Solved

Outlook anywere Help with a .local active directory name

Posted on 2014-11-23
21
157 Views
Last Modified: 2014-12-22
Hi Guys

need some help as there looks to be a fair few ways to sort this.

Been asked to get outlook anywere working on a domain which i did not setup. unfortunally the orignally it team set the active directory as companyname.local

so with the new UCC certificate laws i cannot get a cert to get outlook anywere up and running.

any ideas which path i should take.

ideally i dont want to rebuild/migrate the whole domain not really an option currently. i have googled a fair bit and tried a few scripts to do with creating new virtual dirs on IIS but all seem to error.

Current setup is as follows
Server : Windows 2008 R2
Exchange : Exchange 2010
Servername : exchange.local
External domain : exchange.companyname.com
UCC cert is setup for : exchange.companyname.com, companyname.com

any help would be very much appreciated.
0
Comment
Question by:Enlightx
  • 10
  • 6
  • 4
  • +1
21 Comments
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40460661
Not this question again.
This is very easy. Just setup a split DNS for your external name so the name resolves internally as well as externally.
Then change the configuration of Exchange to use the external name.
http://semb.ee/hostnames2010

No need to rename the name or anything.

Simon.
0
 
LVL 18

Expert Comment

by:Peter Hutchison
ID: 40460767
I agree with simon, a split DNS is possible, so you need to setup a public DNS name and thus use that for a basis for a external name for Outlook Anywhere.
0
 

Author Comment

by:Enlightx
ID: 40460817
thanks for help so far guys

i had already setup the splitdns as i have the public domain name pointing to the site ip and ports forwarded.

iv followed the guide and internal computers seems to be connecting using outlook anywere okay but still getting issues when trying to connect externally.

autodiscover does not work and when trying Manuel settings im getting certificate not trusted issues
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40461059
Do you have a trusted certificate in place?
Have you configured Autodiscover DNS records?
When you get the SSL prompt, look at the certificate. Is it your certificate?

A common problem is with Autodiscover looking at the root of the domain first (https://example.com instead of https://autodiscover.example.com/ ). If your web host has something on the root of the domain then you can get errors. You need to ask the web host to disable Autodiscover for your domain.

Simon.
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 40461221
Check out this article as well. Step-by-step on what you need to do. Lots of screenshots.
http://supertekboy.com/2014/05/27/designing-a-simple-name-space-for-exchange-2010/
0
 

Author Comment

by:Enlightx
ID: 40461528
great guide using it to start from scratch. iv already noticed i stupidly didnt include autodicover in my cert request so starting fresh ill sort this hopefully will sort my issue.

will report back after new cert is issued
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 40462006
The only time autodiscover isn't needed if you created an SRV record with your external DNS provider for autodiscover. But not all providers support this.
0
 

Author Comment

by:Enlightx
ID: 40485427
Hi Guys,

Sorry took so long had to revoke current cert and wait for credit then reissue. now all done but still having issues.

When trying to use an outside outlook client and using the setup wizard it trys to connect (i dont get any cert issues anymore now) but keeps asking for username and password login. which i have tried using domain credentials and it still fails with the following.

The connection to Microsoft Exchange is unavailable. Outlooks must be online or connected to complete this action.

to note all internal outlook clients seems to be working okay and use http okay when connecting.

local clients have the following settings in proxy settings

use this URL to connect :
https://exchange.domain.com

Ticked only connect to proxy servers that have this principal name in there certificate:
msstd:exchange.domain.com

unticked on fast networks connect using http first
ticked on slow networks connect using http first

proxy auth settings :
Basic Authentication
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 40485942
When trying to use an outside outlook client and using the setup wizard it trys to connect (i dont get any cert issues anymore now) but keeps asking for username and password login. which i have tried using domain credentials and it still fails with the following.

This is still an indication of a certificate or a DNS issue.

Run the autodiscover test from www.exrca.com and post the results here.
0
 

Author Comment

by:Enlightx
ID: 40486241
Ahh yes I forgot about the tests you can perform.

