WORKS2011
asked on
Exchange auto-discovery failure, Outlook clients can't connect.
Power outage created a mess with Exchange and auto discovery issues since. After power outage cycled on a 2012 Sever Standard with two VM's, 1. PDC 2. Exchange. After server came up Exchange doesn't allow auto-discover and Outlook clients don't connect. First problem was noticed when all Outlook clients reported "Trying to connect" to the Exchange server. For troubleshooting purposes I deleted an Outlook profile and get the following trying to create a new profile.
Some certs were replaced and we believe the problem may be here, we're looking at certs and will follow up. Another interesting issue is the IP address on the exchange server was hardcoded before the server restart. However after the power outage when the server restarts in DNS and the "Network" tab on the VM show a different IP address, it's dynamic rather than the static. Tried to get things working with the static IP however Exchange will not work at all this way. Changed the static IP address on the Exchange server to DHCP and it works with OWA only. Outlook clients still won't connect. With auto-discovery not working all phones have disconnected, this likely will change after auto-discover is working again.
Some certs were replaced and we believe the problem may be here, we're looking at certs and will follow up. Another interesting issue is the IP address on the exchange server was hardcoded before the server restart. However after the power outage when the server restarts in DNS and the "Network" tab on the VM show a different IP address, it's dynamic rather than the static. Tried to get things working with the static IP however Exchange will not work at all this way. Changed the static IP address on the Exchange server to DHCP and it works with OWA only. Outlook clients still won't connect. With auto-discovery not working all phones have disconnected, this likely will change after auto-discover is working again.
ASKER
OWA works fine https://remote.domain.com/owa and mail is flowing. No cert error.
Active sync on any mobile device fails with the following error: "Incorrect server address entered or server requires a protocol version not supported by email. " This happens when I choose active sync and put in username and email address.
If I choose exchange with any mobile device I get the error: "Can't connect to server" The server I'm using is remote.domain.com, the one that works for OWA.
We're using a 3rd party cert from GoDaddy for external access through OWA
Internal we're using CA's.
Active sync on any mobile device fails with the following error: "Incorrect server address entered or server requires a protocol version not supported by email. " This happens when I choose active sync and put in username and email address.
If I choose exchange with any mobile device I get the error: "Can't connect to server" The server I'm using is remote.domain.com, the one that works for OWA.
We're using a 3rd party cert from GoDaddy for external access through OWA
Internal we're using CA's.
ASKER
HI,
Could you check if the virtual directory with Activesync is correct with the following command:
Get-ActiveSyncVirtualDirec tory | fl *url*
Are you only having problem with Activessync?
Outlook are working correct in PC?
Regards
Valentina
Could you check if the virtual directory with Activesync is correct with the following command:
Get-ActiveSyncVirtualDirec
Are you only having problem with Activessync?
Outlook are working correct in PC?
Regards
Valentina
Hi,
This is the Exchange Server Auth Certificate and do you have the other self signed with the name Microsoft Exchange?
You use autodiscover to connect with Outlook?
Regards
Valentina
This is the Exchange Server Auth Certificate and do you have the other self signed with the name Microsoft Exchange?
You use autodiscover to connect with Outlook?
