Change Outlook Anywhere Authentication
Hello experts,
We have an Exchange 2010 environment and all clients are connecting using Outlook Anywhere. By All I mean all clients inside the network, outside the network, domain joined, so all.
Following is the Authentication settings on Outlook Anywhere.
ClientAuthenticationMethod : Basic
IISAuthenticationMethods : {Basic}
I want to change all users to use NTLM, so no more password prompts. I want to reduce the impact because we have more than 10k clients. Based on my understanding, I am planning below approach. Any suggestion will be appreciated.
1. Change the IISAuthenticationMethods to have both Basic & NTLM using set-outlookanywhere command. This will allow clients to use both Basic & NTLM and we can do tests from all locations if its working without any issue.
2. Chang the ClientAuthenticationMethod to NTLM, so Autodiscover will update all existing and new clients to use NTLM.
3. Modify any GPO if in place to change the Outlook authentication to NTLM.
Anything else which need to be taken care of. Many thanks for any suggestions in advance.
-V
-V
Hi,
To make Outlook client use NTLM authentication, I recommend you use the command set-outlookanywhere to change the authentication method. Because the Outlook Anywhere configuration in the Outlook client side will be updated by Autodiscover service every time
we open Outlook.
And we can run the following command: get-outlookanywhere | set-outlookanywhere -IISAuthenticationMethods basic,Ntlm –
ClientAuthenticationMethod NTLM
Best regards,
Angela Shi
TechNet Community Support
Similar Messages
-
Changing Outlook Anywhere from NTLM to Basic Auth (remote users having issues)
Hello All:
We have a terrible vendor that is implementing our transition to Office 365. They told us we had to change the Client Auth method on the CAS to Basic (from NTLM) and all that might occur is for users to enter their creds and click "Remember my credentials".
Not the case.
We tested internally & on cell phones - everything went unnoticed. Then peeps from the outside started getting prompted for their UN/PW. Even when they put in their valid creds & check the box, no dice. Reboots, checking Outlook client for the proxy
settings (which are now set to Basic) sometimes does, sometimes doesn't work. We are baffled as to where we force the setting (which they've received in Outlook), so the road warriors start working.
Any feedback would be greatly appreciated.
Thanks.Hi,
Please confirm whether the issue only happens to your external Outlook Anywhere users in Exchange 2010.
Please run the following command to check your Outlook Anywhere configuratioon:
Get-OutlookAnywhere | fl
Confirm that the ClientAuthenticationMethod parameter and IISAuthenticationMethod are both set to Basic. If this is any changes, please run:
Set-OutlookAnywhere -Identity “E14-01\Rpc (Default Web Site)” -ClientAuthenticationMethod Basic -SSLOffloading $False -ExternalHostName mail.domain.com -IISAuthenticationMethods Basic
Then restart IIS service by using running IISReset from a command prompt window.
Regards,
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
Winnie Liang
TechNet Community Support -
Changing Outlook Anywhere internal URL disconnects XP clients
Good morning,
I am supposed to change the internal Outlook Anywhere hostname for an Exchange installation:
recent internal hostname: webmail.contoso.com
future internal hostname: webmail.contoso.local
The external hostname for OA is not set, because OA should not be available from external.
Now I made a test changing the internal hostname as follows:
generate a new Exchange certificate with subject name "webmail.contoso.local"
Set-OutlookAnywhere -InternalHostname webmail.contoso.local -InternalClientsRequireSSL:$True
Afterwards I made some tests on several clients:
Windows 7: working fine, it takes some time but Outlook updates its profile to the new internal OA name and connects to the mailbox
Windows XP: Outlook profile is not updated automatically, if I update it manually, Outlook hangs when starting and still tries to establish 1 connection to the old OA internal hostname
Does anyone of you have an idea how to solve this? I appreciate your suggestions, thank you very much. :-)
SebastianHello,
Have you updated the host name on the certificate from “webmail.contoso.com” to “webmail.contoso.local”?
Run “Connection Status” on both Windows 7 and Windows XP and see if they connect to different DC. If so, check the DC replication issue.
Thanks,
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
[email protected]
Simon Wu
TechNet Community Support -
Auth Package in Outlook Anywhere AutoDiscover is coming in incorrectly
Let me describe our situation and environment:
We have Exchange 2013 running in a 2008r2 level domain and are using Outlook Anywhere / AutoDiscovery to configure non-domain joined clients (this situation will change later, but our current priority is getting the Exchange server running and worrying and
joining machines to the domain afterwards). I had tried some configuration changes, which ultimately did not work, and I rolled back those changes. On the ECP under Servers -> Servers -> My Exchange Server -> Outlook AnyWhere, there is
a box that lets you choose between NTLM, Basic, and Negotiate authentication. Exchange 2013 default is negotiate, which was working initially. After rolling back my changes, however, my clients get repeated password prompts, and their passwords
are rejected, if I have Outlook Anywhere authentication set to negotiate. It works fine if I keep it set on NTLM.
Under Servers -> Virtual Directories -> AutoDiscover (Default Website) -> Authentication, the boxes for Basic Authentication and Integrated Windows Authentication are checked. These are the default values if I remember correctly.
Even when I have my Outlook Anywhere authentication set to Negotiate, I have a section of code in the AutoDiscover XML file that Outlook pulls that looks like this:
<Type>EXPR</Type>
<Server>exchange.mycompany.com</Server>
<SSL>On</SSL>
<AuthPackage>Ntlm</AuthPackage>
My research tells me that EXPR controls Outlook Anywhere (RPC over HTTP). The AuthPackage seems to be incorrect here. It's still giving me NTLM instead of Negotiate. When I change Outlook Anywhere's authentication back to NTLM, everything
works (after giving the server about fifteen minutes or so to update).
What is the problem here? Why does the autodiscover return the wrong auth package for Outlook Anywhere? Is there a time delay between changing the authentication for Outlook Anywhere and Exchange updating my Outlook clients so that their settings
match? I know that if I go into an Outlook client that is getting prompted for a password after Outlook Anywhere authentication has been changed to Negotiate, I can manually adjust their Exchange Proxy Server settings and get it to work, but I really
want the AutoDiscover to simply deliver the correct auth package to begin with.
I don't mind using NTLM authentication; it works. But I really need to know WHY this is happening and what to do to fix it. Today, it may not matter, but it may matter in the future as network topology changes, and I will be expected to have
the answer.
To further clarify:
When I run Get-OutlookAnywhere | fl name, *, my internal and external Client Authentication Methods are set to Negotiate, but I still get the entry I showed above in the AutoDiscover XML file that specifies NTLM.Outlook ignores the EXPR/EXCH values when connected to Exchange 2013 for autodiscovery, rather it dynamically builds the EXHTTP values based on the AutoD server settings and uses those instead. You should reference those ExHTTP settings when you
look at the autodiscover results
Twitter!:
Please Note: My Posts are provided “AS IS” without warranty of any kind, either expressed or implied.
I also have the following bit of code in the autodiscover file
<Type>EXHTTP</Type>
<Server>mail.mycompany.com</Server>
<SSL>On</SSL>
<AuthPackage>Ntlm</AuthPackage>
This would seem to be the EXHTTP you were referencing. Again, this value is coming out as NTLM after I change my Outlook Anywhere Authentication method in ECP to Negotiate. Why? Is there a delay between changing that setting in ECP and when
it starts showing up in AutoDiscover queries? If so, what is that delay and how can I change it or force it to update immediately? Or is it that the setting in ECP does not change the auto discover setting and it has to be changed elsewhere?
If that's the case, what do I change, and where do I change it, to alter what autodiscover puts in for AuthPackage in the above snippet of code? -
Ex2010 Ex2013 - Outlook Anywhere client authentication
Hi,
I have an Exchange 2010 server with all roles installed and users mailboxes on it. Most users are domain-joined, but some are external 'home' users and connect via Outlook Anywhere.
I also have an Exchange 2013 server (again, all roles) which is mostly set-up and is in co-existence with Ex2010. I have moved one test mailbox onto this server. One issue is accessing Public Folders, which are still on the Ex2010 mailbox user. I get a password
prompt (which doesn't accept my password) and if I click cancel, I get an error "Cannot expand the folder. The set of folders cannot be opened. Microsoft Exchange is not available, etc, etc"
Other info
-My servers are fully patched and up-to-date and I'm using the latest Office service packs on Windows 7
-I have a split DNS (webmail.domain.co.uk points to Ex2013)
-I have no TMG
As I understand it, the problem may well be the difference between authentication methods on Ex2010 and Ex2013. I understand I need to use the same authentication method but herein lies my problem.
Get-OutlookAnywhere on Ex2010
ExternalHostName: webmail.domain.co.uk
ClientAuthenticationMethod: Basic
IISAuthenticationMethod: {Basic, NTLM}
Get-OutlookAnywhere on Ex2013
ExternalHostName: webmail.domain.co.uk
InternalHostName: webmail.domain.co.uk
ExternalClientAuthenticationMethod: Basic
InternalClientAuthenticationMethod: NTLM
ISSAuthenticationMethods: {Basic, NTLM, Negotiate}
If I change Ex2010 to NTLM (to match Ex2013) then it will break my home users.
If I change Ex2013 to Basic (to match Ex2010) then it will annoy my domain-joined users as they will constantly need to enter credentials.
So, I need to use NTLM internally, but Basic for external 'home' users.
Although currently domain-joined Outlook users on Ex2010 are configured for Outlook Anywhere, they connect over RPC, not HTTP, therefore the Basic setting on Ex2010 is not affecting them. However, I cannot migrate them to Ex2013 as the Public Folder issue is
a problem.
Comments and suggestions gladly welcome
Thanks.Thanks
To answer your question, yes this has been done and my values are now
(from Get-OutlookAnywhere on Ex2013)
ServerName: Ex2010
ExternalHostName: webmail.domain.co.uk
InternalHostName: {empty}
ExternalCLientAuthenticationMethod: NTLM
InternalCLientAuthenticationMethod: NTLM
IISAuthenticationMethods: {Basic. NTLM}
ServerName: Ex2013
ExternalHostName: webmail.domain.co.uk
InternalHostName: webmail.domain.co.uk
ExternalCLientAuthenticationMethod: NTLM
InternalCLientAuthenticationMethod: NTLM
IISAuthenticationMethods: {Basic. NTLM, Negotiate}
What this has fixed is now when I test Outlook Anywhere, to a mailbox on Ex2010, from outside my domain, I can login successfully on the first attempt. Great.
