The connection to ms exchange is unavailable...outlook must be online
For a while we have been getting certificate errors....I just never got around to fixing them....so now I try to fix it and I totally bust exchange.
MOST existing users work fine, OWA works fine inside and outside with no certificate error. I can ping the mail server by inside name and it will reply, I can ping the mail server by its public name and I will get a reply with the internal IP....I think this is correct for that split brain DNS that I just did that broke everything.
On the internal DNS server I made a new zone with the "outside" domain name....xyz.org, inside of that I added two entries, one for the mail server and one for autodiscover.
When setting up a new user it will resolve the users name, put in everything, then ask for them to enter their creds again....it will not take any format I have tried domain\username, username, username@emailaddress.org.
I have read and read till my eyes are getting ready to bleed.
PLEASE HELP....people are getting mad at me.
On the people that do still work I am still getting the certificate error....but it has the server.internal.local domain name.....getting that fixed is the end goal....but now I just need to get the emails working again.
Thanks bunches folks.
1.PNG
2.PNG
3.PNG
4.PNG
MOST existing users work fine, OWA works fine inside and outside with no certificate error. I can ping the mail server by inside name and it will reply, I can ping the mail server by its public name and I will get a reply with the internal IP....I think this is correct for that split brain DNS that I just did that broke everything.
On the internal DNS server I made a new zone with the "outside" domain name....xyz.org, inside of that I added two entries, one for the mail server and one for autodiscover.
When setting up a new user it will resolve the users name, put in everything, then ask for them to enter their creds again....it will not take any format I have tried domain\username, username, username@emailaddress.org.
I have read and read till my eyes are getting ready to bleed.
PLEASE HELP....people are getting mad at me.
On the people that do still work I am still getting the certificate error....but it has the server.internal.local domain name.....getting that fixed is the end goal....but now I just need to get the emails working again.
Thanks bunches folks.
1.PNG
2.PNG
3.PNG
4.PNG
As a work around restart your server. Also test your Exchange installation and DNS settings with Microsoft's Test Exchange Connectivity site https://testconnectivity.microsoft.com/
Create a new Outlook profile from the Control Panel, set the new profile as default and then try to open Outlook and check if it works fine. Refer the link mentioned below on how to create a new profile: http://support.microsoft.com/kb/829918
Try the following steps:
Go to your Control Panel in Windows --> Mail --> View -->Change or View Existing Mail accounts --> Change the mail account that shows up --> More Settings -->
On the "General Tab" make sure you choose "Manaully control my connection state" and then select the radio dial button that says "connect with the network"
Restart Outlook
Have you configured internal, and external urls? Do local dns records exist for those urls that have been created? Have you installed a certificate that includes the internal, external, and autodsicover urls?
Also get help from below links:
http://www.msexchange.org/blogs/bhargavs/exchange-server/outlook-must-be-online-or-connected.html
http://expert-advice.org/2016/11/manual-methods-to-fix-outlook-pst-errors-repair-pst-file-manually/
https://support.microsoft.com/en-us/kb/3032395
https://support.microsoft.com/en-us/kb/2976203
Hope this helps!
Create a new Outlook profile from the Control Panel, set the new profile as default and then try to open Outlook and check if it works fine. Refer the link mentioned below on how to create a new profile: http://support.microsoft.com/kb/829918
Try the following steps:
Go to your Control Panel in Windows --> Mail --> View -->Change or View Existing Mail accounts --> Change the mail account that shows up --> More Settings -->
On the "General Tab" make sure you choose "Manaully control my connection state" and then select the radio dial button that says "connect with the network"
Restart Outlook
Have you configured internal, and external urls? Do local dns records exist for those urls that have been created? Have you installed a certificate that includes the internal, external, and autodsicover urls?
Also get help from below links:
http://www.msexchange.org/blogs/bhargavs/exchange-server/outlook-must-be-online-or-connected.html
http://expert-advice.org/2016/11/manual-methods-to-fix-outlook-pst-errors-repair-pst-file-manually/
https://support.microsoft.com/en-us/kb/3032395
https://support.microsoft.com/en-us/kb/2976203
Hope this helps!
ASKER
Pretty confused...
I had been reading and there was a few articles on this "split brain" dns that you had to setup to make the certificate work correctly, as the certificates could no longer have internal names.
My certificate from godaddy, has a few names in it, my mail servers name, autodiscover as well as a few others....so I think my certificate is good....I will in close an edited photo.
On my local DNS server I have been making changes so they will be setup to this "split brain" DNS
I basically did this:
http://www.msexchange.org/articles-tutorials/exchange-server-2013/management-administration/managing-certificates-exchange-server-2013-part2.html
As I understood it for the local workstations to not get a certificate errors they had to resolve the outside public name as that is what is on the certificate. So I built an internal zone that had the external domain name. I put the external name for the email server in that zone (it matches the certificate name) as well as autodiscover with the public name...both are on the certificate.
I then removed from the .local zone the autodiscover and email server entries....I also removed them from the reverse lookup zone.
I think that if I remove the new zone that was talked about in the article I linked, and entered the email server and autodiscover back into the forward and reverse lookup zones it would start to work again....but then I would be back with the cert errors.
I must be missing something here....
thanks for your help.
cert-names.PNG
local-DNS.PNG
I had been reading and there was a few articles on this "split brain" dns that you had to setup to make the certificate work correctly, as the certificates could no longer have internal names.
My certificate from godaddy, has a few names in it, my mail servers name, autodiscover as well as a few others....so I think my certificate is good....I will in close an edited photo.
