Exchange 2013 autodiscover finds external & internal SSL certificate causing autodiscover to fail

<p>Hi:</p><p>I'm currently working on a windows 2012 server, with exchange 2013, lets say our internal domain is "cars.com" and ALSO the case for our external domain. We have purchased an SSL wildcard positive certificate
*.cars.com so that we could configure Outlook Anywhere, we have created the needed DNS records at godaddy and our internal server, OWA, ECP it all works if you go to  <a href="https://bird.cars.com/owa">https://bird.cars.com/owa</a>
because we have a DNS record for bird in godaddy and out local server, so all of that is working like a pro ! here comes the tricky part, our website is registered in godaddy but hosted by someone else a company called poetic systems; when we test the connection
with the remote connectivity analyzer website we get a very peculiar error that says SSL certificate not valid, now it provides the name of the certificate it found and is not ours, we found that the hosting company is listening in port 443, therefore, it
is pulling their self signed certificate also, does anyone have a fix for this, I have done this same setup before for other companies and this is the first time a situation like this happens. I REALLY NEED HELP !!!!!</p>

Hi,
According to your description, there is a certificate error when you test Outlook Anywhere connection by ExRCA.
If I misunderstand your meaning, please feel free to let me know.
And to understand more about the issue, I’d like to confirm the following information:
What’s detail error page?
Check the Outlook Anywhere configuration: get-outlookanywhere |fl
Check the certificate : get-exchangecertificate |fl
If you have any question, please feel free to let me know.
Thanks,
Angela Shi
TechNet Community Support

Similar Messages

Exchange 2013 autodiscover not working from Externally

Hi
i have exchange 2010 sp3(2Mb, 2hub/cas). I installed exchange 2013 servers(2MB, 2CAS). For coexistence i generated new certifcate with new cas from third party. I installed that certificate in that cas and assigned all services. i changed all my virtual
directories service url. I didnt import the new certificate to exchange 2010 cas server and i didnt change url to legacy link.But still iam able to check exchange 2010 user mailbox owa, activesync and autodiscover without any certificate error.
If i try to browse owa, its going to 2013 server, if user is exchange 2010 user and its redirecting to exchange 2010 owa with same link.
But i dont know how above things is working without importing to new certificate...
Main problem is i am not able to configure exchange 2013 users outlookanywhere, Autodiscover from externally...
So in tmg i pointed the outlook anywhere ip address new cas server, now both exchange 2010 and exchange 2013 users while OA from external, its keep on asking password... Not accepting it...
Please help me to fix this issue..

Hi ,
On TMG please have the outlook anywhere rule like below and check the status.
Step
1 :
On the TMG rule - >authentication delegation ---> select the option "no delegation users can authenticate directly"
Step
2 :
on the users tab in the TMG rule - just add "all users" group on that rule.
By having the above settings we have avoided the issues in your environment.
Note : Based on the above setting's , Each and everyone in exchange will have a access to the outlook anywhere from external world , because there would not be having any restriction on the TMG rules.
Please have a look in to the below link , it will give you some ideas which is related to TMG
http://blogs.technet.com/b/exchange/archive/2012/11/21/publishing-exchange-server-2013-using-tmg.aspx
Thanks & Regards S.Nithyanandham

Exchange 2013 - The name of the security certificate is invalid or does not match the name of the site

Hi,
I know this question has been asked a ton of times, but I haven't found any instance of this question asked for exchange 2013. Yes, I've seen Exchange 2010, Exchange 2007, but not Exchange 2013. The symptoms are all similar. Here is a description:
1 Exchange 2013 server, all roles installed.
External domain name: associates.com
Internal AD domain name: associates.local
Client installed a third party SSL certificate, but did not purchase a SAN or UC certificate, so there is one namespace on the SSL cert, and that represents the external OWA name: mail.associates.com
Now, when internal OUtlook 2010 clients start, they get the "The name of the security certificate is invalid or does not match the name of the site."
I'm just wondering if http://support.microsoft.com/kb/940726 still applies to Exchange 2013 to fix this issue. Does this article apply to Exchange 2013? If so, I will follow the above
article. If not, please direct me to any articles for Exchange 2013 that addresses this.
the autodiscoverserviceuri points to:
https://netbiosnameofmailserver.associates.local/Autodiscover/Autodiscover.xml
Thanks!
A

Yes, the http://support.microsoft.com/kb/940726 still applies to Exchange2013.
As per my understanding on this post;
- Poster's Exchange2013 has no SAN certificate.. (usually used for local address like; NETBIOS.Domain.lan). Be reminded that SSL providers will no longer accepts .LAN or .LOCAL in very near future.
- By default it uses local url for EWS, Autodiscover, etc.. (if you don't have SAN certificate installed in your CAS server, you would see the certi warning)
Anyway, I just want to share my case after applying the said work around long time ago (maybe some of you might encounter it as well): my Outlook still showed the certificate warning (I was just keep clicking the YES button).. I was wondering
that time what was wrong with my virtual directory settings.. until I decided to click "NO" for an answer to that certificate warning message, then voila! it didn't bug me anymore. Oh by the way, the certificate warning usually give you a hint
what triggers it like; "autodiscover.Domain.lan" on the first line of message, but in my case it just "NETBIOS.Domain.lan" (didn't make any sense, did it?).. Well, unfortunately I didn't have the chance to figure out what triggered that event..

