Outlook 2010 clients sporadically fail to connect to Exchange 2013

I've spent about 20+ hours on the phone with MS Exchange support trying to get this working. We are a small organization, 30 clients. I just migrated from Exchange 2007 to Exchange 2013. All services start up and move mail properly to/from the internet. UM works properly. Everything tested fine before moving everyone live to the new server. However, Outlook will not connect normally on the client machines. Sometimes some clients can connect, other times they cannot reconnect.... whether they can connect or not is very transient. Almost like it's a port conflict issue. I have a third party Digicert certificate installed that I'm using. MS assures me that my entire exchange setup is correct so they've passed the ticket on to Active Directory support. They will be calling me later. However, I thought I'd throw this out there to the experts community for input.

About the certificate, I have 4 hosts on it, mail.ubifcu.com, autodiscover.ubifcu.com,legacy.mail.ubifcu.com, and ubifcu.com. Activesync, and OWA work just fine, both inside and outside the network. (I have the clients all using OWA currently).

Sometimes I can get a half-hearted Outlook connection on some stations, but the Outlook connection status window shows negotiated connection for Authn method, the actual server name instead of the SID@ubifcu.com, and a bunch of other connection oddities.

I've pulled a few test clients (and the server too) out of their normal OU to an OU with no GPO's being applied (in some GPO's we do modify the NTLM response to accept NTLMv2 only). This didn't fix the issue.

I've stopped all extraneous services on the Exchange box, and restarted the Exchange and IIS services (thinking it was a port contention issue). This did not resolve the issue.

To me this feels like a port contention issue, but I cannot find one at all. Right now, I'm open to all suggestions. I would be very surprised if I haven't tried it all ready, but there is obviously an answer I haven't considered yet because it's sill not working 100%.
UBIFCUAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Guy LidbetterCommented:
Hi there,

Could you provide the result of an Outlook autoconfig test please?
0
UBIFCUAuthor Commented:
How can I capture the results? It doesn't allow me to copy/past them from the test window.
0
UBIFCUAuthor Commented:
n/m here's the XML

