TMS
asked on
Sbs2011 multiple SSL certificates.
I need to add a SSL certificate to get Out of Office on Outlook to work using autodiscover.
I can't find a way to add this extra certificate. I already have one one the server but need the autodiscover added too.
I can't find a way to add this extra certificate. I already have one one the server but need the autodiscover added too.
ASKER
So, this looks like it is all set up correctly. Changing from an A record to the SVR doesn't change the issue. Changing to the SVR actually stops mobiles autodiscovery but with the A record mobiles set up ok.
In Outlook iwhen setting up Automatic replies the message is given Your automatics reply setting s cannot be displayed because the server is unavailable. Please try again later. I have checked the IIS settings for all the folders according to this article https://social.technet.microsoft.com/Forums/exchange/en-US/2be59599-9ff8-4387-a6d3-516e87b6a70e/automatic-replies-out-of-office-in-sbs-2011?forum=exchange2010 but all the settings were as described.
The automatic replays can be set up from OWA.
In Outlook iwhen setting up Automatic replies the message is given Your automatics reply setting s cannot be displayed because the server is unavailable. Please try again later. I have checked the IIS settings for all the folders according to this article https://social.technet.microsoft.com/Forums/exchange/en-US/2be59599-9ff8-4387-a6d3-516e87b6a70e/automatic-replies-out-of-office-in-sbs-2011?forum=exchange2010 but all the settings were as described.
The automatic replays can be set up from OWA.
ASKER
I have just tried to repair the Outlook profile and it is unable to resolve the name - Search for the email address. When I try and set up a profile manually it can't fine the server. The server name has /o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Confi
SVR should work and it is attempted by server via DNS for the Autodiscover service in the DNS zone that matches the user's SMTP domain. If that cannot be found or resolves, it fails. SRV points to URL that eventually resolves to a A or CNAME that points back to same Autodiscover service. EVentually, Autodiscover service may be resolved by using an A record, a CNAME record, or an SRV record. Both below should be possible
E.g. nslookup > Set Type A > Autodiscover.SMTPDomain.co
E.g. nslookup > Set Type SRV > _autodiscover._tcp.SMTPDom
The OoO error may occur when one or more of the conditions are true. The checks can be ref @ http://www.proexchange.be/blogs/exchange2007/archive/2009/07/14/your-out-of-office-settings-cannot-be-displayed-because-the-server-is-currently-unavailable-try-again-later.aspx
1. You’re trying to open the OOF settings of different Exchange-account
2. Incorrect Auto-discover Service settings
3. Wrong certificate
4. “Enable Anonymous Access” is enabled in IIS on the EWS virtual directory.
Key is also that both the internal and external URL values must be configure correctly that can be resolved. Looks like new profile can find autodiscover services, there may be different attributes
E.g. nslookup > Set Type A > Autodiscover.SMTPDomain.co
E.g. nslookup > Set Type SRV > _autodiscover._tcp.SMTPDom
The OoO error may occur when one or more of the conditions are true. The checks can be ref @ http://www.proexchange.be/blogs/exchange2007/archive/2009/07/14/your-out-of-office-settings-cannot-be-displayed-because-the-server-is-currently-unavailable-try-again-later.aspx
1. You’re trying to open the OOF settings of different Exchange-account
2. Incorrect Auto-discover Service settings
3. Wrong certificate
4. “Enable Anonymous Access” is enabled in IIS on the EWS virtual directory.
Key is also that both the internal and external URL values must be configure correctly that can be resolved. Looks like new profile can find autodiscover services, there may be different attributes
Method 3: Make sure that the user's attributes in Active Directory are set correctly
Warning This procedure requires Active Directory Interfaces Editor (ADSI Edit). Using ADSI Edit incorrectly can cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that problems that result from the incorrect use of ADSI Edit can be resolved. Use ADSI Edit at your own risk.
Use ADSI Edit (or a similar tool for editing Active Directory) to determine whether the following attributes are set correctly for the user.
Attribute Example
mail ted@contoso.com
mailNickname ted
displayName Ted Bremer
proxyAddresses SMTP: ted@contoso.com X400:c=us;a= ;p=First Organization;o=Exchange;s=Bremer;g=T ed
Common issues occur when a value is not set for one or more of these attributes.