Exchange 2010: How to renew an SSL certificate?

Hi all. I have done some reading but it seems I can't find just a simple step-by-step on how to renew an SSL certificate issued by a 3rd party CA for Exchange 2010. I really don't want to mess this one up by cobbling together partial answers
from various forums and end up omitting something, then being stuck unable to figure out why I broke email while the CEO flips out.
This is a standard GoDaddy 5-domain UCC certificate. There is only one Exchange server, SP3 (I don't think I have Rollup 6 on yet). The existing certificate expires in a month or so.
I have some specific questions but perhaps these would be answered via what I hope will be a step by step instruction set in your reply :) Sorry to appear lazy by asking for the full instructions just that so far no single forum post nor MS TechNet article
has addressed all my concerns, or in some cases information conflicts. So my concerns for example are: can you do a renewal for a certificate before the old one expires? It is actually a renewal, or are you adding a 2nd certificate?
Do you have to do anything in IIS or does EMC or EMS do all that for you?
Thank you.

-->Can you do a renewal for a certificate before the old one expires?
Yes. Normally 3rd party CA allows you to renew certificate before the current one expires.
-->It is actually a renewal, or are you adding a 2nd certificate?
You have to renew the certificate and a new/second certificate will be added to your server certificate store. Please check below for detailed step of Godaddy renewal. http://stevehardie.com/2013/10/how-to-renew-a-godaddy-exchange-2010-ssl-certificate/
-->Do you have to do anything in IIS or does EMC or EMS do all that for you?
You will have to do it from MMC or EMS. No need to do anything from IIS.
Follow the steps below to make your work easy or follow the video in this site site.http://www.netometer.com/video/tutorials/Exchange-2010-how-to-renew-SSL-certificate/
1. Run this command from EMS to generate CSR. You can see the CSR named "newcsr.txt" in C:\CSR
folder
Set-Content -path "C:\CSR\newcsr.txt" -Value (New-ExchangeCertificate -GenerateRequest -KeySize 2048 -SubjectName "c=US, s=WA, l=Bellavue, o=Contoso, cn=commonname.domain.com" -DomainName autodiscover.domain.com -PrivateKeyExportable $True)
2. Renew the certificate from Godaddy (from Godaddy portal) using the new CSR (i.e. newcsr.txt). Download the certificate from Godaddy after renewal.
3. Open Exchange MMC. Go to Server configuration. Right click on the pending request. Click on complete pending request and browse to the newly downloaded certificate. Make sure you have internet when doing this.
4. Assign services using the steps in the below site. Make sure you have selected the new certificate. You will see the thumbprint just before completion http://exchangeserverpro.com/how-to-assign-an-ssl-certificate-to-exchange-server-2010-services/
5.Delete the old one certificate from MMC.
From EMS use this command
Remove-ExchangeCertificate -Thumbprint <old cert thumprint>
You can see the the certificate thumprints using Get-ExchangeCertificate command
MAS. Please dont forget to mark as answer if it helped.