Regards
Valentina
ASKER
[PS] C:\Windows\system32>get-ac tivesyncvi rtualdirec tory | fl
RunspaceId : 70bac34d-84b0-4d11-9ff9-71 29cf0adeb6
MobileClientFlags : BadItemReportingEnabled, SendWatsonReport
MobileClientCertificatePro visioningE nabled : False
BadItemReportingEnabled : True
SendWatsonReport : True
MobileClientCertificateAut horityURL :
MobileClientCertTemplateNa me :
ActiveSyncServer : https://remote.1234domain.com/Microsoft-Server-ActiveSync
RemoteDocumentsActionForUn knownServe rs : Allow
RemoteDocumentsAllowedServ ers : {}
RemoteDocumentsBlockedServ ers : {}
RemoteDocumentsInternalDom ainSuffixL ist : {}
MetabasePath : IIS://EXCHANGE2.1234.local /W3SVC/1/R OOT/Micros oft-Server -ActiveSyn c
BasicAuthEnabled : True
WindowsAuthEnabled : False
CompressionEnabled : False
ClientCertAuth : Ignore
WebsiteName : Default Web Site
WebSiteSSLEnabled : True
VirtualDirectoryName : Microsoft-Server-ActiveSyn c
Path :
ExtendedProtectionTokenChe cking : None
ExtendedProtectionFlags : {}
ExtendedProtectionSPNList : {}
AdminDisplayVersion : Version 15.1 (Build 225.42)
Server : EXCHANGE2
InternalUrl : https://remote.1234domain.com/Microsoft-Server-ActiveSync
InternalAuthenticationMeth ods : {}
ExternalUrl : https://remote.1234domain.com/Microsoft-Server-ActiveSync
ExternalAuthenticationMeth ods : {}
AdminDisplayName :
ExchangeVersion : 0.10 (14.0.100.0)
Name : Microsoft-Server-ActiveSyn c (Default Web Site)
DistinguishedName : CN=Microsoft-Server-Active Sync (Default Web
Site),CN=HTTP,CN=Protocols ,CN=EXCHAN GE2,CN=Ser vers,CN=Ex change
Administrative Group (FYDIBOHF23SPDLT),CN=Admin istrative Groups,CN=First
Organization,CN=Microsoft
Exchange,CN=Services,CN=Co nfiguratio n,DC=1234, DC=local
Identity : EXCHANGE2\Microsoft-Server -ActiveSyn c (Default Web Site)
Guid : e97ec197-693c-4ce7-8894-34 e04fec862c
ObjectCategory : 1234.local/Configuration/S chema/ms-E xch-Mobile -Virtual-D irectory
ObjectClass : {top, msExchVirtualDirectory, msExchMobileVirtualDirecto ry}
WhenChanged : 11/16/2017 2:24:37 PM
WhenCreated : 11/12/2017 1:02:09 PM
WhenChangedUTC : 11/16/2017 8:24:37 PM
WhenCreatedUTC : 11/12/2017 7:02:09 PM
OrganizationId :
Id : EXCHANGE2\Microsoft-Server -ActiveSyn c (Default Web Site)
OriginatingServer : PDC.1234.local
IsValid : False
ObjectState : Changed
[PS] C:\Windows\system32>
RunspaceId : 70bac34d-84b0-4d11-9ff9-71
MobileClientFlags : BadItemReportingEnabled, SendWatsonReport
MobileClientCertificatePro
BadItemReportingEnabled : True
SendWatsonReport : True
MobileClientCertificateAut
MobileClientCertTemplateNa
ActiveSyncServer : https://remote.1234domain.com/Microsoft-Server-ActiveSync
RemoteDocumentsActionForUn
RemoteDocumentsAllowedServ
RemoteDocumentsBlockedServ
RemoteDocumentsInternalDom
MetabasePath : IIS://EXCHANGE2.1234.local
BasicAuthEnabled : True
WindowsAuthEnabled : False
CompressionEnabled : False
ClientCertAuth : Ignore
WebsiteName : Default Web Site
WebSiteSSLEnabled : True
VirtualDirectoryName : Microsoft-Server-ActiveSyn
Path :
ExtendedProtectionTokenChe
ExtendedProtectionFlags : {}
ExtendedProtectionSPNList : {}
AdminDisplayVersion : Version 15.1 (Build 225.42)
Server : EXCHANGE2
InternalUrl : https://remote.1234domain.com/Microsoft-Server-ActiveSync
InternalAuthenticationMeth
ExternalUrl : https://remote.1234domain.com/Microsoft-Server-ActiveSync
ExternalAuthenticationMeth
AdminDisplayName :
ExchangeVersion : 0.10 (14.0.100.0)
Name : Microsoft-Server-ActiveSyn
DistinguishedName : CN=Microsoft-Server-Active
Site),CN=HTTP,CN=Protocols
Administrative Group (FYDIBOHF23SPDLT),CN=Admin
Organization,CN=Microsoft
Exchange,CN=Services,CN=Co
Identity : EXCHANGE2\Microsoft-Server
Guid : e97ec197-693c-4ce7-8894-34
ObjectCategory : 1234.local/Configuration/S
ObjectClass : {top, msExchVirtualDirectory, msExchMobileVirtualDirecto
WhenChanged : 11/16/2017 2:24:37 PM
WhenCreated : 11/12/2017 1:02:09 PM
WhenChangedUTC : 11/16/2017 8:24:37 PM
WhenCreatedUTC : 11/12/2017 7:02:09 PM
OrganizationId :
Id : EXCHANGE2\Microsoft-Server
OriginatingServer : PDC.1234.local
IsValid : False
ObjectState : Changed
[PS] C:\Windows\system32>
ASKER
This is the Exchange Server Auth Certificate and do you have the other self signed with the name Microsoft Exchange?I believe they're both missing. I copied the one I used as an example from another server.
