Exchange 2010, Outlook Anywhere, Autodiscover, SAN Certs and ISA 2004

Similar Messages

• ISA 2006 publish Exchange 2010 Outlook Anywhere with KCD/NTLM and IPSEC - Problem

  Hi
  I have setup ISA 2006 to publish Exchange 2010 Outlook Anywhere with Kerberos Constrained Delegation and IPSEC.
  The clients have an IPSEC policy pushed to them via GPO.  The clients are windows 7 laptops and the ISA server is server 2003, so the IPSEC connection is IKE not AuthIP.
  However, it seems that the connection will work for a while, then all of a sudden stop working with zero trace of why.  I cant get the Oakley log to work and I cant see any traffic on the ISA.
  I am wondering if I need to publish the CRL's externally?  Currently we don't, and the Outlook Anywhere uses private certificates (as the whole point of IPSEC is to validate the internal certificate, there is no point in using
  public certificates).
  I have tried using the StrongCRLCheck=0 registry key in the IPsec Policy Agent on the windows 7 machine but it doesn't seem to make a difference.
  Any advice would be appreciated.
  Steven

  Hi,
  Firstly, have you received any related error messages in ISA server or on the clients' side? Besides, as you mentioned IPsec, did you have a VPN connection?
  In addition,
  While ISA 2006 only includes a Client Access Web Publishing Wizard for both Exchange 2003 and Exchange 2007. Which Exchange version you have chosen when publishing Exchange 2010?
  Please also make sure that you have selected the
  External interface for the web listener to listen on.
  Besides, the link below would be helpful to you:
  OWA publishing using Kerberos Constrained Delegation
  method for authentication delegation
  Best regards,
  Susie

• Exchange 2010+Outlook Anywhere+Windows XP not working together

  Hello,
  We have Exchange 2010 installed on Server 2008 R2. CAS/Hub/mailbox roles on same server. Outlook Anywhere is enabled and using a Go Daddy signed certificate for OWA. Now my problem is that Windows XP (w SP3) PC's that are not located inside domain and
  shoud use Outlook Anywhere cannot connect to that service. Outlook version is 2007 SP2. On the other hand, that same user can connect from a Windows 7 pc what is also located outside domain without problems. On XP pc windows keeps asking for password repeatedly,
  on W7 pc it asks it and accepts and logs the user in and connects it to his mailbox. I have read numerous posts about this kind of issue, put so far none of them helped me. The certificate is issued to mail.domainname.ee and autodiscover.domainname.ee. The
  internal name of the server is excha.domainname.ee, external name is mail.domainname.ee. Also I used the Set-OutlookProvider cmdlet to set EXPR to msstd:mail.domainname.ee and also tried msstd:excha.domainname.ee this change did not have any effect on XP pc.
  What is wrong in XP and Outlook 2007 combination not being able to connect to Echange 2010?

  I was suffering from a very similar issue.  The one major difference for me is that I was using a wildcard ssl certificate for "*.contoso.com" which was not matching with the server name of owa.contoso.com.
  Behaviour definitely seemed to only manifest with Windows XP on the open internet (not domain joined or internal) trying to use either Outlook 2007 or 2010 to connect to our internal Exchange 2010 server via RPC over HTTPS.  Autodiscover was successful
  but user would be repeatedly prompted for their credentials but they would never match.
  The key changes that seemed to fix this for us were to make these updates -
  Set-OutlookProvider EXPR -CertPrincipalName msstd:*.contoso.com
  alternatively if you dont care whether the proxy server name exactly matches your ssl cert you can do this (not recommended) -
  Set-OutlookProvider EXPR -CertPrincipalName none
  These commands manipulate the Microsoft Exchange Proxy Settings under the Outlook Anywhere options under the connection tab of your mail profile.  In particular the field labeled "Only connect to proxy servers that have this principal name in their
  certificate"
  Also, to force RPC over HTTPS and never try and timeout on TCP/IP connection (which cannot work through the firewall) -
  Set-OutlookProvider EXPR -OutlookProviderFlags:ServerExclusiveConnect
  This should click the checkbox for "On fast networks, connect using HTTP first, then connect using TCP/IP"
  This should then allow autoconfigure to work fine when setting up your mail profile.  If you want to check the settings page you should have something that looks like this -
  Finally, please note that Autodiscover settings are updated periodically not instantly. I believe it is something like every 15m or so.  As such, make the changes above and then wait for at least 15-30mins before making any other changes. 
  I ended up chasing my tail and then some complete red-herring *seemed* to fix the problem.  It was actually something that I had changed 20mins before!