Exchange 2013 Public Folders external issues

Hello,
I am having some issues with gaining access to my public folders externally.
OS: Windows Server 2012 Datacenter
Exchange: 2013 with SP1
Domain: i.client.local
External & internal hostname: ex01.client.dk
I have tried from Windows 7 with Outlook 2010, and Windows 8 with Outlook 2013. (I have also tried to apply patch from: http://support.microsoft.com/kb/2839517)
If I try to access public folders, I get this error:
Cannot expand the folder. The set of folders cannot be opened. The attempt to log on to Microsoft Exchange.
If I try to access public folders with cache enabled, I get this error: http://support.microsoft.com/kb/2788136
I have tried deleting all public folders, public folder databases, and the related mailbox database. And creating all again, however
with same result.
[PS] C:\Windows\system32>Get-PublicFolder | fl
RunspaceId : a90240df-5376-4397-8c2a-4291a924e911
Identity : \
Name : IPM_SUBTREE
MailEnabled : False
MailRecipientGuid :
ParentPath :
ContentMailboxName : Public
ContentMailboxGuid : d97cbc5c-4c39-47c7-8b56-764396dc32ca
EformsLocaleId :
PerUserReadStateEnabled : True
EntryId : 00000000134872D0905F3849B78B9128A8B0CBE30100DF9CA23E198A714AB68A74F2C09F11020000000000020000
DumpsterEntryId : 00000000134872D0905F3849B78B9128A8B0CBE30100DF9CA23E198A714AB68A74F2C09F110200000000000A0000
ParentFolder : 00000000134872D0905F3849B78B9128A8B0CBE30100DF9CA23E198A714AB68A74F2C09F11020000000000010000
OrganizationId :
AgeLimit :
RetainDeletedItemsFor :
ProhibitPostQuota : Unlimited
IssueWarningQuota : Unlimited
MaxItemSize : Unlimited
LastMovedTime :
FolderSize : 0
HasSubfolders : True
FolderClass :
FolderPath : {}
DefaultFolderType : None
ExtendedFolderFlags : SharedViaExchange
MailboxOwnerId : i.client.local/Public
IsValid : True
ObjectState : Unchanged
[PS] C:\Windows\system32>Get-PublicFolder \ -GetChildren
Name Parent Path
Mira \
[PS] C:\Windows\system32>Get-OrganizationConfig | FL RootPublicFolderMailbox
RootPublicFolderMailbox : d97cbc5c-4c39-47c7-8b56-764396dc32ca
[PS] C:\Windows\system32>Get-Mailbox -PublicFolder | FL Name,ExchangeGuid
Name : Public
ExchangeGuid : d97cbc5c-4c39-47c7-8b56-764396dc32ca
I can easily access the Exchange-server internally and externally.
XML from Outlook "Test autoconfiguration" tool.
<?xml version="1.0" encoding="utf-8"?>
<Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
<Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">
<User>
<DisplayName>Alex Mathiasen</DisplayName>
<LegacyDN>/o=client/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=8cfd63e296ee4d6d99fa842a78584d43-Alex Mathiasen34410</LegacyDN>
<AutoDiscoverSMTPAddress>[email protected]</AutoDiscoverSMTPAddress>
<DeploymentId>823f5581-e9a1-4b8c-a79e-afcbe9900267</DeploymentId>
</User>
<Account>
<AccountType>email</AccountType>
<Action>settings</Action>
<MicrosoftOnline>False</MicrosoftOnline>
<Protocol>
<Type>EXCH</Type>
<Server>[email protected]</Server>
<ServerDN>/o=client/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/[email protected]</ServerDN>
<ServerVersion>73C0834F</ServerVersion>
<MdbDN>/o=client/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/[email protected]/cn=Microsoft Private MDB</MdbDN>
<PublicFolderServer>ex01.client.dk</PublicFolderServer>
<AD>ex01.i.client.local</AD>
<ASUrl>https://ex01.client.dk/ews/exchange.asmx</ASUrl>
<EwsUrl>https://ex01.client.dk/ews/exchange.asmx</EwsUrl>
<EmwsUrl>https://ex01.client.dk/ews/exchange.asmx</EmwsUrl>
<EcpUrl>https://ex01.client.dk/ecp/</EcpUrl>
<EcpUrl-um>?rfr=olk&p=customize/voicemail.aspx&exsvurl=1&realm=i.client.local</EcpUrl-um>
<EcpUrl-aggr>?rfr=olk&p=personalsettings/EmailSubscriptions.slab&exsvurl=1&realm=i.client.local</EcpUrl-aggr>
<EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?rfr=olk&exsvurl=1&IsOWA=<IsOWA>&MsgID=<MsgID>&Mbx=<Mbx>&realm=i.client.local</EcpUrl-mt>
<EcpUrl-ret>?rfr=olk&p=organize/retentionpolicytags.slab&exsvurl=1&realm=i.client.local</EcpUrl-ret>
<EcpUrl-sms>?rfr=olk&p=sms/textmessaging.slab&exsvurl=1&realm=i.client.local</EcpUrl-sms>
<EcpUrl-publish>customize/calendarpublishing.slab?rfr=olk&exsvurl=1&FldID=<FldID>&realm=i.client.local</EcpUrl-publish>
<EcpUrl-photo>PersonalSettings/EditAccount.aspx?rfr=olk&chgPhoto=1&exsvurl=1&realm=i.client.local</EcpUrl-photo>
<EcpUrl-extinstall>Extension/InstalledExtensions.slab?rfr=olk&exsvurl=1&realm=i.client.local</EcpUrl-extinstall>
<OOFUrl>https://ex01.client.dk/ews/exchange.asmx</OOFUrl>
<UMUrl>https://ex01.client.dk/ews/UM2007Legacy.asmx</UMUrl>
<OABUrl>https://ex01.client.dk/OAB/fa8a9ffb-9d6c-4d66-acec-e23c2cbc63d1/</OABUrl>
<ServerExclusiveConnect>off</ServerExclusiveConnect>
</Protocol>
<Protocol>
<Type>EXPR</Type>
<Server>ex01.client.dk</Server>
<SSL>On</SSL>
<AuthPackage>Ntlm</AuthPackage>
<ASUrl>https://ex01.client.dk/ews/exchange.asmx</ASUrl>
<EwsUrl>https://ex01.client.dk/ews/exchange.asmx</EwsUrl>