<?xml version="1.0" encoding="utf-8"?>
<Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
  <Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">
    <User>
      <DisplayName>firstname username</DisplayName>
      <LegacyDN>/o=UBIFCU/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=firstnameZ</LegacyDN>
      <AutoDiscoverSMTPAddress>j.username@ubifcu.com</AutoDiscoverSMTPAddress>
      <DeploymentId>49d59aaf-ee40-4923-81d2-01df23dfee8f</DeploymentId>
    </User>
    <Account>
      <AccountType>email</AccountType>
      <Action>settings</Action>
      <MicrosoftOnline>False</MicrosoftOnline>
      <Protocol>
        <Type>EXCH</Type>
        <Server>0566d51d-0f6e-48b4-8c32-2c4f061053aa@ubifcu.com</Server>
        <ServerDN>/o=UBIFCU/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=0566d51d-0f6e-48b4-8c32-2c4f061053aa@ubifcu.com</ServerDN>
        <ServerVersion>73C08434</ServerVersion>
        <MdbDN>/o=UBIFCU/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=0566d51d-0f6e-48b4-8c32-2c4f061053aa@ubifcu.com/cn=Microsoft Private MDB</MdbDN>
        <PublicFolderServer>mail.ubifcu.com</PublicFolderServer>
        <AD>PLV-DC1.UBIFCU.local</AD>
        <ASUrl>https://mail.ubifcu.com/ews/exchange.asmx</ASUrl>
        <EwsUrl>https://mail.ubifcu.com/ews/exchange.asmx</EwsUrl>
        <EmwsUrl>https://mail.ubifcu.com/ews/exchange.asmx</EmwsUrl>
        <EcpUrl>https://mail.ubifcu.com/ecp/</EcpUrl>
        <EcpUrl-um>?rfr=olk&amp;p=customize/voicemail.aspx&amp;exsvurl=1&amp;realm=UBIFCU.local</EcpUrl-um>
        <EcpUrl-aggr>?rfr=olk&amp;p=personalsettings/EmailSubscriptions.slab&amp;exsvurl=1&amp;realm=UBIFCU.local</EcpUrl-aggr>
        <EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?rfr=olk&amp;exsvurl=1&amp;IsOWA=&lt;IsOWA&gt;&amp;MsgID=&lt;MsgID&gt;&amp;Mbx=&lt;Mbx&gt;&amp;realm=UBIFCU.local</EcpUrl-mt>
        <EcpUrl-ret>?rfr=olk&amp;p=organize/retentionpolicytags.slab&amp;exsvurl=1&amp;realm=UBIFCU.local</EcpUrl-ret>
        <EcpUrl-publish>customize/calendarpublishing.slab?rfr=olk&amp;exsvurl=1&amp;FldID=&lt;FldID&gt;&amp;realm=UBIFCU.local</EcpUrl-publish>
        <EcpUrl-photo>PersonalSettings/EditAccount.aspx?rfr=olk&amp;chgPhoto=1&amp;exsvurl=1&amp;realm=UBIFCU.local</EcpUrl-photo>
        <EcpUrl-extinstall>Extension/InstalledExtensions.slab?rfr=olk&amp;exsvurl=1&amp;realm=UBIFCU.local</EcpUrl-extinstall>
        <OOFUrl>https://mail.ubifcu.com/ews/exchange.asmx</OOFUrl>
        <UMUrl>https://mail.ubifcu.com/ews/UM2007Legacy.asmx</UMUrl>
        <OABUrl>https://mail.ubifcu.com/OAB/99b32b15-677b-4392-83d5-c2a89fb07e5a/</OABUrl>
        <ServerExclusiveConnect>off</ServerExclusiveConnect>
      </Protocol>
      <Protocol>
        <Type>EXPR</Type>
        <Server>mail.ubifcu.com</Server>
        <SSL>On</SSL>
        <AuthPackage>Ntlm</AuthPackage>
        <ASUrl>https://mail.ubifcu.com/ews/exchange.asmx</ASUrl>
        <EwsUrl>https://mail.ubifcu.com/ews/exchange.asmx</EwsUrl>
        <EmwsUrl>https://mail.ubifcu.com/ews/exchange.asmx</EmwsUrl>
        <EcpUrl>https://mail.ubifcu.com/ecp/</EcpUrl>
        <EcpUrl-um>?rfr=olk&amp;p=customize/voicemail.aspx&amp;exsvurl=1&amp;realm=UBIFCU.local</EcpUrl-um>
        <EcpUrl-aggr>?rfr=olk&amp;p=personalsettings/EmailSubscriptions.slab&amp;exsvurl=1&amp;realm=UBIFCU.local</EcpUrl-aggr>
        <EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?rfr=olk&amp;exsvurl=1&amp;IsOWA=&lt;IsOWA&gt;&amp;MsgID=&lt;MsgID&gt;&amp;Mbx=&lt;Mbx&gt;&amp;realm=UBIFCU.local</EcpUrl-mt>
        <EcpUrl-ret>?rfr=olk&amp;p=organize/retentionpolicytags.slab&amp;exsvurl=1&amp;realm=UBIFCU.local</EcpUrl-ret>
        <EcpUrl-publish>customize/calendarpublishing.slab?rfr=olk&amp;exsvurl=1&amp;FldID=&lt;FldID&gt;&amp;realm=UBIFCU.local</EcpUrl-publish>
        <EcpUrl-photo>PersonalSettings/EditAccount.aspx?rfr=olk&amp;chgPhoto=1&amp;exsvurl=1&amp;realm=UBIFCU.local</EcpUrl-photo>
        <EcpUrl-extinstall>Extension/InstalledExtensions.slab?rfr=olk&amp;exsvurl=1&amp;realm=UBIFCU.local</EcpUrl-extinstall>
        <OOFUrl>https://mail.ubifcu.com/ews/exchange.asmx</OOFUrl>
        <UMUrl>https://mail.ubifcu.com/ews/UM2007Legacy.asmx</UMUrl>
        <OABUrl>https://mail.ubifcu.com/OAB/99b32b15-677b-4392-83d5-c2a89fb07e5a/</OABUrl>