On my local DNS server I have been making changes so they will be setup to this "split brain" DNS
I basically did this:
http://www.msexchange.org/articles-tutorials/exchange-server-2013/management-administration/managing-certificates-exchange-server-2013-part2.html
As I understood it for the local workstations to not get a certificate errors they had to resolve the outside public name as that is what is on the certificate. So I built an internal zone that had the external domain name. I put the external name for the email server in that zone (it matches the certificate name) as well as autodiscover with the public name...both are on the certificate.
I then removed from the .local zone the autodiscover and email server entries....I also removed them from the reverse lookup zone.
I think that if I remove the new zone that was talked about in the article I linked, and entered the email server and autodiscover back into the forward and reverse lookup zones it would start to work again....but then I would be back with the cert errors.
I must be missing something here....
thanks for your help.
cert-names.PNG
local-DNS.PNG
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Kevin K,
In running the connectivity tests it is bombing on every autodiscover test that I try.
In checking my public DNS on godaddy I have an A record to my mail servers public address, and a CNAME record to my mail server name. I also have a MX record to my mail server name.
Some things I have read talk about an SRV record and I do not have an entry for that.
In trying to resetup an account manually and still no joy.
There is only one certificate installed, and that is the one with the public information as I was under the impression that you could no longer have private info in your certificates.
In running the connectivity tests it is bombing on every autodiscover test that I try.
In checking my public DNS on godaddy I have an A record to my mail servers public address, and a CNAME record to my mail server name. I also have a MX record to my mail server name.
Some things I have read talk about an SRV record and I do not have an entry for that.
In trying to resetup an account manually and still no joy.
There is only one certificate installed, and that is the one with the public information as I was under the impression that you could no longer have private info in your certificates.
I really don;t understand who has problem with your setup because you did not answer on my question
is this problem occur on internal computers members of your local domain, or on computers outside your network ?
is this problem occur on internal computers members of your local domain, or on computers outside your network ?
ASKER
Tom Cieslik,
Yes mail1.xxx.org (the external DNS name) is included in the certificated....as well is autodiscover.
I can ping mail1.xxx.org and get the internal IP address to reply with how things are set now.
(however this has killed access to my web page also hosted here from inside the building we can no longer go to www.xxx.org from the local domain)
To make sure I understand I need to:
Kill my existing zone that I have labeled xxx.org and make a new one called mail1.xxx.org
Inside of there I will add an entry for the name server as well as an A record for the mail server.
Do I need to make another zone for the autodiscover.xxx.org and make the same entries inside of that one as well.
I understand what the issue is with going to www.xxx.org, it is looking to that zone with xxx.org and it can't find it....if I set it up as you outlined that problem should go away.
I have tried to enter the "external" name mail1.xxx.org in the outlook setup and it outlook still can't find it.
I can go to https://mail1.xxx.org/owa and everything works perfect.
Yes mail1.xxx.org (the external DNS name) is included in the certificated....as well is autodiscover.
I can ping mail1.xxx.org and get the internal IP address to reply with how things are set now.
(however this has killed access to my web page also hosted here from inside the building we can no longer go to www.xxx.org from the local domain)
To make sure I understand I need to:
Kill my existing zone that I have labeled xxx.org and make a new one called mail1.xxx.org
Inside of there I will add an entry for the name server as well as an A record for the mail server.
Do I need to make another zone for the autodiscover.xxx.org and make the same entries inside of that one as well.
I understand what the issue is with going to www.xxx.org, it is looking to that zone with xxx.org and it can't find it....if I set it up as you outlined that problem should go away.
I have tried to enter the "external" name mail1.xxx.org in the outlook setup and it outlook still can't find it.
I can go to https://mail1.xxx.org/owa and everything works perfect.
ASKER
Tom C,
Sorry yes this is a problem to internal computers only.....outside users use https://mail1.xxx.org/owa and that works perfectly.
Sorry yes this is a problem to internal computers only.....outside users use https://mail1.xxx.org/owa and that works perfectly.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Tom C,
That got it going....I am still getting a certificate error, but I do have 3 active certificates on the server, 2 self signed and one that is from godaddy.
In looking at the layout of the certificates one of the self signed certificates had just smtp service running, the other has IIS and SMTP...the one from godaddy has imap pop and iis.....I am going to clean this up and hopefully everything will fall into place.
I am pretty sure that is why I am getting the error I have now.
And to quote one of my users....you are bombdigitty.
Thanks again.
cert-error.PNG
That got it going....I am still getting a certificate error, but I do have 3 active certificates on the server, 2 self signed and one that is from godaddy.
In looking at the layout of the certificates one of the self signed certificates had just smtp service running, the other has IIS and SMTP...the one from godaddy has imap pop and iis.....I am going to clean this up and hopefully everything will fall into place.
I am pretty sure that is why I am getting the error I have now.
And to quote one of my users....you are bombdigitty.
Thanks again.
cert-error.PNG
ASKER
Thanks Tom C.
The document that I found here: http://www.msexchange.org/articles-tutorials/exchange-server-2013/management-administration/managing-certificates-exchange-server-2013-part2.html
did not work for me....your solution did the trick.
The document that I found here: http://www.msexchange.org/articles-tutorials/exchange-server-2013/management-administration/managing-certificates-exchange-server-2013-part2.html
did not work for me....your solution did the trick.
You don't need to use autodiscover for external name/IP for internal domain users
Inside this zone you should point to local names of your DNS servers
If you are using autodiscover in your outside public DNS, remember to use multinamed certificate. If you have purchased regular certificate with only one name inside it's not going to work.
Please check your certificate looking for Subject Alternative Name
It should look like this
DNS Name=ExchangeName.xyz.com
DNS Name=www.ExchangeName.xyz.com
DNS Name=autodiscover.xyz.com
ExchangeName is your external email server name registered in MX record
And one more question
is this problem occur on internal computers members of your local domain, or on computers outside your network ?