Exchange 2013 EAC- block external access only

This question I'm sure has been asked many times- but it must be possible to block EAC externally and still allow ECP and OWA externally. I need EAC to work internally only.I'm aware of the official response on this (not possible) but has anyone come
up with a way that does not use dedicated IP's. We have F5's at the gateway so maybe filter out the URL? Any suggestions?

The best approach that I've seen, so far, is something close to what Sathish suggested:
1. You need to disable EAC on the default web site - both for internal and external users.
2. Create a new ECP virtual directory, using a different internal IP. That IP will not be translated and accessible from the Internet. Everybody on the local LAN will have access to it.
Step by Step Screencasts and Video Tutorials

Similar Messages

Exchange 2013 OWA - Restrict External access to OWA, while keeping internal access open

I'm looking for the best way to restrict users who can access OWA externally, while keeping internal access to OWA open to everyone. We would preferably like to control who has external access to OWA with an AD group. Users who have external access,
would need both external and internal access to OWA. Internal users would only have internal access to OWA.
TMG is off the table since it is EOL. Reverse proxy might be a possibility, but I'm running into issues with the security setup and passing credentials.
Does anyone know the best way of restricting external access without disabling internal access?
Thanks

Not sure if this still applies to 2013 or not, haven't tried yet...
http://blog.leederbyshire.com/2013/03/13/block-or-allow-selected-users-depending-on-location-and-ad-group-membership-in-microsoft-exchange-2010-outlook-web-app/
Blog |
Get Your Exchange Powershell Tip of the Day from here

Exchange 2013 EAC will not run with Exchange 2010 CAS\HT servers shut down.

Hi Folks,
A little background - We have just migrated all our user mailboxes and public folders to Office 365 using a hybrid configuration. Now that the migration is essentially finished, I'd like to decommission our on-prem Exchange infrastructure and remove the
hybrid config. We are using dirsync with password sync to replicate our AD to the cloud.
I've read that even if you remove your hybrid configuration, it's a good idea to keep one on-prem Exchange server around so you can edit Exchange attribs (such as email addresses) in a supported manner, rather than using ASDI edit, etc.
To this end, I installed a single Exchange 2013 CA\MBX server. After installation, the EAC worked fine, and I was able to view our on-prem users, groups, etc. Last week, I shut down our two Exchange 2010 CAS\HT servers as a test to see if anything broke
prior to decommissioning them (these were the hybrid servers as well). After doing so, the Exchange 2013 EAC no longer works for some reason, and behaves in a very bizarre fashion. About once every 20 times or so, it will actually start and run. The other
times, it just has you enter your creds, then generates an HTTP 500 internal server error after entering them. It seems to make no difference if you attempt to access it by the fqdn, hostname, or localhost right on the box itself. Same behavior on Chrome or
IE.
Today as a test, I started up one of the 2010 CAS servers and lo and behold, the 2013 EAC ran without difficulty again. Any idea why this might be so? Thanks for any help,
Ian

Hi,
From your description, I recommend you use the following URL to check if you can access EAC. I see it works for several people about this issue.
https://<Exchange 2013 CAS FQDN>/ecp?ExchClientVer=15
Hope it helps.
Best regards,
Amy Wang
TechNet Community Support

Exchange 2013 EAC coexistence with Exchange 2007

Dear All,
I have an exchange organization comprized of single Exchange 2007 SP3 UR 15 running on Win2008 SP2 and two recently installed Exchange 2013 SP1 CU7 with CAS and Mailbox role running on Win 2012 R2.
Imidiantly after Exchange 2013 install, I am not able to login to Exchange 2013 EAC. When I enter my credentials domain\username, the EAC page simpli dose a quick refresh and I am back where I started.
I have tryid mutiple UTLs to access EAC page, such as:
https://localhost/ecp?ExchClientVer=15
https://localhost/ecp?ExchClientVer=14
https://localhost/ecp
Each of them show the same result, a page gets refreshet. I have tryid to move my Exchange Organization user mailbox to Exchange 2013 to see if that helps but the result.
I also noticed that OWA dosent work for mailboxes that are on Exchange 2013, they are redirected to Exchange 2007 even thou they are on Exchange 2013.
Any idea on this one?
Thank you
b.