I see the issue now but not sure how to sorT

      Attempting to test potential Autodiscover URL https://domain.com:443/Autodiscover/Autodiscover.xml


Failed test :
       
      Additional Details
       
Host name domain.com doesn't match any name found on the server certificate CN=*.secure-secure.co.uk, OU=Domain Control Validated.
Elapsed Time: 0 ms.
      Attempting to test potential Autodiscover URL https://autodiscover.domain.com:443/Autodiscover/Autodiscover.xml


Looks like it's looki on he webhosting site and not exchnage server

Current setup is as follows

Domain has webhosting with a company, this hosts a website as well as getting mail for the company.
The exchnage server is then running on a static ip broadband line and I have forwarded exchange.domain.com and autodiscover.domain.com to the static ip.

exchnage server picked up mail from pop server and has certificate installed etc.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40487228
You need to get the web host company to disable Autodiscover for your domain.
Autodiscover by default will try and do https://example.com/Autodiscover/Autodiscover.xml - with some web hosting packages that URL will work (with an SSL error). Only the web host can fix that, so that Autodiscover will then use one of the later URLs such as https://autodiscover.example.com/

Simon.
0
 

Author Comment

by:Enlightx
ID: 40487289
okay thanks for info. ill get onto webhost see if i can get it disabled.

will be back with an update in couple of days
0
 

Author Comment

by:Enlightx
ID: 40487807
had the typical 1st response back from the web host saying it may not be possible to disable as we are on a linux package and linux doesnt use autodiscover :|

is there anyway around it is i have no luck with the webhost being able to disable?
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40491818
The version of the web hosting package doesn't matter, as it is just a redirect.
Autodiscover isn't really a Linux feature, the web hosting package uses it for its own email service.

You need to check whether you get a response from https://example.com/Autodiscover/Autodiscover.xml (remember this is the root of the domain, so not www.example.com). If you are, then they need to disable the functionality.

Simon.
0
 

Author Comment

by:Enlightx
ID: 40491940
Looking on the ftp there is nothing on the server at that path. If also tried putting a blank autodiscover.xml but still get the same errors.

Webhost is now saying there's nothing they can do :(

Anything else you can suggest I try
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 40492285
Check your external DNS zone file.

Any SRV records in their for autodiscover? I know GoDaddy for example will create SRV records in their web hosting that direct autodiscover SRV records over to its CPANEL mail.

Also, check for CNAME autodiscover records. I have seen where hosting providers will set the CNAME of autodiscover to the @ record. Which then often points to the web hosting.
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40493652
You will not see anything on an FTP lookup, because it is a virtual directory. The only way that you will see it is to browse to the path that I have posted to see what comes back.

If you are seeing the host's SSL certificate then they have to be doing something with Autodiscover.

Simon.
0
 

Author Comment

by:Enlightx
ID: 40494943
looking at

https://autodiscover.domain.com:443/Autodiscover/Autodiscover.xml

i get the following

This XML file does not appear to have any style information associated with it. The document tree is shown below.
      <Autodiscover><Response><Error Time="21:36:40.0028140" Id="3007185755"><ErrorCode>600</ErrorCode><Message>Invalid Request</Message><DebugData/></Error></Response></Autodiscover>
0
 

Accepted Solution

by:
Enlightx earned 0 total points
ID: 40495025
well i just got a sucessul connection from outside the domain. just releasied RPC over HTTP was not install on the exchange server. installed that and im now connecting.

when autodiscover kicks in though it is asking for domain username and password in the form of a windows login box.

any ideas if its possible to stop this from asking this and it pickup from the outlook config settings? iv set NTLM so as i beleive it wont keep asking. will just make it easier for end users as i know sometimes this box can hide behind other windows on a dual monitor setup.
0
 
LVL 63

Assisted Solution

by:Simon Butler (Sembee)
Simon Butler (Sembee) earned 500 total points
ID: 40495179
Changing the authentication to NTLM will work for domain enabled clients. The change will be picked up by the clients via Autodiscover - if Autodiscover is working correctly.

The response you got from the browser is correct (to show that Autodiscover is there) because the browser is not Outlook, so the response is invalid.

Simon.
0
 

Author Closing Comment

by:Enlightx
ID: 40512643
found solution myself with added help with Simon Butler
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

Suggested Solutions

"Migrate" an SMTP relay receive connector to a new server using info from an old server.
Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now