What still doesn't work is accessing Public Folder which are on Ex2010 whilst using Outlook as a user with a mailbox on Ex2013. When I click on the Public Folder tree, I get a password prompt. Cancelling that, I get an error as described in my first post.
May I ask, is there a difference between
ExternalClientAuthenticationMethod and InternalClientAuthenticationMethod if I use split DNS?
Thanks. -
Allow changing of Outlook anywhere options after applying GPO
Policy
Setting
Configure Outlook Anywhere user interface options
Enabled
All config UI enabled
I have used the outlook2010 GPO template to configure outlook anywhere settings. However after enabling these options, the user can no longer change the outlook anywhere settings (all greyed out). So I enabled the above GPO in outlook 2010 ADMX template.
"This policy setting allows you to determine whether users can view and change user interface (UI) options for Outlook Anywhere.If you enable this policy setting, users can view and change UI options for Outlook Anywhere.If you disable or do not configure
this policy setting, users will be able to use the Outlook Anywhere feature, but they will not be able to view or change UI options for it."
However after performing gpupdate, it has no effect, users still cannot change any of the outlook anywhere settings. Here are the download locations for the admx templates if anyone else would like to test and confirm this issue.
http://www.microsoft.com/en-us/download/details.aspx?id=18968
http://support.microsoft.com/kb/2426686
Anand_NHi,
Please check if the value of the following registry key has been set correctly by Group Policy:
HKEY_CURRENT_USER\Software\Policies\Microsoft\office\14.0\outlook\rpc
Value name: EnableRPCTunnelingUI
Type: REG_DWORD
To enable all configuration the value should be: 1
Sincerely
Rex Zhang
Rex Zhang
TechNet Community Support -
NTLM Authentication in the Outlook Anywhere
I use Exchange Server 2007 sp1 RollUp 6 installed on Windows Server 2008. I need to use Outlook Anywhere from non-domain computers. I test Outlook Anywhere with Basic and NTLM Authentication and all works fine. But when I use NTLM authentucation, Outlook promt user credential every time when it start, even "remember password" was checked. The login and password are remembered in the network password of user, but Outlook prompt password again and again, when it starts. Exchange published by 443 port directly (without any listeners)!
When I connect by VPN, and use TCP/IP connection to the server, Outlook remeber password withoun any problems, and did not ask password again.
get-OutlookAnywhere:
ServerName : SRVEXCH2
SSLOffloading : False
ExternalHostname : mail.my_domain.ru
ClientAuthenticationMethod : Ntlm
IISAuthenticationMethods : {Ntlm}
MetabasePath : IIS://srvexch2.net.local/W3SVC/1/ROOT/Rpc
Path : C:\Windows\System32\RpcProxy
Server : SRVEXCH2
AdminDisplayName :
ExchangeVersion : 0.1 (8.0.535.0)
Name : srvexch2
DistinguishedName : CN=srvexch2,CN=HTTP,CN=Protocols,CN=SRVEXCH2,CN=Servers,CN=Exchange Administrative Group (
FYDIBOHF23SPDLT),CN=Administrative Groups,CN=First Organization,CN=Microsoft Exchange,CN=S
ervices,CN=Configuration,DC=net,DC=local
Identity : SRVEXCH2\srvexch2
Guid : 2c24f11b-852c-4948-b236-3f37d071d500
ObjectCategory : net.local/Configuration/Schema/ms-Exch-Rpc-Http-Virtual-Directory
ObjectClass : {top, msExchVirtualDirectory, msExchRpcHttpVirtualDirectory}
WhenChanged : 18.02.2009 14:17:55
WhenCreated : 17.02.2009 14:53:36
OriginatingServer : dc1.net.local
IsValid : True
I have tried this cases, but they have not helped for this issue:
1) Disable kernel mode authentication with this command: %systemroot%\system32\inetsrv\AppCmd.exe set config /section:system.webServer/security/authentication/windowsAuthentication /useKernelMode:false, I also have unchecked Kernel mode authentication in the properties of Windows Authentication for Default Web site, \Rpc and \Autodiscovery virtual directories.
2) Modify this registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa lmcompatibilitylevel=3 and 2.
3) Set NTLM instead of Kerberos on the security tab in the properties of Outlook.
4) Install domain controller and global catalog roles on the Exchange Server.
Somebody have any solution for this issue? May be Outlook Anywhere and NTLM do not work at all?Have you also seen this:
You must provide Windows account credentials when you connect to Exchange Server 2003 by using the Outlook 2003 RPC over HTTP feature
http://support.microsoft.com/kb/820281
1.
Click
Start,
click Run,
type regedit in the Open
box, and then press ENTER.
2.
Locate
and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\
3.
In
the right pane, double-click lmcompatibilitylevel.
4.
In
the Value data
box, type a value of 2 or 3 that is appropriate for your environment, and
then click OK.
5.
Quit
Registry Editor.
6.
Restart
your computer.
LmCompatibilityLevel
settings
The
LmCompatibilityLevel registry entry can be configured with the following
values:
LmCompatibilityLevel
value of 0:
Send LAN Manager (LM) response and NTLM response; never use NTLM version 2
(NTLMv2) session security. Clients use LM and NTLM authentication, and
never use NTLMv2 session security; domain controllers accept LM, NTLM, and
NTLMv2 authentication.
LmCompatibilityLevel
value of 1:
Use NTLMv2 session security, if negotiated. Clients use LM and NTLM
authentication, and use NTLMv2 session security if the server supports it;
domain controllers accept LM, NTLM, and NTLMv2 authentication.
LmCompatibilityLevel
value of 2:
Send NTLM response only. Clients use only NTLM authentication, and use NTLMv2
session security if the server supports it; domain controllers accept LM,
NTLM, and NTLMv2 authentication.
LmCompatibilityLevel
value of 3:
Send NTLMv2 response only. Clients use NTLMv2 authentication, and use NTLMv2
session security if the server supports it; domain controllers accept LM,
NTLM, and NTLMv2 authentication.
LmCompatibilityLevel
value of 4:
(Server Only) - Domain controllers refuse LM responses. Clients use NTLM
authentication, and use NTLMv2 session security if the server supports it;
domain controllers refuse LM authentication, and accept NTLM and NTLMv2
authentication.
LmCompatibilityLevel
value of 5:
(Server Only) - Domain controllers refuse LM and NTLM responses, and accept
only NTLMv2 responses. Clients use NTLMv2 authentication, use NTLMv2
session security if the server supports it; domain controllers refuse NTLM
and LM authentication, and accept only NTLMv2 authentication.
Mike Crowley: MCT, MCSE, MCTS, MCITP: Enterprise Administrator / Messaging Administrator -
Outlook Anywhere proxy changed from Basic to NTLM for external users
I have a Exchange 2013 environment that is also running Exchange 2010 coexistence (migrating). What is happening is autodiscover is handing out NTLM for the proxy settings and not basic. However when it is using NTLM we seem to get the password prompt over
and over. If I manually changed it to Basic then it works fine, but when autodiscover goes again it changes back to NTLM and prompts that the Administrator made a change and you need to restart Outlook.
I checked Outlook Anywhere and all my servers have Basic set for external users and NTLM set for internal.
I only have a few mailboxes on 2013 and 2010 mailboxes seem not to have a problem.
Here is an output for Outlook Anywhere on all six servers:
Identity : CAS01\Rpc (Default Web Site)
ExchangeVersion : 0.10 (14.0.100.0)
ExternalClientAuthenticationMethod : Basic
InternalClientAuthenticationMethod : Ntlm
IISAuthenticationMethods : {Basic, Ntlm}
Identity : CAS02\Rpc (Default Web Site)
ExchangeVersion : 0.10 (14.0.100.0)
ExternalClientAuthenticationMethod : Basic
InternalClientAuthenticationMethod : Ntlm
IISAuthenticationMethods : {Basic, Ntlm}
Identity : CAS03\Rpc (Default Web Site)
ExchangeVersion : 0.10 (14.0.100.0)
ExternalClientAuthenticationMethod : Basic
InternalClientAuthenticationMethod : Ntlm
IISAuthenticationMethods : {Basic, Ntlm}
Identity : EXCH2K13-01\Rpc (Default Web Site)
ExchangeVersion : 0.20 (15.0.0.0)
ExternalClientAuthenticationMethod : Basic
InternalClientAuthenticationMethod : Ntlm
IISAuthenticationMethods : {Basic, Ntlm, Negotiate}
Identity : EXCH2K13-02\Rpc (Default Web Site)
ExchangeVersion : 0.20 (15.0.0.0)
ExternalClientAuthenticationMethod : Basic
InternalClientAuthenticationMethod : Ntlm
IISAuthenticationMethods : {Basic, Ntlm, Negotiate}
Identity : EXCH2K13-03\Rpc (Default Web Site)
ExchangeVersion : 0.20 (15.0.0.0)
ExternalClientAuthenticationMethod : Basic
InternalClientAuthenticationMethod : Ntlm
IISAuthenticationMethods : {Basic, Ntlm, Negotiate}Hi,
Please refer to the following KB to set the Outlook Anywhere settings on Exchange Server 2013 Client Access servers:
http://support.microsoft.com/en-us/kb/2834139
If it doesn’t work with the resolution above, please do the following checking in ADSI Edit:
1. In Adsiedit, expand Configuration-->CN=Services -> CN=Microsoft Exchange -> CN=domain -> CN=Administrative Groups -> CN=Exchange Administrative Group -> CN=Databases.
2. Right-click the listed database > Properties.
3. Check whether the msExchHomePublicMDB value is set to an available value. Please change the value to <not set>.
4. Click OK.
Then check whether the issue persists.
Regards,
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
Winnie Liang
TechNet Community Support -
Exchange 2013 - How to configure Outlook Anywhere with certificate based authentication?