<EmwsUrl>https://ex01.client.dk/ews/exchange.asmx</EmwsUrl>
<EcpUrl>https://ex01.client.dk/ecp/</EcpUrl>
<EcpUrl-um>?rfr=olk&p=customize/voicemail.aspx&exsvurl=1&realm=i.client.local</EcpUrl-um>
<EcpUrl-aggr>?rfr=olk&p=personalsettings/EmailSubscriptions.slab&exsvurl=1&realm=i.client.local</EcpUrl-aggr>
<EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?rfr=olk&exsvurl=1&IsOWA=<IsOWA>&MsgID=<MsgID>&Mbx=<Mbx>&realm=i.client.local</EcpUrl-mt>
<EcpUrl-ret>?rfr=olk&p=organize/retentionpolicytags.slab&exsvurl=1&realm=i.client.local</EcpUrl-ret>
<EcpUrl-sms>?rfr=olk&p=sms/textmessaging.slab&exsvurl=1&realm=i.client.local</EcpUrl-sms>
<EcpUrl-publish>customize/calendarpublishing.slab?rfr=olk&exsvurl=1&FldID=<FldID>&realm=i.client.local</EcpUrl-publish>
<EcpUrl-photo>PersonalSettings/EditAccount.aspx?rfr=olk&chgPhoto=1&exsvurl=1&realm=i.client.local</EcpUrl-photo>
<EcpUrl-extinstall>Extension/InstalledExtensions.slab?rfr=olk&exsvurl=1&realm=i.client.local</EcpUrl-extinstall>
<OOFUrl>https://ex01.client.dk/ews/exchange.asmx</OOFUrl>
<UMUrl>https://ex01.client.dk/ews/UM2007Legacy.asmx</UMUrl>
<OABUrl>https://ex01.client.dk/OAB/fa8a9ffb-9d6c-4d66-acec-e23c2cbc63d1/</OABUrl>
<ServerExclusiveConnect>on</ServerExclusiveConnect>
<EwsPartnerUrl>https://ex01.client.dk/ews/exchange.asmx</EwsPartnerUrl>
<GroupingInformation>Default-First-Site-Name</GroupingInformation>
</Protocol>
<Protocol>
<Type>WEB</Type>
<Internal>
<OWAUrl AuthenticationMethod="Basic, Fba">https://ex01.client.dk/owa/</OWAUrl>
<Protocol>
<Type>EXCH</Type>
<ASUrl>https://ex01.client.dk/ews/exchange.asmx</ASUrl>
</Protocol>
</Internal>
<External>
<OWAUrl AuthenticationMethod="Fba">https://ex01.client.dk/owa/</OWAUrl>
<Protocol>
<Type>EXPR</Type>
<ASUrl>https://ex01.client.dk/ews/exchange.asmx</ASUrl>
</Protocol>
</External>
</Protocol>
<Protocol>
<Type>EXHTTP</Type>
<Server>ex01.client.dk</Server>
<SSL>On</SSL>
<AuthPackage>Ntlm</AuthPackage>
<ASUrl>https://ex01.client.dk/ews/exchange.asmx</ASUrl>
<EwsUrl>https://ex01.client.dk/ews/exchange.asmx</EwsUrl>
<EmwsUrl>https://ex01.client.dk/ews/exchange.asmx</EmwsUrl>
<EcpUrl>https://ex01.client.dk/ecp/</EcpUrl>
<EcpUrl-um>?rfr=olk&p=customize/voicemail.aspx&exsvurl=1&realm=i.client.local</EcpUrl-um>
<EcpUrl-aggr>?rfr=olk&p=personalsettings/EmailSubscriptions.slab&exsvurl=1&realm=i.client.local</EcpUrl-aggr>
<EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?rfr=olk&exsvurl=1&IsOWA=<IsOWA>&MsgID=<MsgID>&Mbx=<Mbx>&realm=i.client.local</EcpUrl-mt>
<EcpUrl-ret>?rfr=olk&p=organize/retentionpolicytags.slab&exsvurl=1&realm=i.client.local</EcpUrl-ret>
<EcpUrl-sms>?rfr=olk&p=sms/textmessaging.slab&exsvurl=1&realm=i.client.local</EcpUrl-sms>
<EcpUrl-publish>customize/calendarpublishing.slab?rfr=olk&exsvurl=1&FldID=<FldID>&realm=i.client.local</EcpUrl-publish>
<EcpUrl-photo>PersonalSettings/EditAccount.aspx?rfr=olk&chgPhoto=1&exsvurl=1&realm=i.client.local</EcpUrl-photo>
<EcpUrl-extinstall>Extension/InstalledExtensions.slab?rfr=olk&exsvurl=1&realm=i.client.local</EcpUrl-extinstall>
<OOFUrl>https://ex01.client.dk/ews/exchange.asmx</OOFUrl>
<UMUrl>https://ex01.client.dk/ews/UM2007Legacy.asmx</UMUrl>
<OABUrl>https://ex01.client.dk/OAB/fa8a9ffb-9d6c-4d66-acec-e23c2cbc63d1/</OABUrl>
<ServerExclusiveConnect>On</ServerExclusiveConnect>
</Protocol>
<Protocol>
<Type>EXHTTP</Type>
<Server>ex01.client.dk</Server>
<SSL>On</SSL>
<AuthPackage>Ntlm</AuthPackage>
<ASUrl>https://ex01.client.dk/ews/exchange.asmx</ASUrl>
<EwsUrl>https://ex01.client.dk/ews/exchange.asmx</EwsUrl>
<EmwsUrl>https://ex01.client.dk/ews/exchange.asmx</EmwsUrl>
<EcpUrl>https://ex01.client.dk/ecp/</EcpUrl>
<EcpUrl-um>?rfr=olk&p=customize/voicemail.aspx&exsvurl=1&realm=i.client.local</EcpUrl-um>
<EcpUrl-aggr>?rfr=olk&p=personalsettings/EmailSubscriptions.slab&exsvurl=1&realm=i.client.local</EcpUrl-aggr>
<EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?rfr=olk&exsvurl=1&IsOWA=<IsOWA>&MsgID=<MsgID>&Mbx=<Mbx>&realm=i.client.local</EcpUrl-mt>
<EcpUrl-ret>?rfr=olk&p=organize/retentionpolicytags.slab&exsvurl=1&realm=i.client.local</EcpUrl-ret>
<EcpUrl-sms>?rfr=olk&p=sms/textmessaging.slab&exsvurl=1&realm=i.client.local</EcpUrl-sms>
<EcpUrl-publish>customize/calendarpublishing.slab?rfr=olk&exsvurl=1&FldID=<FldID>&realm=i.client.local</EcpUrl-publish>
<EcpUrl-photo>PersonalSettings/EditAccount.aspx?rfr=olk&chgPhoto=1&exsvurl=1&realm=i.client.local</EcpUrl-photo>
<EcpUrl-extinstall>Extension/InstalledExtensions.slab?rfr=olk&exsvurl=1&realm=i.client.local</EcpUrl-extinstall>
<OOFUrl>https://ex01.client.dk/ews/exchange.asmx</OOFUrl>
<UMUrl>https://ex01.client.dk/ews/UM2007Legacy.asmx</UMUrl>
<OABUrl>https://ex01.client.dk/OAB/fa8a9ffb-9d6c-4d66-acec-e23c2cbc63d1/</OABUrl>
<ServerExclusiveConnect>On</ServerExclusiveConnect>
</Protocol>
<PublicFolderInformation>
<SmtpAddress>[email protected]</SmtpAddress>
</PublicFolderInformation>
</Account>
</Response>
</Autodiscover>

