We help IT Professionals succeed at work.

Outlook 2013 connecting to wrong Exchange 2013 server

itfixpro
itfixpro asked
on
Hi Experts,

Hope someone here can help me solve my problem. Here goes…I have three Exchange 2013 SP1, CU8 servers which are part of the DAG. Two of those servers, server A and B are on premise behind Kemp LoadMaster hardware load balancer and the third one, server C is off site at the DR site. The DR site is connected to the main site via site-to-site VPN. All three Exchange boxes are multi-role, CAS and MBX on the same box. Now the problem is some of the clients (Outlook 2013) on premise are for some reason connecting to server C which again is off-site. This results in Outlook loading longer and running not as smoothly as I’d like it to due to limited bandwidth between the two sites. Outlook Anywhere internal and external URL “mail.something.com” is pointing to the Virtual IP address on the Load Balancer. Attached please find autodiscovery configuration on all three boxes.

Any help would be much appreciated.   Server A and B on premise set up with Load BalancerServer C, off-site. No Load Balancer
Comment
Watch Question

Manikandan NarayanswamySecurity Specialist & IBM Security Guardium

Commented:
Hi,

Did you tried setting the autodiscoverSitescope parameter using the Set-ClientAccessServer command. Please refer the below link.

https://technet.microsoft.com/en-in/library/bb125157%28v=exchg.150%29.aspx.

Thanks
Manikandan

Author

Commented:
Thank you for a quick response. So per technet article I ran the following two commands without any errors:

Set-ClientAccessServer -Identity "ccex" -AutoDiscoverServiceInternalUri "https://mail.something.com/autodiscover/autodiscover.xml" -AutoDiscoverSiteScope "Mail"

Set-ClientAccessServer -Identity "ccex2" -AutoDiscoverServiceInternalUri "https://mail.something.com/autodiscover/autodiscover.xml" -AutoDiscoverSiteScope "Mail"

However, when i check the identity of the CAS for "mail.something.com"

Get-ClientAccessServer -Identity "mail.something.com"

I get the following output. Please see attached. The message basically reads that the operation couldn't be performed because object mail.something.com couldn't be found on DC ccsdc. Not specified : Get ClientAccessServer.

"Mail.something.com" is a common name SSL certificate installed on two Exchange boxes on premises and a Load Balancer.  

Any further thoughts.


Thank you.


Get-ClientAccessServer-Error.jpg
Manikandan NarayanswamySecurity Specialist & IBM Security Guardium

Commented:
Hi,

Can you try running the Get-WebservicesVirtualdirectory and see what it returns. Also i wanted to know when you open Outlook do you receive any error like Outlook 2007 security warning: "The name of the security certificate is invalid or does not match the name of the site. If yes there is  a Microsoft KB Article written for resolving this error. You can try the following

http://support.microsoft.com/en-us/kb/940726

Thanks
Manikandan

Author

Commented:
Hello again,

Here is the output.

[PS] C:\Windows\system32>Get-WebservicesVirtualdirectory

Name                                    Server                                  InternalUrl
----                                    ------                                  -----------

EWS (Default Web Site)                  CCEX                                    https://mail.something.com/EWS/E...
EWS (Default Web Site)                  CCEX2                                   https://mail.something.com/EWS/E...
EWS (Default Web Site)                  CCEX3DR                                 https://ccex3dr.something.com/EW...

And no,  I'm not getting any certificate errors or warnings in Outlook and/or OWA. The SSL with common name of mail.something.com is installed on the load balancer and the two exchange servers.

Thank you.
Manikandan NarayanswamySecurity Specialist & IBM Security Guardium

Commented:
Hi,

There is already a similar case found in Expert-exchange where outlook was connecting to wrong server. Please go through the link and see if it works

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_28231322.html

Thanks
Manikandan
Security Specialist & IBM Security Guardium
Commented:
Hi,

When outlook starts the Auto-discover process it first tries to find the exchange servers using SCP record and if it fails then it contacts DNS for querying auto-discover record. You can view the SCP record from Active-directory Sites & Services view it and see and see if its showing the correct server. Also check the DNS auto-discover record whether its pointing to the correct server.

Thanks
Manikandan
Autodiscover.PNG
1.PNG

Author

Commented:
Hi,

That's what it was. The SCP record for some reason was pointing to the off-site Exchange. Fortunately, I was able to correct it and now most clients connect to the correct server.

Thanks Manikandan for your help.