Hello,
is it possible to secure Outlook Anywhere in Exchange 2013 with certficate based authentication?
I found documentation to configure CBA for OWA and ActiveSync, but not for Outlook Anywhere.
We would like to secure external access to the mailboxes via Outlook by using CBA.
Thanks a lot in advance!
Regards,
AndréHi,
Let’s begin with the answer in the following thread:
http://social.technet.microsoft.com/Forums/en-US/e4b44ff0-4416-44e6-aa78-be4c1c03f433/twofactor-authentication-outlook-anywhere-2010?forum=exchange2010
Based on my experience, Outlook client only has the following three authentication methods:Basic, NTML, Negotiate. And for more information about Security for Outlook Anywhere, you can refer to the following article:
http://technet.microsoft.com/en-us/library/bb430792(v=exchg.141).aspx
If you have any question, please feel free to let me know.
Thanks,
If you have feedback for TechNet Subscriber Support, contact
[email protected]
Angela Shi
TechNet Community Support -
Access to Outlook Anywhere does not work
Good evening,
I recently installed an Exchange Server 2013 CAS / MB.
Until now, the server presented a few errors (mainly in the
event log) that does not seem to significantly influence functionality.
This week I published the server on the Internet and verified various malfunctions
related to the access from outside.
In particular from outside:
1 - OWA does not work with Windows integrated authentication, it works with the Forms based authentication;
2 - Outlook Anywhere does not work from internet.
I've done a lot of research and testing without success.
With regard to the first issue (which is not a priority but can relate to second one)
add that in Firefox I get a first authentication request. If
I enter credentials it ask again for identical authentication (repeatly), if I cancel it shows a second one that instead allows me access (are slightly different).
I assume that the first is the integrated Windows application and the second is basic authentication.
Internet Explorer shows me only the first authentication request and if I cancel shows blank page.
The problem is
priority 2:
Outlook connects without problems on LAN network, the Internet
seems to download the correct information
(autodiscover), but then does not connect
to the server (connection to Microsoft Exchange is unavailable).
If you manually edit the settings,
auto-configuration server returns as
a [email protected]. If I change
manually the server (and proxy settings
http), the result does not change.
- Setting information -
The server is installed
in the LAN network and is exposed on the Internet through
a firewall (Pat on port 443, et al. not 80)
on a public address.
The public and private DNS have been configured with a
host record (A) and two
CNAME (webmail and autodiscover).
The internal Outlook clients connect
with autodiscover and HTTPS /
NTLM / SSL (Outlook connectivity
status).
IMAP, SMTP, POP, ActiveSync function.
Exchange remote connectivity analizer retrieves Autodiscover information but doesn't pass test for RPC/HTTP access (it discard accesson
port 443 and try port 80, SPF isn't configured).
The navigation to the url
https://proxyexternalURL/rpc/rpcproxy.dll has the same behaviour like problem 1.
Test-OutlookConnectivity returns unmanaged error ('WARNING: An unexpected error has occurred and a Watson dump is being generated: Failed to find the probe result for invoke now request id -- and probe workdefinition id --').
Errors in eventviewer: 5011 - WAS (one time), 139 - MSExchange OWA (some not ripetitive), 3028 - MSExchangeApplicationLogic (every 6 hours), 106 - MSExchange common (many during working hour), 65535 - application (some at nighttime 00.00 - 03.00 a.m.), 1006
- MSExchangeDiagnostic (every 30 min), 6002 - MSExchange Mid-Tier Storage (about every 5 minutes), 5 - MSExcahnge Workload Management (one time).
Ask for further information.
- Cmdlet and Autodiscover output -
Get-OutlookAnywhere | fl name,*auth*,*ssl*,*host*
Name : Rpc (Default Web site)
ExternalClientAuthenticationMethod : Basic
InternalClientAuthenticationMethod : Ntlm
IISAuthenticationMethods : {Basic, Ntlm, Negotiate}
SSLOffloading : True
ExternalClientsRequireSsl : True
InternalClientsRequireSsl : True
ExternalHostname : webmail.name_domain.test
InternalHostname : webmail.name_domain.test
Get-OutlookProvider | ft -autosize
Name Server CertPrincipalName TTL
EXCH msstd:webmail.name_domain.test 1
EXPR msstd:webmail.name_domain.test 1
WEB
1
Get-AutodiscoverVirtualDirectory | fl name,*auth*,*url*
Name : Autodiscover (Default Web site)
InternalAuthenticationMethods : {Basic, WSSecu.testy, OAuth}
ExternalAuthenticationMethods : {Basic, WSSecu.testy, OAuth}
LiveIdNegotiateAuthentication : False
WSSecu.testyAuthentication : True
LiveIdBasicAuthentication : False
BasicAuthentication : True
DigestAuthentication : False
WindowsAuthentication : False
OAuthAuthentication : True
AdfsAuthentication : False
InternalUrl :
ExternalUrl :
Get-MapiVirtualDirectory | fl name,*auth*,*url*
Name : mapi (Default Web site)
IISAuthenticationMethods : {Basic, Ntlm, Negotiate}
InternalAuthenticationMethods : {Basic, Ntlm, Negotiate}
ExternalAuthenticationMethods : {Basic, Ntlm, Negotiate}
InternalUrl : https://webmail.name_domain.test/mapi
ExternalUrl : https://webmail.name_domain.test/mapi
Autodiscover.xml
<?xml version="1.0" encoding="utf-8"?>
<Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
<Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">
<User>
<DisplayName>user</DisplayName>
<LegacyDN>/o=organization_name/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=e4c0c18c8f214afbb5152bb08823179d-user</LegacyDN>
<AutoDiscoverSMTPAddress>user@name_domain.test</AutoDiscoverSMTPAddress>
<DeploymentId>d60c71c9-3740-404c-a38c-aa24e6105432</DeploymentId>
</User>
<Account>
<AccountType>email</AccountType>
<Action>settings</Action>
<MicrosoftOnline>False</MicrosoftOnline>
<Protocol>
<Type>EXCH</Type>
<Server>72036b30-a4d4-4b42-9c39-445bd04c23a6@name_domain.test</Server>
<ServerDN>/o=organization_name/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=72036b30-a4d4-4b42-9c39-445bd04c23a6@name_domain.test</ServerDN>
<ServerVersion>73C082C8</ServerVersion>
<MdbDN>/o=organization_name/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=72036b30-a4d4-4b42-9c39-445bd04c23a6@name_domain.test/cn=Microsoft Private MDB</MdbDN>
<PublicFolderServer>webmail.name_domain.test</PublicFolderServer>
<AD>DC2.name_domain.test</AD>
<ASUrl>https://webmail.name_domain.test/EWS/Exchange.asmx</ASUrl>
<EwsUrl>https://webmail.name_domain.test/EWS/Exchange.asmx</EwsUrl>
<EmwsUrl>https://webmail.name_domain.test/EWS/Exchange.asmx</EmwsUrl>
<EcpUrl>https://webmail.name_domain.test/ecp/</EcpUrl>
<EcpUrl-um>?rfr=olk&p=customize/voicemail.aspx&exsvurl=1&realm=name_domain.test</EcpUrl-um>
<EcpUrl-aggr>?rfr=olk&p=personalsettings/EmailSubscriptions.slab&exsvurl=1&realm=name_domain.test</EcpUrl-aggr>
<EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?rfr=olk&exsvurl=1&IsOWA=<IsOWA>&MsgID=<MsgID>&Mbx=<Mbx>&realm=name_domain.test</EcpUrl-mt>
<EcpUrl-ret>?rfr=olk&p=organize/retentionpolicytags.slab&exsvurl=1&realm=name_domain.test</EcpUrl-ret>
<EcpUrl-sms>?rfr=olk&p=sms/textmessaging.slab&exsvurl=1&realm=name_domain.test</EcpUrl-sms>
<EcpUrl-publish>customize/calendarpublishing.slab?rfr=olk&exsvurl=1&FldID=<FldID>&realm=name_domain.test</EcpUrl-publish>
<EcpUrl-photo>PersonalSettings/E.testAccount.aspx?rfr=olk&chgPhoto=1&exsvurl=1&realm=name_domain.test</EcpUrl-photo>
<EcpUrl-tm>?rfr=olk&ftr=TeamMailbox&exsvurl=1&realm=name_domain.test</EcpUrl-tm>
<EcpUrl-tmCreating>?rfr=olk&ftr=TeamMailboxCreating&SPUrl=<SPUrl>&.testle=<.testle>&SPTMAppUrl=<SPTMAppUrl>&exsvurl=1&realm=name_domain.test</EcpUrl-tmCreating>