        <ServerExclusiveConnect>on</ServerExclusiveConnect>
        <EwsPartnerUrl>https://mail.ubifcu.com/ews/exchange.asmx</EwsPartnerUrl>
        <GroupingInformation>UBIFCU</GroupingInformation>
      </Protocol>
      <Protocol>
        <Type>WEB</Type>
        <Internal>
          <OWAUrl AuthenticationMethod="Basic, Fba">https://mail.ubifcu.com/owa/</OWAUrl>
          <Protocol>
            <Type>EXCH</Type>
            <ASUrl>https://mail.ubifcu.com/ews/exchange.asmx</ASUrl>
          </Protocol>
        </Internal>
        <External>
          <OWAUrl AuthenticationMethod="Fba">https://mail.ubifcu.com/owa/</OWAUrl>
          <Protocol>
            <Type>EXPR</Type>
            <ASUrl>https://mail.ubifcu.com/ews/exchange.asmx</ASUrl>
          </Protocol>
        </External>
      </Protocol>
      <Protocol>
        <Type>EXHTTP</Type>
        <Server>mail.ubifcu.com</Server>
        <SSL>On</SSL>
        <AuthPackage>Ntlm</AuthPackage>
        <ASUrl>https://mail.ubifcu.com/ews/exchange.asmx</ASUrl>
        <EwsUrl>https://mail.ubifcu.com/ews/exchange.asmx</EwsUrl>
        <EmwsUrl>https://mail.ubifcu.com/ews/exchange.asmx</EmwsUrl>
        <EcpUrl>https://mail.ubifcu.com/ecp/</EcpUrl>
        <EcpUrl-um>?rfr=olk&amp;p=customize/voicemail.aspx&amp;exsvurl=1&amp;realm=UBIFCU.local</EcpUrl-um>
        <EcpUrl-aggr>?rfr=olk&amp;p=personalsettings/EmailSubscriptions.slab&amp;exsvurl=1&amp;realm=UBIFCU.local</EcpUrl-aggr>
        <EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?rfr=olk&amp;exsvurl=1&amp;IsOWA=&lt;IsOWA&gt;&amp;MsgID=&lt;MsgID&gt;&amp;Mbx=&lt;Mbx&gt;&amp;realm=UBIFCU.local</EcpUrl-mt>
        <EcpUrl-ret>?rfr=olk&amp;p=organize/retentionpolicytags.slab&amp;exsvurl=1&amp;realm=UBIFCU.local</EcpUrl-ret>
        <EcpUrl-publish>customize/calendarpublishing.slab?rfr=olk&amp;exsvurl=1&amp;FldID=&lt;FldID&gt;&amp;realm=UBIFCU.local</EcpUrl-publish>
        <EcpUrl-photo>PersonalSettings/EditAccount.aspx?rfr=olk&amp;chgPhoto=1&amp;exsvurl=1&amp;realm=UBIFCU.local</EcpUrl-photo>
        <EcpUrl-extinstall>Extension/InstalledExtensions.slab?rfr=olk&amp;exsvurl=1&amp;realm=UBIFCU.local</EcpUrl-extinstall>
        <OOFUrl>https://mail.ubifcu.com/ews/exchange.asmx</OOFUrl>
        <UMUrl>https://mail.ubifcu.com/ews/UM2007Legacy.asmx</UMUrl>
        <OABUrl>https://mail.ubifcu.com/OAB/99b32b15-677b-4392-83d5-c2a89fb07e5a/</OABUrl>
        <ServerExclusiveConnect>On</ServerExclusiveConnect>
      </Protocol>
      <Protocol>
        <Type>EXHTTP</Type>
        <Server>mail.ubifcu.com</Server>
        <SSL>On</SSL>
        <AuthPackage>Ntlm</AuthPackage>
        <ASUrl>https://mail.ubifcu.com/ews/exchange.asmx</ASUrl>
        <EwsUrl>https://mail.ubifcu.com/ews/exchange.asmx</EwsUrl>
        <EmwsUrl>https://mail.ubifcu.com/ews/exchange.asmx</EmwsUrl>
        <EcpUrl>https://mail.ubifcu.com/ecp/</EcpUrl>
        <EcpUrl-um>?rfr=olk&amp;p=customize/voicemail.aspx&amp;exsvurl=1&amp;realm=UBIFCU.local</EcpUrl-um>
        <EcpUrl-aggr>?rfr=olk&amp;p=personalsettings/EmailSubscriptions.slab&amp;exsvurl=1&amp;realm=UBIFCU.local</EcpUrl-aggr>
        <EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?rfr=olk&amp;exsvurl=1&amp;IsOWA=&lt;IsOWA&gt;&amp;MsgID=&lt;MsgID&gt;&amp;Mbx=&lt;Mbx&gt;&amp;realm=UBIFCU.local</EcpUrl-mt>
        <EcpUrl-ret>?rfr=olk&amp;p=organize/retentionpolicytags.slab&amp;exsvurl=1&amp;realm=UBIFCU.local</EcpUrl-ret>
        <EcpUrl-publish>customize/calendarpublishing.slab?rfr=olk&amp;exsvurl=1&amp;FldID=&lt;FldID&gt;&amp;realm=UBIFCU.local</EcpUrl-publish>
        <EcpUrl-photo>PersonalSettings/EditAccount.aspx?rfr=olk&amp;chgPhoto=1&amp;exsvurl=1&amp;realm=UBIFCU.local</EcpUrl-photo>
        <EcpUrl-extinstall>Extension/InstalledExtensions.slab?rfr=olk&amp;exsvurl=1&amp;realm=UBIFCU.local</EcpUrl-extinstall>
        <OOFUrl>https://mail.ubifcu.com/ews/exchange.asmx</OOFUrl>
        <UMUrl>https://mail.ubifcu.com/ews/UM2007Legacy.asmx</UMUrl>
        <OABUrl>https://mail.ubifcu.com/OAB/99b32b15-677b-4392-83d5-c2a89fb07e5a/</OABUrl>
        <ServerExclusiveConnect>On</ServerExclusiveConnect>
      </Protocol>
      <PublicFolderInformation>
        <SmtpAddress>UBIFCU2@ubifcu.com</SmtpAddress>
      </PublicFolderInformation>
    </Account>
  </Response>
</Autodiscover>

