BIS validation Exchange 2010

Hi All,
Currently I'm using Exchange 2010 and publish OWA using TMG, I also add a path EWS at the TMG listener. Then I want to add a BIS account, when I create it in the office hours till let say 11:00 PM it keep saying validation error.
But strangely if I validate early morning at 3-5 AM it works. My colleague confirm it too when he tried it, almost all the user having the same experience. I tried with different provider too, same issue.
Any ideas ?

Hello ikrisna,
Welcome to the forums.
Have a look at this KB article as I think it will explain what is happening with your account.
KB10536
Microsoft Outlook Web Access integration becomes invalid daily
Hope this helps.
-SR
Come follow your BlackBerry Technical Team on twitter! @BlackBerryHelp
Be sure to click Kudos! for those who have helped you.Click Solution? for posts that have solved your issue(s)!

Similar Messages

BIS and Exchange 2010 with TMG

Dear all,
I stumped into this problem whereby my client has an Exchange 2010 with mixed-mode mobile users of Active Sync and BlackBerry.
They have this [url]https://mail.***.com.my[/url] as their OWA URL and credentials should be entered as:
Username: Domain\Username
Password: Password
This convention is the same irregardless users accessing from OWA or to setup Active Sync or BlackBerry.
Question are:
1. How do I setup BIS account on my BlackBerry? Method I use is log into my telco portal but the credentials I entered does not recognised by the system.
2. Alternatively, I tried to set it direct on my BlackBerry but was prompt the same error as above which is 'Username must be at least 4 characters'.
3. Does naming convention setup same for Active Sync users and BlackBerry users?
Any help would be greatly appreciated.

Hi and Welcome to the Forums!
rizauden wrote:
1. How do I setup BIS account on my BlackBerry? Method I use is log into my telco portal but the credentials I entered does not recognised by the system.
2. Alternatively, I tried to set it direct on my BlackBerry but was prompt the same error as above which is 'Username must be at least 4 characters'.
BIS itself is provided to you by your wireless service provider. With hundreds of different carriers in the world and dozens of different methods each, there's no way to be sure how to guide you with specifics. I suggest you ring them up and talk to them about how to enable BIS on your BB.
rizauden wrote:
3. Does naming convention setup same for Active Sync users and BlackBerry users?
I'm not sure how ActiveSync works, but the configuration instructions for OWA are here:
KB03133How to integrate a Microsoft Outlook Web Access email address with a BlackBerry Internet Service account
And here are some further helpful KBs on the topic:
KB15173Locate the mailbox name for a Microsoft Outlook Web Access 2007 email account
KB02858Unable
to integrate a Microsoft Outlook Web Access or IBM Lotus Domino Web
Access email address with a BlackBerry Internet Service account
KB04804Error message appears when attempting to integrate a Microsoft Outlook Web Access 5.5 or 2010 account
KB18567BlackBerry
Internet Service cannot connect to a Microsoft Outlook Web Access
account using Microsoft Exchange 2007 or Microsoft Exchange 2010
Good luck and let us know!
Occam's Razor nearly always applies when troubleshooting technology issues!
If anyone has been helpful to you, please show your appreciation by clicking the button inside of their post. Please click here and read, along with the threads to which it links, for helpful information to guide you as you proceed. I always recommend that you treat your BlackBerry like any other computing device, including using a regular backup schedule...click here for an article with instructions.
Join our BBM Channels
BSCF General Channel
PIN: C0001B7B4 Display/Scan Bar Code
Knowledge Base Updates
PIN: C0005A9AA Display/Scan Bar Code

Mapi Session limit (EVENT ID 9646), Exchange 2010 fix still valid for exchange 2013?

Hi Guy's,
we run Exchange 2013 + Outlook 2010
as i was investigating an Outlook Sync Error, for a secondary mailbox, i figured out that the Mailbox has more than 500 Folders and that i can see the Evnet ID 9646 (Mapi session exceeded the maximum of 500 objects) on the Exchange Server.
Now i found a fix for Exchange 2010 but not for Ex2013, is the old fix for EX2010 still valid?:
Navigate to HKLM > System > CurrentControlSet > Services > MSExchangeIS > ParametersSystem. Create a new key in ParametersSystem named
MaxObjsPerMapiSession. In MaxObjsPerMapiSession, create a DWORD named
objtFolder with a decimal value of 600. Create a second DWORD named
objtFolderView
anyone an idea on this?
regards
Stefan

OK
i seems that fix is still working and you don't even need to reboot.
Also solved the sync Problems of secondary Mailbox.
regards
Stefan

Exchange 2010 - The certificate status could not be determined because the revocation check failed.

I have tried everything I have found online to get my DigiCert to work.
I have exported the cert and imported it into my child domains and they look perfect.
It is just my parent domain having issues.
netsh winhttp show proxy
does show my correct proxy server for http and https and port 8080
I have tried name, FQDN and IP address.
In the Bypass-list I have tried none, *.domain.com, and a list of all domains and child domains in my forest.
I have flushed the cache
certutil -urlcache crl delete
certutil -urlcache ocsp delete
and rebooted the Exchange 2010 (Windows 2008 R2) server
No matter what, I still see in my Server Configuration for the parent domain's DigiCert cert the message
The certificate status could not be determined because the revocation check failed.
with a red X on the left hand icon. Again, Child domains all say "The certificate is valid for Exchange Server usage."
Note: In spite of having the red X, I was able to assign via EMS the services.
Webmail works fine. Outlook Anywhere fails... I suspect it is due to my red X problem.
Suggestions?
Thanks in Advance
Jim.
Jim.