Hi,
From your description, I would like to verify if you have configured Exchange 2013 namespace and virtual directories (such as OWA, ECP, OAB, Web Services, AutoDiscover)correctly. Please make sure these virtual directories are configured correctly and check
the result.
For more information about Exchange 2007 migration to Exchange 2013, here is a helpful blog for your reference.
Step-by-Step Exchange 2007 to 2013 Migration
http://blogs.technet.com/b/meamcs/archive/2013/07/25/part-2-step-by-step-exchange-2007-to-2013-migration.aspx
Hope this can be helpful to you.
Best regards,
If you have feedback for TechNet Subscriber Support, contact
[email protected]
Amy Wang
TechNet Community Support

Exchange 2013 sp1 affects OWA access on substandard port

Prior to SP1 i was able to run owa on port 9443. This is now an issue on sp1.
From testing what i have found is that when you access owa on a substandard port you are redirected to the auth/logon.aspx page on port 443 despite the fact that you accessed the site on a different port. After i login to the auth page i am correctly redirected
back onto port 9443. The issue is that the environment i am in does not permit me to port forward 443 to the server therefore owa no longer works in this circumstance. I tried playing with urlrewrite but i believe there is a module in exchange that is fighting
the rewrite. Is it possible to have this addressed? Assuming port 443 for the login page seems like a mistake since i am able to specify the port in the external url address for all services.

ya that is already done definitely not a binding issue, basically the site works on 9443 but there is an assumption of port 443 in a few key areas.
if i goto https://fqdn.com:9443/owa it redirects me to https://fqdn.com/owa/auth/logon.aspx on port
443 if i do this from the outside world i get a 404 because i cannot forward port 443 to my test server(isp blocks 443)
if i manually go to https://fqdn.com:9443/owa/auth/logon.aspx i can log in and everything works fine. if i type my password in wrong i get redirected to 443 again though and it breaks my external access. whatever redirects you to the auth/logon.aspx
part has some logic that no longer takes into account a substandard port. it worked prior to sp1.
based on this i am either hunting a setting somewhere, or i need advice on maybe using urlrewrite to circumvent the behaivor so that iis doesnt revert to 443 when exchange incorrectly does.
for the time being this is a test box accessed only by me, so i can live with linking directly to the logon.aspx page on 9443, i would just like to resolve it if i can, or atleast determine this is intended behavior and substandard ports are no longer supported.
there are kbs published by microsoft for changing owa ports on exchange 2010 so it doesnt seem like the process is all that unsupported.

Exchange 2013 EAC Service Pack 1 New mailbox cannot see all OUs when selecting Browse with "Exchange Organization Management " permissions

Single forest 2 Domains. When I go to create a new mailbox in the Exchange Admin Centre and "Browse" the Organizational Unit. I can only see a few OU in the Parent Domain and most in the Child Domain. I have tried "expand All" and
cannot see anywhere in the EAC to set a "Recipient Scope". The account I am using has "Exchange Organization Management " rights and is a Domain Admin as well.
The Exchange servers are members of the Root Domain.
In the "Select an Organizational Unit" menu there is a message "There are more results available than are currently displayed". I have tried searching as well and cannot find OUs that I should be able to.
All the servers have had Exchange 2013 Service pack 1 installed.
Any suggestions?
Regards,
John

Changing that setting resulted in the ECP site being inaccessible. So I changed it back
I have copied the user accounts to test with.
Originals:
User1: can see OU's when making a new user through the ECP (access: domain, exchange recipient admin)
User2: cannot. (Enterprise, domain, exchange, schema admin)
Test users:
test user1: copied from user 1, cannot see any OU's when creating a new user.
test user2: copied from user 2, can see all OU's when creating a new user.

Exchange 2013 stops receiving external email after about 8 hours

Hello,
Just installed 2013 excahnge server 3 days ago. We noticed after the first night that we did not receive any external emails throughout the night. I could not find anything wrong with receive connectors. Telnet works internally when this
happens but NO access from public side testing with telnet. After I reboot the exchange server everything functions just fine and normal for about 8 hours until it happens again.
I dont know what to check or look for at this point. Very new to exchange 2013. Any kind of advice would be helpful at this time.
It is not a firewall issue. Same firewall and set of rules that we use for other/old mail servers. We only have 1 exchange server that has all roles.
Lead Pusher