You use autodiscover to connect with Outlook?yes, Outlook connected fine prior to the power outage. After no Outlook clients will connect. Outlook clients connected prior to power outage say, "trying to connect." Outlook clients I'm trying to connect for the first time give this error:
ASKER
Get-ActiveSyncVirtualDirec tory | fl https://remote.1234domain.com doesn't return anything just goes back to a command prompt.
Hi,
You are having a problem with IIS. Only owa works correctly because it uses Basic authentication.
How you remove certificate?
If Owa works, the databases are mounted.
Regards
Valentina
You are having a problem with IIS. Only owa works correctly because it uses Basic authentication.
How you remove certificate?
If Owa works, the databases are mounted.
Regards
Valentina
ASKER
Think this is where the problem is:
[PS] C:\Windows\system32>get-ex changecert ificate | fl certificatedomains
CertificateDomains : {EXCHANGE2, EXCHANGE2.1234.local}
CertificateDomains : {remote.1234domain.com, www.remote.1234domain.com, autodiscover.1234domain.co m}
CertificateDomains : {exchange2.1234.local, AutoDiscover.1234.local, AutoDiscover.1234domain.co m,
AutoDiscover.5678domain.co m, AutoDiscover.910domain.com , remote.910domain.com, remote.1234domain.com,
1234.local, 1234domain.com, 5678domain.com, 910domain.com}
There are multiple domains in the list because the company name changed over the years.
Current company .local and domain is: 1234.local and 1234domain.com.
5678domain.com and 910domain are old domains that are still used but not often if at all.
[PS] C:\Windows\system32>get-ex
CertificateDomains : {EXCHANGE2, EXCHANGE2.1234.local}
CertificateDomains : {remote.1234domain.com, www.remote.1234domain.com, autodiscover.1234domain.co
CertificateDomains : {exchange2.1234.local, AutoDiscover.1234.local, AutoDiscover.1234domain.co
AutoDiscover.5678domain.co
1234.local, 1234domain.com, 5678domain.com, 910domain.com}
There are multiple domains in the list because the company name changed over the years.
Current company .local and domain is: 1234.local and 1234domain.com.
5678domain.com and 910domain are old domains that are still used but not often if at all.
ASKER
How you remove certificate?Certificates were deleted during troubleshooting or accident. Not 100% sure and doesn't matter too much while troubleshooting, will determine how after server is up and running. I know they were deleted by a person.
If Owa works, the databases are mounted. True.
ASKER
How are the missing/deleted certificates added?
Hi
Verify if you go to MMC,add snapin certificates. Check if you can copy from personal or trusted root.
If you do not see there...you will need to recreate.
Regards
Valentina
Verify if you go to MMC,add snapin certificates. Check if you can copy from personal or trusted root.
If you do not see there...you will need to recreate.
Regards
Valentina
ASKER
Copied them over and Outlook is trying to connect, taking longer than usual but hasn't failed yet. Will keep you posted.
Hi,
it is solved?
Regards
Valentina
it is solved?
Regards
Valentina
ASKER
Had to step away from my computer. I'm back now testing after copying the certs over.
ASKER
Outlook clients still fail and won't connect. Step closer with mobile devices as they connect now and don't fail authentication however nobdy can send or receive email from mobile devices.
OWA works.
OWA works.
ASKER
The Microsoft Connectivity Analyzer is attempting to retrieve an XML Autodiscover response from URL https://1234domain.com:443/Autodiscover/Autodiscover.xml for user user@1234domain.com.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You are not able to connect internally or externally?
You need to configure the certificate to match the name in autodiscover.
Are you using SSL certificate from third party CA?
Regards
Valentina