Link to home
Create AccountLog in
Avatar of Enlightx
Enlightx

asked on

Outlook anywere Help with a .local active directory name

Hi Guys

need some help as there looks to be a fair few ways to sort this.

Been asked to get outlook anywere working on a domain which i did not setup. unfortunally the orignally it team set the active directory as companyname.local

so with the new UCC certificate laws i cannot get a cert to get outlook anywere up and running.

any ideas which path i should take.

ideally i dont want to rebuild/migrate the whole domain not really an option currently. i have googled a fair bit and tried a few scripts to do with creating new virtual dirs on IIS but all seem to error.

Current setup is as follows
Server : Windows 2008 R2
Exchange : Exchange 2010
Servername : exchange.local
External domain : exchange.companyname.com
UCC cert is setup for : exchange.companyname.com, companyname.com

any help would be very much appreciated.
Avatar of Simon Butler (Sembee)
Simon Butler (Sembee)
Flag of United Kingdom of Great Britain and Northern Ireland image

Not this question again.
This is very easy. Just setup a split DNS for your external name so the name resolves internally as well as externally.
Then change the configuration of Exchange to use the external name.
http://semb.ee/hostnames2010

No need to rename the name or anything.

Simon.
I agree with simon, a split DNS is possible, so you need to setup a public DNS name and thus use that for a basis for a external name for Outlook Anywhere.
Avatar of Enlightx
Enlightx

ASKER

thanks for help so far guys

i had already setup the splitdns as i have the public domain name pointing to the site ip and ports forwarded.

iv followed the guide and internal computers seems to be connecting using outlook anywere okay but still getting issues when trying to connect externally.

autodiscover does not work and when trying Manuel settings im getting certificate not trusted issues
Do you have a trusted certificate in place?
Have you configured Autodiscover DNS records?
When you get the SSL prompt, look at the certificate. Is it your certificate?

A common problem is with Autodiscover looking at the root of the domain first (https://example.com instead of https://autodiscover.example.com/ ). If your web host has something on the root of the domain then you can get errors. You need to ask the web host to disable Autodiscover for your domain.

Simon.
Check out this article as well. Step-by-step on what you need to do. Lots of screenshots.
http://supertekboy.com/2014/05/27/designing-a-simple-name-space-for-exchange-2010/
great guide using it to start from scratch. iv already noticed i stupidly didnt include autodicover in my cert request so starting fresh ill sort this hopefully will sort my issue.

will report back after new cert is issued
The only time autodiscover isn't needed if you created an SRV record with your external DNS provider for autodiscover. But not all providers support this.
Hi Guys,

Sorry took so long had to revoke current cert and wait for credit then reissue. now all done but still having issues.

When trying to use an outside outlook client and using the setup wizard it trys to connect (i dont get any cert issues anymore now) but keeps asking for username and password login. which i have tried using domain credentials and it still fails with the following.

The connection to Microsoft Exchange is unavailable. Outlooks must be online or connected to complete this action.

to note all internal outlook clients seems to be working okay and use http okay when connecting.

local clients have the following settings in proxy settings

use this URL to connect :
https://exchange.domain.com

Ticked only connect to proxy servers that have this principal name in there certificate:
msstd:exchange.domain.com

unticked on fast networks connect using http first
ticked on slow networks connect using http first

proxy auth settings :
Basic Authentication
When trying to use an outside outlook client and using the setup wizard it trys to connect (i dont get any cert issues anymore now) but keeps asking for username and password login. which i have tried using domain credentials and it still fails with the following.

This is still an indication of a certificate or a DNS issue.

Run the autodiscover test from www.exrca.com and post the results here.
Ahh yes I forgot about the tests you can perform.

I see the issue now but not sure how to sorT

      Attempting to test potential Autodiscover URL https://domain.com:443/Autodiscover/Autodiscover.xml


Failed test :
       
      Additional Details
       
Host name domain.com doesn't match any name found on the server certificate CN=*.secure-secure.co.uk, OU=Domain Control Validated.
Elapsed Time: 0 ms.
      Attempting to test potential Autodiscover URL https://autodiscover.domain.com:443/Autodiscover/Autodiscover.xml


Looks like it's looki on he webhosting site and not exchnage server

Current setup is as follows

Domain has webhosting with a company, this hosts a website as well as getting mail for the company.
The exchnage server is then running on a static ip broadband line and I have forwarded exchange.domain.com and autodiscover.domain.com to the static ip.

exchnage server picked up mail from pop server and has certificate installed etc.
You need to get the web host company to disable Autodiscover for your domain.
Autodiscover by default will try and do https://example.com/Autodiscover/Autodiscover.xml - with some web hosting packages that URL will work (with an SSL error). Only the web host can fix that, so that Autodiscover will then use one of the later URLs such as https://autodiscover.example.com/ 

Simon.
okay thanks for info. ill get onto webhost see if i can get it disabled.

will be back with an update in couple of days
had the typical 1st response back from the web host saying it may not be possible to disable as we are on a linux package and linux doesnt use autodiscover :|

is there anyway around it is i have no luck with the webhost being able to disable?
The version of the web hosting package doesn't matter, as it is just a redirect.
Autodiscover isn't really a Linux feature, the web hosting package uses it for its own email service.

You need to check whether you get a response from https://example.com/Autodiscover/Autodiscover.xml (remember this is the root of the domain, so not www.example.com). If you are, then they need to disable the functionality.

Simon.
Looking on the ftp there is nothing on the server at that path. If also tried putting a blank autodiscover.xml but still get the same errors.

Webhost is now saying there's nothing they can do :(

Anything else you can suggest I try
Check your external DNS zone file.

Any SRV records in their for autodiscover? I know GoDaddy for example will create SRV records in their web hosting that direct autodiscover SRV records over to its CPANEL mail.

Also, check for CNAME autodiscover records. I have seen where hosting providers will set the CNAME of autodiscover to the @ record. Which then often points to the web hosting.
You will not see anything on an FTP lookup, because it is a virtual directory. The only way that you will see it is to browse to the path that I have posted to see what comes back.

If you are seeing the host's SSL certificate then they have to be doing something with Autodiscover.

Simon.
looking at

https://autodiscover.domain.com:443/Autodiscover/Autodiscover.xml 

i get the following

This XML file does not appear to have any style information associated with it. The document tree is shown below.
      <Autodiscover><Response><Error Time="21:36:40.0028140" Id="3007185755"><ErrorCode>600</ErrorCode><Message>Invalid Request</Message><DebugData/></Error></Response></Autodiscover>
ASKER CERTIFIED SOLUTION
Avatar of Enlightx
Enlightx

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
SOLUTION
Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
found solution myself with added help with Simon Butler