Outlook 2013 connecting to wrong Exchange 2013 server

Hi Experts,

Hope someone here can help me solve my problem. Here goes…I have three Exchange 2013 SP1, CU8 servers which are part of the DAG. Two of those servers, server A and B are on premise behind Kemp LoadMaster hardware load balancer and the third one, server C is off site at the DR site. The DR site is connected to the main site via site-to-site VPN. All three Exchange boxes are multi-role, CAS and MBX on the same box. Now the problem is some of the clients (Outlook 2013) on premise are for some reason connecting to server C which again is off-site. This results in Outlook loading longer and running not as smoothly as I’d like it to due to limited bandwidth between the two sites. Outlook Anywhere internal and external URL “mail.something.com” is pointing to the Virtual IP address on the Load Balancer. Attached please find autodiscovery configuration on all three boxes.

Any help would be much appreciated.   Server A and B on premise set up with Load BalancerServer C, off-site. No Load Balancer
itfixproAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Manikandan NarayanswamySecurity Specialist & IBM Security GuardiumCommented:
Hi,

Did you tried setting the autodiscoverSitescope parameter using the Set-ClientAccessServer command. Please refer the below link.

https://technet.microsoft.com/en-in/library/bb125157%28v=exchg.150%29.aspx.

Thanks
Manikandan
0
itfixproAuthor Commented:
Thank you for a quick response. So per technet article I ran the following two commands without any errors:

Set-ClientAccessServer -Identity "ccex" -AutoDiscoverServiceInternalUri "https://mail.something.com/autodiscover/autodiscover.xml" -AutoDiscoverSiteScope "Mail"

Set-ClientAccessServer -Identity "ccex2" -AutoDiscoverServiceInternalUri "https://mail.something.com/autodiscover/autodiscover.xml" -AutoDiscoverSiteScope "Mail"

However, when i check the identity of the CAS for "mail.something.com"

Get-ClientAccessServer -Identity "mail.something.com"

I get the following output. Please see attached. The message basically reads that the operation couldn't be performed because object mail.something.com couldn't be found on DC ccsdc. Not specified : Get ClientAccessServer.

"Mail.something.com" is a common name SSL certificate installed on two Exchange boxes on premises and a Load Balancer.  

Any further thoughts.


Thank you.


Get-ClientAccessServer-Error.jpg
0
Manikandan NarayanswamySecurity Specialist & IBM Security GuardiumCommented:
Hi,

Can you try running the Get-WebservicesVirtualdirectory and see what it returns. Also i wanted to know when you open Outlook do you receive any error like Outlook 2007 security warning: "The name of the security certificate is invalid or does not match the name of the site. If yes there is  a Microsoft KB Article written for resolving this error. You can try the following

http://support.microsoft.com/en-us/kb/940726

Thanks
Manikandan
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

itfixproAuthor Commented:
Hello again,

Here is the output.

[PS] C:\Windows\system32>Get-WebservicesVirtualdirectory

Name                                    Server                                  InternalUrl
----                                    ------                                  -----------

EWS (Default Web Site)                  CCEX                                    https://mail.something.com/EWS/E...
EWS (Default Web Site)                  CCEX2                                   https://mail.something.com/EWS/E...
EWS (Default Web Site)                  CCEX3DR                                 https://ccex3dr.something.com/EW...

And no,  I'm not getting any certificate errors or warnings in Outlook and/or OWA. The SSL with common name of mail.something.com is installed on the load balancer and the two exchange servers.

Thank you.
0
Manikandan NarayanswamySecurity Specialist & IBM Security GuardiumCommented:
Hi,

There is already a similar case found in Expert-exchange where outlook was connecting to wrong server. Please go through the link and see if it works

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_28231322.html

Thanks
Manikandan
0
Manikandan NarayanswamySecurity Specialist & IBM Security GuardiumCommented:
Hi,

When outlook starts the Auto-discover process it first tries to find the exchange servers using SCP record and if it fails then it contacts DNS for querying auto-discover record. You can view the SCP record from Active-directory Sites & Services view it and see and see if its showing the correct server. Also check the DNS auto-discover record whether its pointing to the correct server.

Thanks
Manikandan
Autodiscover.PNG
1.PNG
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
itfixproAuthor Commented:
Hi,

That's what it was. The SCP record for some reason was pointing to the off-site Exchange. Fortunately, I was able to correct it and now most clients connect to the correct server.

Thanks Manikandan for your help.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.