I can't access the public folders at all. Trying to access the public folders, result in the error from the following page: http://support.microsoft.com/kb/2788136,
or "Cannot expand the folder..."
It is affecting all users using this Exchange-server. I am actually having this error on two different Exchange-serverens at two different companies at the moment.
And it is a fresh Exchange 2013 environment in both cases.
PS: I discovered that the public folders works inside the same domain as the Exchange-server, however users can't access the public folders externally.
I also tried to use the Exchange-server as DNS, in order to be able to resolve i.client.local:
<PublicFolderInformation>
<SmtpAddress>[email protected]</SmtpAddress>
</PublicFolderInformation>
however I am still unable to open the public folders, even after being able to resolve the DNS name i.client.local.

Can we connect Outlook with Exchange 2013 with the default Self-signed certificate?

Hi,
the question is very simple, but after several days searching in this forums and in the web I have not been able to find a definitive answer YES or NOT. I know that Self-signed certificates are not for a production enviroment and only for labs and we must
purchase a third party certificate or get one from a internal CA.
Anyone can answer this question with no doubt?
Thanks in advance!
jspt

Hi Abhi,
I wrote this question because in a recent migration to 2013 from 2007 we've found with this problem: you can view it in the post http://social.technet.microsoft.com/Forums/exchange/en-US/1ddd1e81-1061-4461-95dd-13de653ef8fe/outlook-cant-connect-with-exchange-2013-after-migration-from-exchange-2007?forum=exchangesvrdeploy.
Also I have installed a new exchange 2013 in a lab enviroment and I also have unabled to connect from a Outlook 2013. The problem is the same Outlook is unable to detect the exchange server. Many people in this forums told me that have to be a certificate
problem and for that I posted this question. Honestly, I don't know how to do for Outlook can be connect with Exchange 2013. I don't know what I'm doing wrong.
Anyway thanks for your answer.
jspt

Exchange 2013 stops receiving external email after about 8 hours

Hello,
Just installed 2013 excahnge server 3 days ago. We noticed after the first night that we did not receive any external emails throughout the night. I could not find anything wrong with receive connectors. Telnet works internally when this
happens but NO access from public side testing with telnet. After I reboot the exchange server everything functions just fine and normal for about 8 hours until it happens again.
I dont know what to check or look for at this point. Very new to exchange 2013. Any kind of advice would be helpful at this time.
It is not a firewall issue. Same firewall and set of rules that we use for other/old mail servers. We only have 1 exchange server that has all roles.
Lead Pusher