• Exchange 2010 - Outlook Anywhere trying to connect to internal server name first before connecting to proxy server

  Hello,
  I have an Exchange 2010 question which I will post in the Exchange 2013 section since the Ask a question button in the legacy Exchange Servers section of technet takes me back to the part of Technet where I can only ask questions regarding Exchange 2013.
  If someone can point me to a part where I can place a question in an Exchange 2010 forum please let me know.
  We have Exchange 2010 setup with a CAS array listening to outlook.internaldomain.com
  We have TMG 2010 setup with a rule for Outlook Anywhere, the rule listens to mail.externaldomain.com and traffic that meets this rule is let through to outlook.internaldomain.com.
  When I fire up my laptop, which is connected to the internet, and start Outlook and let it configure my profile through autodiscover it sets it up correct and fills the Outlook profile with a servername stating outlook.internaldomain.com and a proxyserver
  to be used stating mail.externaldomain.com. After initial setup when my Outlook starts it almost immediatly prompts me for a username and a password so this is working fine.
  At the office we have an internal network segment where DHCP is servicing the connecting clients and giving them our internal DNS servers because they need connection to some other network segments which are not available to the internet. This network segment
  does not have access to our internal Exchange environment but has full access to the internet. Clients in this network segment do want to use Outlook so using Outlook Anywhere for them is the logical way to go. When I connect my laptop to this network segment
  I get handed an IP address and our internal DNS servers, when I start Outlook it takes about two minutes before a the credential prompt pops up and another 2 to 6 minutes after entering credentials before it says all folders are in sync. This is quite long
  and our clients find this unacceptable.
  I started testing what might be going on here and I have found that when I manually enter external DNS servers the Outlook password prompt will popup in seconds and all is working as expected so it seems Outlook is trying to connect to the internal servername
  when using our internal DNS servers (which can resolve outlook.internalnetwork.com) instead of directly going to the proxy server which is to be used for Outlook Anywhere.
  When I start a network monitor trace my thoughts are confirmed because when I am connected to the internal network segment OUTLOOK.EXE first tries to connect to outlook.internaldomain.com, it almost immediately gets a response stating that this route is
  inaccessible but OUTLOOK.EXE keeps on trying to connect untill some sort of time out is reached (somewhere around two minutes) after which it connects to mail.externaldomain.com and Outlook shows the credential prompt.
  So to round it up, when connected to DNS servers that can resolve the internal servername Outlook tries to connect to the internal servername in stead of the external name, Outlook does not reckognize the answer from the network that the internal route is
  not acessible (or it does but does nothing with this information).
  Has anybody experienced this behaviour in Outlook?
  Does anyone have a solution in where I can force Outlook to connect to it's proxyserver and disregard the internal servername?

  Thank you for your reply.
  The client computers that are experiencing the issues are not domain joined, the only reason I can think of why this is occurring is because the DNS servers are able to resolve the internal hostname of the server, but I would expect Outlook to always use
  the proxy server that has been set in the configuration of the Outlook profile. Or at least acknowledging the answer that the initially tried route is inaccessible and immediately continue to the proxy server.
  For setting the same hostname for internal and external use, we use different namespaces internally and externally, do you mean setting the external hostname on the CAS array for internal use ? Wouldn't that push all internal communication to the internet
  and to the outside interface of the TMG where the server is published with that hostname ?

• ISA 2006 publish Exchange 2010 Outlook Anywhere with Kerberos Constrained Delegation