Open in new window

0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

Hello WorldCommented:
Hi,

Please try to run Microsoft Remote Connectivity(https://testconnectivity.microsoft.com/) to test Exchange server connection.
Besides, run below command to double check the configuration of virtual directory:
Get-OabVirtualDirectory | FL Identity,*url*
Get-OutlookAnywhere | FL Identity,*Host*,*Auth*
Get-OwaVirtualDirectory | FL Identity,*url*
Get-EcpVirtualDirectory | FL Identity,*url*
Get-WebServicesVirtualDirectory | FL Identity,*url*
Get-ClientAccessServer | FL Identity,*URI*
More details about Migrate Exchange 2007 to Exchange 2013, for your reference:
http://blogs.technet.com/b/meamcs/archive/2013/07/25/part-2-step-by-step-exchange-2007-to-2013-migration.aspx
0
UBIFCUAuthor Commented:
Here's the output from those commands:

[PS] C:\>Get-OabVirtualDirectory | fl Identity,*url*


Identity    : PLV-SERVICES\OAB (Default Web Site)
InternalUrl : https://mail.ubifcu.com/OAB
ExternalUrl : https://mail.ubifcu.com/OAB



[PS] C:\>Get-OutlookAnywhere | fl Identity,*url*


Identity : PLV-SERVICES\Rpc (Default Web Site)
XropUrl  :



[PS] C:\>Get-OwaVirtualDirectory | fl Identity,*url*


Identity        : PLV-SERVICES\owa (Default Web Site)
Url             : {}
SetPhotoURL     :
Exchange2003Url :
FailbackUrl     :
InternalUrl     : https://mail.ubifcu.com/owa
ExternalUrl     : https://mail.ubifcu.com/owa



[PS] C:\>Get-EcpVirtualDirectory | fl Identity,*url*


Identity    : PLV-SERVICES\ecp (Default Web Site)
InternalUrl : https://mail.ubifcu.com/ecp
ExternalUrl : https://mail.ubifcu.com/ecp



[PS] C:\>Get-WebServicesVirtualDirectory | fl Identity,*url*


Identity             : PLV-SERVICES\EWS (Default Web Site)
InternalNLBBypassUrl :
InternalUrl          : https://mail.ubifcu.com/ews/exchange.asmx
ExternalUrl          : https://mail.ubifcu.com/ews/exchange.asmx



