Out of Office Replies

Client is running SBS 2011 (Exchange 2010)

This problem came about after the client did not want to be on Office 365. We moved them back to there old SBS server.
Setting up outlook profiles produced a prompt - "Information you exchange with this site cannot be viewed or changed by others. However there is a problem with the site's security certificate." You could click yes to continue and the profile would be created and everything seemed to work well.

Yesterday, someone was going on vacation and wanted to set and Automatic Reply. They received an error that stated, "Your automatic reply settings cannot be displayed because the server is currently unavailable." After some research I found a lot of people suggesting this was an SSL certificate issue. Since the clients certificate was about to expire in a few months I purchased a new one. I created a new CSR and installed the new certificate using the SBS Control Panel. All seemed to go well. Rebooted the server and the users computer but still no luck in setting an Automatic Reply.

The certificate I created is for remote.domain.ca.
On there external DNS I have created A records for mail.domain.ca and remote.domain.ca that point to the there public IP address. There is also an SRV entry for remote.domain.ca to mail.domain.ca.

If I open a browser both internal and external and go to https://remote.domain.ca/Autodiscover/Autodiscover.xml I get an error code 600 which I understand to be good. If I do this with IE I am prompted for long in information.

If I run a Test E-mail Auto Configuration on the clients computer, ( with only Use Autodiscover checked) I get an error Autocofiguration was unable to determine your settings. The log file shows - Local autodiscover for domain.ca failed (0x8001040f).


In Exchange Management Shell I can run get-autodiscovervirtualdirectory |fl I see that the InternalUrl and ExternalUrl are blank. Not sure if this wrong or where they should point.

Any idea on how to fix autodiscover?
LVL 1
Chris CurrellIT ManagerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Saif ShaikhServer engineer Commented:
Please follow article- https://www.experts-exchange.com/articles/29657/Exchange-2010-Fix-for-an-Invalid-certificate-and-related-issues.html

to fix the virtual directories issue. If all virtual directories are not set, then start from point number 5 of the article.

After setting the virtual directories you need to run test-email autoconfiguration from outlook to see if auto-discover test is successful and see if it list the OOF URL.

Try to first set the OOF in OWA and check if you are able to set OOF in OWA and try to send email and see if you get OOF reply which will result in OOF is working from OWA fine.
Ibrahim BennaTechnology LeadCommented:
Both profile creation and OOF are dependent on autodiscover working properly. In order for OOF and profile creation to work properly, the Autodiscover virtual directory URLs must be populated. Is the certificate you created a single-named cert or a SAN cert? If SAN cert, can you confirm autodiscover.domain.com is registered on it?

You would want to populate autodiscover internalURL and externalURL to be https://autodiscover.domain.com/autodiscover/autodiscover.xml and you will want to check your SCP as well by typing Get-ClientAccessServer | FL *uri.

This value should also point to the URL of your internal Autodiscover (https://autodiscover.domain.com/autodiscover/autodiscover.xml)
Chris CurrellIT ManagerAuthor Commented:
Thank you for your suggestions.

I have a new single name cert named - remote.domain.ca

The command you provided returned the following -
AutoDiscoverServiceInternalUri : https://remote.domanin.ca/autodiscover/autodiscover.xml

I have run a few other comands that are listed below. I have attached there output hoping this may help. I am not a powershell expert.

Get-autodiscovervirtualdirectory |fl >c:\auto.txt
Get-clientaccessserver | fl >c:\cas.txt
Get-ExchangeCertificate |fl >c:\certlog.txt
auto.txt
cas.txt
certlog.txt
Maximize Customer Retention with Superior Service

The IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy for valuable how-to assets including sample agreements, checklists, flowcharts, and more to help build customer satisfaction and retention.

Ibrahim BennaTechnology LeadCommented:
Populate the internalURL and ExternalURL values of Autodiscover with https://remote.domanin.ca/autodiscover/autodiscover.xml

Is there a reason you purchased a single-named Certificate instead of a SAN certificate?
(FYI - see this link https://practical365.com/exchange-server/exchange-2010-ssl-certificates/ 
which states This makes a standard single-name SSL certificate unsuitable.  Instead, Exchange Server 2010 must be installed with a SAN certificate.
)
Chris CurrellIT ManagerAuthor Commented:
I am in the process of purchasing a SAN cert.

remote.domain.ca
mail.domain.ca

Are there any other domains I should add?
Ibrahim BennaTechnology LeadCommented:
negative - you should also add autodiscover.domain.ca to that list.
Chris CurrellIT ManagerAuthor Commented:
Ok I think I have the correct cert installed now. I have attached the output from

Get-ExchangeCertificate |fl >c:\certlog.txt

Now what?
certlog.txt
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.