OK... Did alot of testing and spent some time with Microsoft's support on the phone.
I believe there is actually two problems going on in this thread.
1. Exchange 2013 Admins that have changed the default receive connectors are experiencing a conflict on the scope settings. Make sure that none of the receive connectors are using the same ports, and that you have not modified the security settings in anyway
unless you really know what you are doing.
If you are unsure of what the settings should be after you have change them, the only suggestion I have right now, (as I have not taken the time to do screen shots or write down all the default settings) is to install Exchange 2013 on a virtual machine and
look at them, then change back the settings that do not match.
2. The Malware Agent has a flaw that is causing the the Microsoft Exchange Transport service to endlessly wait on the Malware Agent to process a message that it just can't handle. (Two reboots of the entire server may be needed to clear this, or sometimes
you can get away with restarting the Microsoft Exchange EdgeSync service.)
The Microsoft technician had me perform a sequence of steps that highlighted this. To see if this is infact your problem you can perform the following steps.
A) Once the Exchange server stops processing messages, figure out the rough time it stopped processing messages.
B) Open the event viewer.
C) Under "Windows Logs", right click "Application", select "Filter Current Log...", check "Warning" and "Error", then click "OK".
D) Scroll down the log to the rough time that your Exchange Server stopped processing messages. You are looking for a slew of errors about the same time from "MSExchange Extensibility" (1051), "MSExchange Transport" (9201), "MSExchange
Transport" (9201), "MSExchange Extensibility" (1056), "MSExchangeTransport" (10003), and "MSExchange Common" (4999).
It is the "MSExchangeTransport" (10003) that I believe is the real problem. The Microsoft technician agreed. He did not want to spectulate as to exactly what was going on, but it seems to me that since he had me disable the "Malware Agent"
for now, that it is indeed the problem.
E) So.... Open the Exchange Management Console and type "Disable-TransportAgent", followed by enter. It will prompt "Supply values for the following parameters:". Enter "Malware Agent", press enter again. Type "A",
for yes to all.
or
http://technet.microsoft.com/en-us/library/jj150526.aspx"
F) Go to run, enter "services.msc". On the window that opens, find "Micorosoft Exchange Transport" and restart it.
I know this is NOT a fix, but a work around that is less than desired as the Malware Agent is a filter to keep unwanted emails out. I highly recommend running some sort of 3rd party spam/Malware filter that has been fully tested to run with Exchange
2013 if you do this.
Microsoft is to contact me back once they can figure out why this is happening, and I believe in the end a patch for Exchange 2013 will be produce to correct the problem.
In the mean time.... don't waste your money on paying Micorosoft for support, as I have already done this.
For the individuals who say they are not experiencing trouble, I am going to go out on a limb here and say that either you have a 3rd party software program that is filtering the mail before it reaches the Malware Agent, you have disabled the Malware Agent,
or you are using another mail server to forward email to your Exchange 2013 server. With either of these cases you are much less likely to see this problem.
One last issue that a few people may be experiencing, is Exchange 2013, running on Server 2012 that is a VM. Several VM setups have a bug with the VM NIC management interface and Windows Server if you are using the same NIC for both. For example Xen
Server 5.6 and XEN XCP both have this bug. There is an patch for XEN Server 5.6, but so far nothing for Xen XCP.
I have spent many hours trying to figure my problems with Exchange 2013 and I will not swear that my entire post is correct, but I have gotten very much closer to a stable mail server after much work. If you feel that anything is incorrect, please reply
back and let me know why, so that we may all benifit.
P.S. Sorry for the mis-spellings and what not, I am very tired at the moment, and was forced to use explorer, because this site is not liking Chrome at the moment. (Will not let me login)

Exchange 2013 Autodiscover Android IOS not working

Hello,
I configured exchange 2013 in my organization. Android, thunderbird and IOS not working with autodiscover.
Windows Phone example Lumia worked with autodiscover correctly.
All needed DNS entry and certificate are uploaded to Exchange.
Test on https://testconnectivity.microsoft.com/ ended successfuly.
Can Android and IOS supported autodiscover.
BR/Lukas

Yes i try https://fqdn/Microsoft-Server-ActiveSync instead
I have White page nothing else.
IOS, Android work after manualy configured. Windows Phone work with autodiscover wonderfully
Ok we added public IP address to our CAS Server. Now from Internet i can login to /OWA or /ECP.
What next to do? Change autodiscover.domain.com Record A to point NAT IP address CAS server?
BR/Lukas