[PS] C:\>Get-ClientAccessServer | fl Identity,*url*


Identity : PLV-SERVICES



[PS] C:\>

Open in new window


Here's RCA AutoDiscover Connectivity Test:
<?xml version="1.0" encoding="utf-8"?>
<testresult status="FatalError" errorid="734044ef-11c2-4e30-9ee6-450d49e9d92c" contentUrl="" testdescription="The Microsoft Connectivity Analyzer is attempting to test Autodiscover for s.phillips@ubifcu.com." resultdescription="Testing Autodiscover failed." additionaldetails="" elapsedMilliseconds="2933">
  <children>
    <testresult status="FatalError" errorid="734044ef-11c2-4e30-9ee6-450d49e9d92c" contentUrl="" testdescription="Attempting each method of contacting the Autodiscover service." resultdescription="The Autodiscover service couldn't be contacted successfully by any method." additionaldetails="" elapsedMilliseconds="2933">
      <children>
        <testresult status="Error" errorid="734044ef-11c2-4e30-9ee6-450d49e9d92c" contentUrl="" testdescription="Attempting to test potential Autodiscover URL https://ubifcu.com:443/Autodiscover/Autodiscover.xml" resultdescription="Testing of this potential Autodiscover URL failed." additionaldetails="" elapsedMilliseconds="776">
          <children>
            <testresult status="Success" errorid="00000000-0000-0000-0000-000000000000" contentUrl="" testdescription="Attempting to resolve the host name ubifcu.com in DNS." resultdescription="The host name resolved successfully." additionaldetails="IP addresses returned: 192.0.48.32" elapsedMilliseconds="267">
              <children />
            </testresult>
            <testresult status="Success" errorid="00000000-0000-0000-0000-000000000000" contentUrl="" testdescription="Testing TCP port 443 on host ubifcu.com to ensure it's listening and open." resultdescription="The port was opened successfully." additionaldetails="" elapsedMilliseconds="245">
              <children />
            </testresult>
            <testresult status="Error" errorid="734044ef-11c2-4e30-9ee6-450d49e9d92c" contentUrl="" testdescription="Testing the SSL certificate to make sure it's valid." resultdescription="The SSL certificate failed one or more certificate validation checks." additionaldetails="" elapsedMilliseconds="263">
              <children>
                <testresult status="Success" errorid="00000000-0000-0000-0000-000000000000" contentUrl="" testdescription="The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server ubifcu.com on port 443." resultdescription="The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate." additionaldetails="Remote Certificate Subject: CN=www.ubifcu.com, OU=Terms of use at www.verisign.com/rpa (c)05, OU=Technology, O=United Business &amp; Industry Federal Credit Union, L=Plainville, S=Connecticut, C=US, Issuer: CN=VeriSign Class 3 Secure Server CA - G3, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O=&quot;VeriSign, Inc.&quot;, C=US." elapsedMilliseconds="190">
                  <children />
                </testresult>
                <testresult status="Error" errorid="8b21fbb8-b54d-4483-92d0-f0f03112a019" contentUrl="http://go.microsoft.com/?linkid=9843845" testdescription="Validating the certificate name." resultdescription="Certificate name validation failed." additionaldetails="Host name ubifcu.com doesn't match any name found on the server certificate CN=www.ubifcu.com, OU=Terms of use at www.verisign.com/rpa (c)05, OU=Technology, O=United Business &amp; Industry Federal Credit Union, L=Plainville, S=Connecticut, C=US." elapsedMilliseconds="1">
                  <children />
                </testresult>
              </children>
            </testresult>
          </children>
        </testresult>
        <testresult status="FatalError" errorid="734044ef-11c2-4e30-9ee6-450d49e9d92c" contentUrl="" testdescription="Attempting to test potential Autodiscover URL https://autodiscover.ubifcu.com:443/Autodiscover/Autodiscover.xml" resultdescription="Testing of this potential Autodiscover URL failed." additionaldetails="" elapsedMilliseconds="2051">
          <children>
            <testresult status="Success" errorid="00000000-0000-0000-0000-000000000000" contentUrl="" testdescription="Attempting to resolve the host name autodiscover.ubifcu.com in DNS." resultdescription="The host name resolved successfully." additionaldetails="IP addresses returned: 70.89.4.44" elapsedMilliseconds="252">
              <children />
            </testresult>
            <testresult status="Success" errorid="00000000-0000-0000-0000-000000000000" contentUrl="" testdescription="Testing TCP port 443 on host autodiscover.ubifcu.com to ensure it's listening and open." resultdescription="The port was opened successfully." additionaldetails="" elapsedMilliseconds="264">
              <children />
            </testresult>
            <testresult status="SuccessWithWarnings" errorid="734044ef-11c2-4e30-9ee6-450d49e9d92c" contentUrl="" testdescription="Testing the SSL certificate to make sure it's valid." resultdescription="The certificate passed all validation requirements." additionaldetails="" elapsedMilliseconds="406">
              <children>
                <testresult status="Success" errorid="00000000-0000-0000-0000-000000000000" contentUrl="" testdescription="The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server autodiscover.ubifcu.com on port 443." resultdescription="The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate." additionaldetails="Remote Certificate Subject: CN=mail.ubifcu.com, OU=Information Technology, O=United Business &amp; Industry Federal Credit Union, L=Plainville, S=Connecticut, C=US, Issuer: CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US." elapsedMilliseconds="339">
