Outlook 2013 connecting to wrong Exchange 2013 server

Hi Experts,

Hope someone here can help me solve my problem. Here goes…I have three Exchange 2013 SP1, CU8 servers which are part of the DAG. Two of those servers, server A and B are on premise behind Kemp LoadMaster hardware load balancer and the third one, server C is off site at the DR site. The DR site is connected to the main site via site-to-site VPN. All three Exchange boxes are multi-role, CAS and MBX on the same box. Now the problem is some of the clients (Outlook 2013) on premise are for some reason connecting to server C which again is off-site. This results in Outlook loading longer and running not as smoothly as I’d like it to due to limited bandwidth between the two sites. Outlook Anywhere internal and external URL “mail.something.com” is pointing to the Virtual IP address on the Load Balancer. Attached please find autodiscovery configuration on all three boxes.

Any help would be much appreciated.   Server A and B on premise set up with Load BalancerServer C, off-site. No Load Balancer
itfixproAsked:
Who is Participating?
 
Manikandan NarayanswamySecurity Specialist & IBM Security GuardiumCommented:
Hi,

When outlook starts the Auto-discover process it first tries to find the exchange servers using SCP record and if it fails then it contacts DNS for querying auto-discover record. You can view the SCP record from Active-directory Sites & Services view it and see and see if its showing the correct server. Also check the DNS auto-discover record whether its pointing to the correct server.

Thanks
Manikandan
Autodiscover.PNG
1.PNG
0
 
Manikandan NarayanswamySecurity Specialist & IBM Security GuardiumCommented:
Hi,

Did you tried setting the autodiscoverSitescope parameter using the Set-ClientAccessServer command. Please refer the below link.

https://technet.microsoft.com/en-in/library/bb125157%28v=exchg.150%29.aspx.

Thanks
Manikandan
0
 
itfixproAuthor Commented:
Thank you for a quick response. So per technet article I ran the following two commands without any errors:

Set-ClientAccessServer -Identity "ccex" -AutoDiscoverServiceInternalUri "https://mail.something.com/autodiscover/autodiscover.xml" -AutoDiscoverSiteScope "Mail"

Set-ClientAccessServer -Identity "ccex2" -AutoDiscoverServiceInternalUri "https://mail.something.com/autodiscover/autodiscover.xml" -AutoDiscoverSiteScope "Mail"

However, when i check the identity of the CAS for "mail.something.com"

Get-ClientAccessServer -Identity "mail.something.com"

I get the following output. Please see attached. The message basically reads that the operation couldn't be performed because object mail.something.com couldn't be found on DC ccsdc. Not specified : Get ClientAccessServer.

"Mail.something.com" is a common name SSL certificate installed on two Exchange boxes on premises and a Load Balancer.  

Any further thoughts.


Thank you.


Get-ClientAccessServer-Error.jpg
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
Manikandan NarayanswamySecurity Specialist & IBM Security GuardiumCommented:
Hi,

Can you try running the Get-WebservicesVirtualdirectory and see what it returns. Also i wanted to know when you open Outlook do you receive any error like Outlook 2007 security warning: "The name of the security certificate is invalid or does not match the name of the site. If yes there is  a Microsoft KB Article written for resolving this error. You can try the following

http://support.microsoft.com/en-us/kb/940726

Thanks
Manikandan
0
 
itfixproAuthor Commented:
Hello again,

Here is the output.

[PS] C:\Windows\system32>Get-WebservicesVirtualdirectory

Name                                    Server                                  InternalUrl
----                                    ------                                  -----------

EWS (Default Web Site)                  CCEX                                    https://mail.something.com/EWS/E...
EWS (Default Web Site)                  CCEX2                                   https://mail.something.com/EWS/E...
EWS (Default Web Site)                  CCEX3DR                                 https://ccex3dr.something.com/EW...

And no,  I'm not getting any certificate errors or warnings in Outlook and/or OWA. The SSL with common name of mail.something.com is installed on the load balancer and the two exchange servers.

Thank you.
0
 
Manikandan NarayanswamySecurity Specialist & IBM Security GuardiumCommented:
Hi,

There is already a similar case found in Expert-exchange where outlook was connecting to wrong server. Please go through the link and see if it works

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_28231322.html

Thanks
Manikandan
0
 
itfixproAuthor Commented:
Hi,

That's what it was. The SCP record for some reason was pointing to the off-site Exchange. Fortunately, I was able to correct it and now most clients connect to the correct server.

Thanks Manikandan for your help.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.