  Hi,
  I have two Exchange 2010 Sp1 CAS with Windows Network Loadbalancing. I set up an alternate Serviceaccount and mapped the http,ExchangeMDB,PRF and ExchangeAB SPNs.
  Then i published the Exchange Services via ISA 2006. OWA is working using Internet -> via NTLM -> ISA(webmail.domain.com) -> via KCD -> CAS-Array(ex2010.domain.com)
  I tried the same with Outlook Anywhere (RPC over HTTP) without success.
  Authentication to the ISA via NTLM works fine, but i think the isa server cannot delegate the Credentials successfully to the CAS-Server.
  The ISA Log looks like:
  Allowed Connection ISA 24.11.2011 15:50:40
  Log type: Web Proxy (Reverse)
  Status: 403 Forbidden
  Rule: Exchange 2010 RPC
  Source: Internal (172.16.251.33)
  Destination: (172.18.10.182:443)
  Request: RPC_OUT_DATA
  http://webmail.domain.com/rpc/rpcproxy.dll?ex2010.domain.com:6001
  Filter information: Req ID: 108b89d8; Compression: client=No, server=No, compress rate=0% decompress rate=0%
  Protocol: https
  So i always get a 403 Forbidden from the CAS.
  I the IIS logfile from the cas server i see this entry:
  2011-11-24 15:51:37 172.18.10.182 RPC_OUT_DATA /rpc/rpcproxy.dll ex2010.domain.com:6001 443 - <ISA IP> MSRPC 401 1 2148074254 203
  I use the same Listener for OWA and Outlook Anywhere. Authentication Methods are Basic and Integrated. I forward the request to a webfarm which exists of the two physical CAS. Internal Site Name is set to the NLB name ex2010.domain.com, SPN is set to http/ex2010.domain.com
  Thanks for your support

  Hi, i ran into the same Problem.
  the steps above solved mine too (Creating a custom AppPool which runs under LocalSystem).
  I wonder why they included only the Script: convertoabtovdir.ps1
  http://social.technet.microsoft.com/Forums/en-US/Forefrontedgegeneral/thread/dc24ccd3-378a-47cc-bbbf-48236f8fe5b0
  Ist this a supported configuration (changing AppPool of RPC)?

• Exchange 2010 Outlook Anywhere issues

  I have an Exchange 2010 cas server that works fine with OWA internally and over the internet, and Outlook Anywhere works fine internally. When I try to access it outside the office though, the authentication prompt just keeps coming up for any user I try
  it on. I have used the connectivity analyzer, and it gives me what I've pasted below. I have disabled OA and uninstalled the RPC, rebooted and installed again and set it back up, with no luck. I've also tried both NTLM and Basic setups on the server side,
  and they both give the same error from outside the office. I also have checked my firewall settings, and everything is good. The only thing I can think of is that my reverse proxy is causing an issue. We have RHEL 5 with apache doing reverse proxy. Everything
  else works though, so I'm not sure why OA wouldn't?
  RPC Proxy can't be pinged.
  Additional Details
  An unexpected network-level exception was encountered. Exception details:
  Message: The remote server returned an error: (501) Not Implemented.
  Type: Microsoft.Exchange.Tools.ExRca.Extensions.MapiTransportException
  Stack trace:
     at Microsoft.Exchange.Tools.ExRca.Extensions.MapiRpcTestClient.PingProtocolProxy(String endpointIdentifier)
     at Microsoft.Exchange.Tools.ExRca.Tests.MapiPingProxyTest.PerformTestReally()
  Exception details:
  Message: The remote server returned an error: (501) Not Implemented.
  Type: System.Net.WebException
  Stack trace:
     at System.Net.HttpWebRequest.GetResponse()
     at RpcPingLib.RpcPing.PingProxy(String internalServerFqdn, String endpoint)
     at Microsoft.Exchange.Tools.ExRca.Extensions.MapiRpcTestClient.PingProtocolProxy(String endpointIdentifier)
  Elapsed Time: 198 ms.

  Hello
  501 is an internal server error.
  Please browse RPC virtual directory from outside, and see if you are getting a default response - Which should be a blank page.
  If you are not getting a blank page, then you need to troubleshoot that first - May be re-install RPC over HTTP.
  Let me know if you need any help
  AkashG || For any further queries, please mark an email to [email protected] ||

• Hello! How can i setup and what to enable that my secretary has my shared calendar on her Iphone and that she can edit it? We are on Exchange 2010, Outlook 2010, Iphone 4s. Can it be done through some app? Thank you!

  Hello! How can i setup and what to enable that my secretary has my shared calendar on her Iphone and that she can edit it? We are on Exchange 2010, Outlook 2010, Iphone 4s. Can it be done through some app? Thank you! I'm trying to avoid creating my exchange activesync account on her Iphone and then sync only my calendar.

  Thank you for your time. I'm trying to avoid that because she can then simply turn on mail syncronization and then she could read my mail. Another reason is our password policy, that enforces changing our windows logon password every 90 days. Of course changing windows logon passwords demands changing exchange account logon info (password) on Iphone. I have read somwhere that there was an app but it was removed from app store. Any other suggestions would be appreciated.