Mirgating ro exchange 2013 cant send email internally

Greetings,
I'm in the process of migrating our exchange 2010 environment to 213 Here is our current setup
2 2010 Exchange servers EX2010-01 (MB, CAS, TRANSPORT) EX2010-02 (MB) we have a DAG between 2 servers
I've installed 2 2013 Exchange servers EX2013-01 (MB,CAS) and EX2013-02 (MB-CAS) and created a DAG between 2 servers
I was able to successfully migrate one of the test mailboxes from 2010 to 2013 and added both 2013 servers to send connectors. I'm able to connect to Outlook/OWA on the LAN and send/receive emails to external accounts. I'm also able to receive
email from internal accounts. However I'm not able to send emails from Outlook to local users that are still connected to the old Exchange 2010. Looks like email goes out and showing in sent folder but never gets delivered to the local recipients
I checked exchange tracking log and I'm able to send email to myself by anyone else internally is showing as "submit storedriver"
alex serdyukov

Hi Alex，
According to your description, my understanding is that you cannot send email from the mailbox on exchange 2013 to the mailbox on exchange 2010, right?
Did you get any NDR message when you send email to internal user?
In addition, please check the permission of receive connector on exchange 2010 server :
Get-ReceiveConnector |fl name, permissiongroups
Best regards,
Niko Cheng
TechNet Community Support

Exchange 2013 autodiscover prompt

Hi,
Over the weekend i installed SP1 on our exchange 2013 DAG. Now users are getting an authentication prompt when opening outlook. This didn't happen prior to SP1.
When testing email auto configuration in outlook it prompts for auth, typing in my creds it goes through ok.
It looks like it getting a 401
I'm not sure what has changed but its very frustrating.
Any Ideas?

Please check the server settings on exchange... Update might change the the settings back to Basic. Roll back to NTLM to see what happens..
UMESH DEUJA MCP,MCTS,MCSA,CCNA

How to disable Exchange 2013 Outlook Anywhere for internal Outlook client

Hello;
By default, Exchange 2013's Outlook Anywhere is enable for all user mailbox, if I disable the Outlook Anywhere per user mailbox, the user will not able to connect his Outlook client to Exchange 2013. What is the best method to disable the Outlook anywhere
on mailbox but let the Outlook 2013 still able access to Exchg server.
The initial idea is to prevent user from access to company Exchange server from ANYWHERE, we just want to open the Outlook Anywhere for the authorized user only. Looks like Microsoft did not think about the security.
thanks!

Hello;
By default, Exchange 2013's Outlook Anywhere is enable for all user mailbox, if I disable the Outlook Anywhere per user mailbox, the user will not able to connect his Outlook client to Exchange 2013. What is the best method to disable the Outlook anywhere
on mailbox but let the Outlook 2013 still able access to Exchg server.
The initial idea is to prevent user from access to company Exchange server from ANYWHERE, we just want to open the Outlook Anywhere for the authorized user only. Looks like Microsoft did not think about the security.
thanks!
I don't understand your request. If you disabled Outlook Anywhere, Outlook will only be able to connect via IMAP or POP3.
If you want to disable this ability and allow some then perhaps use cas-mailbox to disable in bulk and then enable only those allowed:
http://technet.microsoft.com/en-us/library/bb125264(v=exchg.150).aspx
The MAPIBlockOutlookRpcHttp parameter enables or disables access to the mailbox by using Outlook Anywhere (RPC over HTTP) in Microsoft Outlook.
Valid values for this parameter are:
$true Only Outlook clients that aren't configured to use Outlook Anywhere (RPC over HTTP) are allowed to access the mailbox. By default, Outlook 2013 is configured to use Outlook Anywhere.
$false Outlook clients that are configured to use Outlook Anywhere (RPC over HTTP) are allowed to access the mailbox.
The default value is $false.
Twitter!:
Please Note: My Posts are provided “AS IS” without warranty of any kind, either expressed or implied.

Exchange 2013 SP1 - The attempt to search the administrator audit log failed.

During migration process from Exchange 2010 to 2013, after moving Arbitration mailbox from Exchange 2010 database to Exchange 2013 SP1 database, cmdlet Search-AdminAuditLog fails with following error.
The attempt to search the administrator audit log failed. Please try again later.
+ CategoryInfo : NotSpecified: (:) [Search-AdminAuditLog], AdminAuditLogSearchException
+ FullyQualifiedErrorId : [Server=EX2013,RequestId=517873e3-a623-4363-bfdc-e5aa23595c33,TimeStamp=29. 4. 2014
8:38:37] [FailureCategory=Cmdlet-AdminAuditLogSearchException] 2774D0CF,Microsoft.Exchange.Management.SystemConfig
urationTasks.SearchAdminAuditLog
+ PSComputerName : ex2013.domainname.local

Hi,
First, please make sure the Microsoft Exchange Search and the Microsoft Exchange Search Host Controller service are running and please run the get-mailbox -arbitration cmdlet to check the result.
Besides, please check the properties of the DiscoverySearchMailbox and verify that the homeMDB attribute is set to a mounted database.
If the steps above don't work, please try to re-create a new Discovery System Mailbox to check the result. You can refer to the following article.
Re-Create the Discovery System Mailbox
http://technet.microsoft.com/en-gb/library/gg588318(v=exchg.150).aspx
Best regards,
Belinda
Belinda Ma
TechNet Community Support