                  <children />
                </testresult>
                <testresult status="Success" errorid="00000000-0000-0000-0000-000000000000" contentUrl="" testdescription="Validating the certificate name." resultdescription="The certificate name was validated successfully." additionaldetails="Host name autodiscover.ubifcu.com was found in the Certificate Subject Alternative Name entry." elapsedMilliseconds="1">
                  <children />
                </testresult>
                <testresult status="SuccessWithWarnings" errorid="734044ef-11c2-4e30-9ee6-450d49e9d92c" contentUrl="" testdescription="Certificate trust is being validated." resultdescription="The certificate is trusted and all certificates are present in the chain." additionaldetails="">
                  <children>
                    <testresult status="Success" errorid="00000000-0000-0000-0000-000000000000" contentUrl="" testdescription="The Microsoft Connectivity Analyzer is attempting to build certificate chains for certificate CN=mail.ubifcu.com, OU=Information Technology, O=United Business &amp; Industry Federal Credit Union, L=Plainville, S=Connecticut, C=US." resultdescription="One or more certificate chains were constructed successfully." additionaldetails="A total of 1 chains were built. The highest quality chain ends in root certificate CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US." elapsedMilliseconds="28">
                      <children />
                    </testresult>
                    <testresult status="Warning" errorid="1339c33a-8f21-427b-a323-4cee1a13f517" contentUrl="" testdescription="Analyzing the certificate chains for compatibility problems with versions of Windows." resultdescription="Potential compatibility problems were identified with some versions of Windows." additionaldetails="The Microsoft Connectivity Analyzer can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the &quot;Update Root Certificates&quot; feature isn't enabled." elapsedMilliseconds="4">
                      <children />
                    </testresult>
                  </children>
                </testresult>
                <testresult status="Success" errorid="00000000-0000-0000-0000-000000000000" contentUrl="" testdescription="Testing the certificate date to confirm the certificate is valid." resultdescription="Date validation passed. The certificate hasn't expired." additionaldetails="The certificate is valid. NotBefore = 3/25/2015 12:00:00 AM, NotAfter = 5/31/2018 12:00:00 PM" elapsedMilliseconds="0">
                  <children />
                </testresult>
              </children>
            </testresult>
            <testresult status="Success" errorid="00000000-0000-0000-0000-000000000000" contentUrl="" testdescription="Checking the IIS configuration for client certificate authentication." resultdescription="Client certificate authentication wasn't detected." additionaldetails="Accept/Require Client Certificates isn't configured." elapsedMilliseconds="442">
              <children />
            </testresult>
            <testresult status="FatalError" errorid="734044ef-11c2-4e30-9ee6-450d49e9d92c" contentUrl="" testdescription="Attempting to send an Autodiscover POST request to potential Autodiscover URLs." resultdescription="Autodiscover settings weren't obtained when the Autodiscover POST request was sent." additionaldetails="" elapsedMilliseconds="686">
              <children>
                <testresult status="FatalError" errorid="6c458392-3a8c-4bc2-942e-7ab533744106" contentUrl="" testdescription="The Microsoft Connectivity Analyzer is attempting to retrieve an XML Autodiscover response from URL https://autodiscover.ubifcu.com:443/Autodiscover/Autodiscover.xml for user s.phillips@ubifcu.com." resultdescription="The Microsoft Connectivity Analyzer failed to obtain an Autodiscover XML response." additionaldetails="An HTTP 401 Unauthorized response was received from the remote Unknown server. This is usually the result of an incorrect username or password. If you are attempting to log onto an Office 365 service, ensure you are using your full User Principal Name (UPN).&#xD;&#xA;HTTP Response Headers:&#xD;&#xA;request-id: 7e60ad4c-91d1-408c-9612-3d2460d24cf1&#xD;&#xA;Set-Cookie: ClientId=JHBGUEWUFXHTKIFBOLQ; expires=Tue, 29-Mar-2016 14:39:50 GMT; path=/; HttpOnly&#xD;&#xA;Server: Microsoft-IIS/8.0&#xD;&#xA;WWW-Authenticate: Negotiate,NTLM,Basic realm=&quot;autodiscover.ubifcu.com&quot;&#xD;&#xA;X-Powered-By: ASP.NET&#xD;&#xA;X-FEServer: PLV-SERVICES&#xD;&#xA;Date: Mon, 30 Mar 2015 14:39:49 GMT&#xD;&#xA;Content-Length: 0&#xD;&#xA;" elapsedMilliseconds="685">
                  <children />
                </testresult>
              </children>
            </testresult>
          </children>
        </testresult>
        <testresult status="Warning" errorid="c0f75b77-072c-48d5-ab17-eebc99a4b3d9" contentUrl="http://go.microsoft.com/?linkid=9843786" testdescription="Checking if there is an autodiscover CNAME record in DNS for your domain 'ubifcu.com' for Office 365." resultdescription="Failed to validate autodiscover CNAME record in DNS. If your mailbox isn't in Office 365, you can ignore this warning." additionaldetails="There is no Autodiscover CNAME record for your domain 'ubifcu.com'." elapsedMilliseconds="106">
          <children />
        </testresult>
      </children>
    </testresult>
  </children>
</testresult>