I have contacted DigiCert and they said the cert is working per their utility, hence the problem is outside the scope of their support.
I have followed, several times, http://support.microsoft.com/kb/979694
http://www.digicert.com/help/ reports all is well.
The DigiCertUtil.exe reports all is well and happy.
I have run
netsh winhttp set proxy proxy-server="http=myproxy:8080;https=myproxy:8080" bypass-list="*.mydomain.com"
Current WinHTTP proxy settings:
Proxy Server(s) : http=myproxy:8080;https=myproxy:8080
Bypass List : *.mydomain.com
I have flushed the cache using the commands
certutil -urlcache crl delete
certutil -urlcache ocsp delete
I still see in my Server Configuration for the parent domain's DigiCert cert the message
"The certificate status could not be determined because the revocation check failed."
with a red X on the left hand certificate icon.
To verify the cert via command line:
certutil -verify -urlfetch c:\mail_domain_com.cer
LoadCert(Cert) returned ASN1 bad tag value met. 0x8009310b (ASN: 267)
CertUtil: -verify command FAILED: 0x8009310b (ASN: 267)
CertUtil: ASN1 bad tag value met.
I suspect this is why I cannot get Outlook Anywhere to connect.
Child domains show a happy certificate icon. Parent domain does not.
Still scratching my head.
Thanks all!
Jim.

Relay issue from Unix across Exchange 2003 OWA server in Exchange 2010 environment

Hi,
I'm trying to resolve an issue. We have one Exchange 2003 server left in our environment. The rest is now Exchange 2010. We are working to decommission this server. Monitoring the SMTP logs, I am working with the various groups to get the traffic
off this server and onto the Exchange 2010 environment.
The issue we are finding is with a work flow. This Java app for eBis sends email to users. This is done correctly through Exchange 2010 and gets delivered from our HUB/CAS servers to the target user mailbox. This email has several links the user must click
for approving or rejecting requests. Upon clicking Approve, a new email window opens (we use Outlook 2010). The TO address is in the format of [email protected] Upon clicking Send, our Exchange 2010 HUB/CAS servers accept the
email, because one of our send connectors has, as address space, *.domain.corp. However, the email address being used it not an alias on any Exchange 2010 mailbox, so it appears Exchange 2010 is sending this email on to the Exchange 2003 server, which
also is an SMTP server. I *think* this server is looking at the address after @ to determine where to send it (ebisserver.domain.corp, which is valid in our DNS), and sends it on to that server, where the java "listener" program intercepts
the mail, processes it and then saves it to a file somewhere.
We are at a loss as to how to get Exchange 2010 to do this instead of Exchange 2003... once this traffic is eliminted from Exchange 2003, I can proceed with decommission of this server. Any help troubleshooting this issue is appreciated.

The only reason the Exchange 2010 server would route outbound mail through an Exchange 2003 server is that you have an SMTP Connector defined on the Exchange 2003 server that has a more specific domain than you have on the Exchange 2010 server. You
should be able to see all your Send Connectors (an SMTP Connector on Exchange 2003 looks like a Send Connector in Exchange 2010) by running Get-SendConnector.
Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

