Enlightx
asked on
Outlook anywere Help with a .local active directory name
Hi Guys
need some help as there looks to be a fair few ways to sort this.
Been asked to get outlook anywere working on a domain which i did not setup. unfortunally the orignally it team set the active directory as companyname.local
so with the new UCC certificate laws i cannot get a cert to get outlook anywere up and running.
any ideas which path i should take.
ideally i dont want to rebuild/migrate the whole domain not really an option currently. i have googled a fair bit and tried a few scripts to do with creating new virtual dirs on IIS but all seem to error.
Current setup is as follows
Server : Windows 2008 R2
Exchange : Exchange 2010
Servername : exchange.local
External domain : exchange.companyname.com
UCC cert is setup for : exchange.companyname.com, companyname.com
any help would be very much appreciated.
need some help as there looks to be a fair few ways to sort this.
Been asked to get outlook anywere working on a domain which i did not setup. unfortunally the orignally it team set the active directory as companyname.local
so with the new UCC certificate laws i cannot get a cert to get outlook anywere up and running.
any ideas which path i should take.
ideally i dont want to rebuild/migrate the whole domain not really an option currently. i have googled a fair bit and tried a few scripts to do with creating new virtual dirs on IIS but all seem to error.
Current setup is as follows
Server : Windows 2008 R2
Exchange : Exchange 2010
Servername : exchange.local
External domain : exchange.companyname.com
UCC cert is setup for : exchange.companyname.com, companyname.com
any help would be very much appreciated.
I agree with simon, a split DNS is possible, so you need to setup a public DNS name and thus use that for a basis for a external name for Outlook Anywhere.
ASKER
thanks for help so far guys
i had already setup the splitdns as i have the public domain name pointing to the site ip and ports forwarded.
iv followed the guide and internal computers seems to be connecting using outlook anywere okay but still getting issues when trying to connect externally.
autodiscover does not work and when trying Manuel settings im getting certificate not trusted issues
i had already setup the splitdns as i have the public domain name pointing to the site ip and ports forwarded.
iv followed the guide and internal computers seems to be connecting using outlook anywere okay but still getting issues when trying to connect externally.
autodiscover does not work and when trying Manuel settings im getting certificate not trusted issues
Do you have a trusted certificate in place?
Have you configured Autodiscover DNS records?
When you get the SSL prompt, look at the certificate. Is it your certificate?
A common problem is with Autodiscover looking at the root of the domain first (https://example.com instead of https://autodiscover.example.com/ ). If your web host has something on the root of the domain then you can get errors. You need to ask the web host to disable Autodiscover for your domain.
Simon.
Have you configured Autodiscover DNS records?
When you get the SSL prompt, look at the certificate. Is it your certificate?
A common problem is with Autodiscover looking at the root of the domain first (https://example.com instead of https://autodiscover.example.com/ ). If your web host has something on the root of the domain then you can get errors. You need to ask the web host to disable Autodiscover for your domain.
Simon.
Check out this article as well. Step-by-step on what you need to do. Lots of screenshots.
http://supertekboy.com/2014/05/27/designing-a-simple-name-space-for-exchange-2010/
http://supertekboy.com/2014/05/27/designing-a-simple-name-space-for-exchange-2010/
ASKER
great guide using it to start from scratch. iv already noticed i stupidly didnt include autodicover in my cert request so starting fresh ill sort this hopefully will sort my issue.
will report back after new cert is issued
will report back after new cert is issued
The only time autodiscover isn't needed if you created an SRV record with your external DNS provider for autodiscover. But not all providers support this.
ASKER
Hi Guys,
Sorry took so long had to revoke current cert and wait for credit then reissue. now all done but still having issues.
When trying to use an outside outlook client and using the setup wizard it trys to connect (i dont get any cert issues anymore now) but keeps asking for username and password login. which i have tried using domain credentials and it still fails with the following.
The connection to Microsoft Exchange is unavailable. Outlooks must be online or connected to complete this action.
to note all internal outlook clients seems to be working okay and use http okay when connecting.
local clients have the following settings in proxy settings
use this URL to connect :
https://exchange.domain.com
Ticked only connect to proxy servers that have this principal name in there certificate:
msstd:exchange.domain.com
unticked on fast networks connect using http first
ticked on slow networks connect using http first
proxy auth settings :
Basic Authentication
Sorry took so long had to revoke current cert and wait for credit then reissue. now all done but still having issues.
When trying to use an outside outlook client and using the setup wizard it trys to connect (i dont get any cert issues anymore now) but keeps asking for username and password login. which i have tried using domain credentials and it still fails with the following.
The connection to Microsoft Exchange is unavailable. Outlooks must be online or connected to complete this action.
to note all internal outlook clients seems to be working okay and use http okay when connecting.
local clients have the following settings in proxy settings
use this URL to connect :
https://exchange.domain.com
Ticked only connect to proxy servers that have this principal name in there certificate:
msstd:exchange.domain.com
unticked on fast networks connect using http first
ticked on slow networks connect using http first
proxy auth settings :
Basic Authentication
When trying to use an outside outlook client and using the setup wizard it trys to connect (i dont get any cert issues anymore now) but keeps asking for username and password login. which i have tried using domain credentials and it still fails with the following.
This is still an indication of a certificate or a DNS issue.
Run the autodiscover test from www.exrca.com and post the results here.