• Exchange 2010/Outlook 2010 Security Alert (...there is a problem with the site's security certificate.)

  I've been looking to resolve this issue for a while now and was hoping someone could help me understand my options.
  We have Exchange 2010 & Outlook 2010 in our environment. I've created a SSL cert for our ActiveSync from a reputable CA and unfortunately, as you may not be surprised, we are seeing an alert each time we open Outlook that states:
  "Security Alert; Information you exchange with this site cannot be viewed or changed by others. However, there is a problem with the site's security certificate.
  The name on the security certificate is invalid or does not match the name of the site."
  Of course my internal server name does not match my external server name. So the SSL I had created for use with OWA and ActiveSync is rejected by my internal Outlook clients.
  After doing some research I believe this is related to the Autodiscover service being configured with my internal server name and not my external name. 
  I've found some info about adding New-AutodiscoverVirtualDirectory and Set-ClientAccessServer commands and then found this article that might help.  (Configure
  Outlook Anywhere to Use Multiple SSL Certificates) but nothing is specific to my configuration and I'm concerned about what will happen to my existing configuration if this fails. 
  What happens when you run Set-ClientAccessServer? Does it retain and keep the old server config in place and add a new one or does it wipe it out? Will all of my devices need to be reconfigured?
  Same with New-AutodiscoverVirtualDirectory.  Does this simply add another virtual directory or is it going to overwrite my existing config?
  Then there is the question of whether or not any of this will actually address my issue at all.
  absolutezero273c

  Sorry.
  "[PS] C:\Windows\system32>Set-ClientAccessServer -Identity MailExt -AutoDiscoverServiceInternalUri "https://MailExt
  .contoso.com/autodiscover/autodiscover.xml"
  The operation couldn't be performed because object 'MailExt' couldn't be found on 'DomainController2.contoso.local'.
      + CategoryInfo          : NotSpecified: (0:Int32) [Set-ClientAccessServer], ManagementObjectNotFoundException
      + FullyQualifiedErrorId : 4D980455,Microsoft.Exchange.Management.SystemConfigurationTasks.SetClientAccessServer"...is the error I get.
  I've created the split zones and populated the Forward Lookup Zones as follows:
  CONTOSO.COM
  MailExt(CNAME)MailInt.contoso.local
  _tcp _autodiscover(SRV)MailExt.contoso.com
  CONTOSO.LOCAL
  MailInt(A)192.168.1.10
  MailExt(CNAME)MailInt.contoso.com
  One thing I did notice is that there isn't a _tcp _autodiscover entry for MailInt in my Forward Lookup Zones.  It was recommended that I make that entry for _tcp _autodiscover(SRV)MailExt.contoso.com in another post I read somewhere.
  I believe what I am trying to do is create a new autodiscover object as is shown here:
  I see there is a Get-ClientAccessServer & Set-ClientAccessServer command but I need to add a CAS. Does the Set-ClientAccessServer add or simply modify?
  Or would that require the New-AutodiscoverVirtualDirectory command? I read
  this page that discussed creating new virtual directories but that seemed a little risky without knowing all the ins and outs of how this service functions and to what degree this would affect the existing configuration.
  I was able to use the Set-ClientAccessServer command and change the actual internal autodiscoverUri to https://MailExt.contoso.com/autodiscover/autodiscover.xml but the name still says MailInt and I continue to get the SSL cert warnings because it is looking
  at MailInt.contoso.local.
  absolutezero273c