Outlook 2013 client, not in domain, can't connect to the Exchange 2010 server

Good Aftermoon,
Having issues it seems getting to the right forum but here is what I have. Currently we are running an Exchange 2010 server. OWA is configured and I am not having any issues with people connecting through it. The issue I am having is that any user that tries
to connect through Outlook 2013 gets an error message about the proxy server and then a certificate error. I have run the tests through the toolbox and get the following results.
Attempting to test potential Autodiscover URL https://autodiscover.westmoreland-county.org:443/Autodiscover/Autodiscover.xml
Testing of this potential Autodiscover URL failed.
Additional Details
Elapsed Time: 694 ms.
Test Steps
Attempting to resolve the host name autodiscover.westmoreland-county.org in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 69.89.25.150
Elapsed Time: 284 ms.
Testing TCP port 443 on host autodiscover.westmoreland-county.org to ensure it's listening and open.
The port was opened successfully.
Additional Details
Elapsed Time: 164 ms.
Testing the SSL certificate to make sure it's valid.
The SSL certificate failed one or more certificate validation checks.
Additional Details
Elapsed Time: 245 ms.
Test Steps
The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server autodiscover.westmoreland-county.org on port 443.
The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
Additional Details
Remote Certificate Subject: CN=*.bluehost.com, OU=PositiveSSL Wildcard, OU=Domain Control Validated, Issuer: CN=PositiveSSL CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB.
Elapsed Time: 201 ms.
Validating the certificate name.
Certificate name validation failed.
<label for="testSelectWizard_ctl12_ctl06_ctl00_ctl00_ctl01_ctl02_ctl01_tmmArrow">Tell
me more about this issue and how to resolve it</label>
Additional Details
Host name autodiscover.westmoreland-county.org doesn't match any name found on the server certificate CN=*.bluehost.com, OU=PositiveSSL Wildcard, OU=Domain Control Validated.
Elapsed Time: 1 ms.
Attempting to contact the Autodiscover service using the HTTP redirect method.
The attempt to contact Autodiscover using the HTTP Redirect method failed.
Additional Details
Elapsed Time: 234 ms.
Test Steps
Attempting to resolve the host name autodiscover.westmoreland-county.org in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 69.89.25.150
Elapsed Time: 14 ms.
Testing TCP port 80 on host autodiscover.westmoreland-county.org to ensure it's listening and open.
The port was opened successfully.
Additional Details
Elapsed Time: 83 ms.
The Microsoft Connectivity Analyzer is checking the host autodiscover.westmoreland-county.org for an HTTP redirect to the Autodiscover service.
The Microsoft Connectivity Analyzer failed to get an HTTP redirect response for Autodiscover.
Additional Details
The URL specified in the location HTTP header was not HTTPS. URL: http://autodiscover.bluehost.com/Autodiscover/Autodiscover.xml
HTTP Response Headers:
Keep-Alive: timeout=10, max=500
Connection: Keep-Alive
Content-Length: 356
Content-Type: text/html; charset=iso-8859-1
Date: Wed, 03 Dec 2014 18:10:08 GMT
Location: http://autodiscover.bluehost.com/Autodiscover/Autodiscover.xml
Server: Apache
Elapsed Time: 135 ms.
Our setup currently our domain is being hosted and the web master has control of domain settings.
I am fairly new to the Excchange Server world so any suggestions that you may have as to how I can resolve this would be great.
Bill

Hi Bill
Thank you for your pos.
You can use the following command to check whether you have purchased the certificate of audiscovery.westmoreload-country.org in your organization:
Get-ExchangeCertificate –server CASServerName | fl
For example: you want to return all certificates stored on the Client Access server named ClientAccess01, you will type the follow command in EMS.
Get-ExchangeCertificate -Server ClientAccess01 | fl
If you didn’t purchased the certificate of audiscovery.westmoreload-country.org, you could contact your certificate supplier.
You could refer to the following link:
https://support.microsoft.com/kb/940726?wa=wsignin1.0
If there are any questions regarding this issue, please be free to let me know.
Best regard,
Jim

No Free/Busy Information for Exchange 2010 users in Outlook 2010 client, 2010 OWA shows this information fine

I have looked for hours and hours on Google and this web site for this type of issue and nothing seems to help.
Problem:
On my new Windows 2008 R2 /Exchange 2010 server with IIS7 installed, I can use Outlook 2010 client to login and send and receive e-mail but when I try to busy search internal Exchange users I get no information (cross-hatch), but the sender of the Meeting Request
can see their own free/busy information fine. And OWA users can see free/busy information fine, as can Outlook 2003 client users against this Exchange 2010 server when logged in.
I don't know if I have a certificate problem with regard to IIS7 or Exchange 2010, I did not create my own certificate , it is just what was installed by default when I installed and configured Win2K8 server, IIS7 and Exchange.
On the Windows 7 workstations with Outlook 2010 client, I am not logging into the Exchange 2010 server DNS domain, if that makes any difference. On these workstations I can ping "autodiscover.my.exchange.server.com" and my.exchange.server.com
with no problem. I even used this Microsoft KB to install a new _autodiscover dns entry, but it did not help :
When I turn on logging on my Outlook 2010 client, I see this in my C:\Users\Administrator\AppData\Local\Temp\1\outlook logging\20131208-135658864-fb.log :
2013/12/08 13:56:58.864: Getting ASURL
2013/12/08 13:56:58.864: URL returned from cached autodiscover: blah blah
2013/12/08 13:56:58.864: Request to URL:
2013/12/08 13:56:58.864: Request action:
2013/12/08 13:56:58.864: Request XML: <?xml version="1.0"?>
2013/12/08 13:56:59.051: Request sent
2013/12/08 13:56:59.051: Response error code: 00000000
2013/12/08 13:56:59.051: HTTP status code: 0
2013/12/08 13:56:59.051: -------------------------------
2013/12/08 13:56:59.051: There is an error in request/response.
2013/12/08 13:56:59.051: XML response:
2013/12/08 13:56:59.051: -------------------------------
2013/12/08 13:56:59.051: Getting ASURL
2013/12/08 13:56:59.644: Failed to get ASURL. Error 8004010F
At an Exchange shell console I enter this command and get these results :
Exchnage Management Shell :
VERBOSE: Connecting to BPExchange2010.my.exchange.server.com
VERBOSE: Connected to BPExchange2010.my.exchange.server.com.
[PS] C:\Windows\system32>Test-OutlookWebServices -id:[email protected] -TargetAddress:[email protected]
ll.com
RunspaceId : c929eacd-d53c-49d7-8532-c4b74e61b8be
Id : 1019
Type : Information
Message : A valid Autodiscover service connection point was found. The Autodiscover URL on this object is
Type : Success
Message : [Server] Successfully contacted the UM service at https://bpexchange2010.my.exchange.server.com/ews/exchan
ge.asmx. The elapsed time was 234 milliseconds.
[PS] C:\Windows\system32>
** Also frequently when I log into Outlook 2010 client and start to send a meeting request , I get the Security Alert dialog :
autodiscover.my.exchange.server.com
Information you exchange with this site cannot be viewed or changed by others. However, there is a problem with the site's security certificate.
Green Check Mark : The security cerficate is from a trusted certifying authority
Green Check Mark: The security certificate date is valid
Red X : The name on the security certificate is invalid or does not match the name of the site.
Do you want to proceed ? . I either import the certificate or click YES, but does not help this issue.
NOTE: Each user that shows as NO INFORMATION cross-hatch, these users have appointments and have logged into outlook before.
When I do this autodiscover url from a Windows 7 pc with outlook 2010 I get :
This XML file does not appear to have any style information associated with it. The document tree is shown below.
<Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
<Response>
<Error Time="14:47:01.5656198" Id="401440650">
<ErrorCode>600</ErrorCode>
<Message>Invalid Request</Message>
<DebugData/>
</Error>
</Response>
</Autodiscover>
Can anyone assist ? What am I missing ?
Thank You
NOTE: When will this go away. I had to strip out a lot of helpful information to post this. "Body text cannot contain images or links until we are able to verify your account."