OK... Did alot of testing and spent some time with Microsoft's support on the phone.
I believe there is actually two problems going on in this thread.
1. Exchange 2013 Admins that have changed the default receive connectors are experiencing a conflict on the scope settings. Make sure that none of the receive connectors are using the same ports, and that you have not modified the security settings in anyway
unless you really know what you are doing.
If you are unsure of what the settings should be after you have change them, the only suggestion I have right now, (as I have not taken the time to do screen shots or write down all the default settings) is to install Exchange 2013 on a virtual machine and
look at them, then change back the settings that do not match.
2. The Malware Agent has a flaw that is causing the the Microsoft Exchange Transport service to endlessly wait on the Malware Agent to process a message that it just can't handle. (Two reboots of the entire server may be needed to clear this, or sometimes
you can get away with restarting the Microsoft Exchange EdgeSync service.)
The Microsoft technician had me perform a sequence of steps that highlighted this. To see if this is infact your problem you can perform the following steps.
A) Once the Exchange server stops processing messages, figure out the rough time it stopped processing messages.
B) Open the event viewer.
C) Under "Windows Logs", right click "Application", select "Filter Current Log...", check "Warning" and "Error", then click "OK".
D) Scroll down the log to the rough time that your Exchange Server stopped processing messages. You are looking for a slew of errors about the same time from "MSExchange Extensibility" (1051), "MSExchange Transport" (9201), "MSExchange
Transport" (9201), "MSExchange Extensibility" (1056), "MSExchangeTransport" (10003), and "MSExchange Common" (4999).
It is the "MSExchangeTransport" (10003) that I believe is the real problem. The Microsoft technician agreed. He did not want to spectulate as to exactly what was going on, but it seems to me that since he had me disable the "Malware Agent"
for now, that it is indeed the problem.
E) So.... Open the Exchange Management Console and type "Disable-TransportAgent", followed by enter. It will prompt "Supply values for the following parameters:". Enter "Malware Agent", press enter again. Type "A",
for yes to all.
or
http://technet.microsoft.com/en-us/library/jj150526.aspx"
F) Go to run, enter "services.msc". On the window that opens, find "Micorosoft Exchange Transport" and restart it.
I know this is NOT a fix, but a work around that is less than desired as the Malware Agent is a filter to keep unwanted emails out. I highly recommend running some sort of 3rd party spam/Malware filter that has been fully tested to run with Exchange
2013 if you do this.
Microsoft is to contact me back once they can figure out why this is happening, and I believe in the end a patch for Exchange 2013 will be produce to correct the problem.
In the mean time.... don't waste your money on paying Micorosoft for support, as I have already done this.
For the individuals who say they are not experiencing trouble, I am going to go out on a limb here and say that either you have a 3rd party software program that is filtering the mail before it reaches the Malware Agent, you have disabled the Malware Agent,
or you are using another mail server to forward email to your Exchange 2013 server. With either of these cases you are much less likely to see this problem.
One last issue that a few people may be experiencing, is Exchange 2013, running on Server 2012 that is a VM. Several VM setups have a bug with the VM NIC management interface and Windows Server if you are using the same NIC for both. For example Xen
Server 5.6 and XEN XCP both have this bug. There is an patch for XEN Server 5.6, but so far nothing for Xen XCP.
I have spent many hours trying to figure my problems with Exchange 2013 and I will not swear that my entire post is correct, but I have gotten very much closer to a stable mail server after much work. If you feel that anything is incorrect, please reply
back and let me know why, so that we may all benifit.
P.S. Sorry for the mis-spellings and what not, I am very tired at the moment, and was forced to use explorer, because this site is not liking Chrome at the moment. (Will not let me login)