• Auth Package in Outlook Anywhere AutoDiscover is coming in incorrectly

  Let me describe our situation and environment:
  We have Exchange 2013 running in a 2008r2 level domain and are using Outlook Anywhere / AutoDiscovery to configure non-domain joined clients (this situation will change later, but our current priority is getting the Exchange server running and worrying and
  joining machines to the domain afterwards).  I had tried some configuration changes, which ultimately did not work, and I rolled back those changes.  On the ECP under Servers -> Servers -> My Exchange Server -> Outlook AnyWhere, there is
  a box that lets you choose between NTLM, Basic, and Negotiate authentication.  Exchange 2013 default is negotiate, which was working initially.  After rolling back my changes, however, my clients get repeated password prompts, and their passwords
  are rejected, if I have Outlook Anywhere authentication set to negotiate.  It works fine if I keep it set on NTLM.
  Under Servers -> Virtual Directories -> AutoDiscover (Default Website) -> Authentication, the boxes for Basic Authentication and Integrated Windows Authentication are checked.  These are the default values if I remember correctly.
  Even when I have my Outlook Anywhere authentication set to Negotiate, I have a section of code in the AutoDiscover XML file that Outlook pulls that looks like this:
  <Type>EXPR</Type>
  <Server>exchange.mycompany.com</Server>
  <SSL>On</SSL>
  <AuthPackage>Ntlm</AuthPackage>
  My research tells me that EXPR controls Outlook Anywhere (RPC over HTTP).  The AuthPackage seems to be incorrect here.  It's still giving me NTLM instead of Negotiate.  When I change Outlook Anywhere's authentication back to NTLM, everything
  works (after giving the server about fifteen minutes or so to update).
  What is the problem here?  Why does the autodiscover return the wrong auth package for Outlook Anywhere?  Is there a time delay between changing the authentication for Outlook Anywhere and Exchange updating my Outlook clients so that their settings
  match?  I know that if I go into an Outlook client that is getting prompted for a password after Outlook Anywhere authentication has been changed to Negotiate, I can manually adjust their Exchange Proxy Server settings and get it to work, but I really
  want the AutoDiscover to simply deliver the correct auth package to begin with.
  I don't mind using NTLM authentication; it works.  But I really need to know WHY this is happening and what to do to fix it.  Today, it may not matter, but it may matter in the future as network topology changes, and I will be expected to have
  the answer.
  To further clarify:
  When I run Get-OutlookAnywhere | fl name, *, my internal and external Client Authentication Methods are set to Negotiate, but I still get the entry I showed above in the AutoDiscover XML file that specifies NTLM.

  Outlook ignores the EXPR/EXCH values when connected to Exchange 2013 for autodiscovery, rather it dynamically builds the EXHTTP values based on the AutoD server settings and uses those instead. You should reference those ExHTTP settings when you
  look at the autodiscover results
  Twitter!:
  Please Note: My Posts are provided “AS IS” without warranty of any kind, either expressed or implied.
  I also have the following bit of code in the autodiscover file
  <Type>EXHTTP</Type>
  <Server>mail.mycompany.com</Server>
  <SSL>On</SSL>
  <AuthPackage>Ntlm</AuthPackage>
  This would seem to be the EXHTTP you were referencing.  Again, this value is coming out as NTLM after I change my Outlook Anywhere Authentication method in ECP to Negotiate.  Why?  Is there a delay between changing that setting in ECP and when
  it starts showing up in AutoDiscover queries?  If so, what is that delay and how can I change it or force it to update immediately?  Or is it that the setting in ECP does not change the auto discover setting and it has to be changed elsewhere? 
  If that's the case, what do I change, and where do I change it, to alter what autodiscover puts in for AuthPackage in the above snippet of code?

• "Resend" option is not working for specific user. "The Operation Failed" Exchange 2010 Outlook 2013

  Hi Everybody. I have a weird one for you.
  I have a user that gets an "operation failed" message whenever trying to use the "resend" option on any email (It's the one right under recall). I had tested up and down on her machine. Exchange 2010 Outlook 2013
  Ran in safe mode, recreated her profile, disabled virus scanning, repaired office. (weird, the font just changed sizes on me)
  After all of this I tested on other computers, other users seem to be able to "resend" just fine. However her account does not work on any computer I try, internal or external to the network.
  It looks more like a profile issue.
  She's a very active archivist, so she only has 486MB of space used by her mailbox.
  It's well under quota.
  It's been really puzzling me.
  MCSE 2003, Exchange. MCTS Vista, 7. Administrator of awful, neglected website http://timssims.net

  Hi Timssims,
  Since there is only one user in the org has this issue, it seems an issue on the Outlook client side.
  I suggest asking Outlook Forum for help so that we can get more professional suggestions.
  For your convenience:
  https://social.technet.microsoft.com/Forums/office/en-US/home?forum=outlook
  However I also have some suggestions for your reference:
  1. If this issue occur on Cached Mode, I suggest turning to Online Mode for testing.
  2. Please also paste the detailed error message if "operation failed" is not the
  complete information.
  3. If still not works after perform operations above (including suggestions from Outlook Forum), I suggest re-creating a new mailbox for the specific user just as Martin suggested.
  Thanks
  Mavis
  Mavis Huang
  TechNet Community Support

• Exchange 2010 & Outlook 2010 - Cached Mode "okay" work well for you?

