Outlook Anywhere problem in exchange 2013

Hi All


              I got a problem on outlook anywhere on exchange 2013, I had applied a 3rd ssl certificate, but realized that doesn't contain autodiscover.domain.com in the ssl certificate, and afterward i created a SRV Record on my 2 external dns server, and also created A record for autodiscover.domain.com , are my concept correct ? and for details you can check from the below link, hope you find help on my problem, it been over 3 weeks, thx !

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_28540049.html




I am using the one call starssl , and it doesn't contain autodiscover, n what I do now is to create a srv record in the 2 external dns server, and removed the A record for autodiscover.domain.com from internal dns server, check attached screenshot, am I doing it correctly ?  and I still cant connect outlook anywhere in outlook, any idea ?


ssl

2

SRV Record
piaakitAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Adam FarageEnterprise ArchCommented:
Yes they are correct. Just make sure the domains are matching.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
piaakitAuthor Commented:
want to make one thing clear, if my SSL Certificate doesn't contain autodiscover, i can create SRV record autodiscover instead ? and no need to create A record for autodiscover ? am i right ? i still can not success connect outlook anywhere, any idea ?
0
Adam FarageEnterprise ArchCommented:
0
The Ultimate Tool Kit for Technolgy Solution Provi

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy for valuable how-to assets including sample agreements, checklists, flowcharts, and more!

piaakitAuthor Commented:
Hi Adam


                Please check below steps, is it correct, but in the outlook client side, it  keep prompting up the login screen, anything i have done wrong ?


1
2
3
4
5
0
Adam FarageEnterprise ArchCommented:
thats not AutoDiscover, thats Outlook Anywhere causing an issue. I should have picked that up yesterday.
Do you have a reverse proxy you are going through? Can you give me the following settings?

Get-OutlookAnywhere | FL

Open in new window


Also what client are you doing this from?
0
piaakitAuthor Commented:
There you go with the screenshot, and i dont have any reverse proxy, and my outlook client is outlook 2010, any finding from this ?

1
0
Adam FarageEnterprise ArchCommented:
Change the Authentication methods to Ntlm, and that will fix this issue.

Get-OutlookAnywhere | Set-OutlookAnywhere -ExternalClientAuthenticationMethod Ntlm -InternalClientAuthenticationMethod Ntlm -IISAuthenticationMethod Ntlm

Open in new window


On the CAS then restart IIS
IISRESET /NOFORCE

Open in new window

0
piaakitAuthor Commented:
I ran the command above, and retry the outlook client, same result, any idea ?
0
Adam FarageEnterprise ArchCommented:
Give time for the client to replicate, and make sure within the client settings (you had it opened above) that Ntlm is selected. Try rebuilding the Outlook profile and testing, as that should pull this information from autodiscover.
0
piaakitAuthor Commented:
so that for microsoft exchange proxy settings, it has to set like below ?

proxy authentication settings

NTML authentication


and from exchange server, outlook anywhere, authentication method is to choose NTLM ?

auth
0
piaakitAuthor Commented:
i,m getting below, when i,m doing the microsoft connectivity analyzer, and it show blank screen when i access to below link   https://domain.hk/autodiscover/autodiscover.xml, any idea what causes such problem ?



The Microsoft Connectivity Analyzer is attempting to test Autodiscover for keith@domain.hk.
 Testing Autodiscover failed.
 
Additional Details
 
Elapsed Time: 5374 ms.


 
Test Steps
 
Attempting each method of contacting the Autodiscover service.
 The Autodiscover service couldn't be contacted successfully by any method.
 
Additional Details
 
Elapsed Time: 5374 ms.


 
Test Steps
 
Attempting to test potential Autodiscover URL https://domain.hk:443/Autodiscover/Autodiscover.xml
 Testing of this potential Autodiscover URL failed.
 
Additional Details
 
Elapsed Time: 3758 ms.


 
Test Steps
 
Attempting to resolve the host name domain.hk in DNS.
 The host name resolved successfully.
 
Additional Details
 
IP addresses returned: 113.28.54.219

Elapsed Time: 2913 ms.



Testing TCP port 443 on host domain.hk to ensure it's listening and open.
 The port was opened successfully.
 