<EcpUrl-tmE.testing>?rfr=olk&ftr=TeamMailboxE.testing&Id=<Id>&exsvurl=1&realm=name_domain.test</EcpUrl-tmE.testing>
<EcpUrl-extinstall>Extension/InstalledExtensions.slab?rfr=olk&exsvurl=1&realm=name_domain.test</EcpUrl-extinstall>
<OOFUrl>https://webmail.name_domain.test/EWS/Exchange.asmx</OOFUrl>
<UMUrl>https://webmail.name_domain.test/EWS/UM2007Legacy.asmx</UMUrl>
<OABUrl>https://webmail.name_domain.test/OAB/e66d9a4a-6ed2-4512-b72f-522381524dd9/</OABUrl>
<ServerExclusiveConnect>off</ServerExclusiveConnect>
<CertPrincipalName>msstd:webmail.name_domain.test</CertPrincipalName>
</Protocol>
<Protocol>
<Type>EXPR</Type>
<Server>webmail.name_domain.test</Server>
<SSL>On</SSL>
<AuthPackage>Basic</AuthPackage>
<ASUrl>https://webmail.name_domain.test/ews/exchange.asmx</ASUrl>
<EwsUrl>https://webmail.name_domain.test/ews/exchange.asmx</EwsUrl>
<EmwsUrl>https://webmail.name_domain.test/ews/exchange.asmx</EmwsUrl>
<EcpUrl>https://webmail.name_domain.test/ecp/</EcpUrl>
<EcpUrl-um>?rfr=olk&p=customize/voicemail.aspx&exsvurl=1&realm=name_domain.test</EcpUrl-um>
<EcpUrl-aggr>?rfr=olk&p=personalsettings/EmailSubscriptions.slab&exsvurl=1&realm=name_domain.test</EcpUrl-aggr>
<EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?rfr=olk&exsvurl=1&IsOWA=<IsOWA>&MsgID=<MsgID>&Mbx=<Mbx>&realm=name_domain.test</EcpUrl-mt>
<EcpUrl-ret>?rfr=olk&p=organize/retentionpolicytags.slab&exsvurl=1&realm=name_domain.test</EcpUrl-ret>
<EcpUrl-sms>?rfr=olk&p=sms/textmessaging.slab&exsvurl=1&realm=name_domain.test</EcpUrl-sms>
<EcpUrl-publish>customize/calendarpublishing.slab?rfr=olk&exsvurl=1&FldID=<FldID>&realm=name_domain.test</EcpUrl-publish>
<EcpUrl-photo>PersonalSettings/E.testAccount.aspx?rfr=olk&chgPhoto=1&exsvurl=1&realm=name_domain.test</EcpUrl-photo>
<EcpUrl-tm>?rfr=olk&ftr=TeamMailbox&exsvurl=1&realm=name_domain.test</EcpUrl-tm>
<EcpUrl-tmCreating>?rfr=olk&ftr=TeamMailboxCreating&SPUrl=<SPUrl>&.testle=<.testle>&SPTMAppUrl=<SPTMAppUrl>&exsvurl=1&realm=name_domain.test</EcpUrl-tmCreating>
<EcpUrl-tmE.testing>?rfr=olk&ftr=TeamMailboxE.testing&Id=<Id>&exsvurl=1&realm=name_domain.test</EcpUrl-tmE.testing>
<EcpUrl-extinstall>Extension/InstalledExtensions.slab?rfr=olk&exsvurl=1&realm=name_domain.test</EcpUrl-extinstall>
<OOFUrl>https://webmail.name_domain.test/ews/exchange.asmx</OOFUrl>
<UMUrl>https://webmail.name_domain.test/ews/UM2007Legacy.asmx</UMUrl>
<OABUrl>https://webmail.name_domain.test/OAB/e66d9a4a-6ed2-4512-b72f-522381524dd9/</OABUrl>
<ServerExclusiveConnect>on</ServerExclusiveConnect>
<CertPrincipalName>msstd:webmail.name_domain.test</CertPrincipalName>
<EwsPartnerUrl>https://webmail.name_domain.test/ews/exchange.asmx</EwsPartnerUrl>
<GroupingInformation>LAN</GroupingInformation>
</Protocol>
<Protocol>
<Type>WEB</Type>
<Internal>
<OWAUrl AuthenticationMethod="Basic, Fba">https://webmail.name_domain.test/</OWAUrl>
<Protocol>
<Type>EXCH</Type>
<ASUrl>https://webmail.name_domain.test/EWS/Exchange.asmx</ASUrl>
</Protocol>
</Internal>
<External>
<OWAUrl AuthenticationMethod="Basic">https://webmail.name_domain.test/</OWAUrl>
<Protocol>
<Type>EXPR</Type>
<ASUrl>https://webmail.name_domain.test/ews/exchange.asmx</ASUrl>
</Protocol>
</External>
</Protocol>
<Protocol>
<Type>EXHTTP</Type>
<Server>webmail.name_domain.test</Server>
<SSL>On</SSL>
<AuthPackage>Ntlm</AuthPackage>
<ASUrl>https://webmail.name_domain.test/EWS/Exchange.asmx</ASUrl>
<EwsUrl>https://webmail.name_domain.test/EWS/Exchange.asmx</EwsUrl>
<EmwsUrl>https://webmail.name_domain.test/EWS/Exchange.asmx</EmwsUrl>
<EcpUrl>https://webmail.name_domain.test/ecp/</EcpUrl>
<EcpUrl-um>?rfr=olk&p=customize/voicemail.aspx&exsvurl=1&realm=name_domain.test</EcpUrl-um>
<EcpUrl-aggr>?rfr=olk&p=personalsettings/EmailSubscriptions.slab&exsvurl=1&realm=name_domain.test</EcpUrl-aggr>
<EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?rfr=olk&exsvurl=1&IsOWA=<IsOWA>&MsgID=<MsgID>&Mbx=<Mbx>&realm=name_domain.test</EcpUrl-mt>
<EcpUrl-ret>?rfr=olk&p=organize/retentionpolicytags.slab&exsvurl=1&realm=name_domain.test</EcpUrl-ret>
<EcpUrl-sms>?rfr=olk&p=sms/textmessaging.slab&exsvurl=1&realm=name_domain.test</EcpUrl-sms>
<EcpUrl-publish>customize/calendarpublishing.slab?rfr=olk&exsvurl=1&FldID=<FldID>&realm=name_domain.test</EcpUrl-publish>
<EcpUrl-photo>PersonalSettings/E.testAccount.aspx?rfr=olk&chgPhoto=1&exsvurl=1&realm=name_domain.test</EcpUrl-photo>
<EcpUrl-tm>?rfr=olk&ftr=TeamMailbox&exsvurl=1&realm=name_domain.test</EcpUrl-tm>
<EcpUrl-tmCreating>?rfr=olk&ftr=TeamMailboxCreating&SPUrl=<SPUrl>&.testle=<.testle>&SPTMAppUrl=<SPTMAppUrl>&exsvurl=1&realm=name_domain.test</EcpUrl-tmCreating>
<EcpUrl-tmE.testing>?rfr=olk&ftr=TeamMailboxE.testing&Id=<Id>&exsvurl=1&realm=name_domain.test</EcpUrl-tmE.testing>
<EcpUrl-extinstall>Extension/InstalledExtensions.slab?rfr=olk&exsvurl=1&realm=name_domain.test</EcpUrl-extinstall>
<OOFUrl>https://webmail.name_domain.test/EWS/Exchange.asmx</OOFUrl>
<UMUrl>https://webmail.name_domain.test/EWS/UM2007Legacy.asmx</UMUrl>
<OABUrl>https://webmail.name_domain.test/OAB/e66d9a4a-6ed2-4512-b72f-522381524dd9/</OABUrl>
<ServerExclusiveConnect>On</ServerExclusiveConnect>
<CertPrincipalName>msstd:webmail.name_domain.test</CertPrincipalName>
</Protocol>
<Protocol>
<Type>EXHTTP</Type>
<Server>webmail.name_domain.test</Server>
<SSL>On</SSL>
<AuthPackage>Basic</AuthPackage>
<ASUrl>https://webmail.name_domain.test/ews/exchange.asmx</ASUrl>
<EwsUrl>https://webmail.name_domain.test/ews/exchange.asmx</EwsUrl>
<EmwsUrl>https://webmail.name_domain.test/ews/exchange.asmx</EmwsUrl>
<EcpUrl>https://webmail.name_domain.test/ecp/</EcpUrl>
<EcpUrl-um>?rfr=olk&p=customize/voicemail.aspx&exsvurl=1&realm=name_domain.test</EcpUrl-um>
<EcpUrl-aggr>?rfr=olk&p=personalsettings/EmailSubscriptions.slab&exsvurl=1&realm=name_domain.test</EcpUrl-aggr>
<EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?rfr=olk&exsvurl=1&IsOWA=<IsOWA>&MsgID=<MsgID>&Mbx=<Mbx>&realm=name_domain.test</EcpUrl-mt>
<EcpUrl-ret>?rfr=olk&p=organize/retentionpolicytags.slab&exsvurl=1&realm=name_domain.test</EcpUrl-ret>
<EcpUrl-sms>?rfr=olk&p=sms/textmessaging.slab&exsvurl=1&realm=name_domain.test</EcpUrl-sms>
<EcpUrl-publish>customize/calendarpublishing.slab?rfr=olk&exsvurl=1&FldID=<FldID>&realm=name_domain.test</EcpUrl-publish>
<EcpUrl-photo>PersonalSettings/E.testAccount.aspx?rfr=olk&chgPhoto=1&exsvurl=1&realm=name_domain.test</EcpUrl-photo>
<EcpUrl-tm>?rfr=olk&ftr=TeamMailbox&exsvurl=1&realm=name_domain.test</EcpUrl-tm>
<EcpUrl-tmCreating>?rfr=olk&ftr=TeamMailboxCreating&SPUrl=<SPUrl>&.testle=<.testle>&SPTMAppUrl=<SPTMAppUrl>&exsvurl=1&realm=name_domain.test</EcpUrl-tmCreating>
<EcpUrl-tmE.testing>?rfr=olk&ftr=TeamMailboxE.testing&Id=<Id>&exsvurl=1&realm=name_domain.test</EcpUrl-tmE.testing>
<EcpUrl-extinstall>Extension/InstalledExtensions.slab?rfr=olk&exsvurl=1&realm=name_domain.test</EcpUrl-extinstall>
<OOFUrl>https://webmail.name_domain.test/ews/exchange.asmx</OOFUrl>
<UMUrl>https://webmail.name_domain.test/ews/UM2007Legacy.asmx</UMUrl>
<OABUrl>https://webmail.name_domain.test/OAB/e66d9a4a-6ed2-4512-b72f-522381524dd9/</OABUrl>
<ServerExclusiveConnect>On</ServerExclusiveConnect>
<CertPrincipalName>msstd:webmail.name_domain.test</CertPrincipalName>
</Protocol>
</Account>
</Response>
</Autodiscover>
Get-OwaVirtualDirectory | fl name,*auth*,*url*
Name : owa (Default Web Site)
ClientAuthCleanupLevel : High
InternalAuthenticationMethods : {Basic, Fba}
BasicAuthentication : True
WindowsAuthentication : False
DigestAuthentication : False
FormsAuthentication : True
LiveIdAuthentication : False
AdfsAuthentication : False
OAuthAuthentication : False
ExternalAuthenticationMethods : {Basic}
Url : {}
SetPhotoURL :
Exchange2003Url :
FailbackUrl :
InternalUrl : https://webmail.name_domain.test/
ExternalUrl : https://webmail.name_domain.test/Follow the results of the test
Outlook Anywhere (RPC over HTTP).