Open in new window


Here's Outlook Connectivity RCA test:
<?xml version="1.0" encoding="utf-8"?>
<testresult status="Error" errorid="734044ef-11c2-4e30-9ee6-450d49e9d92c" contentUrl="" testdescription="Testing Outlook connectivity." resultdescription="The Outlook connectivity test failed." additionaldetails="" elapsedMilliseconds="2524">
  <children>
    <testresult status="Error" errorid="734044ef-11c2-4e30-9ee6-450d49e9d92c" contentUrl="" testdescription="Testing RPC over HTTP connectivity to server mail.ubifcu.com" resultdescription="RPC over HTTP connectivity failed." additionaldetails="HTTP Response Headers:&#xD;&#xA;request-id: 79eb6ee5-a66f-4aea-a355-4af3caaa5fda&#xD;&#xA;Set-Cookie: ClientId=VZCMFXEEEECIBK9VHQ; expires=Tue, 29-Mar-2016 14:43:08 GMT; path=/; HttpOnly&#xD;&#xA;Server: Microsoft-IIS/8.0&#xD;&#xA;WWW-Authenticate: Negotiate,NTLM,Basic realm=&quot;mail.ubifcu.com&quot;&#xD;&#xA;X-Powered-By: ASP.NET&#xD;&#xA;X-FEServer: PLV-SERVICES&#xD;&#xA;Date: Mon, 30 Mar 2015 14:43:07 GMT&#xD;&#xA;Content-Length: 0&#xD;&#xA;" elapsedMilliseconds="2524">
      <children>
        <testresult status="Success" errorid="00000000-0000-0000-0000-000000000000" contentUrl="" testdescription="Attempting to resolve the host name mail.ubifcu.com in DNS." resultdescription="The host name resolved successfully." additionaldetails="IP addresses returned: 70.89.4.44" elapsedMilliseconds="354">
          <children />
        </testresult>
        <testresult status="Success" errorid="00000000-0000-0000-0000-000000000000" contentUrl="" testdescription="Testing TCP port 443 on host mail.ubifcu.com to ensure it's listening and open." resultdescription="The port was opened successfully." additionaldetails="" elapsedMilliseconds="236">
          <children />
        </testresult>
        <testresult status="SuccessWithWarnings" errorid="734044ef-11c2-4e30-9ee6-450d49e9d92c" contentUrl="" testdescription="Testing the SSL certificate to make sure it's valid." resultdescription="The certificate passed all validation requirements." additionaldetails="" elapsedMilliseconds="417">
          <children>
            <testresult status="Success" errorid="00000000-0000-0000-0000-000000000000" contentUrl="" testdescription="The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server mail.ubifcu.com on port 443." resultdescription="The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate." additionaldetails="Remote Certificate Subject: CN=mail.ubifcu.com, OU=Information Technology, O=United Business &amp; Industry Federal Credit Union, L=Plainville, S=Connecticut, C=US, Issuer: CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US." elapsedMilliseconds="344">
              <children />
            </testresult>
            <testresult status="Success" errorid="00000000-0000-0000-0000-000000000000" contentUrl="" testdescription="Validating the certificate name." resultdescription="The certificate name was validated successfully." additionaldetails="Host name mail.ubifcu.com was found in the Certificate Subject Common name." elapsedMilliseconds="0">
              <children />
            </testresult>
            <testresult status="SuccessWithWarnings" errorid="734044ef-11c2-4e30-9ee6-450d49e9d92c" contentUrl="" testdescription="Certificate trust is being validated." resultdescription="The certificate is trusted and all certificates are present in the chain." additionaldetails="">
              <children>
                <testresult status="Success" errorid="00000000-0000-0000-0000-000000000000" contentUrl="" testdescription="The Microsoft Connectivity Analyzer is attempting to build certificate chains for certificate CN=mail.ubifcu.com, OU=Information Technology, O=United Business &amp; Industry Federal Credit Union, L=Plainville, S=Connecticut, C=US." resultdescription="One or more certificate chains were constructed successfully." additionaldetails="A total of 1 chains were built. The highest quality chain ends in root certificate CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US." elapsedMilliseconds="29">
                  <children />
                </testresult>
                <testresult status="Warning" errorid="1339c33a-8f21-427b-a323-4cee1a13f517" contentUrl="" testdescription="Analyzing the certificate chains for compatibility problems with versions of Windows." resultdescription="Potential compatibility problems were identified with some versions of Windows." additionaldetails="The Microsoft Connectivity Analyzer can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the &quot;Update Root Certificates&quot; feature isn't enabled." elapsedMilliseconds="5">
                  <children />
                </testresult>
              </children>
            </testresult>
            <testresult status="Success" errorid="00000000-0000-0000-0000-000000000000" contentUrl="" testdescription="Testing the certificate date to confirm the certificate is valid." resultdescription="Date validation passed. The certificate hasn't expired." additionaldetails="The certificate is valid. NotBefore = 3/25/2015 12:00:00 AM, NotAfter = 5/31/2018 12:00:00 PM" elapsedMilliseconds="0">
              <children />
            </testresult>
          </children>
        </testresult>
        <testresult status="Success" errorid="00000000-0000-0000-0000-000000000000" contentUrl="" testdescription="Checking the IIS configuration for client certificate authentication." resultdescription="Client certificate authentication wasn't detected." additionaldetails="Accept/Require Client Certificates isn't configured." elapsedMilliseconds="448">
          <children />
        </testresult>
        <testresult status="Success" errorid="00000000-0000-0000-0000-000000000000" contentUrl="" testdescription="Testing HTTP Authentication Methods for URL https://mail.ubifcu.com/rpc/rpcproxy.dll?mail.ubifcu.com:6002." resultdescription="The HTTP authentication methods are correct." additionaldetails="The Microsoft Connectivity Analyzer found all expected authentication methods and no disallowed methods. Methods found: Basic, Negotiate, NTLM&#xD;&#xA;HTTP Response Headers:&#xD;&#xA;request-id: 79eb6ee5-a66f-4aea-a355-4af3caaa5fda&#xD;&#xA;Set-Cookie: ClientId=VZCMFXEEEECIBK9VHQ; expires=Tue, 29-Mar-2016 14:43:08 GMT; path=/; HttpOnly&#xD;&#xA;Server: Microsoft-IIS/8.0&#xD;&#xA;WWW-Authenticate: Negotiate,NTLM,Basic realm=&quot;mail.ubifcu.com&quot;&#xD;&#xA;X-Powered-By: ASP.NET&#xD;&#xA;X-FEServer: PLV-SERVICES&#xD;&#xA;Date: Mon, 30 Mar 2015 14:43:07 GMT&#xD;&#xA;Content-Length: 0&#xD;&#xA;" elapsedMilliseconds="574">
          <children />
        </testresult>
        <testresult status="Error" errorid="cfcd56a0-9f4a-4ccf-9754-0a2683cc1f1b" contentUrl="" testdescription="Attempting to ping RPC proxy mail.ubifcu.com." resultdescription="RPC Proxy can't be pinged." additionaldetails="An unexpected network-level exception was encountered. Exception details:&#xD;&#xA;Message: The remote server returned an error: (401) Unauthorized.&#xD;&#xA;Type: Microsoft.Exchange.Tools.ExRca.Extensions.MapiTransportException&#xD;&#xA;Stack trace:&#xD;&#xA;   at Microsoft.Exchange.Tools.ExRca.Extensions.MapiRpcTestClient.PingProtocolProxy(String endpointIdentifier)&#xD;&#xA;   at Microsoft.Exchange.Tools.ExRca.Tests.MapiPingProxyTest.PerformTestReally()&#xD;&#xA;Exception details:&#xD;&#xA;Message: The remote server returned an error: (401) Unauthorized.&#xD;&#xA;Type: System.Net.WebException&#xD;&#xA;Stack trace:&#xD;&#xA;   at System.Net.HttpWebRequest.GetResponse()&#xD;&#xA;   at RpcPingLib.RpcPing.PingProxy(String internalServerFqdn, String endpoint)&#xD;&#xA;   at Microsoft.Exchange.Tools.ExRca.Extensions.MapiRpcTestClient.PingProtocolProxy(String endpointIdentifier)&#xD;&#xA;" elapsedMilliseconds="492">
          <children />
        </testresult>
      </children>
    </testresult>
  </children>
</testresult>

