Solved

exchange 2010

Posted on 2014-11-03
23
59 Views
Last Modified: 2014-11-08
Hi guys ,

I have issue with my exchange server , I jsut renew my certificate and everything works fine just have some issue with internally users outlook the get this message every 5 minutes in their outlook.

please see attachment error.exchange
0
Comment
Question by:Moti Mashiah
  • 16
  • 7
23 Comments
 
LVL 19

Assisted Solution

by:Adam Farage
Adam Farage earned 500 total points
ID: 40419802
What names are on the certificate, and what is the AutoDiscoverServiceInternalUri set to?

Run the following and post it here:

Get-ClientAccessServer | ServerName, AutoDiscoverServiceInternalUri

What most likely is going on is that the AutoDiscover SCP is set to the server name instead of autodiscover.company.com which should be on the certificate. Do the following:

- Make sure the SSL certificate has autodiscover.company.com listed as a subject alternative name
- Change the AutoDiscoverServiceInternalUri to autodiscover.company.com
Get-ClientAccessServer | Set-ClientAccessServer -AutoDiscoverServiceInternalUri https://autodiscover.company.com/autodiscover/autodiscover.xml

Open in new window

- Within internal DNS set an A record to point autodiscover.company.com to either a load balancer that is load balancing the CAS Array / CAS or to a single CAS if you only have one CAS.
0
 
LVL 1

Author Comment

by:Moti Mashiah
ID: 40420118
Hi ,

I typed the command you suggested
 Get-ClientAccessServer | Set-ClientAccessServer -AutoDiscoverServiceInternalUri https://autodiscover.company.com/autodiscover/autodiscover.xml

Open in new window


and still when I type Get-ClientAccessServer I'm getting my server name

[PS] C:\Windows\system32>Get-ClientAccessServer

Name
----
SRV-MX-01

Open in new window

0
 
LVL 1

Author Comment

by:Moti Mashiah
ID: 40420124
this is my SAN certificate info:

Common name: mail.althompson.com
SANs: mail.althompson.com, www.mail.althompson.com, mail2.althompson.com, autodiscover.althompson.com, legacy.althompson.com, mail3.althompson.com, althompson.com, www.mail.althompson.com
Valid from November 2, 2014 to November 4, 2015
Serial Number: 2b66609d0af392
Signature Algorithm: sha1WithRSAEncryption
Issuer: Go Daddy Secure Certification Authority
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 
LVL 1

Author Comment

by:Moti Mashiah
ID: 40420132
where can i see the autodescover service actually when can I change the autodescovery serveice?
0
 
LVL 19

Assisted Solution

by:Adam Farage
Adam Farage earned 500 total points
ID: 40420145
Internal clients use the AutoDiscoverServiceInternalUri (which is really an Active Directory service connection point). You can view it by doing the following:

Get-ClientAccessServer | Select Name, AutoDiscoverServiceInternaluri
0
 
LVL 1

Author Comment

by:Moti Mashiah
ID: 40420153
k , now i see that i point to the right place:

 Identity                       : SRV-MX-01
AutoDiscoverServiceInternalUri : https://mail.althompson.com/Autodiscover/Autodiscover.xml

I did all the steps and still same issue - do i need to restart iis of some services after this change?
0
 
LVL 1

Author Comment

by:Moti Mashiah
ID: 40420173
Please , Help :) ...thanks ,
0
 
LVL 19

Expert Comment

by:Adam Farage
ID: 40420175
You shouldn't have to restart IIS since this is held within Active Directory. DNS is pointing to the Exchange server right? Did you all AD to replicate?

Can you check your other CAS services to make sure the InternalURL are correct?
0
 
LVL 1

Author Comment

by:Moti Mashiah
ID: 40420188
Actually I didn't do any internal DNS I point directly to the external IP as I do from external -
mail.althompson.com
0
 
LVL 1

Author Comment

by:Moti Mashiah
ID: 40420199
do you think I should do it like create another zone althompson.com and create mail.althompson.com and direct it to the internal exchange server?

It was working in the way I did before like when I directed to the external IP.

does it metter?
0
 
LVL 19

Assisted Solution

by:Adam Farage
Adam Farage earned 500 total points
ID: 40420208
There should be a forward lookup zone for althompson.com internally with an A record for mail and autodiscover pointing to the CAS endpoint (either a single CAS or a VIP of a load balancer)
0
 
LVL 1

Author Comment

by:Moti Mashiah
ID: 40420217
I have it all working well from external just for my outlook it doesnt work even do when i change to -

https://mail.althompson.com/Autodiscover/Autodiscover.xml
0
 
LVL 19

Expert Comment

by:Adam Farage
ID: 40420219
it should be autodiscover.althompson.com/autodiscover/autodiscover.xml.
0
 
LVL 1

Author Comment

by:Moti Mashiah
ID: 40420223
This DNS above point to my server. I did the change and still internal outlook have this issue and getting this error certificate.
0
 
LVL 1

Author Comment

by:Moti Mashiah
ID: 40420226
OH k let me check. Thank you soo much for your help.
0
 
LVL 19

Expert Comment

by:Adam Farage
ID: 40420229
No problem. Let me know how it goes. If I don't respond then I am probably on my way home.
0
 
LVL 1

Accepted Solution

by:
Moti Mashiah earned 0 total points
ID: 40420231
0
 
LVL 1

Author Comment

by:Moti Mashiah
ID: 40420246
I really get confuse...Don't know what to do. people here call me every 5 minutes LOL...

please, let me know when you can help.

Thanks ,
0
 
LVL 1

Author Comment

by:Moti Mashiah
ID: 40420348
Hi I would like to ask if it could be an issue if I don't have the hierarchic in order

like my cert look like that:

Common name: mail.althompson.com
SANs: mail.althompson.com, www.mail.althompson.com, mail2.althompson.com, autodiscover.althompson.com, legacy.althompson.com, mail3.althompson.com, althompson.com, www.mail.althompson.com
Valid from November 2, 2014 to November 4, 2015
Serial Number: 2b66609d0af392
Signature Algorithm: sha1WithRSAEncryption
Issuer: Go Daddy Secure Certification Authority
0
 
LVL 1

Author Comment

by:Moti Mashiah
ID: 40420422
K solved thx for all your help.
0
 
LVL 19

Expert Comment

by:Adam Farage
ID: 40420662
How did you solve it?! :)
0
 
LVL 1

Author Comment

by:Moti Mashiah
ID: 40420710
Your autodiscover solution plus I went to the directories autodiscover and ews in IIS and change the ssl configuration to ignore.

Another things - I also created new DNS zone and make the auto-discover and Mail as internal record which was much better because I had some issue to resolved the external ip of the DNSs  kinda of wired.
I will still investigating what the issue with my DNS.
Thanks for your great help
0
 
LVL 1

Author Closing Comment

by:Moti Mashiah
ID: 40430076
thanks
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
Find out what you should include to make the best professional email signature for your organization.
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…

816 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now