Solved

Outlook Anywhere problem in exchange 2013

Posted on 2014-11-10
13
18 Views
Last Modified: 2016-03-11
Hi All


              I got a problem on outlook anywhere on exchange 2013, I had applied a 3rd ssl certificate, but realized that doesn't contain autodiscover.domain.com in the ssl certificate, and afterward i created a SRV Record on my 2 external dns server, and also created A record for autodiscover.domain.com , are my concept correct ? and for details you can check from the below link, hope you find help on my problem, it been over 3 weeks, thx !

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_28540049.html




I am using the one call starssl , and it doesn't contain autodiscover, n what I do now is to create a srv record in the 2 external dns server, and removed the A record for autodiscover.domain.com from internal dns server, check attached screenshot, am I doing it correctly ?  and I still cant connect outlook anywhere in outlook, any idea ?


ssl

2

SRV Record
0
Comment
Question by:piaakit
  • 7
  • 6
13 Comments
 
LVL 19

Accepted Solution

by:
Adam Farage earned 500 total points
ID: 40432703
Yes they are correct. Just make sure the domains are matching.
0
 

Author Comment

by:piaakit
ID: 40433070
want to make one thing clear, if my SSL Certificate doesn't contain autodiscover, i can create SRV record autodiscover instead ? and no need to create A record for autodiscover ? am i right ? i still can not success connect outlook anywhere, any idea ?
0
 
LVL 19

Expert Comment

by:Adam Farage
ID: 40433093
0
 

Author Comment

by:piaakit
ID: 40434344
Hi Adam


                Please check below steps, is it correct, but in the outlook client side, it  keep prompting up the login screen, anything i have done wrong ?


1
2
3
4
5
0
 
LVL 19

Expert Comment

by:Adam Farage
ID: 40434683
thats not AutoDiscover, thats Outlook Anywhere causing an issue. I should have picked that up yesterday.
Do you have a reverse proxy you are going through? Can you give me the following settings?

Get-OutlookAnywhere | FL

Open in new window


Also what client are you doing this from?
0
 

Author Comment

by:piaakit
ID: 40434731
There you go with the screenshot, and i dont have any reverse proxy, and my outlook client is outlook 2010, any finding from this ?

1
0
Want to promote your upcoming event?

Attending an event? Speaking at a conference? Or exhibiting at a tradeshow? Easily inform your contacts by using a promotional banner in your email signature. This will ensure your organization’s most important contacts are in the know.

 
LVL 19

Expert Comment

by:Adam Farage
ID: 40434970
Change the Authentication methods to Ntlm, and that will fix this issue.

Get-OutlookAnywhere | Set-OutlookAnywhere -ExternalClientAuthenticationMethod Ntlm -InternalClientAuthenticationMethod Ntlm -IISAuthenticationMethod Ntlm

Open in new window


On the CAS then restart IIS
IISRESET /NOFORCE

Open in new window

0
 

Author Comment

by:piaakit
ID: 40437352
I ran the command above, and retry the outlook client, same result, any idea ?
0
 
LVL 19

Expert Comment

by:Adam Farage
ID: 40437377
Give time for the client to replicate, and make sure within the client settings (you had it opened above) that Ntlm is selected. Try rebuilding the Outlook profile and testing, as that should pull this information from autodiscover.
0
 

Author Comment

by:piaakit
ID: 40437473
so that for microsoft exchange proxy settings, it has to set like below ?

proxy authentication settings

NTML authentication


and from exchange server, outlook anywhere, authentication method is to choose NTLM ?

auth
0
 

Author Comment

by:piaakit
ID: 40449275
i,m getting below, when i,m doing the microsoft connectivity analyzer, and it show blank screen when i access to below link   https://domain.hk/autodiscover/autodiscover.xml, any idea what causes such problem ?



The Microsoft Connectivity Analyzer is attempting to test Autodiscover for keith@domain.hk.
 Testing Autodiscover failed.
 
Additional Details
 
Elapsed Time: 5374 ms.


 
Test Steps
 
Attempting each method of contacting the Autodiscover service.
 The Autodiscover service couldn't be contacted successfully by any method.
 
Additional Details
 
Elapsed Time: 5374 ms.


 
Test Steps
 
Attempting to test potential Autodiscover URL https://domain.hk:443/Autodiscover/Autodiscover.xml
 Testing of this potential Autodiscover URL failed.
 
Additional Details
 
Elapsed Time: 3758 ms.


 
Test Steps
 
Attempting to resolve the host name domain.hk in DNS.
 The host name resolved successfully.
 
Additional Details
 
IP addresses returned: 113.28.54.219

Elapsed Time: 2913 ms.