ASKER
Ahh yes I forgot about the tests you can perform.
I see the issue now but not sure how to sorT
Attempting to test potential Autodiscover URL https://domain.com:443/Autodiscover/Autodiscover.xml
Failed test :
Additional Details
Host name domain.com doesn't match any name found on the server certificate CN=*.secure-secure.co.uk, OU=Domain Control Validated.
Elapsed Time: 0 ms.
Attempting to test potential Autodiscover URL https://autodiscover.domain.com:443/Autodiscover/Autodiscover.xml
Looks like it's looki on he webhosting site and not exchnage server
Current setup is as follows
Domain has webhosting with a company, this hosts a website as well as getting mail for the company.
The exchnage server is then running on a static ip broadband line and I have forwarded exchange.domain.com and autodiscover.domain.com to the static ip.
exchnage server picked up mail from pop server and has certificate installed etc.
I see the issue now but not sure how to sorT
Attempting to test potential Autodiscover URL https://domain.com:443/Autodiscover/Autodiscover.xml
Failed test :
Additional Details
Host name domain.com doesn't match any name found on the server certificate CN=*.secure-secure.co.uk, OU=Domain Control Validated.
Elapsed Time: 0 ms.
Attempting to test potential Autodiscover URL https://autodiscover.domain.com:443/Autodiscover/Autodiscover.xml
Looks like it's looki on he webhosting site and not exchnage server
Current setup is as follows
Domain has webhosting with a company, this hosts a website as well as getting mail for the company.
The exchnage server is then running on a static ip broadband line and I have forwarded exchange.domain.com and autodiscover.domain.com to the static ip.
exchnage server picked up mail from pop server and has certificate installed etc.
You need to get the web host company to disable Autodiscover for your domain.
Autodiscover by default will try and do https://example.com/Autodiscover/Autodiscover.xml - with some web hosting packages that URL will work (with an SSL error). Only the web host can fix that, so that Autodiscover will then use one of the later URLs such as https://autodiscover.example.com/
Simon.
Autodiscover by default will try and do https://example.com/Autodiscover/Autodiscover.xml - with some web hosting packages that URL will work (with an SSL error). Only the web host can fix that, so that Autodiscover will then use one of the later URLs such as https://autodiscover.example.com/
Simon.
ASKER
okay thanks for info. ill get onto webhost see if i can get it disabled.
will be back with an update in couple of days
will be back with an update in couple of days
ASKER
had the typical 1st response back from the web host saying it may not be possible to disable as we are on a linux package and linux doesnt use autodiscover :|
is there anyway around it is i have no luck with the webhost being able to disable?
is there anyway around it is i have no luck with the webhost being able to disable?
The version of the web hosting package doesn't matter, as it is just a redirect.
Autodiscover isn't really a Linux feature, the web hosting package uses it for its own email service.
You need to check whether you get a response from https://example.com/Autodiscover/Autodiscover.xml (remember this is the root of the domain, so not www.example.com). If you are, then they need to disable the functionality.
Simon.
Autodiscover isn't really a Linux feature, the web hosting package uses it for its own email service.
You need to check whether you get a response from https://example.com/Autodiscover/Autodiscover.xml (remember this is the root of the domain, so not www.example.com). If you are, then they need to disable the functionality.
Simon.
ASKER
Looking on the ftp there is nothing on the server at that path. If also tried putting a blank autodiscover.xml but still get the same errors.
Webhost is now saying there's nothing they can do :(
Anything else you can suggest I try
Webhost is now saying there's nothing they can do :(
Anything else you can suggest I try
Check your external DNS zone file.
Any SRV records in their for autodiscover? I know GoDaddy for example will create SRV records in their web hosting that direct autodiscover SRV records over to its CPANEL mail.
Also, check for CNAME autodiscover records. I have seen where hosting providers will set the CNAME of autodiscover to the @ record. Which then often points to the web hosting.
Any SRV records in their for autodiscover? I know GoDaddy for example will create SRV records in their web hosting that direct autodiscover SRV records over to its CPANEL mail.
Also, check for CNAME autodiscover records. I have seen where hosting providers will set the CNAME of autodiscover to the @ record. Which then often points to the web hosting.
You will not see anything on an FTP lookup, because it is a virtual directory. The only way that you will see it is to browse to the path that I have posted to see what comes back.
If you are seeing the host's SSL certificate then they have to be doing something with Autodiscover.
Simon.
If you are seeing the host's SSL certificate then they have to be doing something with Autodiscover.
Simon.
ASKER
looking at
https://autodiscover.domain.com:443/Autodiscover/Autodiscover.xml
i get the following
This XML file does not appear to have any style information associated with it. The document tree is shown below.
<Autodiscover><Response><E rror Time="21:36:40.0028140" Id="3007185755"><ErrorCode >600</Erro rCode><Mes sage>Inval id Request</Message><DebugDat a/></Error ></Respons e></Autodi scover>
https://autodiscover.domain.com:443/Autodiscover/Autodiscover.xml
i get the following
This XML file does not appear to have any style information associated with it. The document tree is shown below.
<Autodiscover><Response><E
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
found solution myself with added help with Simon Butler
This is very easy. Just setup a split DNS for your external name so the name resolves internally as well as externally.
Then change the configuration of Exchange to use the external name.
http://semb.ee/hostnames2010
No need to rename the name or anything.
Simon.