Out of Office Replies

Chris Currell
Chris Currell used Ask the Experts™
on
Client is running SBS 2011 (Exchange 2010)

This problem came about after the client did not want to be on Office 365. We moved them back to there old SBS server.
Setting up outlook profiles produced a prompt - "Information you exchange with this site cannot be viewed or changed by others. However there is a problem with the site's security certificate." You could click yes to continue and the profile would be created and everything seemed to work well.

Yesterday, someone was going on vacation and wanted to set and Automatic Reply. They received an error that stated, "Your automatic reply settings cannot be displayed because the server is currently unavailable." After some research I found a lot of people suggesting this was an SSL certificate issue. Since the clients certificate was about to expire in a few months I purchased a new one. I created a new CSR and installed the new certificate using the SBS Control Panel. All seemed to go well. Rebooted the server and the users computer but still no luck in setting an Automatic Reply.

The certificate I created is for remote.domain.ca.
On there external DNS I have created A records for mail.domain.ca and remote.domain.ca that point to the there public IP address. There is also an SRV entry for remote.domain.ca to mail.domain.ca.

If I open a browser both internal and external and go to https://remote.domain.ca/Autodiscover/Autodiscover.xml I get an error code 600 which I understand to be good. If I do this with IE I am prompted for long in information.

If I run a Test E-mail Auto Configuration on the clients computer, ( with only Use Autodiscover checked) I get an error Autocofiguration was unable to determine your settings. The log file shows - Local autodiscover for domain.ca failed (0x8001040f).


In Exchange Management Shell I can run get-autodiscovervirtualdirectory |fl I see that the InternalUrl and ExternalUrl are blank. Not sure if this wrong or where they should point.

Any idea on how to fix autodiscover?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Saif ShaikhServer engineer

Commented:
Please follow article- https://www.experts-exchange.com/articles/29657/Exchange-2010-Fix-for-an-Invalid-certificate-and-related-issues.html

to fix the virtual directories issue. If all virtual directories are not set, then start from point number 5 of the article.

After setting the virtual directories you need to run test-email autoconfiguration from outlook to see if auto-discover test is successful and see if it list the OOF URL.

Try to first set the OOF in OWA and check if you are able to set OOF in OWA and try to send email and see if you get OOF reply which will result in OOF is working from OWA fine.

Commented:
Both profile creation and OOF are dependent on autodiscover working properly. In order for OOF and profile creation to work properly, the Autodiscover virtual directory URLs must be populated. Is the certificate you created a single-named cert or a SAN cert? If SAN cert, can you confirm autodiscover.domain.com is registered on it?

You would want to populate autodiscover internalURL and externalURL to be https://autodiscover.domain.com/autodiscover/autodiscover.xml and you will want to check your SCP as well by typing Get-ClientAccessServer | FL *uri.

This value should also point to the URL of your internal Autodiscover (https://autodiscover.domain.com/autodiscover/autodiscover.xml)
Chris CurrellIT Manager

Author

Commented:
Thank you for your suggestions.

I have a new single name cert named - remote.domain.ca

The command you provided returned the following -
AutoDiscoverServiceInternalUri : https://remote.domanin.ca/autodiscover/autodiscover.xml

I have run a few other comands that are listed below. I have attached there output hoping this may help. I am not a powershell expert.

Get-autodiscovervirtualdirectory |fl >c:\auto.txt
Get-clientaccessserver | fl >c:\cas.txt
Get-ExchangeCertificate |fl >c:\certlog.txt
auto.txt
cas.txt
certlog.txt
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Commented:
Populate the internalURL and ExternalURL values of Autodiscover with https://remote.domanin.ca/autodiscover/autodiscover.xml

Is there a reason you purchased a single-named Certificate instead of a SAN certificate?
(FYI - see this link https://practical365.com/exchange-server/exchange-2010-ssl-certificates/ 
which states This makes a standard single-name SSL certificate unsuitable.  Instead, Exchange Server 2010 must be installed with a SAN certificate.
)
Chris CurrellIT Manager

Author

Commented:
I am in the process of purchasing a SAN cert.

remote.domain.ca
mail.domain.ca

Are there any other domains I should add?

Commented:
negative - you should also add autodiscover.domain.ca to that list.
Chris CurrellIT Manager

Author

Commented:
Ok I think I have the correct cert installed now. I have attached the output from

Get-ExchangeCertificate |fl >c:\certlog.txt

Now what?
certlog.txt

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial