Wildcard certificate in Outlook Anywhere
I tried to fix a bit our Outlook Anywhere and set certificate for my EXPR provider to "msstd:*.domain.com" (I use *.domain.com certificate for exchange). But all Outlook clients after restart show error: "There
is a problem with the proxy server's security certicate. The name on the security certificate is invalid or does not match the name of the target site owa.domain.com. Outlook
is unable to connect to the proxy server. (Error Code 0)".
I set EXPR provider to "msstd:owa.domain.com" (my exchange server address) and all works fine now.
Why I could not switch certificate to wildcard?
Hi,
If you have done the following changes:
Set-OutlookProvider -Identity EXPR -CertPrincipalName msstd:*.domain.com
Please follow Ed’s suggestion to make sure the Wildcard certificate assigned with IIS service. We can run the following command to get more information about your certificates:
Get-ExchangeCertificate | Select CertificateDomains,Services,Status
If the Wildcard certificate is not assigned with IIS service, please
use the Enable-ExchangeCertificate cmdlet and specify IIS services. Additionally, here is a related KB about this issue:
http://support.microsoft.com/kb/923575
Thanks,
Winnie Liang
TechNet Community Support
Similar Messages
-
Certificate mismatch Outlook Anywhere
Hi,
When connecting an Outlook 2013 client to Exchange 2013 I am getting a certificate mismatch error.
SSL Certificate is for the external name (exch.domain.com) has no SAN's and Outlook is looking for servername.local.
I have configured all virtual directories for Exchange to use the above url (exch.domain.com) for internal and external access.
Have a local DNS record resolving the external name (exch.domain.com) to the internal IP of the exchange server.
Operating a single public IP using ARR and Windows Server 2012 Essentials
Have set up a SRV record in DNS for autodiscovery.
Outlook Anywhere in the ECP is configured to NTLM authentication
In Outlook, the advanced connection properties I was getting authentication prompts until I added https://exchange.domain.com as a proxy server.
Any help would be appreciated thanks.I am having the same issue with my Outlook 2013 clients.
All virtual directories are set to the mail.company.com. The Godaddy certificate is for mail.company.com and is used for the SMTP, IIS, POP3, IMAP services.
The client gives a security alert about the certificate name for servername.company.com not matching the certificate mail.company.com. The client account settings show the server as a
[email protected] and the Exchange proxy settings as mail.company.com and connect using SSL only with msstd:mail.company.com for the principal name.
Doing a Connection status check on the Outlook, it shows the Proxy server of mail.company.com and server name as the
[email protected] for Exchange Directory and Exchange Mail.
I have tried putting the server name in the virtual directory internal url's but it still isn't working correctly.
I had used a cert form our internal CA for testing and am still using it for the UM and UMCallRouter functions, although the SMTP, IMAP, POP3 are still checked for it.
Outlook functions fine after clearing the Security Alert.
Not sure what I am missing. Thanks for any help. -
Exchange 2013 2007 co-existence Outlook Anywhere issues
Sorted out all other issues (apart from a SSO issue- another thread) . Activesync, autodiscover etc all working- but Outlook Anywhere does not work for Exchange 2007 external mailboxes. It does work for 2013 mailboxes internally and externally-
and 2007 mailboxes internally.
Exchange 2013 SP1. Exchange 2007 Sp3 RU10. Legacy namespace is in use and on certificate. Outlook Anywhere IIS Authentication is set to Basic and NTLM on both 2007 and 2013 servers. Outlook Anywhere external client authentication is set to Basic.
Any sugestions what to look at next?Tony,
I apologize for the stupid question, but was Outlook Anywhere working on Exchange 2007 before you started the upgrade?
When you open command prompt on Exchange 2007 and ping the Exchange 2007 internal FQDN or NetBIOS name, do you get an IPv4 address or you get the IPv6 one?
Step by Step Screencasts and Video Tutorials -
Default Outlook Anywhere Connections
I'm using an Exchange 2013 SP1 environment with almost no customization. Only 2 servers exists - one holding CAS+MBX, and a second one being an MBX. No DAGs, balancers, etc. Mapi over HTTP is not enabled. The default self-signed certificates are used
(no new certificate was installed, nor any self-signed certificate manually installed on any server/client). A mailbox is provisioned on a database located on the first server. Outlook is configured for the corresponding user on a client machine and started.
Everything works just fine, with the 'Outlook Connection status' window showing 2 Exchange Directory + 2 Exchange Mail connections. Authentication is NTLM. Ports for all 4 connections are 6001 - which hint that Outlook Anywhere is indeed used.
From time to time, the familiar "Security Alert" comes up warning about the self-signed certificate, but this is usually traced in my experience to the various services Outlook is using, that are running on HTTPS (OAB, EWS, Availability...).
Here we find that in Exchange 2013 "Outlook Anywhere is enabled by default, because all Outlook connectivity takes place via Outlook Anywhere". Then
here it's stated that "Outlook Anywhere won't work with a self-signed certificate on the Client Access server". I remember the latter being true against Exchange 2010
instances, but seems not to be the case in Exchange 2013 anymore. Unless I'm missing something, from the standpoint of a default installation, the 2 articles contradict each other.
Second issue - even though Outlook is set for "Negotiate" in its Security setting, it looks like the Kerberos preferred option is never chosen. Would it have to do with the self-signed certificate and Outlook Anywhere ?First article says "[...]In Exchange 2013, Outlook Anywhere is enabled by default, because all Outlook connectivity takes place via Outlook Anywhere.[...]". A simple Exchange 2013 SP1 setup, using defaults - including the built-in self-signed certs
- can be reached with no problems with a regular Outlook client. Since RPC over TCP is now defunct, and MAPI over HTTP isn't enabled (it's a regular installation, hence this feature is disabled) it can only be Outlook Anywhere being used by the Outlook client
to connect to the vanilla Exchange 2013 SP1 installation. Hence we can conclude that Outlook Anywhere works by default.
Second article comes around and says "[...] Outlook Anywhere won't work with a self-signed certificate on the Client Access server.[...]". Yet this is contrary to what I'm experiencing - since Outlook Anywhere is working (what other method of connecting
is left, right ? plus even the connections over :6001 in the Connection Status window hint at this) and there hasn't been any CA-emitted certificate installed on that stock CAS server.
So either the sentence in the second article is flat wrong (ONLY for 2013, Exchange 2010 NEEDS trusted certs), or it's missing a clause. Am I missing something ?
Hi,
Yes, Outlook Anywhere is enabled by default. Because all Outlook connectivity from Internal and External are using Outlook Anywhere.
For your second question, "[...] Outlook Anywhere won't work with a self-signed certificate on the Client Access server.[...]". Based on my knowledge, the Self-signed certificate which is installed with Exchange 2013 installation is not issued
by any CA. It is issued by the Exchange server.
Outlook Anywhere won't work with a self-signed certificate on the Client Access server because there would be a certificate untrusted issue on every user's clients. If you don't install the untrusted certificate in your trusted root certificate store on
the client computer, the client will be always prompted for the certificate error even through you can work with Exchange services after clicking Yes when the Security Alert asking you “Do you want to proceed”.
Regards,
Winnie Liang
TechNet Community Support -
Trial SAN Certificate & Outlook Anywhere (RPC over HTTP) test fail
I am testing exchange 2013 where autodiscover pass while performing Outlook Anywhere (RPC over HTTP) connectivity test failed with invalid SSL certifiate . I am only using self certifiate .do any one idea if any CA provding SAN certificate trial basis.
Don't forget to mark helpful or answer
connect me :-
http://in.linkedin.com/in/satya11
http://facebook.com/satya.1000Hi,
Agree with the above suggestion, ExRCA test cannot pass with self-signed certificate. And to ensure Outlook Anywhere work well , we need to install the self-signed certificate on all clients machines.
If you have any question, please feel free to let me know.
Thanks,
Angela Shi
TechNet Community Support -
(I'll upload screen captures if needed once my account gets verified)
I have a basic (as in freshly installed single exchange server 2010 SP3) Exchange Server installation. I've setup Outlook Anywhere. I've also setup a SAN (SubjectAltName) certificate.