Additional Details
 
Elapsed Time: 462 ms.



Testing the SSL certificate to make sure it's valid.
 The SSL certificate failed one or more certificate validation checks.
 
Additional Details
 
Elapsed Time: 382 ms.


 
Test Steps
 
The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server domain.hk on port 443.
 The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
 
Additional Details
 
Remote Certificate Subject: CN=WMSvc-EXSERVER, Issuer: CN=WMSvc-EXSERVER.

Elapsed Time: 313 ms.



Validating the certificate name.
 Certificate name validation failed.
  Tell me more about this issue and how to resolve it
 
Additional Details
 
Host name domain.hk doesn't match any name found on the server certificate CN=WMSvc-EXSERVER.

Elapsed Time: 1 ms.







Attempting to test potential Autodiscover URL https://autodiscover.domain.hk:443/Autodiscover/Autodiscover.xml
 Testing of this potential Autodiscover URL failed.
 
Additional Details
 
Elapsed Time: 235 ms.


 
Test Steps
 
Attempting to resolve the host name autodiscover.domain.hk in DNS.
 The host name couldn't be resolved.
  Tell me more about this issue and how to resolve it
 
Additional Details
 
Host autodiscover.domain.hk couldn't be resolved in DNS InfoDomainNonexistent.

Elapsed Time: 235 ms.





Attempting to contact the Autodiscover service using the HTTP redirect method.
 The attempt to contact Autodiscover using the HTTP Redirect method failed.
 
Additional Details
 
Elapsed Time: 35 ms.


 
Test Steps
 
Attempting to resolve the host name autodiscover.domain.hk in DNS.
 The host name couldn't be resolved.
  Tell me more about this issue and how to resolve it
 
Additional Details
 
Host autodiscover.domain.hk couldn't be resolved in DNS InfoDomainNonexistent.

Elapsed Time: 35 ms.





Attempting to contact the Autodiscover service using the DNS SRV redirect method.
 The Microsoft Connectivity Analyzer failed to contact the Autodiscover service using the DNS SRV redirect method.
 
Additional Details
 
Elapsed Time: 1344 ms.


 
Test Steps
 
Attempting to locate SRV record _autodiscover._tcp.domain.hk in DNS.
 The Autodiscover SRV record was successfully retrieved from DNS.
 
Additional Details
 
The Service Location (SRV) record lookup returned host webmail.domain.hk.

Elapsed Time: 232 ms.



Attempting to test potential Autodiscover URL https://webmail.domain.hk:443/Autodiscover/Autodiscover.xml
 Testing of this potential Autodiscover URL failed.
 
Additional Details
 
Elapsed Time: 1112 ms.


 
Test Steps
 
Attempting to resolve the host name webmail.domain.hk in DNS.
 The host name resolved successfully.
 
Additional Details
 
IP addresses returned: 113.28.54.219

Elapsed Time: 272 ms.



Testing TCP port 443 on host webmail.domain.hk to ensure it's listening and open.
 The port was opened successfully.
 
Additional Details
 
Elapsed Time: 454 ms.



Testing the SSL certificate to make sure it's valid.
 The SSL certificate failed one or more certificate validation checks.
 
Additional Details
 
Elapsed Time: 384 ms.


 
Test Steps
 
The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server webmail.domain.hk on port 443.
 The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
 
Additional Details
 
Remote Certificate Subject: CN=WMSvc-EXSERVER, Issuer: CN=WMSvc-EXSERVER.

Elapsed Time: 321 ms.



Validating the certificate name.
 Certificate name validation failed.
  Tell me more about this issue and how to resolve it
 
Additional Details
 
Host name webmail.domain.hk doesn't match any name found on the server certificate CN=WMSvc-EXSERVER.

Elapsed Time: 1 ms.
0
Adam FarageEnterprise ArchCommented:
Setup the SRV record: http://blogs.technet.com/b/rmilne/archive/2014/10/02/how-to-check-exchange-autodiscover-srv-record-using-nslookup.aspx


If your DNS provider does not support SRV records, then setup autodiscover.company.hk as your autodiscover URL. Also, the URL within the box above is not required
0
piaakitAuthor Commented:
so is below srv record look correct to you ?
srv.jpg
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.