Open in new window

0
UBIFCUAuthor Commented:
I"m not sure of the validity of the testconnectivity.microsoft.com results, ubifcu.com is going to our webserver to try and get certificate information. on the web, ubifcu.com forwards to www.ubifcu.com.
0
UBIFCUAuthor Commented:
Figured this out.

Installed Exchange 2013 3 times. First time, installation failed due to an active directory issue. Deleted system mailboxes, run the uninstall from Programs and Settings. Corrected the AD issue, Reinstalled. Installation failed again during the hub install. Deleted system mailboxes, gui uninstaller wouldn't remove installation. Setup.exe /mode:Uninstall /IAcceptExchangeServerLicenseTerms resolved that. Fixed the issue that stopped the hub install and ran installer one more time. Success.

Problem was, when setup failed the second time, it had already created a self-signed certificate and assigned it to "Exchange Back End" in IIS. Changing the certificate bound to the Exchange Back End to the newer "Microsoft Exchange" named certificate (they were both named the same) fixed the issue. If you don't know how to set this and for future reference:

In IIS 8 (maybe others)

1.

Open IIS manager.

2.

Expand your computer

3.

Expand Sites

4.

Right click "Exchange Back End"

5.

Click "Edit Bindings"

6.

Click https and click Edit

7.

In the "SSL Certificate:" area, select you certificate called "Microsoft Exchange"

8.

Click OK

9.

Click Close
No need to restart anything. You should be back to working now.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Guy LidbetterCommented:
Hi UBIFCU.. glad you got this sorted.

Regards

Guy
0
UBIFCUAuthor Commented:
I figured this out on my own!
0
Guy LidbetterCommented:
That's nice - give yourself a pat on the back...
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.