My setup:
ex01.eci.XXXX.XX = is the server name and also the CN of my SAN certificate
mail.eci.XXXX.XX = an A record I've setup to access my exchange server. It is also a subjectAltName in my SAN certificate
When setting up Outlook, I enter the server name and specify the Outlook Anywhere proxy server in the Outlook Anywhere section. This works fine and I connect to my exchange server using RPC over HTTPS.
Now, I was under the impression that specifying SANs in the certificate would allow me to enter the SAN alt name (mail.eci.XXXX.XX) in the field reserved for the Server Name, in Outlook..
But it does not work. The proxy will give me an error each time, like that:
HTTP 544 RPC_IN_DATA /rpc/rpcproxy.dll?mail.eci.XXXX.XX:6002 HTTP/1.1 , NTLMSSP_NEGOTIATE
HTTP 635 HTTP/1.1 401 Unauthorized , NTLMSSP_CHALLENGE (text/html)
HTTP 123 HTTP/1.0 503 RPC Error: 6ba
My question is: is this the behaviour I should expect? Or should I be able to specify the SAN alt name in the Server Name in Outlook?
Thanks!Hi,
Firstly, I’d like to explain, the server name tab should be filled with your mailbox server name in the process of configuring Exchange 2010 account.
And the Outlook Anywhere proxy server is configured at the server side and cannot be randomly defined at the client side. To check it, we can run: get-outlookanywhere |fl externalhostname
Thus, it’s an expected behavior that we would get error if we randomly enter name in the server name tab when we configure an account. If I misunderstand your meaning, please feel free to let me know.
Additionally, Autodiscover service can help us automatically complete the configuration of the Outlook account. And how about the result if you use the Autodiscover to automatically configure the account?
If you have any question, please feel free to let me know.
Thanks,
Angela Shi
TechNet Community Support -
Exchange 2013 - How to configure Outlook Anywhere with certificate based authentication?
Hello,
is it possible to secure Outlook Anywhere in Exchange 2013 with certficate based authentication?
I found documentation to configure CBA for OWA and ActiveSync, but not for Outlook Anywhere.
We would like to secure external access to the mailboxes via Outlook by using CBA.
Thanks a lot in advance!
Regards,
AndréHi,
Let’s begin with the answer in the following thread:
http://social.technet.microsoft.com/Forums/en-US/e4b44ff0-4416-44e6-aa78-be4c1c03f433/twofactor-authentication-outlook-anywhere-2010?forum=exchange2010
Based on my experience, Outlook client only has the following three authentication methods:Basic, NTML, Negotiate. And for more information about Security for Outlook Anywhere, you can refer to the following article:
http://technet.microsoft.com/en-us/library/bb430792(v=exchg.141).aspx
If you have any question, please feel free to let me know.
Thanks,
If you have feedback for TechNet Subscriber Support, contact
[email protected]
Angela Shi
TechNet Community Support -
Outlook Anywhere, Office 2013 + Exchange 2013 freezes
Hi.
I'm pulling my hair out with this problem as it seems to make no sense.
I have a client using outlook 2013 through outlook anywhere to their new server running Exchange 2013. when outlook is opened it seems to work for about 10 mins or so then after that if you go to send an email it freezes and says it trying to contact the
server. you wait for 10 mins then it works again for a while.
I've changed the timeout settings on the server and everything, they are currently experiencing this in their Spanish office which connects back to the UK.
No if they dial up the vpn ( no settings changed at all) and run outlook, it all works perfectly..... No one in the UK office (about 10 users) have any issues its only the 2 people in Spain, and one of them uses the laptop in the UK office that they have
in Spain with no issues.
I have a CA certificate from slls so not using a self certified one. however its not a wildcard so I haven't set-up on the external domain dns and instead just manually enter the settings (which works fine)
Its almost as if after 10 mins some connection drops but then takes ages to reconnect again.
There are a lot of schannel errors appearing on the machines which suggests they are looking at the wrong ports for connection on a couple of attempts, but the questions is why? and whether this has anything to do with the OA problem.
If anyone has some fresh ideas or any thoughts i would be very grateful as this is driving me round the bend, and i have 2 other clients who have a very similar set-up but have no issues.
Router Spanish side is a Comcast router and UK side is a draytek 2820
Exchange is running on Server 2012 with both the CA and Mailbox roles on the same server.
heeeellp before I go bald :)Hi,
Please have the users in Spain open Outlook, go to FILE
-> Account Settings -> Account Settings -> Double click the account name ->
More Settings -> Connection tab -> Select
Connect to Microsoft Exchange using HTTP, and click Exchange Proxy Settings, tick
On slow networks, connect using HTTP first, then connect using TCP/IP
-> OK.
We can also have the users in Spain test the connectivity to Exchange via Remote Connectivity Analyzer to find if there's any error.
https://testconnectivity.microsoft.com/
Regards,
Melon Chen
TechNet Community Support -
Hi,
we have following problem. We have a mixed multi-domain one-forest AD environment. We also have still a mixed exchange 2007 / 2013 environment. We also have different CAS Servers for 2007 SP3 (RU15) and 2013 (CU8) in europe and one 2007 SP3 (RU15) CAS Server
in China, because of bad connection to Europe. For the Migration to 2013 in Europe we installed a wildcard-certificate *.xyz.com and used the Set-OutlookProvider EXPR -CertPrincipalName msstd:*.xyz.com, so the wildcard certificate is accepted. Everything in
Europe works fine, inside and outside also between exchange 2007 and 2013 (both CAS Server 2013 and 2007 use the same wildcard certificate). But since the change of the Set-OutlookProvider EXPR we are facing problems with our CAS Server in China, because this
server has a different non-wildcard certificate and a different domain name (cas-server.xyz-china.com instead xyz.com). Now we have the problem that this Chinese CAS server the Outlook Anywhere does not work anymore and prompts always for the username. As
I see it is because of the EXPR change. Is it possible to set the the Outlook-Provider EXPR per Cas-Server ? (They also have their own Autodiscover on this front-end server). Because I see that the Outlook-Provider can only be stored forest-wide.
If not the other solution would be to register the chinese cas server in our xyz.com domain and use the same wildcard certificate on this system right ?
Any help would be appreciate….Yes setting the EXPR value is most likely the cause of your issue. When you set this value you are telling Outlook to only accept connections from connections that have the cert with the subject name you specify here.
Unfortunately, based on my experience I believe this is an organization wide setting and cannot be configured on a CAS by CAS basis (If I'm wrong someone please keep me honest :)).
So the only option would you have is to change all the URLs to be on *.xyz.com domain. There's no need to change the domain the server actually resides on. The other option would be to purchase a UCC Cert with all the names you need and apply
to all your CAS servers and reset the EXPR value.
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread -
Exchange 2010+Outlook Anywhere+Windows XP not working together
Hello,
We have Exchange 2010 installed on Server 2008 R2. CAS/Hub/mailbox roles on same server. Outlook Anywhere is enabled and using a Go Daddy signed certificate for OWA. Now my problem is that Windows XP (w SP3) PC's that are not located inside domain and
shoud use Outlook Anywhere cannot connect to that service. Outlook version is 2007 SP2. On the other hand, that same user can connect from a Windows 7 pc what is also located outside domain without problems. On XP pc windows keeps asking for password repeatedly,
on W7 pc it asks it and accepts and logs the user in and connects it to his mailbox. I have read numerous posts about this kind of issue, put so far none of them helped me. The certificate is issued to mail.domainname.ee and autodiscover.domainname.ee. The
internal name of the server is excha.domainname.ee, external name is mail.domainname.ee. Also I used the Set-OutlookProvider cmdlet to set EXPR to msstd:mail.domainname.ee and also tried msstd:excha.domainname.ee this change did not have any effect on XP pc.
What is wrong in XP and Outlook 2007 combination not being able to connect to Echange 2010?I was suffering from a very similar issue. The one major difference for me is that I was using a wildcard ssl certificate for "*.contoso.com" which was not matching with the server name of owa.contoso.com.
Behaviour definitely seemed to only manifest with Windows XP on the open internet (not domain joined or internal) trying to use either Outlook 2007 or 2010 to connect to our internal Exchange 2010 server via RPC over HTTPS. Autodiscover was successful
but user would be repeatedly prompted for their credentials but they would never match.
The key changes that seemed to fix this for us were to make these updates -
Set-OutlookProvider EXPR -CertPrincipalName msstd:*.contoso.com
alternatively if you dont care whether the proxy server name exactly matches your ssl cert you can do this (not recommended) -
Set-OutlookProvider EXPR -CertPrincipalName none
These commands manipulate the Microsoft Exchange Proxy Settings under the Outlook Anywhere options under the connection tab of your mail profile. In particular the field labeled "Only connect to proxy servers that have this principal name in their
certificate"
Also, to force RPC over HTTPS and never try and timeout on TCP/IP connection (which cannot work through the firewall) -
Set-OutlookProvider EXPR -OutlookProviderFlags:ServerExclusiveConnect
This should click the checkbox for "On fast networks, connect using HTTP first, then connect using TCP/IP"
This should then allow autoconfigure to work fine when setting up your mail profile. If you want to check the settings page you should have something that looks like this -
Finally, please note that Autodiscover settings are updated periodically not instantly. I believe it is something like every 15m or so. As such, make the changes above and then wait for at least 15-30mins before making any other changes.
I ended up chasing my tail and then some complete red-herring *seemed* to fix the problem. It was actually something that I had changed 20mins before! -
Exchange 2013, Outlook 2007 clients Problems with Outlook Anywhere connection
Hi everyone,
I have a mail system Exchange 2013 SP1, on Windows Server 2012 R2.
I have only one mail server with the Client Access and Mailbox roles Server.
I have a Wildcard certificate type *. Mydomain.com.
All connections to the Outlook Anywhere Outlook 2010, Outook 2013 work correctly.
The ActiveSync connections are working properly, too.
But Outlook 2007 clients connecting with Outlook Anywhere asking for credentials continuously fail continuously.
How can I solve this?
thank you very much
Microsoft Certified IT Professional Server AdministratorHi,
Based on my experience, we need to set Outlook provider with the domain name if it's wildcard certificate:
Set-OutlookProvider -Identity EXPR -CertPrincipalName msstd:*.domain.com
http://technet.microsoft.com/en-us/library/cc535023(EXCHG.80).aspx
Thus, I recommend you try the above configuration and test the Outlook connection again.
Thanks,
Angela Shi
TechNet Community Support -
Wildcard certificate for Exchange 2010
Hi
I have single exchange 2010 installed. I have installed single domain name on exchange certificate , it expire next month March 2014. I have a plan to buy new Wildcard certificate for the exchange. I access OWA by ns1.xyz.com/owa without any
problem but in my local network my outlook giving certificate error because of single domain name on certificate.
My question is what name should be on wildcard CSR? Just put the " *.xyz.com " or somting else ? That will work in my local area as well OWA and Outlook anywhere ?Hi,
According to your description, your internal URLs have the different host name with the external ones.
If you don’t want to change the URLs, we need add the following host names in the certificate:
All the host names in the external and internal URLs including autodiscoverserviceinternalurl;
Autodiscover.smtpaddresssuffix
In this case, SAN certificate is more suitable for your environment than wildcard certificate.
If I misunderstand your meaning, please feel free to let me know.
Thanks,
Angela Shi
TechNet Community Support -
Outlook Anywhere losing proxy settings, Autodiscover issue?
I have Exchange Server 2010 in Small Business Server 2011. I have several remote clients that are not part of the SBS domain, but they use Outlook Anywhere to connect to Exchange.
We originally started with a self-signed and eventually added a GoDaddy SSL certificate. Some of the remote clients lose the settings for Outlook Anywhere randomly. The proxy checkbox is unchecked and the MSSTS settings have all disappeared.
I investigated this and it seems to point to autodiscover. Our DNS is hosted externally so I created an A-Host record at Netowork Solutions called autodiscover and resolved it to the static IP address of the server. When I did this the remote
clients started to get certificate security warnings.
Next I tried to create a CNAME called _autodiscover for mail.mydomain.com and this didn't work either, certificate security erros
Is my Outlook Anywhere issue an 'autodiscover' problem and if it is, what amI doing wrong? Here are some additional details:
Self-signed certificate is mail.mydomain.com. GoDaddy Class 2 certificate authority has identified this site as mail.mydomain.com. The connection to the server is encrypted.Testing RPC/HTTP connectivity.
The RPC/HTTP test failed.
Additional Details
Elapsed Time: 3221 ms.
Test Steps
The Microsoft Connectivity Analyzer is attempting to test Autodiscover for
[email protected].
Autodiscover was tested successfully.
Additional Details
Elapsed Time: 3219 ms.
Test Steps
Attempting each method of contacting the Autodiscover service.
The Autodiscover service was tested successfully.
Additional Details
Elapsed Time: 3218 ms.
Test Steps
Attempting to test potential Autodiscover URL
https://pickardconstruction.com/AutoDiscover/AutoDiscover.xml
Testing of this potential Autodiscover URL failed.
Additional Details
Elapsed Time: 835 ms.
Test Steps
Attempting to resolve the host name pickardconstruction.com in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 205.204.84.106
Elapsed Time: 464 ms.
Testing TCP port 443 on host pickardconstruction.com to ensure it's listening and open.
The port was opened successfully.
Additional Details
Elapsed Time: 164 ms.
Testing the SSL certificate to make sure it's valid.
The SSL certificate failed one or more certificate validation checks.
Additional Details
Elapsed Time: 205 ms.
Test Steps
The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server pickardconstruction.com on port 443.
The Microsoft Connectivity Analyzer wasn't able to obtain the remote SSL certificate.
Additional Details
The certificate couldn't be validated because SSL negotiation wasn't successful. This could have occurred as a result of a network error or because of a problem with the certificate installation.
Elapsed Time: 156 ms.
Attempting to test potential Autodiscover URL
https://autodiscover.pickardconstruction.com/AutoDiscover/AutoDiscover.xml
Testing of this potential Autodiscover URL failed.
Additional Details
Elapsed Time: 609 ms.
Test Steps
Attempting to resolve the host name autodiscover.pickardconstruction.com in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 205.204.84.106
Elapsed Time: 222 ms.
Testing TCP port 443 on host autodiscover.pickardconstruction.com to ensure it's listening and open.
The port was opened successfully.
Additional Details
Elapsed Time: 185 ms.
Testing the SSL certificate to make sure it's valid.
The SSL certificate failed one or more certificate validation checks.
Additional Details
Elapsed Time: 200 ms.
Test Steps
The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server autodiscover.pickardconstruction.com on port 443.
The Microsoft Connectivity Analyzer wasn't able to obtain the remote SSL certificate.
Additional Details
The certificate couldn't be validated because SSL negotiation wasn't successful. This could have occurred as a result of a network error or because of a problem with the certificate installation.
Elapsed Time: 151 ms.
Attempting to contact the Autodiscover service using the HTTP redirect method.
The Autodiscover service was successfully contacted using the HTTP redirect method.
Additional Details
Elapsed Time: 1770 ms.
Test Steps
Attempting to resolve the host name autodiscover.pickardconstruction.com in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 205.204.84.106
Elapsed Time: 21 ms.
Testing TCP port 80 on host autodiscover.pickardconstruction.com to ensure it's listening and open.
The port was opened successfully.
Additional Details
Elapsed Time: 100 ms.
The Microsoft Connectivity Analyzer is checking the host autodiscover.pickardconstruction.com for an HTTP redirect to the Autodiscover service.
The redirect (HTTP 301/302) response was received successfully.
Additional Details
Redirect URL:
https://cpanelemaildiscovery.cpanel.net/autodiscover/autodiscover.xml HTTP Response Headers: Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Length: 0 Content-Type: application/xml Date: Fri, 28 Feb 2014 01:49:00 GMT Location:
https://cpanelemaildiscovery.cpanel.net/autodiscover/autodiscover.xml Server: Apache/2.2.23 (Unix) mod_ssl/2.2.23 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4
FrontPage/5.0.2.2635 PHP/5.3.21
Elapsed Time: 184 ms.
Attempting to test potential Autodiscover URL
https://cpanelemaildiscovery.cpanel.net/autodiscover/autodiscover.xml
Testing of the Autodiscover URL was successful.
Additional Details
Elapsed Time: 1463 ms.
Test Steps
Attempting to resolve the host name cpanelemaildiscovery.cpanel.net in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 208.74.124.130, 208.74.124.133, 208.74.125.50, 208.74.125.51, 208.74.123.82
Elapsed Time: 109 ms.
Testing TCP port 443 on host cpanelemaildiscovery.cpanel.net to ensure it's listening and open.
The port was opened successfully.
Additional Details
Elapsed Time: 135 ms.
Testing the SSL certificate to make sure it's valid.
The certificate passed all validation requirements.
Additional Details
Elapsed Time: 358 ms.
Test Steps
The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server cpanelemaildiscovery.cpanel.net on port 443.
The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
Additional Details
Remote Certificate Subject: CN=*.cpanel.net, OU=Domain Control Validated, O=*.cpanel.net, Issuer: SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona,
C=US.
Elapsed Time: 278 ms.
Validating the certificate name.
The certificate name was validated successfully.
Additional Details
The host name that was found, cpanelemaildiscovery.cpanel.net, is a wildcard certificate match for common name *.cpanel.net.
Elapsed Time: 0 ms.
Certificate trust is being validated.
The certificate is trusted and all certificates are present in the chain.
Test Steps
The Microsoft Connectivity Analyzer is attempting to build certificate chains for certificate CN=*.cpanel.net, OU=Domain Control Validated, O=*.cpanel.net.
One or more certificate chains were constructed successfully.
Additional Details
A total of 2 chains were built. The highest quality chain ends in root certificate OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US.
Elapsed Time: 30 ms.
Analyzing the certificate chains for compatibility problems with versions of Windows.
No Windows compatibility problems were identified.
Additional Details
The certificate chain has been validated up to a trusted root. Root =
[email protected], CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network.
Elapsed Time: 4 ms.
Testing the certificate date to confirm the certificate is valid.
Date validation passed. The certificate hasn't expired.
Additional Details
The certificate is valid. NotBefore = 8/18/2011 6:11:10 PM, NotAfter = 10/18/2016 5:19:12 AM
Elapsed Time: 0 ms.
Checking the IIS configuration for client certificate authentication.
Client certificate authentication wasn't detected.
Additional Details
Accept/Require Client Certificates isn't configured.
Elapsed Time: 349 ms.
Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
The Microsoft Connectivity Analyzer successfully retrieved Autodiscover settings by sending an Autodiscover POST.
Additional Details
Elapsed Time: 509 ms.
Test Steps
The Microsoft Connectivity Analyzer is attempting to retrieve an XML Autodiscover response from URL
https://cpanelemaildiscovery.cpanel.net/autodiscover/autodiscover.xml for user
[email protected].
The Autodiscover XML response was successfully retrieved.
Additional Details
Autodiscover Account Settings XML response: <?xml version="1.0"?> <Autodiscover xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006"> <Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">
<User> <DisplayName>[email protected]</DisplayName> </User> <Account> <AccountType>email</AccountType> <Action>settings</Action> <Protocol> <Type>IMAP</Type> <Server>have02b.have1.com</Server>
<Port>993</Port> <DirectoryPort>0</DirectoryPort> <ReferralPort>0</ReferralPort> <SSL>on</SSL> <DomainRequired>off</DomainRequired> <SPA>off</SPA> <AuthRequired>on</AuthRequired>
<LoginName>[email protected]</LoginName> </Protocol> <Protocol> <Type>SMTP</Type> <Server>have02b.have1.com</Server> <Port>465</Port> <DirectoryPort>0</DirectoryPort> <ReferralPort>0</ReferralPort>
<SSL>on</SSL> <DomainRequired>off</DomainRequired> <SPA>off</SPA> <AuthRequired>on</AuthRequired> <LoginName>[email protected]</LoginName> </Protocol> </Account> </Response>
</Autodiscover> HTTP Response Headers: Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Length: 1362 Content-Type: text/xml Date: Fri, 28 Feb 2014 01:49:02 GMT Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_perl/2.0.5
Perl/v5.8.8
Elapsed Time: 509 ms.
Autodiscover settings for Outlook Anywhere are being validated.
The Microsoft Connectivity Analyzer wasn't able to validate Outlook Anywhere Autodiscover settings.
Tell me more about this issue and how to resolve it
Additional Details
The EXCH provider section is missing from the Autodiscover response.
Elapsed Time: 0 ms. -
Access to Outlook Anywhere does not work
Good evening,
I recently installed an Exchange Server 2013 CAS / MB.
Until now, the server presented a few errors (mainly in the
event log) that does not seem to significantly influence functionality.
This week I published the server on the Internet and verified various malfunctions
related to the access from outside.
In particular from outside:
1 - OWA does not work with Windows integrated authentication, it works with the Forms based authentication;
2 - Outlook Anywhere does not work from internet.
I've done a lot of research and testing without success.
With regard to the first issue (which is not a priority but can relate to second one)
add that in Firefox I get a first authentication request. If
I enter credentials it ask again for identical authentication (repeatly), if I cancel it shows a second one that instead allows me access (are slightly different).
I assume that the first is the integrated Windows application and the second is basic authentication.
Internet Explorer shows me only the first authentication request and if I cancel shows blank page.
The problem is
priority 2:
Outlook connects without problems on LAN network, the Internet
seems to download the correct information
(autodiscover), but then does not connect
to the server (connection to Microsoft Exchange is unavailable).
If you manually edit the settings,
auto-configuration server returns as
a [email protected]. If I change
manually the server (and proxy settings
http), the result does not change.
- Setting information -
The server is installed
in the LAN network and is exposed on the Internet through
a firewall (Pat on port 443, et al. not 80)
on a public address.
The public and private DNS have been configured with a
host record (A) and two
CNAME (webmail and autodiscover).
The internal Outlook clients connect
with autodiscover and HTTPS /
NTLM / SSL (Outlook connectivity
status).
IMAP, SMTP, POP, ActiveSync function.
Exchange remote connectivity analizer retrieves Autodiscover information but doesn't pass test for RPC/HTTP access (it discard accesson
port 443 and try port 80, SPF isn't configured).
The navigation to the url
https://proxyexternalURL/rpc/rpcproxy.dll has the same behaviour like problem 1.
Test-OutlookConnectivity returns unmanaged error ('WARNING: An unexpected error has occurred and a Watson dump is being generated: Failed to find the probe result for invoke now request id -- and probe workdefinition id --').
Errors in eventviewer: 5011 - WAS (one time), 139 - MSExchange OWA (some not ripetitive), 3028 - MSExchangeApplicationLogic (every 6 hours), 106 - MSExchange common (many during working hour), 65535 - application (some at nighttime 00.00 - 03.00 a.m.), 1006
- MSExchangeDiagnostic (every 30 min), 6002 - MSExchange Mid-Tier Storage (about every 5 minutes), 5 - MSExcahnge Workload Management (one time).
Ask for further information.
- Cmdlet and Autodiscover output -
Get-OutlookAnywhere | fl name,*auth*,*ssl*,*host*
Name : Rpc (Default Web site)
ExternalClientAuthenticationMethod : Basic
InternalClientAuthenticationMethod : Ntlm
IISAuthenticationMethods : {Basic, Ntlm, Negotiate}
SSLOffloading : True
ExternalClientsRequireSsl : True
InternalClientsRequireSsl : True
ExternalHostname : webmail.name_domain.test
InternalHostname : webmail.name_domain.test
Get-OutlookProvider | ft -autosize
Name Server CertPrincipalName TTL
EXCH msstd:webmail.name_domain.test 1
EXPR msstd:webmail.name_domain.test 1
WEB
1
Get-AutodiscoverVirtualDirectory | fl name,*auth*,*url*
Name : Autodiscover (Default Web site)
InternalAuthenticationMethods : {Basic, WSSecu.testy, OAuth}
ExternalAuthenticationMethods : {Basic, WSSecu.testy, OAuth}
LiveIdNegotiateAuthentication : False
WSSecu.testyAuthentication : True
LiveIdBasicAuthentication : False
BasicAuthentication : True
DigestAuthentication : False
WindowsAuthentication : False
OAuthAuthentication : True
AdfsAuthentication : False
InternalUrl :
ExternalUrl :
Get-MapiVirtualDirectory | fl name,*auth*,*url*
Name : mapi (Default Web site)
IISAuthenticationMethods : {Basic, Ntlm, Negotiate}
InternalAuthenticationMethods : {Basic, Ntlm, Negotiate}
ExternalAuthenticationMethods : {Basic, Ntlm, Negotiate}
InternalUrl : https://webmail.name_domain.test/mapi
ExternalUrl : https://webmail.name_domain.test/mapi
Autodiscover.xml
<?xml version="1.0" encoding="utf-8"?>
<Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
<Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">
<User>
<DisplayName>user</DisplayName>
<LegacyDN>/o=organization_name/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=e4c0c18c8f214afbb5152bb08823179d-user</LegacyDN>
<AutoDiscoverSMTPAddress>user@name_domain.test</AutoDiscoverSMTPAddress>
<DeploymentId>d60c71c9-3740-404c-a38c-aa24e6105432</DeploymentId>
</User>
<Account>
<AccountType>email</AccountType>
<Action>settings</Action>
<MicrosoftOnline>False</MicrosoftOnline>
<Protocol>
<Type>EXCH</Type>
<Server>72036b30-a4d4-4b42-9c39-445bd04c23a6@name_domain.test</Server>
<ServerDN>/o=organization_name/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=72036b30-a4d4-4b42-9c39-445bd04c23a6@name_domain.test</ServerDN>
<ServerVersion>73C082C8</ServerVersion>
<MdbDN>/o=organization_name/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=72036b30-a4d4-4b42-9c39-445bd04c23a6@name_domain.test/cn=Microsoft Private MDB</MdbDN>
<PublicFolderServer>webmail.name_domain.test</PublicFolderServer>
<AD>DC2.name_domain.test</AD>
<ASUrl>https://webmail.name_domain.test/EWS/Exchange.asmx</ASUrl>
<EwsUrl>https://webmail.name_domain.test/EWS/Exchange.asmx</EwsUrl>
<EmwsUrl>https://webmail.name_domain.test/EWS/Exchange.asmx</EmwsUrl>
<EcpUrl>https://webmail.name_domain.test/ecp/</EcpUrl>
<EcpUrl-um>?rfr=olk&p=customize/voicemail.aspx&exsvurl=1&realm=name_domain.test</EcpUrl-um>
<EcpUrl-aggr>?rfr=olk&p=personalsettings/EmailSubscriptions.slab&exsvurl=1&realm=name_domain.test</EcpUrl-aggr>
<EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?rfr=olk&exsvurl=1&IsOWA=<IsOWA>&MsgID=<MsgID>&Mbx=<Mbx>&realm=name_domain.test</EcpUrl-mt>
<EcpUrl-ret>?rfr=olk&p=organize/retentionpolicytags.slab&exsvurl=1&realm=name_domain.test</EcpUrl-ret>
<EcpUrl-sms>?rfr=olk&p=sms/textmessaging.slab&exsvurl=1&realm=name_domain.test</EcpUrl-sms>
<EcpUrl-publish>customize/calendarpublishing.slab?rfr=olk&exsvurl=1&FldID=<FldID>&realm=name_domain.test</EcpUrl-publish>
<EcpUrl-photo>PersonalSettings/E.testAccount.aspx?rfr=olk&chgPhoto=1&exsvurl=1&realm=name_domain.test</EcpUrl-photo>
<EcpUrl-tm>?rfr=olk&ftr=TeamMailbox&exsvurl=1&realm=name_domain.test</EcpUrl-tm>
<EcpUrl-tmCreating>?rfr=olk&ftr=TeamMailboxCreating&SPUrl=<SPUrl>&.testle=<.testle>&SPTMAppUrl=<SPTMAppUrl>&exsvurl=1&realm=name_domain.test</EcpUrl-tmCreating>
<EcpUrl-tmE.testing>?rfr=olk&ftr=TeamMailboxE.testing&Id=<Id>&exsvurl=1&realm=name_domain.test</EcpUrl-tmE.testing>
<EcpUrl-extinstall>Extension/InstalledExtensions.slab?rfr=olk&exsvurl=1&realm=name_domain.test</EcpUrl-extinstall>
<OOFUrl>https://webmail.name_domain.test/EWS/Exchange.asmx</OOFUrl>
<UMUrl>https://webmail.name_domain.test/EWS/UM2007Legacy.asmx</UMUrl>
<OABUrl>https://webmail.name_domain.test/OAB/e66d9a4a-6ed2-4512-b72f-522381524dd9/</OABUrl>
<ServerExclusiveConnect>off</ServerExclusiveConnect>
<CertPrincipalName>msstd:webmail.name_domain.test</CertPrincipalName>
</Protocol>
<Protocol>
<Type>EXPR</Type>
<Server>webmail.name_domain.test</Server>
<SSL>On</SSL>
<AuthPackage>Basic</AuthPackage>
<ASUrl>https://webmail.name_domain.test/ews/exchange.asmx</ASUrl>
<EwsUrl>https://webmail.name_domain.test/ews/exchange.asmx</EwsUrl>
<EmwsUrl>https://webmail.name_domain.test/ews/exchange.asmx</EmwsUrl>
<EcpUrl>https://webmail.name_domain.test/ecp/</EcpUrl>
<EcpUrl-um>?rfr=olk&p=customize/voicemail.aspx&exsvurl=1&realm=name_domain.test</EcpUrl-um>
<EcpUrl-aggr>?rfr=olk&p=personalsettings/EmailSubscriptions.slab&exsvurl=1&realm=name_domain.test</EcpUrl-aggr>
<EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?rfr=olk&exsvurl=1&IsOWA=<IsOWA>&MsgID=<MsgID>&Mbx=<Mbx>&realm=name_domain.test</EcpUrl-mt>
<EcpUrl-ret>?rfr=olk&p=organize/retentionpolicytags.slab&exsvurl=1&realm=name_domain.test</EcpUrl-ret>
<EcpUrl-sms>?rfr=olk&p=sms/textmessaging.slab&exsvurl=1&realm=name_domain.test</EcpUrl-sms>
<EcpUrl-publish>customize/calendarpublishing.slab?rfr=olk&exsvurl=1&FldID=<FldID>&realm=name_domain.test</EcpUrl-publish>
<EcpUrl-photo>PersonalSettings/E.testAccount.aspx?rfr=olk&chgPhoto=1&exsvurl=1&realm=name_domain.test</EcpUrl-photo>
<EcpUrl-tm>?rfr=olk&ftr=TeamMailbox&exsvurl=1&realm=name_domain.test</EcpUrl-tm>
<EcpUrl-tmCreating>?rfr=olk&ftr=TeamMailboxCreating&SPUrl=<SPUrl>&.testle=<.testle>&SPTMAppUrl=<SPTMAppUrl>&exsvurl=1&realm=name_domain.test</EcpUrl-tmCreating>