Hi,
How many users encounter this issue, all users with Outlook 2010 or some specific users?
According to your post, the Error code 600 indicates that your Autodiscover service is working well. as for the certificate mismatch issue, we can also following the KB below to resolve it:
http://support.microsoft.com/kb/940726/en-us
The Free/Busy information in Exchange 2010 is using the Availability service to
retrieve it. Please directly access
https://mail.mydomain.ae/EWS/Exchange.asmx in IE and see whether a proper XML file is returned.
Or we can go to
https://testexchangeconnectivity.com and check MS Exchange Web Services Connectivity Tests.
Thanks,
Winnie Liang
TechNet Community Support

Palm Pre will not sync with EAS on Exchange 2010

I looked through the large EAS thread with the error "Unable to validate incoming server settings." Tried all of these issues and none have worked for me.
Exchange version is Exchange 2010 running on Server 2008 R2; Tried without domain and it gives me "bad username and or password". Tried with domain/username and it gives original error. All Windows Mobile phones sync no problem and certificate is current and valid for server. I have installed the certificate on the phone manually as well.
Passes all exchange connectivity tests from Microsoft as well.
Please help!!!

make sure there's a https:// in the server name

Cannot connect my exchange 2010 from outlook outside of my LAN

I have problem connecting to my exchange 2010 server from outside of my LAN.
I have configured Outlook Anywhere and its working.
After i enter all the details it is asking again for password and once i entered the password i receive the error "The action cannot be completed. The Connection to Microsoft Exchange is unavailable etc ... "
Kindly suggest

Hi Angela,
Thanks for the support, kindly check the requested.
[PS] C:\Windows\system32>Get-ExchangeCertificate |fl
AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAccessR
ule}
CertificateDomains : {autodiscover.mydomain.com, mydomain.com}
HasPrivateKey : True
IsSelfSigned : False
Issuer : CN=StartCom Class 1 Primary Intermediate Server CA, OU=Secure Digital Certificate Signing, O=Start
Com Ltd., C=IL
NotAfter : 2/25/2015 3:41:54 AM
NotBefore : 2/24/2014 9:47:31 AM
PublicKeySize : 2048
RootCAType : ThirdParty
SerialNumber : 0EB79F
Services : IIS
Status : Valid
Subject : [email protected], CN=autodiscover.mydomain.com, C=KW, Description=vlkZ61QVKE36hUW5
Thumbprint : 2687AAECFD7C53DA14DDEB421D547B42A33E67BA
AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAccessR
ule}
CertificateDomains : {*.mydomain.com}
HasPrivateKey : True
IsSelfSigned : True
Issuer : C=KW, S=Kuwait, L=Kuwait, O=mydomain.com, OU=IT, CN=*.mydomain.com
NotAfter : 2/11/2015 3:58:45 PM
NotBefore : 2/11/2014 3:38:45 PM
PublicKeySize : 2048
RootCAType : None
SerialNumber : 6DFCB427D57AE58746B5DF8B070E6455
Services : None
Status : Valid
Subject : C=KW, S=Kuwait, L=Kuwait, O=mydomain.com, OU=IT, CN=*.mydomain.com
Thumbprint : 4A90303EBFA71BB73928E9BFB9FD5D129EEC9270
AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAccessR
ule, System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAcc
essRule}
CertificateDomains : {exchange, exchange.mydomain.com}
HasPrivateKey : True
IsSelfSigned : True
Issuer : CN=exchange
NotAfter : 2/11/2019 6:30:52 AM
NotBefore : 2/11/2014 6:30:52 AM
PublicKeySize : 2048
RootCAType : None
SerialNumber : 7BBA32A69E5DC2B2404406700225B006
Services : IMAP, POP, SMTP
Status : Valid
Subject : CN=exchange
Thumbprint : 565B3D127A98DB2D25FAE71864E58B427F17FC3C
AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAccessR
ule, System.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {WMSvc-EXCHANGE}
HasPrivateKey : True
IsSelfSigned : True
Issuer : CN=WMSvc-EXCHANGE
NotAfter : 2/8/2024 3:44:28 PM
NotBefore : 2/10/2014 3:44:28 PM
PublicKeySize : 2048
RootCAType : Registry
SerialNumber : 168EC4DED2C01B874C8BD6F16E231229
Services : None
Status : Valid
Subject : CN=WMSvc-EXCHANGE
Thumbprint : 736EF13159F0F851EFCC20709C00AE60D5A54C94
Thanks

