodiscover.althompson.com/autodiscover/autodiscover.xml.
0
 
LVL 1

Author Comment

by:Moti Mashiah
ID: 40420223
This DNS above point to my server. I did the change and still internal outlook have this issue and getting this error certificate.
0
 
LVL 1

Author Comment

by:Moti Mashiah
ID: 40420226
OH k let me check. Thank you soo much for your help.
0
 
LVL 19

Expert Comment

by:Adam Farage
ID: 40420229
No problem. Let me know how it goes. If I don't respond then I am probably on my way home.
0
 
LVL 1

Accepted Solution

by:
Moti Mashiah earned 0 total points
ID: 40420231
0
 
LVL 1

Author Comment

by:Moti Mashiah
ID: 40420246
I really get confuse...Don't know what to do. people here call me every 5 minutes LOL...

please, let me know when you can help.

Thanks ,
0
 
LVL 1

Author Comment

by:Moti Mashiah
ID: 40420348
Hi I would like to ask if it could be an issue if I don't have the hierarchic in order

like my cert look like that:

Common name: mail.althompson.com
SANs: mail.althompson.com, www.mail.althompson.com, mail2.althompson.com, autodiscover.althompson.com, legacy.althompson.com, mail3.althompson.com, althompson.com, www.mail.althompson.com
Valid from November 2, 2014 to November 4, 2015
Serial Number: 2b66609d0af392
Signature Algorithm: sha1WithRSAEncryption
Issuer: Go Daddy Secure Certification Authority
0
 
LVL 1

Author Comment

by:Moti Mashiah
ID: 40420422
K solved thx for all your help.
0
 
LVL 19

Expert Comment

by:Adam Farage
ID: 40420662
How did you solve it?! :)
0
 
LVL 1

Author Comment

by:Moti Mashiah
ID: 40420710
Your autodiscover solution plus I went to the directories autodiscover and ews in IIS and change the ssl configuration to ignore.

Another things - I also created new DNS zone and make the auto-discover and Mail as internal record which was much better because I had some issue to resolved the external ip of the DNSs  kinda of wired.
I will still investigating what the issue with my DNS.
Thanks for your great help
0
 
LVL 1

Author Closing Comment

by:Moti Mashiah
ID: 40430076
thanks
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Here in this article, you will get a step by step guidance on how to restore an Exchange database to a recovery database. Get a brief on Recovery Database and how it can be used to restore Exchange database in this section!
This month, Experts Exchange sat down with resident SQL expert, Jim Horn, for an in-depth look into the makings of a successful career in SQL.
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

886 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question