<EcpUrl-tmE.testing>?rfr=olk&ftr=TeamMailboxE.testing&Id=<Id>&exsvurl=1&realm=name_domain.test</EcpUrl-tmE.testing>
<EcpUrl-extinstall>Extension/InstalledExtensions.slab?rfr=olk&exsvurl=1&realm=name_domain.test</EcpUrl-extinstall>
<OOFUrl>https://webmail.name_domain.test/ews/exchange.asmx</OOFUrl>
<UMUrl>https://webmail.name_domain.test/ews/UM2007Legacy.asmx</UMUrl>
<OABUrl>https://webmail.name_domain.test/OAB/e66d9a4a-6ed2-4512-b72f-522381524dd9/</OABUrl>
<ServerExclusiveConnect>on</ServerExclusiveConnect>
<CertPrincipalName>msstd:webmail.name_domain.test</CertPrincipalName>
<EwsPartnerUrl>https://webmail.name_domain.test/ews/exchange.asmx</EwsPartnerUrl>
<GroupingInformation>LAN</GroupingInformation>
</Protocol>
<Protocol>
<Type>WEB</Type>
<Internal>
<OWAUrl AuthenticationMethod="Basic, Fba">https://webmail.name_domain.test/</OWAUrl>
<Protocol>
<Type>EXCH</Type>
<ASUrl>https://webmail.name_domain.test/EWS/Exchange.asmx</ASUrl>
</Protocol>
</Internal>
<External>
<OWAUrl AuthenticationMethod="Basic">https://webmail.name_domain.test/</OWAUrl>
<Protocol>
<Type>EXPR</Type>
<ASUrl>https://webmail.name_domain.test/ews/exchange.asmx</ASUrl>
</Protocol>
</External>
</Protocol>
<Protocol>
<Type>EXHTTP</Type>
<Server>webmail.name_domain.test</Server>
<SSL>On</SSL>
<AuthPackage>Ntlm</AuthPackage>
<ASUrl>https://webmail.name_domain.test/EWS/Exchange.asmx</ASUrl>
<EwsUrl>https://webmail.name_domain.test/EWS/Exchange.asmx</EwsUrl>
<EmwsUrl>https://webmail.name_domain.test/EWS/Exchange.asmx</EmwsUrl>
<EcpUrl>https://webmail.name_domain.test/ecp/</EcpUrl>
<EcpUrl-um>?rfr=olk&p=customize/voicemail.aspx&exsvurl=1&realm=name_domain.test</EcpUrl-um>
<EcpUrl-aggr>?rfr=olk&p=personalsettings/EmailSubscriptions.slab&exsvurl=1&realm=name_domain.test</EcpUrl-aggr>
<EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?rfr=olk&exsvurl=1&IsOWA=<IsOWA>&MsgID=<MsgID>&Mbx=<Mbx>&realm=name_domain.test</EcpUrl-mt>
<EcpUrl-ret>?rfr=olk&p=organize/retentionpolicytags.slab&exsvurl=1&realm=name_domain.test</EcpUrl-ret>
<EcpUrl-sms>?rfr=olk&p=sms/textmessaging.slab&exsvurl=1&realm=name_domain.test</EcpUrl-sms>
<EcpUrl-publish>customize/calendarpublishing.slab?rfr=olk&exsvurl=1&FldID=<FldID>&realm=name_domain.test</EcpUrl-publish>
<EcpUrl-photo>PersonalSettings/E.testAccount.aspx?rfr=olk&chgPhoto=1&exsvurl=1&realm=name_domain.test</EcpUrl-photo>
<EcpUrl-tm>?rfr=olk&ftr=TeamMailbox&exsvurl=1&realm=name_domain.test</EcpUrl-tm>
<EcpUrl-tmCreating>?rfr=olk&ftr=TeamMailboxCreating&SPUrl=<SPUrl>&.testle=<.testle>&SPTMAppUrl=<SPTMAppUrl>&exsvurl=1&realm=name_domain.test</EcpUrl-tmCreating>
<EcpUrl-tmE.testing>?rfr=olk&ftr=TeamMailboxE.testing&Id=<Id>&exsvurl=1&realm=name_domain.test</EcpUrl-tmE.testing>
<EcpUrl-extinstall>Extension/InstalledExtensions.slab?rfr=olk&exsvurl=1&realm=name_domain.test</EcpUrl-extinstall>
<OOFUrl>https://webmail.name_domain.test/EWS/Exchange.asmx</OOFUrl>
<UMUrl>https://webmail.name_domain.test/EWS/UM2007Legacy.asmx</UMUrl>
<OABUrl>https://webmail.name_domain.test/OAB/e66d9a4a-6ed2-4512-b72f-522381524dd9/</OABUrl>
<ServerExclusiveConnect>On</ServerExclusiveConnect>
<CertPrincipalName>msstd:webmail.name_domain.test</CertPrincipalName>
</Protocol>
<Protocol>
<Type>EXHTTP</Type>
<Server>webmail.name_domain.test</Server>
<SSL>On</SSL>
<AuthPackage>Basic</AuthPackage>
<ASUrl>https://webmail.name_domain.test/ews/exchange.asmx</ASUrl>
<EwsUrl>https://webmail.name_domain.test/ews/exchange.asmx</EwsUrl>
<EmwsUrl>https://webmail.name_domain.test/ews/exchange.asmx</EmwsUrl>
<EcpUrl>https://webmail.name_domain.test/ecp/</EcpUrl>
<EcpUrl-um>?rfr=olk&p=customize/voicemail.aspx&exsvurl=1&realm=name_domain.test</EcpUrl-um>
<EcpUrl-aggr>?rfr=olk&p=personalsettings/EmailSubscriptions.slab&exsvurl=1&realm=name_domain.test</EcpUrl-aggr>
<EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?rfr=olk&exsvurl=1&IsOWA=<IsOWA>&MsgID=<MsgID>&Mbx=<Mbx>&realm=name_domain.test</EcpUrl-mt>
<EcpUrl-ret>?rfr=olk&p=organize/retentionpolicytags.slab&exsvurl=1&realm=name_domain.test</EcpUrl-ret>
<EcpUrl-sms>?rfr=olk&p=sms/textmessaging.slab&exsvurl=1&realm=name_domain.test</EcpUrl-sms>
<EcpUrl-publish>customize/calendarpublishing.slab?rfr=olk&exsvurl=1&FldID=<FldID>&realm=name_domain.test</EcpUrl-publish>
<EcpUrl-photo>PersonalSettings/E.testAccount.aspx?rfr=olk&chgPhoto=1&exsvurl=1&realm=name_domain.test</EcpUrl-photo>
<EcpUrl-tm>?rfr=olk&ftr=TeamMailbox&exsvurl=1&realm=name_domain.test</EcpUrl-tm>
<EcpUrl-tmCreating>?rfr=olk&ftr=TeamMailboxCreating&SPUrl=<SPUrl>&.testle=<.testle>&SPTMAppUrl=<SPTMAppUrl>&exsvurl=1&realm=name_domain.test</EcpUrl-tmCreating>
<EcpUrl-tmE.testing>?rfr=olk&ftr=TeamMailboxE.testing&Id=<Id>&exsvurl=1&realm=name_domain.test</EcpUrl-tmE.testing>
<EcpUrl-extinstall>Extension/InstalledExtensions.slab?rfr=olk&exsvurl=1&realm=name_domain.test</EcpUrl-extinstall>
<OOFUrl>https://webmail.name_domain.test/ews/exchange.asmx</OOFUrl>
<UMUrl>https://webmail.name_domain.test/ews/UM2007Legacy.asmx</UMUrl>
<OABUrl>https://webmail.name_domain.test/OAB/e66d9a4a-6ed2-4512-b72f-522381524dd9/</OABUrl>
<ServerExclusiveConnect>On</ServerExclusiveConnect>
<CertPrincipalName>msstd:webmail.name_domain.test</CertPrincipalName>
</Protocol>
</Account>
</Response>
</Autodiscover>
Get-OwaVirtualDirectory | fl name,*auth*,*url*
Name : owa (Default Web Site)
ClientAuthCleanupLevel : High
InternalAuthenticationMethods : {Basic, Fba}
BasicAuthentication : True
WindowsAuthentication : False
DigestAuthentication : False
FormsAuthentication : True
LiveIdAuthentication : False
AdfsAuthentication : False
OAuthAuthentication : False
ExternalAuthenticationMethods : {Basic}
Url : {}
SetPhotoURL :
Exchange2003Url :
FailbackUrl :
InternalUrl : https://webmail.name_domain.test/
ExternalUrl : https://webmail.name_domain.test/Follow the results of the test
Outlook Anywhere (RPC over HTTP).