Exchange 2007 to Exchange 2010 Cross Forest

Hi
We have a scenario where we have an Exchange 2007 organization (Org A - Source) and a separate Exchange 2010 organization (Org B - Target). Both the organizations (AD Forests) have two way trusts between them.
We want to have our Exchange 2007 users have their mailboxes hosted on Exchange 2010 organization. Meaning that the user (AD) accounts of Org A will remain in Forest A but there mailboxes will be available on Exchange 2010 servers in Org B. So we don’t need
a user / group migration stuff here and mailbox data on Exchange 2007 servers is also not critical (not required to be migrated) so we will be creating new disabled accounts and mailboxes in Org B for each user in Org A and connect the mailboxes. There will
be a brief period of co-existence between two Orgs (to enable mail-flow) until all the users have their mailboxes active in Org B. Need to figure out a way to achieve this.
We are planning to follow the steps below:
Setup name resolution between the forests (although basic connectivity is there and we can ping servers in one forest using IP Addresses from other forest) –
Please suggest if this is necessary or we can get away with it?
Setup SMTP namespace sharing for Exchange 2007 SMTP Domain name
Add Exchange 2007 SMTP domain as authoritative domain to E2K10
Create EAP for new SMTP Domain
SMTP Connector Creation for Direct E-mail Routing (Co-exist) Between Forests
Create disabled Mail Enabled (not Mailbox Enabled) User or Mail Enabled Contact in Org B.
Can we use Prepare-MoveRequest.ps1 script to create these?
Once a mail enabled user / contact is created in Org B for all the users, change incoming traffic from Internet for Org A SMTP domain to hit HT server in Org B
Make changes to Exchange 2010 certificate and install new certificate
Select a batch of users every day, create new mailbox for them using scripts in Org B and delete the corresponding contact in Org B
Can someone please confirm if this is correct and point out something I am missing?
Is there any other way to achieve the same goal?
Thanks
Taranjeet Singh
zamn

Hi Everyone
Thanks for the inputs so far. I need to confirm some steps to establish direct email flow unless all the mailboxes are created in target organization, can somebody have a look at the steps below and confirm if they are correct or add something that
I missed here:
Setup source Exchange organization:
a) Add unique SMTP domain for source organization, like @source.local. This domain will be added to all mail enabled objects in this organization and will be used for internal routing only
     i) Add to Accepted Domains list
     ii) Create EAP to add domain to existing objects
b) Use manual means to stamp SMTP domain to objects in source organization on objects that don’t have EmailAddressPolicyEnabled set to False
c) Create Send Connector to target forest. The target domain should also have a unique e-mail address, like @target.company.com (in our case 19 SMTP domains including JUBL.COM)
     i) Include the valid SMTP domains and the unique one for internal routing
         (source.local)
     ii) Point to a smart host in the target forest
d) Set existing SMTP domain (JubilantRetail.com) as “Internal Relay Domain”. The target Exchange org will be authoritative for this domain
Setup target Exchange organization
a) Create Send Connector to unique SMTP domain in source forest. Includes shared name space (source.local) and @JubilantRetail.com
b) Set Default receiver connector, being used by source forest, to allow anonymous connections
c) Add shared SMTP domain (source.local) to Accepted Domains list as authoritative
d) Create EAPs to replicate the SMTP domains (e:g JubilantRetail.com and source.local) in the source environment
Thanks
Taranjeet Singh
zamn

Exchange 2010 Autodiscovery & Outlook Anywhere kind of but really not working

This is driving me nuts. We have a single Exchange Server 2010 running (everything is on one box). It works fine internally (all Outlook clients can see and grab the login info from the user login). OWA works from outside, mail delivers nicely. My problems
all seem to stem around some mysterious problem in autodiscover and outlook anywhere.
Our domain is internally like this: mycompany2.com and outside like this: mycompanyllc.com
So the mail server inside looks like server1.mycompany2.com and outside: mail.mycompanyllc.com - from what I can see it's all set up correctly in both.
I've run the connectivity analyzer and apart from a minor certificate warning ('Your certificate may not be trusted on Windows if the "Update Root Certificates" feature isn't enabled) it passes every test on the site for EAS and Outlook Anywhere
(and for good measure I ran everything, all green checks!). Autodiscover works in the test, everything gets found and pointed to the right place.
When I have a user that wants to configure Outlook 2010 or 2013 outside
the org. they start the wizard, type their name, their email, their password. The server or user can't be found and no matter what they do it won't find it. If you go in and manually configure the
internal server name, domain, username you can connect. It just won't set it up automatically. The odd thing is, in the analyzer the autodiscovery XML is found and downloaded fine, all the server name info and detail is displayed.
In Outlook 2013, both Exchange and EAS connection doesn't work even though phones can be set up through EAS (although they require the same kind of manual setup--autodiscover doesn't seem to work even though it keeps telling me everything
is fine).
I'm at wits end, all the tests show it's working, but in the real world the server can't be found. It's right on the DNS servers, it's right in the tests, it responds correctly manually. I'd love users to be able to set up their own mail without a 10 page
printout of all the manual settings. It's all relatively late model hardware, Outlook 2010 or 2013, and a fully patched up to date Exchange 2010 server. Anyone have an idea?
Curt Kessler - FLC