Has been used an account for which
outlook anywhere works. The account
for which the outlook anywhere does not work is
an administrative account and therefore
can not be used in the test.
Autodiscovery returns the
same result for both mailbox.
I'm testing RPC/HTTP connectivity.
Testing RPC over HTTP has not been exceeded.
Test steps
Microsoft connectivity Analyzer is attempting to test the Autodiscover service for user_test@domain_name.test.
Test the Autodiscover service has not been exceeded.
Test steps
I'm trying to contact the Autodiscover service with each method available.
I was not able to contact the Autodiscover service with no method.
Test steps
I'm trying to test the possible URL for the Autodiscover service https://domain_name.test/AutoDiscover/AutoDiscover.xml
The test of this potential URL for the Autodiscover service has not been exceeded.
Test steps
I'm trying to resolve the host name domain_name. DNS test.
I was able to resolve the host name.
IP addresses are returned: xxx.yyy.zzz.www
I'm testing the TCP port 443 on the host domain_name. tests to check that is open and listening.
The door has been opened properly.
I'm testing the validity of your SSL certificate.
The SSL certificate has not exceeded one or more validation controls.
Test steps
Microsoft connectivity Analyzer is attempting to obtain the SSL certificate from the remote server domain_name. test on port 443.
Microsoft connectivity Analyzer got the remote SSL certificate.
Remote certificate subject: E = it_staff@domain_name.test, CN = * domain_name. test, OU = it staff, O = domain_name, L = city, S = state, C = test issuer: E = it_staff@domain_name.test, CN = * domain_name. test, OU = it staff, O = domain_name,
L = city, S = state, C = test.
I am validating the certificate name.
I could not validate the certificate name.
More info about this issue and how to resove it
The host name domain_name. testing does not match any name found on the certificate and server = it_staff@domain_name.test, CN = * domain_name. test, OU = it staff, O = domain_name, L = city, S = state, C = test.
I'm trying to test the possible URL for the Autodiscover service https://autodiscover.domain_name.test/AutoDiscover/AutoDiscover.xml
The test of this potential URL for the Autodiscover service has not been exceeded.
Test steps
I'm trying to resolve the host name autodiscover. domain_name. DNS test.
I was able to resolve the host name.
IP addresses are returned: xxx.yyy.zzz.kkk
I'm testing the TCP port 443 on the host autodiscover. domain_name. tests to check that is open and listening.
The door has been opened properly.
I'm testing the validity of your SSL certificate.
The SSL certificate has not exceeded one or more validation controls.
Test steps
Microsoft connectivity Analyzer is attempting to obtain the SSL certificate from the remote server autodiscover. domain_name. test on port 443.
Microsoft connectivity Analyzer got the remote SSL certificate.
Other details
Remote certificate subject: CN = webmail. domain_name. test, OU = it staff, O = domain_name, L = city, S = city, C = test issuer: CN = domain_name-DC1-CA, DC = domain_name, DC = test.
I am validating the certificate name.
I validated the certificate name.
Other details
I found the host name autodiscover. domain_name. test in the voice of the alternative name of the certificate object.
Elapsed time: 1 ms.
I am validating the reliability of certificates.
I was not able to validate the reliability of the certificate.
Test steps
Microsoft connectivity Analyzer is attempting to generate certificate chains to a certificate CN = webmail. domain_name. test, OU = it staff, O = domain_name, L = city, S = city, C = test.
I failed to build a certificate chain for the certificate.
Other details
Failed to generate the certificate chain.
May be missing the required intermediate certificates.
I'm trying to contact the Autodiscover service using the HTTP redirect method.
I was not able to contact the Autodiscover service using the HTTP redirect method.
Test steps
I'm trying to resolve the host name autodiscover. domain_name. DNS test.
I was able to resolve the host name.
IP addresses are returned: xxx.yyy.zzz.kkk
I'm testing the TCP port 80 on the host autodiscover. domain_name. tests to check that is open and listening.
The specified port is blocked, is not listening or doesn't produce the expected response.
More info about this issue and how to resove it
I encountered a network error while communicating with the remote host.
I'm trying to
find the
SRV DNS record _audiscover._tcp.domain_name.test.
I failed to find
the SRV record of the
Autodiscover service
in DNS.
Some clarifications:
1 - xxx.yyy.zzz.www and xxx.yyy.zzz.kkk
are two static public addresses
of which only the latter exposes Exchange services;
2 - The certificate
*. Domain_name.test is not related
to Exchange services;
3 -I imported the certificate
of the issuing CA on the standalone test PC to validate the certificate.
3- The port 80 is not open and are not published SRV records.
Best regards. -
Client side disabling of Outlook anywhere in Outlook 2013
Hi
Our admins recently had to disable external access for Outlook while keeping ActiveSync for Mobile Clients working. This was done by placing the autodiscover service (autodiscover.ourexternaldomain.com) behind a TMG with two factor authentication, and also
putting our mail.ourexternaldomain.com behind the same TMG. So, Outlook from outside the network can't connect anymore (it will show you the login/pass prompt but what it wants is the two factor credentials, not your domain credentials.. so essentially you
can't connect anymore), and mobile client still work.
In addition, they've disabled the "Outlook anywhere" options (specifically, "Connect to Microsoft Exchange using HTTP" is not only grayed out, it is forced disabled) by GPO.
Unfortunately, that doesn't work for the handful that's already using Outlook 2013. There, even when the "Connect to Microsoft Exchange using HTTP" option is unchecked, the client will query autodiscover.ourexternaldomain.com, and eventually gets
the response containing not only the EXCH protocol (which contains the internal urls), but also the EXPR protocol containing the public urls. That in turn re-enables "Connect to Microsoft Exchange using HTTP", so now clients, even when inside the
organization will try to access the mail.ourexternaldomain.com which is behind the TMG, resulting in perpetual login prompts being displayed (the login actually comes from the TMG, not Exchange).
So, is there a way to force disable "Connect to Microsoft Exchange using HTTP" for Outlook 2013, preferably without changing anything on Exchange and the GPO. I guess I'm looking for the registry key that is set for outlook 2010. I checked up on
the GPO for Outlook 2010 and it seems it sets HKCU/Software/Policies/Microsoft/Office/14.0/Outlook/RPC/ProxyServerFlags = 0. Doing the same for Outlook 2013 (so using the Office/15.0/Outlook/RPC key) results in outlook no longer being able to connect altogether.
When I manually remove the checkbox and restart Outlook, it first connects using the internal url, then after getting autodiscover it sets the checkbox "Connect to Microsoft Exchange using HTTP" again, and since the external url can be resolved
from inside the network, I get the password prompts again even from inside the corporate network.
Is there a registry key combination that keeps outlook connecting but never using the http proxy?Hi Stephan,
How about the suggestion from Ed.
Feel free to contact me if there is any update.
Thanks
Mavis
If you have feedback for TechNet Subscriber Support, contact
[email protected]
Mavis Huang
TechNet Community Support -
SSL/MSSTD settings Outlook anywhere
All,
just want to raise a question, as I noticed a strange behaviour.
I have Exchange 2013 with Outlook Anywhare configured in this way:
So external and internal hostname is the same, SSL required only from external.
Internal connection works just fine and Outlook doesn't set the flag and the MSSTD setting for SSL.
Externally, If I setup from scratch, it's working as well, and the msstd is flagged and setup.
Problems begin when I migrate mailboxes from an Exchange 2010 in coexistance, which will be decomissioned in the future. After migration, user's Outlook (connected from external AND not domain-joined) was properly reconfigured BUT for the msstd setting
which was missing.
As result the Outlook connection was totally flickering, up and down every now and then plus keep "connecting" for the directory service.
Setting up the msstd setting manually, everything is fine.
Now, we know that in EX2013 the Autodiscovery behaviour has changed:
http://support.microsoft.com/kb/2754898/en-us
Practically, it will try always the internal first host name first, regardless where you're connecting from.
I was wondering if: since the hostname is the same for both internal and external, would this lead autodiscovery in misinterpret the configuration (InternalClientRequireSSL is set to $False) and left the configuration unflagged in Outlook?
And, if so, why on migrated mailboxes only ?
Any suggestion, answer and comment will be hughly appreciated!
Thanks!In the Autodiscover.xml that is returned to the client, there is
two EXHTTP sections with settings. Outlook will try the first block (internalSettings) and in your case it will be successfull since you are using the same name for both internal- and externalhostname. So with that, SSL will not be required.
Example:
<Type>EXHTTP</Type>
<Server>mail.domain.com</Server>
<SSL>Off</SSL>
<AuthPackage>Ntlm</AuthPackage>
<Type>EXHTTP</Type>
<Server>mail.domain.com</Server>
<SSL>On</SSL>
<AuthPackage>Ntlm</AuthPackage>
Personally, I always configure the same name for both internal- and externalhostname, use the authentication method NTLM AND
InternalClientsRequireSSL=True.
Not a good idea to disable Outlook Anywhere on Exchange 2010 when running in co-existence.
Can you also confirm that autodiscover is pointing to your Exchange 2013 Server?
Martina Miskovic
Hi Martina,
thanks for the clear answer! I had kind-of the same idea, wodering if Exchange could possibly mess up using the same name - sort of bug.
I'll try to set for both internal and external to require SSL.
I'm not clear, however, how set the authentication. NTLM only? NTLM + Basic + Negotiate? And same auth method for both int and ext? Ultimately, how would you setup the IISAuthenticationMethods?
Ah! What whoud you mean by: "confirm that autodiscover is pointing to your Exchange 2013 Server?"
Thanks in advance!
Ale. -
Outlook Anywhere settings in a Exchange 2013 coexistence scenario with Exchange 2007
I have exchange 2013 and 2007 set up in a coexist environment. At the moment, the few mailboxes I am testing on Exchange 2013 are getting multiple pop ups in outlook and cannot connect to items like Public Folders on 2007. I found an article
that told me to change the authentication method from Negotiate to NTLM and that broke some of my Lync 2013 compatibility issues on users on exchange 2007 (ie conversation history and they got outlook integration errors.) I would like someone to confirm
if the change I am about to make from doing research will help me in my situation.