Lync 2013 mobility and external access not working

Hi all.
I installed and configured Lync Server 2013 Front End and Lync Server 2013 Edge on Windows Server 2012 R2.
Internal lync clients (not mobile) can successfully connect to server and everything works fine for them. External users can connect only with manual configuration of address of external lync server in lync client, autodiscovery doesn't work.
I also installed and configured IIS ARR Reverse Proxy on Windows Server 2012 R2 using this article -
http://blogs.technet.com/b/nexthop/archive/2013/02/19/using-iis-arr-as-a-reverse-proxy-for-lync-server-2013.aspx. But it doesn't work too. When I try to connect I get 'Unable to connect to the server. Check your network connection or the server address and
try again'.
I configured dns records in the external dns zone.
For Edge:
sip.extdomain.ru – IP1
lyncwebconf.extdomain.ru – IP2
lyncav.extdomain.ru – IP3
For Reverse Proxy:
lyncdialin.extdomain.ru - IP4
lyncmeet.extdomain.ru - IP4
lyncextweb.extdomain.ru - IP4
lyncdiscover.extdomain.ru - IP4
I issued all needed certificates by the internal CA and added following alternative names.
For FE certificate:
sip.cherry.loc
lync.cherry.loc
dialin.cherry.loc
meet.cherry.loc
admin.cherry.loc
lyncdiscoverinternal.cherry.loc
lyncdiscover.cherry.loc
lyncdialin.extdomain.ru
lyncmeet.extdomain.ru
lyncextweb.extdomain.ru
lyncdiscover.extdomain.ru
For Edge external and Reverse Proxy:
lyncav.extdomain.ru
sip.extdomain.ru
lyncwebconf.extdomain.ru
lyncdialin.extdomain.ru
lyncmeet.extdomain.ru
lyncextweb.extdomain.ru
lyncdiscover.extdomain.ru
cherry.loc
The root certificate of internal CA installed on all servers and client devices.
Using Wireshark I see that Reverse Proxy communicating with FE on port 4443.
Here is an excerpt from mobile client log.
GET https://lyncdiscover.extdomain.ru/?sipuri=sip:[email protected]
Request Id: 0x6f54648
HttpHeader:Cache-Control no-cache
HttpHeader:Content-Length 1006
HttpHeader:Content-Type application/vnd.microsoft.rtc.autodiscover+xml; v=1
HttpHeader:Date Mon, 22 Sep 2014 11:17:45 GMT
HttpHeader:Expires -1
HttpHeader:Pragma no-cache
HttpHeader:Server Microsoft-IIS/8.5
HttpHeader:StatusCode 200
HttpHeader:X-AspNet-Version 4.0.30319
HttpHeader:X-Content-Type-Options nosniff
HttpHeader:X-MS-Server-Fqdn lync.cherry.loc
HttpHeader:X-Powered-By ASP.NET, ARR/2.5
Ôªø<?xml version="1.0" encoding="utf-8"?><AutodiscoverResponse xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-
instance" AccessLocation="External"><Root><Link token="Domain" href="https://lync.cherry.loc/Autodiscover/AutodiscoverService.svc/root/domain?originalDomain=extdomain.ru" /><Link token="User" href="https://lync.cherry.loc/Autodiscover/AutodiscoverService.svc/root/user?originalDomain=extdomain.ru"
/><Link token="Self" href="https://lync.cherry.loc/Autodiscover/AutodiscoverService.svc/root?originalDomain=extdomain.ru" /><Link token="OAuth"
href="https://lync.cherry.loc/Autodiscover/AutodiscoverService.svc/root/oauth/user?originalDomain=extdomain.ru" /><Link token="External/XFrame" href="https://lync.cherry.loc/Autodiscover/XFrame/XFrame.html" /><Link
token="Internal/XFrame" href="https://lync.cherry.loc/Autodiscover/XFrame/XFrame.html"
/><Link token="XFrame" href="https://lync.cherry.loc/Autodiscover/XFrame/XFrame.html" /></Root></AutodiscoverResponse>
</ReceivedResponse>
2014-09-22 15:17:53.041 Lync[299:715a000] INFO TRANSPORT CUcwaAutoDiscoveryResponse.cpp/119:location value is external
2014-09-22 15:17:53.042 Lync[299:715a000] INFO TRANSPORT CUcwaAutoDiscoveryResponse.cpp/195:User url is
https://lync.cherry.loc/Autodiscover/AutodiscoverService.svc/root/user?originalDomain=extdomain.ru
2014-09-22 15:17:53.042 Lync[299:715a000] INFO TRANSPORT CHttpRequestProcessor.cpp/266:Sending event to main thread for request(0x6f54648)
2014-09-22 15:17:53.042 Lync[299:3c2a218c] INFO APPLICATION CTransportRequestRetrialQueue.cpp/822:Req. completed, Stopping timer.
2014-09-22 15:17:53.043 Lync[299:3c2a218c] INFO APPLICATION CUcwaAutoDiscoveryGetUserUrlOperation.cpp/290:Received a root response