We don't use TMG we use a WatchGuard Firewall and it is configured to allow all traffic to this server (that's why manual works fine with Outlook and OWA).
When I run the get-autodiscovervirtualdirectory it returns my internal server under the Server, and nothing more, so this possibly could be it?? I'm definitely not good at IIS at all, I would need guidance to investigate that further...
This is my EXRCA results, the first fail is because it tests the root of mydomain.com rather than mail.mydomain.com which is a different server. I've replaced some names for security purposes:
The Microsoft Connectivity Analyzer is attempting to test Autodiscover for
[email protected].
Autodiscover was tested successfully.
Test Steps
Attempting each method of contacting the Autodiscover service.
The Autodiscover service was tested successfully.
Test Steps
Attempting to test potential Autodiscover URL https://mydomain.com/AutoDiscover/AutoDiscover.xml
Testing of this potential Autodiscover URL failed.
Test Steps
Attempting to resolve the host name franklinlc.com in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 76.79.142.101
Testing TCP port 443 on host franklinlc.com to ensure it's listening and open.
The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
The SSL certificate failed one or more certificate validation checks.
Test Steps
The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server franklinlc.com on port 443.
The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
Additional Details
Remote Certificate Subject: CN=apps.franklinlc.com, OU=Domain Control Validated, O=apps.franklinlc.com, Issuer: SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale,
S=Arizona, C=US.
Validating the certificate name.
Certificate name validation failed.
<label for="testSelectWizard_ctl12_ctl06_ctl00_ctl00_ctl02_ctl01_tmmArrow">Tell
me more about this issue and how to resolve it</label>
Additional Details
Host name franklinlc.com doesn't match any name found on the server certificate CN=apps.franklinlc.com, OU=Domain Control Validated, O=apps.franklinlc.com.
Attempting to test potential Autodiscover URL https://autodiscover.mydomain.com/AutoDiscover/AutoDiscover.xml
Testing of the Autodiscover URL was successful.
Test Steps
Attempting to resolve the host name autodiscover.mydomain.com in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 76.xx.xx.xx this is the mail server IP address
Testing TCP port 443 on host autodiscover.franklinlc.com to ensure it's listening and open.
The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
The certificate passed all validation requirements.
Test Steps
The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server autodiscover.mydomain.com on port 443.
The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
Additional Details
Remote Certificate Subject: CN=mail.franklinlc.com, OU=Domain Control Validated, O=mail.mydomain.com, Issuer: SERIALNUMBER=xxxxxxxxxxxxx, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale,
S=Arizona, C=US.
Validating the certificate name.
The certificate name was validated successfully.
Additional Details
Host name autodiscover.mydomain.com was found in the Certificate Subject Alternative Name entry.
Testing the certificate date to confirm the certificate is valid.
Date validation passed. The certificate hasn't expired.
Additional Details
The certificate is valid. NotBefore = 9/28/2012 10:20:20 PM, NotAfter = 9/28/2015 10:20:20 PM
Checking the IIS configuration for client certificate authentication.
Client certificate authentication wasn't detected.
Additional Details
Accept/Require Client Certificates isn't configured.
Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
The Microsoft Connectivity Analyzer successfully retrieved Autodiscover settings by sending an Autodiscover POST.
Test Steps
The Microsoft Connectivity Analyzer is attempting to retrieve an XML Autodiscover response from URL https://autodiscover.mydomain.com/AutoDiscover/AutoDiscover.xml for user [email protected].
The Autodiscover XML response was successfully retrieved.
Additional Details
Autodiscover Account Settings
XML response:
<?xml version="1.0"?>
<Autodiscover xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
<Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">
    <User>
      <DisplayName>Curt Kessler</DisplayName>
      <LegacyDN>/o=mydomain/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=Curt Kessler</LegacyDN>
      <DeploymentId>14a1e263-943a-4609-865c-ba22802e45aa</DeploymentId>
    </User>
    <Account>
      <AccountType>email</AccountType>
      <Action>settings</Action>
      <Protocol>
        <Type>EXCH</Type>
        <Server>FLC5.internaldomainname.com</Server>
        <ServerDN>/o=mydomain/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=FLC5</ServerDN>
        <ServerVersion>7383807B</ServerVersion>
        <MdbDN>/o=mydomain/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=FLC5/cn=Microsoft Private MDB</MdbDN>
        <ASUrl>https://mail.mydomain.com/ews/exchange.asmx</ASUrl>
        <OOFUrl>https://mail.mydomain.com/ews/exchange.asmx</OOFUrl>
        <OABUrl>https://mail.mydomain.com/OAB/9c85c0c4-48f4-4aa8-99b2-f640651b130a/</OABUrl>
        <UMUrl>https://mail.mydomain.com/ews/UM2007Legacy.asmx</UMUrl>
        <Port>0</Port>
        <DirectoryPort>0</DirectoryPort>
        <ReferralPort>0</ReferralPort>
        <PublicFolderServer>FLC5.internaldomainname.com</PublicFolderServer>
        <AD>PRIME.internaldomainname.com</AD>
        <EwsUrl>https://mail.mydomain.com/ews/exchange.asmx</EwsUrl>
        <EcpUrl>https://flc5.internaldomainname.com/ecp/</EcpUrl>
        <EcpUrl-um>?p=customize/voicemail.aspx&exsvurl=1</EcpUrl-um>
        <EcpUrl-aggr>?p=personalsettings/EmailSubscriptions.slab&exsvurl=1</EcpUrl-aggr>
        <EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?exsvurl=1&IsOWA=<IsOWA>&MsgID=<MsgID>&Mbx=<Mbx></EcpUrl-mt>
        <EcpUrl-ret>?p=organize/retentionpolicytags.slab&exsvurl=1</EcpUrl-ret>
        <EcpUrl-sms>?p=sms/textmessaging.slab&exsvurl=1</EcpUrl-sms>
      </Protocol>
      <Protocol>
        <Type>EXPR</Type>
        <Server>mail.mydomain.com</Server>
        <ASUrl>https://mail.mydomain.com/ews/exchange.asmx</ASUrl>
        <OOFUrl>https://mail.mydomain.com/ews/exchange.asmx</OOFUrl>
        <OABUrl>https://mail.mydomain.com/OAB/9c85c0c4-48f4-4aa8-99b2-f640651b130a/</OABUrl>
        <UMUrl>https://mail.mydomain.com/ews/UM2007Legacy.asmx</UMUrl>
        <Port>0</Port>
        <DirectoryPort>0</DirectoryPort>
        <ReferralPort>0</ReferralPort>
        <SSL>On</SSL>
        <AuthPackage>Ntlm</AuthPackage>
        <EwsUrl>https://mail.mydomain.com/ews/exchange.asmx</EwsUrl>
        <EcpUrl>https://mail.mydomain.com/ecp/</EcpUrl>
        <EcpUrl-um>?p=customize/voicemail.aspx&exsvurl=1</EcpUrl-um>
        <EcpUrl-aggr>?p=personalsettings/EmailSubscriptions.slab&exsvurl=1</EcpUrl-aggr>
        <EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?exsvurl=1&IsOWA=<IsOWA>&MsgID=<MsgID>&Mbx=<Mbx></EcpUrl-mt>
        <EcpUrl-ret>?p=organize/retentionpolicytags.slab&exsvurl=1</EcpUrl-ret>
        <EcpUrl-sms>?p=sms/textmessaging.slab&exsvurl=1</EcpUrl-sms>
      </Protocol>
      <Protocol>
        <Type>WEB</Type>
        <Port>0</Port>
        <DirectoryPort>0</DirectoryPort>
        <ReferralPort>0</ReferralPort>
        <Internal>
          <OWAUrl AuthenticationMethod="Basic, Ntlm, Fba, WindowsIntegrated">https://flc5.internaldomainname.com/owa/</OWAUrl>
          <Protocol>
            <Type>EXCH</Type>
            <ASUrl>https://mail.mydomain.com/ews/exchange.asmx</ASUrl>
          </Protocol>
        </Internal>
        <External>
          <OWAUrl AuthenticationMethod="Fba">https://mail.mydomain.com/owa/</OWAUrl>
          <Protocol>
            <Type>EXPR</Type>
            <ASUrl>https://mail.mydomain.com/ews/exchange.asmx</ASUrl>
          </Protocol>
        </External>
      </Protocol>
    </Account>
</Response>
</Autodiscover>
I've replaced my public domain with mydomain.com and my internal domain with internaldomainname.com, and hidden the IP, but everything else is the same. The tests all pass
Curt Kessler - FLC