  Hi All,
  On our Client Laptops/PCs we disabled cache mode a long time due to issues experienced with a combination Delegates and Cached Mode occasionally affecting Calendaring.  We'd end up with vanishing appointments, etc.
  What I'd like to know from you is if you've had a positive experience with Exchange 2010 & Outlook 2010 32bit.  If you could impart any gotchas, etc.  Our environment is fairly vanilla with a total of 1500 Users.
  Thank you very much for your time,
  Mr Mister

  Hi,
  I am using myself outlook 2007 over than WAN (VPN) connection with Exchange 2010 SP2 with about 3 GB mailbox and i personally have not faced any issues. Also, we have about 600 usres with more than 2 GB mailboxes using Outlook 2010 in online mode and
  there are not many issues other than email with rich text format with screen shots attached in the mail body causing outlook hang. if we use the same email in html then no issues.
  It all depends on the sizing of your CAS and mailbox servers and also on the NIC speed configured on the server. I personally feel that we should have NIC card set to 1GB on the servers also the backup and replication should be on seperate dedicated LAN.

• Exchange 2010 disconnect AD user from mailbox and reconnect the mailbox to a new copy of the same user with a different username

  How can i get the following done:
  Exchange 2010 disconnect AD user from mailbox and reconnect the mailbox to a new copy of the same user with a different username?
  i nmust do this for 16 users TODAY, SO PLEASE HELP ME OUT HERE.
  Thanks in advance!!
  kind regards,
  Rene Veldman
  System Administrator Teidem bv, The Netherlands.

  Rene,
  Why are you not changing the username of the existing account, instead of deleting the existing one and creating a new one?
  If you truly need to delete and create new, you can save the GUID for the mailbox (Get-MailboxStatistics <mailbox alias> | Fl MailboxGuid), mail disable the existing account (Disable-Mailbox <mailbox alias>
  will work), clean the mailbox database it was hosted on (Clean-MailboxDatabase
  <database name>), then create your new account and recover the existing mailbox to that new account (Connect-Mailbox -Identity <Guid from before> -Database <Database name> -User <SAM account name of new account> -Alias
  <what you wish to set the alias to>).  In PowerShell, for all steps, you would do the following:
  $MbxAlias = <mailbox alias>
  $NewMbxAcct = <SAM Account Name for new account>
  $NewMbxAlias = <new alias for mailbox>
  $DomCtrl = (dir env:\LOGONSERVER).Value.Substring(2)
  $MbxGuid = (Get-MailboxStatistics $MbxAlias -DomainController $DomCtrl).MailboxGuid
  $MbxDb = (Get-Mailbox $MbxAlias -DomainController $DomCtrl).Database
  Disable-Mailbox $MbxAlias
  Clean-MailboxDatabase $MbxDb
  Connect-Mailbox -Identity $MbxGuid -Database $MbxDb -User $NewMbxAcct -Alias $NewMbxAlias -DomainController $DomCtrl
  You will need to supply the information in bold in the above commands, and you will need to create the new account before you run the above commands.  I include direct use of a specific domain controller so you won't need to worry about replication. 
  If you are changing the account from one domain to another, this will not help, and you will need to wait for replication throughout the process, running the commands individually.

• Exchange 2007 - Outlook Anywhere problems after installing new SSL cert

  *** Original thread posted on wrong forum ***
  Hi all,
  Exchange 2007 environment (2x CAS, ISA2006). Not much familiar with Exchange.
  Problem: 20-odd machines off the domain use Outlook Anywhere (XP with Outlook 2010). AUthentication pop-up and not able to connect.
  Company has recently changed its name and we have to renewed the SSL cert. Previous SSL cert. was issued to: webmail.oldcompname.co.uk (several SANs on that cert., including internal server names).
  Applied for a new UCC SSL cert issued to: newcompanyname.com (also includes webmail.newcompanyname.com ; autodiscover.newcompanyname.com + old SANs).
  The setting on those machines point the proxy to the following:
  Https://webmail.oldcompname.co.uk (which is fine since it is in the cert and can be accessed)
  Only connect to proxy servers that have this principal name in their cert.: 
  msstd:webmail.oldcompname.co.uk (I believe this is the problem since the new UCC SSL cert. was issued to newcompanyname.com).
  Browsing technet + internet it seems that I need to look into OutlookProvider EXPR.
  When I run Get-OutlookProvider everything is blank (I believe I should be concerned to EXPR only for Outlook Anywhere).
  I am thinking of running: Set-OutlookProvider -Identity EXPR -CertPrincipalName msstd:newcomanyname.com
  My only concern is whether this might break something else in the Exchange environment, especially as we have 100+ users on smartphones connecting via SSL on webmail.oldcompname.co.uk
  Is it save to run this command? Do I need to re-start IIS? Do I need to look into any settings on ISA2006?
  Comments/help are much appreciated.
  Regards 