Has been used an account for which
outlook anywhere works. The account
for which the outlook anywhere does not work is
an administrative account and therefore
can not be used in the test.
Autodiscovery returns the
same result for both mailbox.
I'm testing RPC/HTTP connectivity.
Testing RPC over HTTP has not been exceeded.
Test steps
Microsoft connectivity Analyzer is attempting to test the Autodiscover service for user_test@domain_name.test.
Test the Autodiscover service has not been exceeded.
Test steps
I'm trying to contact the Autodiscover service with each method available.
I was not able to contact the Autodiscover service with no method.
Test steps
I'm trying to test the possible URL for the Autodiscover service https://domain_name.test/AutoDiscover/AutoDiscover.xml
The test of this potential URL for the Autodiscover service has not been exceeded.
Test steps
I'm trying to resolve the host name domain_name. DNS test.
I was able to resolve the host name.
IP addresses are returned: xxx.yyy.zzz.www
I'm testing the TCP port 443 on the host domain_name. tests to check that is open and listening.
The door has been opened properly.
I'm testing the validity of your SSL certificate.
The SSL certificate has not exceeded one or more validation controls.
Test steps
Microsoft connectivity Analyzer is attempting to obtain the SSL certificate from the remote server domain_name. test on port 443.
Microsoft connectivity Analyzer got the remote SSL certificate.
Remote certificate subject: E = it_staff@domain_name.test, CN = * domain_name. test, OU = it staff, O = domain_name, L = city, S = state, C = test issuer: E = it_staff@domain_name.test, CN = * domain_name. test, OU = it staff, O = domain_name,
L = city, S = state, C = test.
I am validating the certificate name.
I could not validate the certificate name.
More info about this issue and how to resove it
The host name domain_name. testing does not match any name found on the certificate and server = it_staff@domain_name.test, CN = * domain_name. test, OU = it staff, O = domain_name, L = city, S = state, C = test.
I'm trying to test the possible URL for the Autodiscover service https://autodiscover.domain_name.test/AutoDiscover/AutoDiscover.xml
The test of this potential URL for the Autodiscover service has not been exceeded.
Test steps
I'm trying to resolve the host name autodiscover. domain_name. DNS test.
I was able to resolve the host name.
IP addresses are returned: xxx.yyy.zzz.kkk
I'm testing the TCP port 443 on the host autodiscover. domain_name. tests to check that is open and listening.
The door has been opened properly.
I'm testing the validity of your SSL certificate.
The SSL certificate has not exceeded one or more validation controls.
Test steps
Microsoft connectivity Analyzer is attempting to obtain the SSL certificate from the remote server autodiscover. domain_name. test on port 443.
Microsoft connectivity Analyzer got the remote SSL certificate.
Other details
Remote certificate subject: CN = webmail. domain_name. test, OU = it staff, O = domain_name, L = city, S = city, C = test issuer: CN = domain_name-DC1-CA, DC = domain_name, DC = test.
I am validating the certificate name.
I validated the certificate name.
Other details
I found the host name autodiscover. domain_name. test in the voice of the alternative name of the certificate object.
Elapsed time: 1 ms.
I am validating the reliability of certificates.
I was not able to validate the reliability of the certificate.
Test steps
Microsoft connectivity Analyzer is attempting to generate certificate chains to a certificate CN = webmail. domain_name. test, OU = it staff, O = domain_name, L = city, S = city, C = test.
I failed to build a certificate chain for the certificate.
Other details
Failed to generate the certificate chain.
May be missing the required intermediate certificates.
I'm trying to contact the Autodiscover service using the HTTP redirect method.
I was not able to contact the Autodiscover service using the HTTP redirect method.
Test steps
I'm trying to resolve the host name autodiscover. domain_name. DNS test.
I was able to resolve the host name.
IP addresses are returned: xxx.yyy.zzz.kkk
I'm testing the TCP port 80 on the host autodiscover. domain_name. tests to check that is open and listening.
The specified port is blocked, is not listening or doesn't produce the expected response.
More info about this issue and how to resove it
I encountered a network error while communicating with the remote host.
I'm trying to
find the
SRV DNS record _audiscover._tcp.domain_name.test.
I failed to find
the SRV record of the
Autodiscover service
in DNS.
Some clarifications:
1 - xxx.yyy.zzz.www and xxx.yyy.zzz.kkk
are two static public addresses
of which only the latter exposes Exchange services;
2 - The certificate
*. Domain_name.test is not related
to Exchange services;
3 -I imported the certificate
of the issuing CA on the standalone test PC to validate the certificate.
3- The port 80 is not open and are not published SRV records.
Best regards. -
Exchange 2010 Autodiscovery & Outlook Anywhere kind of but really not working
This is driving me nuts. We have a single Exchange Server 2010 running (everything is on one box). It works fine internally (all Outlook clients can see and grab the login info from the user login). OWA works from outside, mail delivers nicely. My problems
all seem to stem around some mysterious problem in autodiscover and outlook anywhere.
Our domain is internally like this: mycompany2.com and outside like this: mycompanyllc.com
So the mail server inside looks like server1.mycompany2.com and outside: mail.mycompanyllc.com - from what I can see it's all set up correctly in both.
I've run the connectivity analyzer and apart from a minor certificate warning ('Your certificate may not be trusted on Windows if the "Update Root Certificates" feature isn't enabled) it passes every test on the site for EAS and Outlook Anywhere
(and for good measure I ran everything, all green checks!). Autodiscover works in the test, everything gets found and pointed to the right place.
When I have a user that wants to configure Outlook 2010 or 2013 outside
the org. they start the wizard, type their name, their email, their password. The server or user can't be found and no matter what they do it won't find it. If you go in and manually configure the
internal server name, domain, username you can connect. It just won't set it up automatically. The odd thing is, in the analyzer the autodiscovery XML is found and downloaded fine, all the server name info and detail is displayed.
In Outlook 2013, both Exchange and EAS connection doesn't work even though phones can be set up through EAS (although they require the same kind of manual setup--autodiscover doesn't seem to work even though it keeps telling me everything
is fine).
I'm at wits end, all the tests show it's working, but in the real world the server can't be found. It's right on the DNS servers, it's right in the tests, it responds correctly manually. I'd love users to be able to set up their own mail without a 10 page
printout of all the manual settings. It's all relatively late model hardware, Outlook 2010 or 2013, and a fully patched up to date Exchange 2010 server. Anyone have an idea?
Curt Kessler - FLCWe don't use TMG we use a WatchGuard Firewall and it is configured to allow all traffic to this server (that's why manual works fine with Outlook and OWA).
When I run the get-autodiscovervirtualdirectory it returns my internal server under the Server, and nothing more, so this possibly could be it?? I'm definitely not good at IIS at all, I would need guidance to investigate that further...
This is my EXRCA results, the first fail is because it tests the root of mydomain.com rather than mail.mydomain.com which is a different server. I've replaced some names for security purposes:
The Microsoft Connectivity Analyzer is attempting to test Autodiscover for
[email protected].
Autodiscover was tested successfully.
Test Steps
Attempting each method of contacting the Autodiscover service.
The Autodiscover service was tested successfully.
Test Steps
Attempting to test potential Autodiscover URL https://mydomain.com/AutoDiscover/AutoDiscover.xml
Testing of this potential Autodiscover URL failed.
Test Steps
Attempting to resolve the host name franklinlc.com in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 76.79.142.101
Testing TCP port 443 on host franklinlc.com to ensure it's listening and open.
The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
The SSL certificate failed one or more certificate validation checks.
Test Steps
The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server franklinlc.com on port 443.
The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
Additional Details
Remote Certificate Subject: CN=apps.franklinlc.com, OU=Domain Control Validated, O=apps.franklinlc.com, Issuer: SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale,
S=Arizona, C=US.