Exchange 2010 to Exchange Online migration Error

Hello,
I am in the middle of an Exchange 2010 to Office 365 cutover migration and i keep getting errors when trying to create a migration endpoint on Office 365 hence the migration can't progress.
I have sucessfully completed step one which is to verify the on premises domain and the Office 365 domain but it seems i am stucked on connecting with Outlook Anywhere using each available method on Microsoft Remote Connectivity Analyzer.
The first error message that i am getting when connecting through Microsoft Remote Connectivity Analyzer is that the
"The certificate chain could not be built. You may be missing required intermediate certificate". On a side note, this works on internal LAN and Outlook clients are able to connect using autodiscover.
The second error message i get, is when trying to connect using "Test-MigrationServerAvailability -ExchangeOutlookAnywhere -Autodiscover -EmailAddress <email address for on-premises administrator> -Credentials $credentials"
on a Exchange Online Powershell session i am getting:
"The migration service failed to detect the migration endpoint using the Autodiscover service."
I just can't understand why the Autodiscover tests won't pass. I am aware that Microsoft Remote Connectivity Analyzer would show error because it misses the root certificate but what should i do in order to have it running properly?
Please note that i am using an internal CA-Server which is the Exchange Server it self so i have self signed certificates.
I wonder, am i missing the big picture here?
For the migration endpoint/batch to work, is it mandatory to have a valid certificate or to be able to use autodiscover?
Thanks.