Exchange 2013 OWA - Restrict External access to OWA, while keeping internal access open

I'm looking for the best way to restrict users who can access OWA externally, while keeping internal access to OWA open to everyone. We would preferably like to control who has external access to OWA with an AD group. Users who have external access,
would need both external and internal access to OWA. Internal users would only have internal access to OWA.
TMG is off the table since it is EOL. Reverse proxy might be a possibility, but I'm running into issues with the security setup and passing credentials.
Does anyone know the best way of restricting external access without disabling internal access?
Thanks

Not sure if this still applies to 2013 or not, haven't tried yet...
http://blog.leederbyshire.com/2013/03/13/block-or-allow-selected-users-depending-on-location-and-ad-group-membership-in-microsoft-exchange-2010-outlook-web-app/
Blog |
Get Your Exchange Powershell Tip of the Day from here

Exchange 2013 Autodiscover priority set

In the environment four exchange server 2013. two in the server firm zone and another two is in the DMZ zone. In AD two autodiscover record are in server firm. no pointing for DMZ zone server. but in outlook by default audiscover connect to dmz zone server.
but i want to change the autodiscover priority. how can i configure that outlook autodiscover request not go to the dmz zone server.
Please suggest.

Hi ,
In addition to the david's suggestions ,please have a look in to the below points .
From you description i came to know you are having mbx and cas roles installed on four boxes.
Let me give you my suggestions .
whenever you install an client access server there will be an scp record created automatically for each servers in active directory.So in you case there will be four scp records .
please set the autodiscover internal uri for all the four cas servers like below and at the same time you should have to have the autodiscover name in san certificate .
https://autodiscover.yourdomain.local/Autodiscover/Autodiscover.xml
Go to dns in active directory .There you can find a zone name called yourdomain.local .
On that you should have to create a host A record for autodiscover like below
autodiscover.yourdomain.local - cas server 1 ip address (i.e. the server in lan network )
autodiscover.yourdomain.local - cas server 2 ip address (i.e. the server in lan network )
Don't create a host A record for server3 and server 4 which is in dmz network .
So when ever a client query for an autodiscover service it will get resolved in to two ip address (i.e server 1 & server 2 ) .Finally there would be no chance for the client to communicate the cas servers in DMZ zone .
Note : In some cases you internal domain and external domain will not be same .For that you should have to use the split dns .
Say for instance you internal domain would be domain.local and you external domain would be domain.com
On such cases you should have to create a new zone for domain.com .On that create Host A record for autodicover service (i.e.only for the cas servers in lan network)
Same time please clear me why you have placed two of your exchange server in dmz zone ?
Please reply me if you have any queries .
Regards
S.Nithyanandham
Thanks S.Nithyanandham

EXCHANGE 2013 - ECP AND OWA INTERNAL ERROR 500 - NEW INSTALL

Really hoping someone can help me here.
I first installed 2012 OS and 2013 exchange and users were getting 'Unable to open your default folder' when trying to open outlook. After much googling and nothing working I decided to put 2008 R2 on the server with 2013 Exchange. Now i am running into massive
issues.
Firstly i get Internal Errror 500 after putting in credentials for ECP and OWA. I did notice that it is also defaulting straight to this URL after entering password https://localhost/owa/auth.owa
I check the management shell and that connects without any issues. I also logged on to a computer to see what it did. After autodiscover it is not able to log onto server and then it looks like it is look for the old server information from previous server.
Any help would be appreciated. Can i do another reinstall of OS and how am i meant to remove the previous data that it seems the server has found?

Hi,
According to your description, I understand that cannot login internal ECP\OWA with error 500, also autodiscover failed.
If I misunderstand your concern, please do not hesitate to let me know.
I notice that autodiscover “looks like it is look for the old server information from previous server”, have you installed multiple version Exchange in your environment?
Please run below command to double check the virtual directory configuration:
Get-OutlookAnywhere | FL Identity,*Host*,*Auth*
Get-OwaVirtualDirectory | FL Identity,*url*,*auth*
Get-EcpVirtualDirectory | FL Identity,*url*,*auth*
Get-WebServicesVirtualDirectory | FL Identity,*url*,*auth*
Get-ClientAccessServer | FL Identity,*URI*,*auth*
Then, open IIS and check on the Application Pools to view whether MSExchangeOWAAppPool and MSExchangeECPAppPool is running on .NET Framework v4.0, and recycle virtual directory for test.
Additional, here’s a thread about “Removing Old Exchange and installing a new one”, for your reference:
https://social.technet.microsoft.com/forums/exchange/en-US/46ca107c-7ece-4da7-8aea-46b705793f37/removing-old-exchange-and-installing-a-new-one
Thanks
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
Allen Wang
TechNet Community Support

Exchange 2013 autodiscover finds external & internal SSL certificate causing autodiscover to fail

Similar Messages

Maybe you are looking for