Current Setup:
Exchange 2007 OA CAS Settings
ExternalClientAuthenticationMethod : Basic
InternalClientAuthenticationMethod: NTLM
IISAuthenticationMethods : {Basic, Ntlm}
Exchange 2013 OA CAS Settings
ExternalClientAuthenticationMethod : Negotiate
InternalClientAuthenticationMethod: Negotiate
IISAuthenticationMethods : {Basic, Ntlm, Negotiate}
New Settings I am considering based on research:
Exchange 2007 OA CAS Settings
ExternalClientAuthenticationMethod : Basic
InternalClientAuthenticationMethod: Basic
IISAuthenticationMethods : {NTLM}
Exchange 2013 OA CAS Settings
ExternalClientAuthenticationMethod : Basic
InternalClientAuthenticationMethod: Basic
IISAuthenticationMethods : {Basic}
Will this work and eliminate my popups?Hi,
The following TechNet article indicates that:
“In order to support access for Outlook Anywhere clients whose mailboxes are on legacy versions of Exchange, you will need to make some changes to your environment which are documented in the steps within the
Exchange Deployment Assistant. Specifically,
you will need to enable Outlook Anywhere on your legacy Client Access servers and enable NTLM in addition to basic authentication for the IIS Authentication Method.”
Client Connectivity in an Exchange 2013 Coexistence Environment
http://blogs.technet.com/b/exchange/archive/2014/03/12/client-connectivity-in-an-exchange-2013-coexistence-environment.aspx
As for the Autodiscover service, please make sure the Autodiscover.domain.com is pointed to your Exchange 2013 in Internal and External DNS. For more detailed information about Exchange 2013 coexistence with Exchange 2007, please refer to:
http://blogs.technet.com/b/meamcs/archive/2013/07/25/part-3-step-by-step-exchange-2007-to-2013-migration.aspx
Regards,
Winnie Liang
TechNet Community Support -
Autodiscover not setting outlook anywhere accordingly
We have installed 2013 Mailbox and CAS Server on separate boxes into our 2010 environment. We have migrated a few users and it seems autodiscover does not configure Outlook anywhere on the Outlook 2010 client. If we configure this manually the
user can connect and view mail. Outlook web access is fine, certificates appear to be working as we can manually configure Outlook and it is ready mail very well. We are running Exchange 2013 CU3, and have installed the certificate on the CAS.
the autodiscover dns entry has been changed to point to the 2013 CAS.
Is this a common problem and what can we try to do to resolve this issue ?
I've read a few different posts and looked at authentication of virtual folders (still default setup), certificates (added new certificate from company CA). Any ideas ?Hi CompGuy2012,
To troubleshoot the autodiscover issue, I suggest we refer to the test email auto-configuration:
[Check AutoConfiguration Status in Outlook]
===================================
a. While Outlook is running, click the CTRL key and then right-click the Outlook icon in the system tray and then select “Test Email Autoconfiguration”.
b. Confirm that your email address is in the address field, uncheck “Use
Guessmart” and “secure Guessmart
authentication” boxes. Then click the “Test” button.
c. Once it runs, Check the Log tab andResults
tab.
Let us know the detailed error message.
Thanks,
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
[email protected]
Simon Wu
TechNet Community Support -
Hello Folks,
I have this problem and is making me crazy if anyone have any idea please shed some light on this:-
1. Working Outlook 2010 and 2013 clients with webmail.xyz.com as Outlook Anywhere proxy address.
2. Installed new Exchange 2013 server (server02)with CAS and Mailbox role, Exchange install wizard finished and server is rebooted.
3. Server came up online started changing internal and external FQDN's of Virtual Directories and Outlook Anywhere to webmail.xyz.com
4. As soon as Fqdn's changed some outlook clients create support request that Outlook suddenly white's out and after reopening it is giving error cannot connect to exchange. upon checking Clients Exchange Proxy address is set to http://server02.xyz.com,
even though OA/OWA/ECP/OAB/EWS/Autodiscover/ActiveSync FQDN's Point to webmail.xyz.com, on all servers if i create new outlook profile for same user it picks up correct settings through autodiscover and connects fine, this is happening to about 20% of outlook
clients every time i am introducing new Exchange 2013 server in Organization. we have around 2000 users and planning on installing 4 exchange servers to distribute load and everytime changing outlook profile of close to 150-200 users is not possible.
Any help is greatly appreciated.
Thanks
CoolHere are the EXCRA results
Here IP (x.x.x.x) returned is my Load Balancer IP (Webmail.xyz.com).
Connectivity Test Successful with Warnings
Test Details
Testing Outlook connectivity.
The Outlook connectivity test completed successfully.
Additional Details
Elapsed Time: 9881 ms.
Test Steps
The Microsoft Connectivity Analyzer is attempting to test Autodiscover for [email protected].
Autodiscover was tested successfully.
Additional Details
Elapsed Time: 2063 ms.
Test Steps
Attempting each method of contacting the Autodiscover service.
The Autodiscover service was tested successfully.
Additional Details
Elapsed Time: 2063 ms.
Test Steps
Attempting to test potential Autodiscover URL https://xyz.com:443/Autodiscover/Autodiscover.xml
Testing of this potential Autodiscover URL failed.
Additional Details
Elapsed Time: 186 ms.
Test Steps
Attempting to resolve the host name xyz.com in DNS.
The host name couldn't be resolved.
Tell me more about this issue and how to resolve it
Additional Details
Host xyz.com couldn't be resolved in DNS InfoNoRecords.
Elapsed Time: 186 ms.
Attempting to test potential Autodiscover URL https://autodiscover.xyz.com:443/Autodiscover/Autodiscover.xml
Testing of the Autodiscover URL was successful.
Additional Details
Elapsed Time: 1876 ms.
Test Steps
Attempting to resolve the host name autodiscover.xyz.com in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: x.x.x.x
Elapsed Time: 338 ms.
Testing TCP port 443 on host autodiscover.xyz.com to ensure it's listening and open.
The port was opened successfully.
Additional Details
Elapsed Time: 173 ms.
Testing the SSL certificate to make sure it's valid.
The certificate passed all validation requirements.
Additional Details
Elapsed Time: 318 ms.
Test Steps
The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server autodiscover.xyz.com on port 443.
The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
Additional Details
Remote Certificate Subject: CN=webmail.xyz.com, Issuer: CN=VeriSign Class 3 Secure Server CA - G3, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US.
Elapsed Time: 219 ms.
Validating the certificate name.
The certificate name was validated successfully.
Additional Details
Host name autodiscover.xyz.com was found in the Certificate Subject Alternative Name entry.
Elapsed Time: 1 ms.
Certificate trust is being validated.
The certificate is trusted and all certificates are present in the chain.
Test Steps
The Microsoft Connectivity Analyzer is attempting to build certificate chains for certificate CN=webmail.xyz.com, OU=Terms of use at www.verisign.com/rpa (c)05,.
One or more certificate chains were constructed successfully.
Additional Details
A total of 1 chains were built. The highest quality chain ends in root certificate CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign,
Inc.", C=US.
Elapsed Time: 36 ms.
Analyzing the certificate chains for compatibility problems with versions of Windows.
Potential compatibility problems were identified with some versions of Windows.
Additional Details
The Microsoft Connectivity Analyzer can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the "Update Root Certificates" feature
isn't enabled.
Elapsed Time: 5 ms.
Testing the certificate date to confirm the certificate is valid.
Date validation passed. The certificate hasn't expired.
Additional Details
The certificate is valid. NotBefore = 1/3/2013 12:00:00 AM, NotAfter = 11/16/2015 11:59:59 PM
Elapsed Time: 0 ms.
Checking the IIS configuration for client certificate authentication.
Client certificate authentication wasn't detected.
Additional Details
Accept/Require Client Certificates isn't configured.
Elapsed Time: 289 ms.
Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
The Microsoft Connectivity Analyzer successfully retrieved Autodiscover settings by sending an Autodiscover POST.
Additional Details
Elapsed Time: 756 ms.
Test Steps
The Microsoft Connectivity Analyzer is attempting to retrieve an XML Autodiscover response from URL https://autodiscover.xyz.com:443/Autodiscover/Autodiscover.xml for user [email protected].
The Autodiscover XML response was successfully retrieved.