  Hi,
  According to the description, I found that we re-new a SSL certificate.
  "I am thinking of running: Set-OutlookProvider -Identity EXPR -CertPrincipalName msstd:newcomanyname.com"
  Just do it. Then remove the old certificate on ISA server and install a new one.
  Found a similar thread for your reference:
  Renewal of SSL certificate in exchange 2007 with ISA 2006
  http://social.technet.microsoft.com/Forums/exchange/en-US/25770038-8491-470a-92fa-8ae50674b7a6/renewal-of-ssl-certificate-in-exchange-2007-with-isa-2006
  Hope it is helpful
  Thanks
  Mavis
  Mavis Huang
  TechNet Community Support

• Updated: Event ID 1006 - Can not delete Mails in OWA after installing SP1 (Exchange 2010) = Outlook and OWA Light are OK

  Hi all,
  4 Exchange Servers (2 DB + 2 CAS NLB Cluster) all Exchange 2010 SP1
  Outlook work fine.
  If I delete a message in OWA i became the following errors:
  Internet Explorer:
  Die Netzwerkverbindung ist nicht verfügbar. Wenn das Problem weiterhin auftritt, wenden Sie sich mit folgendem HTTP-Statuscode an den Helpdesk: 0.
  Translation: The networkconnection is not available. If it happens again, contact the helpdesk with HTTP statuscode 0
  Firefox:
  Die Netzwerkverbindung ist nicht verfügbar. Wenn das Problem weiterhin auftritt, wenden Sie sich mit folgendem HTTP-Statuscode an den Helpdesk: 302.
  Translation: The networkconnection is not available. If it happens again, contact the helpdesk with HTTP statuscode 302
  Event ID 1006 MSExchange Mailbox Replication
  Fehler: MapiExceptionNetworkError: Unable to make connection to the server. (hr=0x80040115, ec=-2147221227)
  Before SP1 it worked fine.
  Can somebody help me ?
  Kind regards Andy

  Hi,
  First, I would like to confirm the following questions:
  1. Does the issue occur on certain user mailbox via OWA or each user mailbox?
  2. Which OWA folder’s email cannot be deleted, Inbox, Sent Items or each folder?
  3. Which version of operating system is installed on the client machine, Windows XP, Windows Vista or Windows 7?
  At this stage, I suggest you temporarily disable firewall and anti-spam for a test. If the emails still cannot be removed via OWA, please refer to the following article
  and use isinteg tool to check and repair Information Store.
  Description of the Isinteg utility
  Thanks.
  Novak Wu-MSFT

• Exchange 2010 .Disable external access for Autodiscovery and RPC

  Hi Team,
  Once i publish my Owa page in exchange 2010 .Automatically i was able to access.
  https://domainname.com/autodicovery
  https://domainname.com/rpc
  https://domainname.com/owa/oma
  I need to block access from external world to these websites.Pls help

  Hi,
  Before we go further, I'd like to confirm if you want to block external Outlook access. If yes, we can disable Outlook Anywhere since external Outlook access use Outlook Anywhere to connect to server.
  Additionally, there are three methods for external Outlook users to connect to Autodiscover service. If we don't add public A record and SRV record, Autodiscover cannot work.
  And we can separate web sites for internal access and external access and don't add Autodiscover and RPC virtual directories in the external access web site. and here is an article about OWA virtual directory, and you can refer to the article for Autodiscover
  and RPC:
  http://blogs.technet.com/b/messaging_with_communications/archive/2011/05/02/how-to-block-owa-for-external-users.aspx
  Thanks,
  Angela Shi
  TechNet Community Support