Validating the certificate name.
Certificate name validation failed.
<label for="testSelectWizard_ctl12_ctl06_ctl00_ctl00_ctl02_ctl01_tmmArrow">Tell
me more about this issue and how to resolve it</label>
Additional Details
Host name franklinlc.com doesn't match any name found on the server certificate CN=apps.franklinlc.com, OU=Domain Control Validated, O=apps.franklinlc.com.
Attempting to test potential Autodiscover URL https://autodiscover.mydomain.com/AutoDiscover/AutoDiscover.xml
Testing of the Autodiscover URL was successful.
Test Steps
Attempting to resolve the host name autodiscover.mydomain.com in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 76.xx.xx.xx this is the mail server IP address
Testing TCP port 443 on host autodiscover.franklinlc.com to ensure it's listening and open.
The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
The certificate passed all validation requirements.
Test Steps
The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server autodiscover.mydomain.com on port 443.
The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
Additional Details
Remote Certificate Subject: CN=mail.franklinlc.com, OU=Domain Control Validated, O=mail.mydomain.com, Issuer: SERIALNUMBER=xxxxxxxxxxxxx, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale,
S=Arizona, C=US.
Validating the certificate name.
The certificate name was validated successfully.
Additional Details
Host name autodiscover.mydomain.com was found in the Certificate Subject Alternative Name entry.
Testing the certificate date to confirm the certificate is valid.
Date validation passed. The certificate hasn't expired.
Additional Details
The certificate is valid. NotBefore = 9/28/2012 10:20:20 PM, NotAfter = 9/28/2015 10:20:20 PM
Checking the IIS configuration for client certificate authentication.
Client certificate authentication wasn't detected.
Additional Details
Accept/Require Client Certificates isn't configured.
Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
The Microsoft Connectivity Analyzer successfully retrieved Autodiscover settings by sending an Autodiscover POST.
Test Steps
The Microsoft Connectivity Analyzer is attempting to retrieve an XML Autodiscover response from URL https://autodiscover.mydomain.com/AutoDiscover/AutoDiscover.xml for user [email protected].
The Autodiscover XML response was successfully retrieved.
Additional Details
Autodiscover Account Settings
XML response:
<?xml version="1.0"?>
<Autodiscover xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
<Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">
<User>
<DisplayName>Curt Kessler</DisplayName>
<LegacyDN>/o=mydomain/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=Curt Kessler</LegacyDN>
<DeploymentId>14a1e263-943a-4609-865c-ba22802e45aa</DeploymentId>
</User>
<Account>
<AccountType>email</AccountType>
<Action>settings</Action>
<Protocol>
<Type>EXCH</Type>
<Server>FLC5.internaldomainname.com</Server>
<ServerDN>/o=mydomain/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=FLC5</ServerDN>
<ServerVersion>7383807B</ServerVersion>
<MdbDN>/o=mydomain/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=FLC5/cn=Microsoft Private MDB</MdbDN>
<ASUrl>https://mail.mydomain.com/ews/exchange.asmx</ASUrl>
<OOFUrl>https://mail.mydomain.com/ews/exchange.asmx</OOFUrl>
<OABUrl>https://mail.mydomain.com/OAB/9c85c0c4-48f4-4aa8-99b2-f640651b130a/</OABUrl>
<UMUrl>https://mail.mydomain.com/ews/UM2007Legacy.asmx</UMUrl>
<Port>0</Port>
<DirectoryPort>0</DirectoryPort>
<ReferralPort>0</ReferralPort>
<PublicFolderServer>FLC5.internaldomainname.com</PublicFolderServer>
<AD>PRIME.internaldomainname.com</AD>
<EwsUrl>https://mail.mydomain.com/ews/exchange.asmx</EwsUrl>
<EcpUrl>https://flc5.internaldomainname.com/ecp/</EcpUrl>
<EcpUrl-um>?p=customize/voicemail.aspx&exsvurl=1</EcpUrl-um>
<EcpUrl-aggr>?p=personalsettings/EmailSubscriptions.slab&exsvurl=1</EcpUrl-aggr>
<EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?exsvurl=1&IsOWA=<IsOWA>&MsgID=<MsgID>&Mbx=<Mbx></EcpUrl-mt>
<EcpUrl-ret>?p=organize/retentionpolicytags.slab&exsvurl=1</EcpUrl-ret>
<EcpUrl-sms>?p=sms/textmessaging.slab&exsvurl=1</EcpUrl-sms>
</Protocol>
<Protocol>
<Type>EXPR</Type>
<Server>mail.mydomain.com</Server>
<ASUrl>https://mail.mydomain.com/ews/exchange.asmx</ASUrl>
<OOFUrl>https://mail.mydomain.com/ews/exchange.asmx</OOFUrl>
<OABUrl>https://mail.mydomain.com/OAB/9c85c0c4-48f4-4aa8-99b2-f640651b130a/</OABUrl>
<UMUrl>https://mail.mydomain.com/ews/UM2007Legacy.asmx</UMUrl>
<Port>0</Port>
<DirectoryPort>0</DirectoryPort>
<ReferralPort>0</ReferralPort>
<SSL>On</SSL>
<AuthPackage>Ntlm</AuthPackage>
<EwsUrl>https://mail.mydomain.com/ews/exchange.asmx</EwsUrl>
<EcpUrl>https://mail.mydomain.com/ecp/</EcpUrl>
<EcpUrl-um>?p=customize/voicemail.aspx&exsvurl=1</EcpUrl-um>
<EcpUrl-aggr>?p=personalsettings/EmailSubscriptions.slab&exsvurl=1</EcpUrl-aggr>
<EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?exsvurl=1&IsOWA=<IsOWA>&MsgID=<MsgID>&Mbx=<Mbx></EcpUrl-mt>
<EcpUrl-ret>?p=organize/retentionpolicytags.slab&exsvurl=1</EcpUrl-ret>
<EcpUrl-sms>?p=sms/textmessaging.slab&exsvurl=1</EcpUrl-sms>
</Protocol>
<Protocol>
<Type>WEB</Type>
<Port>0</Port>
<DirectoryPort>0</DirectoryPort>
<ReferralPort>0</ReferralPort>
<Internal>
<OWAUrl AuthenticationMethod="Basic, Ntlm, Fba, WindowsIntegrated">https://flc5.internaldomainname.com/owa/</OWAUrl>
<Protocol>
<Type>EXCH</Type>
<ASUrl>https://mail.mydomain.com/ews/exchange.asmx</ASUrl>
</Protocol>
</Internal>
<External>
<OWAUrl AuthenticationMethod="Fba">https://mail.mydomain.com/owa/</OWAUrl>
<Protocol>
<Type>EXPR</Type>
<ASUrl>https://mail.mydomain.com/ews/exchange.asmx</ASUrl>
</Protocol>
</External>
</Protocol>
</Account>
</Response>
</Autodiscover>
I've replaced my public domain with mydomain.com and my internal domain with internaldomainname.com, and hidden the IP, but everything else is the same. The tests all pass
Curt Kessler - FLC
Maybe you are looking for
-
My iPhone 5 won't backup on iCloud
I currently use an iPhone 5 but I've recently purchased an iPhone 6. I've been attempting to set up the iPhone 6, but my first issue was that the software on the 6 wasn't up to date, so I had to set up the phone as 'New' before I could proceed. Havin
-
Is iphone 6 plus display brightness lower compared to iphone 6
My iphone 6 plus display brightness is lower compared to iphone 6 at full brightness is it normal
-
Updates remain on update screen
Updates remain in update page after they are installed. How do I remove them from page?
-
Hi, I have a request to install/configure the kernel extension to allow our BI (7.0, V5R4) system to read an MS SQLSERVER database. I've read a bunch of notes but am still uncertain as to what is required. I know the link does not exist in our exe/ru
-
I have three hotmail accounts all set up with the mail app on my iMac. No problems for the last two years until the last three days! Mail is constantly in 'offline' status (you know the exclamation sign inside a triangle?). I have deleted the account