Additional Details
Autodiscover Account Settings
XML response:
<?xml version="1.0"?>
<Autodiscover xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
<Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">
<User>
<DisplayName>Test Exch1</DisplayName>
<LegacyDN>/o=DOMAIN/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=add423106fbb47d5bf237462f52b8dab-Test Exch1</LegacyDN>
<DeploymentId>4ec753c9-60d9-4c05-9451-5b24e2d527a7</DeploymentId>
</User>
<Account>
<AccountType>email</AccountType>
<Action>settings</Action>
<Protocol>
<Type>EXCH</Type>
<Server>[email protected]</Server>
<ServerDN>/o=DOMAIN/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/[email protected]</ServerDN>
<ServerVersion>73C0834F</ServerVersion>
<MdbDN>/o=DOMAIN/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/[email protected]/cn=Microsoft Private MDB</MdbDN>
<ASUrl>https://webmail.xyz.com/ews/exchange.asmx</ASUrl>
<OOFUrl>https://webmail.xyz.com/ews/exchange.asmx</OOFUrl>
<OABUrl>https://webmail.xyz.com/OAB/6a6a06ad-4717-4636-bd98-0b4fa3aaf4a5/</OABUrl>
<UMUrl>https://webmail.xyz.com/ews/UM2007Legacy.asmx</UMUrl>
<Port>0</Port>
<DirectoryPort>0</DirectoryPort>
<ReferralPort>0</ReferralPort>
<PublicFolderServer>webmail.xyz.com</PublicFolderServer>
<AD>DC-03.domain.xyz.com</AD>
<EwsUrl>https://webmail.xyz.com/ews/exchange.asmx</EwsUrl>
<EmwsUrl>https://webmail.xyz.com/ews/exchange.asmx</EmwsUrl>
<EcpUrl>https://webmail.xyz.com/ecp/</EcpUrl>
<EcpUrl-um>?rfr=olk&p=customize/voicemail.aspx&exsvurl=1&realm=domain.xyz.com</EcpUrl-um>
<EcpUrl-aggr>?rfr=olk&p=personalsettings/EmailSubscriptions.slab&exsvurl=1&realm=domain.xyz.com</EcpUrl-aggr>
<EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?rfr=olk&exsvurl=1&IsOWA=<IsOWA>&MsgID=<MsgID>&Mbx=<Mbx>&realm=domain.xyz.com</EcpUrl-mt>
<EcpUrl-ret>?rfr=olk&p=organize/retentionpolicytags.slab&exsvurl=1&realm=domain.xyz.com</EcpUrl-ret>
<EcpUrl-sms>?rfr=olk&p=sms/textmessaging.slab&exsvurl=1&realm=domain.xyz.com</EcpUrl-sms>
<EcpUrl-photo>PersonalSettings/EditAccount.aspx?rfr=olk&chgPhoto=1&exsvurl=1&realm=domain.xyz.com</EcpUrl-photo>
<EcpUrl-tm>?rfr=olk&ftr=TeamMailbox&exsvurl=1&realm=domain.xyz.com</EcpUrl-tm>
<EcpUrl-tmCreating>?rfr=olk&ftr=TeamMailboxCreating&SPUrl=<SPUrl>&Title=<Title>&SPTMAppUrl=<SPTMAppUrl>&exsvurl=1&realm=domain.xyz.com</EcpUrl-tmCreating>
<EcpUrl-tmEditing>?rfr=olk&ftr=TeamMailboxEditing&Id=<Id>&exsvurl=1&realm=domain.xyz.com</EcpUrl-tmEditing>
<EcpUrl-extinstall>Extension/InstalledExtensions.slab?rfr=olk&exsvurl=1&realm=domain.xyz.com</EcpUrl-extinstall>
<ServerExclusiveConnect>off</ServerExclusiveConnect>
</Protocol>
<Protocol>
<Type>EXPR</Type>
<Server>webmail.xyz.com</Server>
<ASUrl>https://webmail.xyz.com/ews/exchange.asmx</ASUrl>
<OOFUrl>https://webmail.xyz.com/ews/exchange.asmx</OOFUrl>
<OABUrl>https://webmail.xyz.com/OAB/6a6a06ad-4717-4636-bd98-0b4fa3aaf4a5/</OABUrl>
<UMUrl>https://webmail.xyz.com/ews/UM2007Legacy.asmx</UMUrl>
<Port>0</Port>
<DirectoryPort>0</DirectoryPort>
<ReferralPort>0</ReferralPort>
<SSL>On</SSL>
<AuthPackage>Ntlm</AuthPackage>
<EwsUrl>https://webmail.xyz.com/ews/exchange.asmx</EwsUrl>
<EmwsUrl>https://webmail.xyz.com/ews/exchange.asmx</EmwsUrl>
<EcpUrl>https://webmail.xyz.com/ecp/</EcpUrl>
<EcpUrl-um>?rfr=olk&p=customize/voicemail.aspx&exsvurl=1&realm=domain.xyz.com</EcpUrl-um>
<EcpUrl-aggr>?rfr=olk&p=personalsettings/EmailSubscriptions.slab&exsvurl=1&realm=domain.xyz.com</EcpUrl-aggr>
<EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?rfr=olk&exsvurl=1&IsOWA=<IsOWA>&MsgID=<MsgID>&Mbx=<Mbx>&realm=domain.xyz.com</EcpUrl-mt>
<EcpUrl-ret>?rfr=olk&p=organize/retentionpolicytags.slab&exsvurl=1&realm=domain.xyz.com</EcpUrl-ret>
<EcpUrl-sms>?rfr=olk&p=sms/textmessaging.slab&exsvurl=1&realm=domain.xyz.com</EcpUrl-sms>
<EcpUrl-photo>PersonalSettings/EditAccount.aspx?rfr=olk&chgPhoto=1&exsvurl=1&realm=domain.xyz.com</EcpUrl-photo>
<EcpUrl-tm>?rfr=olk&ftr=TeamMailbox&exsvurl=1&realm=domain.xyz.com</EcpUrl-tm>
<EcpUrl-tmCreating>?rfr=olk&ftr=TeamMailboxCreating&SPUrl=<SPUrl>&Title=<Title>&SPTMAppUrl=<SPTMAppUrl>&exsvurl=1&realm=domain.xyz.com</EcpUrl-tmCreating>
<EcpUrl-tmEditing>?rfr=olk&ftr=TeamMailboxEditing&Id=<Id>&exsvurl=1&realm=domain.xyz.com</EcpUrl-tmEditing>
<EcpUrl-extinstall>Extension/InstalledExtensions.slab?rfr=olk&exsvurl=1&realm=domain.xyz.com</EcpUrl-extinstall>
<ServerExclusiveConnect>on</ServerExclusiveConnect>
<EwsPartnerUrl>https://webmail.xyz.com/ews/exchange.asmx</EwsPartnerUrl>
<GroupingInformation>Default-First-Site-Name</GroupingInformation>
</Protocol>
<Protocol>
<Type>WEB</Type>
<Port>0</Port>
<DirectoryPort>0</DirectoryPort>
<ReferralPort>0</ReferralPort>
<Internal>
<OWAUrl AuthenticationMethod="Basic, Fba">https://webmail.xyz.com/owa/</OWAUrl>
<Protocol>
<Type>EXCH</Type>
<ASUrl>https://webmail.xyz.com/ews/exchange.asmx</ASUrl>
</Protocol>
</Internal>
<External>
<OWAUrl AuthenticationMethod="Fba">https://webmail.xyz.com/owa/</OWAUrl>
<Protocol>
<Type>EXPR</Type>
<ASUrl>https://webmail.xyz.com/ews/exchange.asmx</ASUrl>
</Protocol>
</External>
</Protocol>
<Protocol>
<Type>EXHTTP</Type>
<Server>webmail.xyz.com</Server>
<ASUrl>https://webmail.xyz.com/ews/exchange.asmx</ASUrl>
<OOFUrl>https://webmail.xyz.com/ews/exchange.asmx</OOFUrl>
<OABUrl>https://webmail.xyz.com/OAB/6a6a06ad-4717-4636-bd98-0b4fa3aaf4a5/</OABUrl>
<UMUrl>https://webmail.xyz.com/ews/UM2007Legacy.asmx</UMUrl>
<Port>0</Port>
<DirectoryPort>0</DirectoryPort>
<ReferralPort>0</ReferralPort>
<SSL>On</SSL>
<AuthPackage>Ntlm</AuthPackage>
<EwsUrl>https://webmail.xyz.com/ews/exchange.asmx</EwsUrl>
<EmwsUrl>https://webmail.xyz.com/ews/exchange.asmx</EmwsUrl>
<EcpUrl>https://webmail.xyz.com/ecp/</EcpUrl>
<EcpUrl-um>?rfr=olk&p=customize/voicemail.aspx&exsvurl=1&realm=domain.xyz.com</EcpUrl-um>
<EcpUrl-aggr>?rfr=olk&p=personalsettings/EmailSubscriptions.slab&exsvurl=1&realm=domain.xyz.com</EcpUrl-aggr>
<EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?rfr=olk&exsvurl=1&IsOWA=<IsOWA>&MsgID=<MsgID>&Mbx=<Mbx>&realm=domain.xyz.com</EcpUrl-mt>
<EcpUrl-ret>?rfr=olk&p=organize/retentionpolicytags.slab&exsvurl=1&realm=domain.xyz.com</EcpUrl-ret>
<EcpUrl-sms>?rfr=olk&p=sms/textmessaging.slab&exsvurl=1&realm=domain.xyz.com</EcpUrl-sms>
<EcpUrl-photo>PersonalSettings/EditAccount.aspx?rfr=olk&chgPhoto=1&exsvurl=1&realm=domain.xyz.com</EcpUrl-photo>
<EcpUrl-tm>?rfr=olk&ftr=TeamMailbox&exsvurl=1&realm=domain.xyz.com</EcpUrl-tm>
<EcpUrl-tmCreating>?rfr=olk&ftr=TeamMailboxCreating&SPUrl=<SPUrl>&Title=<Title>&SPTMAppUrl=<SPTMAppUrl>&exsvurl=1&realm=domain.xyz.com</EcpUrl-tmCreating>
<EcpUrl-tmEditing>?rfr=olk&ftr=TeamMailboxEditing&Id=<Id>&exsvurl=1&realm=domain.xyz.com</EcpUrl-tmEditing>
<EcpUrl-extinstall>Extension/InstalledExtensions.slab?rfr=olk&exsvurl=1&realm=domain.xyz.com</EcpUrl-extinstall>
<ServerExclusiveConnect>On</ServerExclusiveConnect>
</Protocol>
<Protocol>
<Type>EXHTTP</Type>
<Server>webmail.xyz.com</Server>
<ASUrl>https://webmail.xyz.com/ews/exchange.asmx</ASUrl>
<OOFUrl>https://webmail.xyz.com/ews/exchange.asmx</OOFUrl>
<OABUrl>https://webmail.xyz.com/OAB/6a6a06ad-4717-4636-bd98-0b4fa3aaf4a5/</OABUrl>
<UMUrl>https://webmail.xyz.com/ews/UM2007Legacy.asmx</UMUrl>
<Port>0</Port>
<DirectoryPort>0</DirectoryPort>
<ReferralPort>0</ReferralPort>
<SSL>On</SSL>
<AuthPackage>Ntlm</AuthPackage>
<EwsUrl>https://webmail.xyz.com/ews/exchange.asmx</EwsUrl>
<EmwsUrl>https://webmail.xyz.com/ews/exchange.asmx</EmwsUrl>
<EcpUrl>https://webmail.xyz.com/ecp/</EcpUrl>
<EcpUrl-um>?rfr=olk&p=customize/voicemail.aspx&exsvurl=1&realm=domain.xyz.com</EcpUrl-um>
<EcpUrl-aggr>?rfr=olk&p=personalsettings/EmailSubscriptions.slab&exsvurl=1&realm=domain.xyz.com</EcpUrl-aggr>
<EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?rfr=olk&exsvurl=1&IsOWA=<IsOWA>&MsgID=<MsgID>&Mbx=<Mbx>&realm=domain.xyz.com</EcpUrl-mt>
<EcpUrl-ret>?rfr=olk&p=organize/retentionpolicytags.slab&exsvurl=1&realm=domain.xyz.com</EcpUrl-ret>
<EcpUrl-sms>?rfr=olk&p=sms/textmessaging.slab&exsvurl=1&realm=domain.xyz.com</EcpUrl-sms>
<EcpUrl-photo>PersonalSettings/EditAccount.aspx?rfr=olk&chgPhoto=1&exsvurl=1&realm=domain.xyz.com</EcpUrl-photo>
<EcpUrl-tm>?rfr=olk&ftr=TeamMailbox&exsvurl=1&realm=domain.xyz.com</EcpUrl-tm>
<EcpUrl-tmCreating>?rfr=olk&ftr=TeamMailboxCreating&SPUrl=<SPUrl>&Title=<Title>&SPTMAppUrl=<SPTMAppUrl>&exsvurl=1&realm=domain.xyz.com</EcpUrl-tmCreating>
<EcpUrl-tmEditing>?rfr=olk&ftr=TeamMailboxEditing&Id=<Id>&exsvurl=1&realm=domain.xyz.com</EcpUrl-tmEditing>
<EcpUrl-extinstall>Extension/InstalledExtensions.slab?rfr=olk&exsvurl=1&realm=domain.xyz.com</EcpUrl-extinstall>
<ServerExclusiveConnect>On</ServerExclusiveConnect>
</Protocol>
</Account>
</Response>
</Autodiscover>HTTP Response Headers:
request-id: 9d325a80-f1fd-4496-ac48-2be6bb782c28
X-CalculatedBETarget: Server01.domain.xyz.com
X-DiagInfo: Server01
X-BEServer: Server01
Persistent-Auth: true
X-FEServer: Server01
Content-Length: 11756
Cache-Control: private
Content-Type: text/xml; charset=utf-8
Date: Mon, 25 Aug 2014 19:12:25 GMT
Set-Cookie: X-BackEndCookie=S-1-5-21-1293235207-2459173341-1304346827-14544=u56Lnp2ejJqBypqcnsfJx5nSy8ucnNLLnJzP0sfKz8/Sy5nHmsiamZrMyZrLgYHPxtDNy9DNz87L387Gxc7Nxc3J; expires=Thu, 25-Sep-2014 00:12:26 GMT; path=/Autodiscover; secure; HttpOnly
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Elapsed Time: 756 ms.