After the correct values are set for these attributes, force directory synchronization to occur, and then try to set up the user's email account in Outlook.
ASKER
I have listed screenshots and additional info in the attachment.
EE-OOO.docx
EE-OOO.docx
Strange that the server cannot seems to be found as well - very doubtful the DNS is functioning well.
Can try out the below steps using the nslookup to verify the autodiscover SRV setup
http://blogs.technet.com/b/rmilne/archive/2014/10/02/how-to-check-exchange-autodiscover-srv-record-using-nslookup.aspx
And also check the profile as in the DNS server via DNSmgmt that the relevant Forward Lookup Zone is properly included of the SRV record
http://www.itnotes.eu/?p=2390
The whole point is to make sure if other SCP connection failed which is also your findings, the last thing to try for Exchange service to client is a DNS query for SRV records for the Autodiscover service. The record will take the form "_autodiscover._tcp." + domain. This query might return multiple records, but you should only use records that point to an SSL endpoint and that have the highest priority and weight. https://msdn.microsoft.com/en-us/library/office/jj900169(v=exchg.150).aspx
Noted also you mentioned about OpenDNS and it seems the DNS request all forward to it per se (client DNS server can be pointing to it instead of local...) and possibly causing SRV at local if configured to have no any effect. Also assuming to having SRV work for the Exchange autodiscover service, how can OpenDNS be involved, they not be from internal but the external side, how is that going to taken up by them. I am guessing this may contribute to the local autodiscover fails...I am not sure but good to check with OpenDNS on any Exchange specific configuration as currently your error is "server is not available" and the DNS is likely not working well.
Can try out the below steps using the nslookup to verify the autodiscover SRV setup
http://blogs.technet.com/b/rmilne/archive/2014/10/02/how-to-check-exchange-autodiscover-srv-record-using-nslookup.aspx
And also check the profile as in the DNS server via DNSmgmt that the relevant Forward Lookup Zone is properly included of the SRV record
http://www.itnotes.eu/?p=2390
The whole point is to make sure if other SCP connection failed which is also your findings, the last thing to try for Exchange service to client is a DNS query for SRV records for the Autodiscover service. The record will take the form "_autodiscover._tcp." + domain. This query might return multiple records, but you should only use records that point to an SSL endpoint and that have the highest priority and weight. https://msdn.microsoft.com/en-us/library/office/jj900169(v=exchg.150).aspx
Noted also you mentioned about OpenDNS and it seems the DNS request all forward to it per se (client DNS server can be pointing to it instead of local...) and possibly causing SRV at local if configured to have no any effect. Also assuming to having SRV work for the Exchange autodiscover service, how can OpenDNS be involved, they not be from internal but the external side, how is that going to taken up by them. I am guessing this may contribute to the local autodiscover fails...I am not sure but good to check with OpenDNS on any Exchange specific configuration as currently your error is "server is not available" and the DNS is likely not working well.
ASKER
Thanks for the info. So I agree, it seems like the DNS is not functioning. I have set up the AUTODISCOVER srv record but when testing from nslookup it says Non existant domain. I have tried with both internal and external host reference I.e server.domain.local. And server.domain.co.uk.
Is there a way to reset the DNS? It looks like there is a replication error too as there are differences between the sites. However, I can't see any errors in the event logs.
Is there a way to reset the DNS? It looks like there is a replication error too as there are differences between the sites. However, I can't see any errors in the event logs.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks. Been reading around this and will look to make changes tomorrow once a backup has run.
ASKER
Thanks. I use 123 Reg and the autodiscover entry for the SVR record needed to be in this format: _autodiscover._tcp for the host. It then needs to have 10 for the priority and say 3600 for the TTL and then 0 443 <domain> for the weight and port. Works fine now.
Glad it helps and thanks for sharing.
Furthermore, this is another alternative still using SSL but slightly varied approach e.g. Autodiscover Site Affinity - see "Autodiscover, DNS, Certificates, and what you need to know"
http://www.shudnow.net/2008/11/18/autodiscover-dns-certificates-and-what-you-need-to-know/
Supplementary Exchange Autodiscover experience
https://acbrownit.wordpress.com/2012/12/20/internal-dns-and-exchange-autodiscover/