Testing TCP port 443 on host domain.hk to ensure it's listening and open.
 The port was opened successfully.
 
Additional Details
 
Elapsed Time: 462 ms.



Testing the SSL certificate to make sure it's valid.
 The SSL certificate failed one or more certificate validation checks.
 
Additional Details
 
Elapsed Time: 382 ms.


 
Test Steps
 
The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server domain.hk on port 443.
 The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
 
Additional Details
 
Remote Certificate Subject: CN=WMSvc-EXSERVER, Issuer: CN=WMSvc-EXSERVER.

Elapsed Time: 313 ms.



Validating the certificate name.
 Certificate name validation failed.
  Tell me more about this issue and how to resolve it
 
Additional Details
 
Host name domain.hk doesn't match any name found on the server certificate CN=WMSvc-EXSERVER.

Elapsed Time: 1 ms.







Attempting to test potential Autodiscover URL https://autodiscover.domain.hk:443/Autodiscover/Autodiscover.xml
 Testing of this potential Autodiscover URL failed.
 
Additional Details
 
Elapsed Time: 235 ms.


 
Test Steps
 
Attempting to resolve the host name autodiscover.domain.hk in DNS.
 The host name couldn't be resolved.
  Tell me more about this issue and how to resolve it
 
Additional Details
 
Host autodiscover.domain.hk couldn't be resolved in DNS InfoDomainNonexistent.

Elapsed Time: 235 ms.





Attempting to contact the Autodiscover service using the HTTP redirect method.
 The attempt to contact Autodiscover using the HTTP Redirect method failed.
 
Additional Details
 
Elapsed Time: 35 ms.


 
Test Steps
 
Attempting to resolve the host name autodiscover.domain.hk in DNS.
 The host name couldn't be resolved.
  Tell me more about this issue and how to resolve it
 
Additional Details
 
Host autodiscover.domain.hk couldn't be resolved in DNS InfoDomainNonexistent.

Elapsed Time: 35 ms.





Attempting to contact the Autodiscover service using the DNS SRV redirect method.
 The Microsoft Connectivity Analyzer failed to contact the Autodiscover service using the DNS SRV redirect method.
 
Additional Details
 
Elapsed Time: 1344 ms.


 
Test Steps
 
Attempting to locate SRV record _autodiscover._tcp.domain.hk in DNS.
 The Autodiscover SRV record was successfully retrieved from DNS.
 
Additional Details
 
The Service Location (SRV) record lookup returned host webmail.domain.hk.

Elapsed Time: 232 ms.



Attempting to test potential Autodiscover URL https://webmail.domain.hk:443/Autodiscover/Autodiscover.xml
 Testing of this potential Autodiscover URL failed.
 
Additional Details
 
Elapsed Time: 1112 ms.


 
Test Steps
 
Attempting to resolve the host name webmail.domain.hk in DNS.
 The host name resolved successfully.
 
Additional Details
 
IP addresses returned: 113.28.54.219

Elapsed Time: 272 ms.



Testing TCP port 443 on host webmail.domain.hk to ensure it's listening and open.
 The port was opened successfully.
 
Additional Details
 
Elapsed Time: 454 ms.



Testing the SSL certificate to make sure it's valid.
 The SSL certificate failed one or more certificate validation checks.
 
Additional Details
 
Elapsed Time: 384 ms.


 
Test Steps
 
The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server webmail.domain.hk on port 443.
 The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
 
Additional Details
 
Remote Certificate Subject: CN=WMSvc-EXSERVER, Issuer: CN=WMSvc-EXSERVER.

Elapsed Time: 321 ms.



Validating the certificate name.
 Certificate name validation failed.
  Tell me more about this issue and how to resolve it
 
Additional Details
 
Host name webmail.domain.hk doesn't match any name found on the server certificate CN=WMSvc-EXSERVER.

Elapsed Time: 1 ms.
0
 
LVL 19

Expert Comment

by:Adam Farage
ID: 40449975
Setup the SRV record: http://blogs.technet.com/b/rmilne/archive/2014/10/02/how-to-check-exchange-autodiscover-srv-record-using-nslookup.aspx


If your DNS provider does not support SRV records, then setup autodiscover.company.hk as your autodiscover URL. Also, the URL within the box above is not required
0
 

Author Comment

by:piaakit
ID: 40451774
so is below srv record look correct to you ?
srv.jpg
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
Get people started with the process of using Access VBA to control Outlook using automation, Microsoft Access can control other applications. An example is the ability to programmatically talk to Microsoft Outlook. Using automation, an Access applic…
how to add IIS SMTP to handle application/Scanner relays into office 365.

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now