Autodiscover settings for Outlook connectivity are being validated.
The Microsoft Connectivity Analyzer validated the Outlook Autodiscover settings.
Additional Details
Elapsed Time: 0 ms.
Testing RPC over HTTP connectivity to server webmail.xyz.com
RPC over HTTP connectivity was verified successfully.
Additional Details
HTTP Response Headers:
request-id: 835acf95-78b7-40ae-b232-117318d1577e
Server: Microsoft-IIS/8.5
WWW-Authenticate: Basic realm="webmail.xyz.com",Negotiate,NTLM
X-Powered-By: ASP.NET
X-FEServer: Server01
Date: Mon, 25 Aug 2014 19:12:26 GMT
Content-Length: 0
Elapsed Time: 7817 ms.
Test Steps
Attempting to resolve the host name webmail.xyz.com in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: x.x.x.x
Elapsed Time: 107 ms.
Testing TCP port 443 on host webmail.xyz.com to ensure it's listening and open.
The port was opened successfully.
Additional Details
Elapsed Time: 180 ms.
Testing the SSL certificate to make sure it's valid.
The certificate passed all validation requirements.
Additional Details
Elapsed Time: 303 ms.
Test Steps
The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server webmail.xyz.com on port 443.
The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
Additional Details
Remote Certificate Subject: CN=webmail.xyz.com, OU=Terms of use at www.verisign.com/rpa (c)05, Issuer: CN=VeriSign Class 3 Secure Server CA - G3, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign,
Inc.", C=US.
Elapsed Time: 224 ms.
Validating the certificate name.
The certificate name was validated successfully.
Additional Details
Host name webmail.xyz.com was found in the Certificate Subject Common name.
Elapsed Time: 0 ms.
Certificate trust is being validated.
The certificate is trusted and all certificates are present in the chain.
Test Steps
The Microsoft Connectivity Analyzer is attempting to build certificate chains for certificate CN=webmail.xyz.com, OU=Terms of use at www.verisign.com/rpa (c)05,
One or more certificate chains were constructed successfully.
Additional Details
A total of 1 chains were built. The highest quality chain ends in root certificate CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign,
Inc.", C=US.
Elapsed Time: 34 ms.
Analyzing the certificate chains for compatibility problems with versions of Windows.
Potential compatibility problems were identified with some versions of Windows.
Additional Details
The Microsoft Connectivity Analyzer can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the "Update Root Certificates" feature
isn't enabled.
Elapsed Time: 5 ms.
Testing the certificate date to confirm the certificate is valid.
Date validation passed. The certificate hasn't expired.
Additional Details
The certificate is valid. NotBefore = 1/3/2013 12:00:00 AM, NotAfter = 11/16/2015 11:59:59 PM
Elapsed Time: 0 ms.
Checking the IIS configuration for client certificate authentication.
Client certificate authentication wasn't detected.
Additional Details
Accept/Require Client Certificates isn't configured.
Elapsed Time: 298 ms.
Testing HTTP Authentication Methods for URL https://webmail.xyz.com/rpc/[email protected]:6002.
The HTTP authentication methods are correct.
Additional Details
The Microsoft Connectivity Analyzer found all expected authentication methods and no disallowed methods. Methods found: Basic, Negotiate, NTLMHTTP Response Headers:
request-id: 835acf95-78b7-40ae-b232-117318d1577e
Server: Microsoft-IIS/8.5
WWW-Authenticate: Basic realm="webmail.xyz.com",Negotiate,NTLM
X-Powered-By: ASP.NET
X-FEServer: Server01
Date: Mon, 25 Aug 2014 19:12:26 GMT
Content-Length: 0
Elapsed Time: 296 ms.
Attempting to ping RPC proxy webmail.xyz.com.
RPC Proxy was pinged successfully.
Additional Details
Elapsed Time: 454 ms.
Attempting to ping the MAPI Mail Store endpoint with identity: [email protected]:6001.
The endpoint was pinged successfully.
Additional Details
The endpoint responded in 0 ms.
Elapsed Time: 1007 ms.
Testing the MAPI Address Book endpoint on the Exchange server.
The address book endpoint was tested successfully.
Additional Details
Elapsed Time: 2177 ms.
Test Steps
Attempting to ping the MAPI Address Book endpoint with identity: [email protected]:6004.
The endpoint was pinged successfully.
Additional Details
The endpoint responded in 906 ms.
Elapsed Time: 918 ms.
Testing the address book "Check Name" operation for user [email protected] against server [email protected].
The test passed with some warnings encountered. Please expand the additional details.
Tell me more about this issue and how to resolve it
Additional Details
The address book Bind operation returned ecNotSupported. This typically indicates that your server requires encryption. The Microsoft Connectivity Analyzer will attempt the Address Book test again with encryption.
NSPI Status: 2147746050
Elapsed Time: 825 ms.
Testing the address book "Check Name" operation for user [email protected] against server [email protected].
Check Name succeeded.
Additional Details
DisplayName: Test Exch1, LegDN: /o=DOMAIN/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=add423106fbb47d5bf237462f52b8dab-Test Exch1
Elapsed Time: 433 ms.
Testing the MAPI Referral service on the Exchange Server.
The Referral service was tested successfully.
Additional Details
Elapsed Time: 1808 ms.
Test Steps
Attempting to ping the MAPI Referral Service endpoint with identity: [email protected]:6002.
The endpoint was pinged successfully.
Additional Details
The endpoint responded in 953 ms.
Elapsed Time: 949 ms.
Attempting to perform referral for user /o=DOMAIN/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=add423106fbb47d5bf237462f52b8dab-Test Exch1 on server [email protected].
We got the address book server successfully.
Additional Details
The server returned by the Referral service: [email protected]
Elapsed Time: 858 ms.
Testing the MAPI Address Book endpoint on the Exchange server.
The address book endpoint was tested successfully.
Additional Details
Elapsed Time: 626 ms.
Test Steps
Attempting to ping the MAPI Address Book endpoint with identity: [email protected]:6004.
The endpoint was pinged successfully.
Additional Details
The endpoint responded in 156 ms.
Elapsed Time: 154 ms.
Testing the address book "Check Name" operation for user [email protected] against server [email protected].
Check Name succeeded.
Additional Details
DisplayName: Test Exch1, LegDN: /o=DOMAIN/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=add423106fbb47d5bf237462f52b8dab-Test Exch1
Elapsed Time: 472 ms.
Testing the MAPI Mail Store endpoint on the Exchange server.
We successfully tested the Mail Store endpoint.
Additional Details
Elapsed Time: 555 ms.
Test Steps
Attempting to ping the MAPI Mail Store endpoint with identity: [email protected]:6001.
The endpoint was pinged successfully.
Additional Details
The endpoint responded in 234 ms.
Elapsed Time: 228 ms.
Attempting to log on to the Mailbox.
We were able to log on to the Mailbox.
Additional Details
Elapsed Time: 326 ms.
Maybe you are looking for
-
HT5538 using apple id on multiple devices
Do I create seperate apple Id's for my ipod and iphone, I want to share my itunes library with both devices?
-
Moving to a rural area with no fibre
Is the apple airport time machine compatable with the osprey 2 my current set up is provided by Virgin media and the router is connected to my apple airport which my wifi signal is distributed through the house from (backs up my laptop automatically
-
MS SQL Server 2008 -- Daily Backup
Hello, My real need is simply to do a daily backup of a database : I have SQL Server 2008 ( not express ) . My user is sa and has full control on the database. I have searched the web and found many places where they say to do a Task ->
-
My ipad 3 overheats and shuts down
My ipad3 overheats and shuts down
-
HT4061 What does it mean This is an imei number for a product that has been replaced!
What does it mean This is an imei number for a product that has been replaced?