You need valid publicly trusted certificate to create the migration endpoint. You can get one for free from sites like startssl or comodo.

Case of the Missing User Exchange 2003 - Exchange 2010 Migration issue

Hey All,
I am in the middle migrating from Exchange 2003 to Exchange 2013 by way of Exchange 2010 and going through the final parts of my Exchange 2010 portion of the migration I found that one of the users on Exchange 2003 is not showing up in the EMC to migrate.
In EPS I can find the user with Get-User username but I cannot get the mailbox or kick off the mailbox move from EPS giving me the error of "Object could not be found" It is a valid user with a valid user mailbox and I can log into the
mailbox in OWA for Exchange 2003. Any thoughts as to why the user's mailbox is not showing in EMC or that I can't get it to move via PS?
Thanks,
Joe

Hello,
Come back and mark the replies as answers if they help and unmark them if they provide no help.
I'm marking the reply as answer as there has been no update for a couple of days.
If you come back to find it doesn't work for you, please reply to us and unmark the answer.
Cara Chen
TechNet Community Support

Scan to Email from VPN sites not working on Exchange 2010

Hi,
       I have Exchange 2010 SP1 with HCAS array installed in the organization. We have site offices connected through site to site VPN. All our outlook clients are working fine in the sites. We have MFP printers in both Head
office and site offices. HO scanners are working fine for Scan to email (Internal recepients), but site offices scanners are able to send the email without any attachment. We have tried creating new receive connectors for the scanner with anonymous authentication,
but still attachments were not receiving. Log found in the printer as shown below.
1 page(s)
Document Size:A4
Subject:Scanned File from SS AUH Printer
E-mail Destination(s)
to: [email protected] (Success)
E-mail processed by the Device
File format: pdf (color)
File Size:0
I have configured Valid mailbox as the SMTP authentication and from Address for the scanner and the User received the following delivery failure report
******* HP Digital Sending: Delivery Error *****
The following job has not been delivered. Please retry sending the job. If the problem continues contact your network administrator.
----- Transcript/error-code of session follows -----
0/33 (0X21)
Kindly advice.
Regards,
Emthias
With Regards, Emthias Abdulsalam

Hi
   >>HO scanners are working fine for Scan to email (Internal recepients), but site offices scanners are able to send the email without any attachment. We have tried creating new receive connectors for the scanner with
anonymous authentication, but still attachments were not receiving.
    I have question about these sentences. If I misunderstand your saying, please correct me.
    1. Have scanners function to send email to exchange system?
        Did you test it before?
Do you try to send email to another account like (windows live,yahoo)?
    2. According to your error log, it seems to be network configuration problem.
        Do you modify network configuration of scanner?
    3. Can you check transport rule of your server?
You can read this
article. Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Exchange 2010 Autodiscocer for non-domain computers.

Hello. I have problems with autodiscover for non -domain computers. Somebody can explain me in turn what i must do for configuration.

Hi,
For your Non-domain joined clients, the Outlook would connect to Exchange mailbox from the Internet. We need to enable Outlook Anywhere for your external users:
Enable-OutlookAnywhere -Server:Exch10 -ExternalHostname:mail.contoso.com
-ClientAuthenticationMethod:Ntlm -SSLOffloading:$true
For autodiscover service, when Outlook is started on a client that is not domain-connected, it first tries to locate the Autodiscover service by looking up the SCP object in Active Directory. Because the client is unable to contact Active
Directory, it tries to locate the Autodiscover service by using Domain Name System (DNS). In this scenario, the client will determine the right side of the user’s email address, that is, contoso.com, and check DNS by using two predefined URLs. For example,
if your email address is [email protected], Outlook will try the following two URLs to try to connect to the Autodiscover service:
https://contoso.com/autodiscover/autodiscover.xml
https://autodiscover.contoso.com/autodiscover/autodiscover.xml
For more information about autodiscover service in Exchange 2010, please refer to:
http://technet.microsoft.com/en-us/library/jj591328(v=exchg.141).aspx
Therefore, you don’t need to change any configuration for Autodiscover. Just make sure your Exchange certificate which is assigned with IIS service has included aotodiscover.contoso.com name and the certificate is valid and trusted for external
user using. If not, please create a new SRV record for your autodiscover service and pointed to
mail.contoso.com. For more information about SRV record of autodiscover, please click:
http://support.microsoft.com/kb/940881
Regards,
Winnie Liang
TechNet Community Support

BIS validation Exchange 2010

Similar Messages

Maybe you are looking for