2014-09-22 15:17:53.043 Lync[299:3c2a218c] INFO APPLICATION CUcwaAutoDiscoveryGetUserUrlOperation.cpp/224:UcwaAutoDiscoveryGetUserUrlOperation completed with
url = https://lyncdiscover.extdomain.ru/?sipuri=sip:[email protected], userUrl = https://lync.cherry.loc/Autodiscover/AutodiscoverService.svc/root/user?originalDomain=extdomain.ru, status = S_OK (S0-0-0)
2014-09-22 15:17:53.043 Lync[299:3c2a218c] INFO APPLICATION CTransportRequestRetrialQueue.cpp/725:Response received for req. GET-UnAuthenticatedGet(0x6f54648): S_OK (S0-0-0) (Success); Done with req.; Stopping resend timer
2014-09-22 15:17:53.044 Lync[299:3c2a218c] INFO TRANSPORT CCredentialManager.cpp/176:getSpecificCredential for serviceId(1) returning: credType (1) signInName ([email protected]) domain (cherry) username (user) password.empty() (0) certificate.isValid() (0)
privateKey.empty() (1) compatibleServiceIds(1)
2014-09-22 15:17:53.044 Lync[299:3c2a218c] INFO TRANSPORT CMetaDataManager.cpp/403:Received a request to get the meta data of type 0 for url
https://lync.cherry.loc/Autodiscover/AutodiscoverService.svc/root/user?originalDomain=extdomain.ru
2014-09-22 15:17:53.044 Lync[299:3c2a218c] INFO TRANSPORT CMetaDataManager.cpp/458:Sending Unauthenticated get to get the web-ticket url
2014-09-22 15:17:53.044 Lync[299:3c2a218c] INFO TRANSPORT CTransportThread.cpp/135:Added Request() to Request Processor queue
2014-09-22 15:17:53.045 Lync[299:3c2a218c] INFO TRANSPORT CAuthenticationResolver.cpp/109:Waiting on Meta Data from https://lync.cherry.loc/Autodiscover/AutodiscoverService.svc/root/user?originalDomain=extdomain.ru
2014-09-22 15:17:53.045 Lync[299:659a000] INFO TRANSPORT CTransportThread.cpp/347:Sent Request() to Request Processor
2014-09-22 15:17:53.045 Lync[299:3c2a218c] INFO APPLICATION CTransportRequestRetrialQueue.cpp/385:Submitting new req. GET-AuthenticatedUserGetRequest(0x6e83da8)
2014-09-22 15:17:53.045 Lync[299:659a000] WARNING TRANSPORT CCredentialManager.cpp/317:CCredentialManager::getSpecificCredential returning NULL credential
for serviceId (4) type (1)!
2014-09-22 15:17:53.046 Lync[299:3c2a218c] INFO APPLICATION CUcwaAutoDiscoveryService.cpp/1263:Submitting Authenticated AutoDiscovery request to
https://lync.cherry.loc/Autodiscover/AutodiscoverService.svc/root/user?originalDomain=extdomain.ru
2014-09-22 15:17:53.046 Lync[299:659a000] INFO TRANSPORT TransportUtilityFunctions.cpp/689:<SentRequest>
GET https://lync.cherry.loc/Autodiscover/AutodiscoverService.svc/root/user?originalDomain=extdomain.ru
Request Id: 0x133b6a8
HttpHeader:Accept
</SentRequest>
2014-09-22 15:17:53.046 Lync[299:659a000] INFO UTILITIES CHttpStreamPool.cpp/399:Allocating stream 0x6e73850 for url - https://lync.cherry.loc/Autodiscover/AutodiscoverService.svc/root/user with persistent id as 16
2014-09-22 15:17:53.047 Lync[299:659a000] VERBOSE TRANSPORT CHttpProxyHelper.cpp/435:CHttpProxyHelper::discoverProxy : No proxy found for url
https://lync.cherry.loc/Autodiscover/AutodiscoverService.svc/root/user?originalDomain=extdomain.ru. Sending over direct connection.
2014-09-22 15:17:53.050 Lync[299:659a000] ERROR TRANSPORT CHttpConnection.cpp/1029:Request Type = 0x%u0x6e743a0 Error domain = kCFErrorDomainCFNetwork code = 0x2 ErrorDescription = The operation couldn‚Äôt be completed. (kCFErrorDomainCFNetwork error 2.) ErrorFailureReason
= ErrorRecoverySuggestion =
2014-09-22 15:17:53.050 Lync[299:659a000] ERROR UTILITIES CHttpConnection.cpp/958:GetAddrInfo returned error 0x8
2014-09-22 15:17:53.050 Lync[299:659a000] INFO UTILITIES CHttpStreamPool.cpp/467:Releasing stream 0x6e73850.
2014-09-22 15:17:53.050 Lync[299:659a000] INFO UTILITIES CHttpStreamPool.cpp/599:Releasing stream 0x6e73850.
2014-09-22 15:17:53.051 Lync[299:659a000] INFO TRANSPORT CHttpRequestProcessor.cpp/173:Received response of request() with status = 0x22020001
2014-09-22 15:17:53.051 Lync[299:659a000] INFO TRANSPORT CHttpRequestProcessor.cpp/201:Request resulted in E_ConnectionError (E2-2-1). The retry counter is: 0
2014-09-22 15:17:53.051 Lync[299:659a000] WARNING TRANSPORT CCredentialManager.cpp/317:CCredentialManager::getSpecificCredential returning NULL credential
for serviceId (4) type (1)!
2014-09-22 15:17:53.052 Lync[299:659a000] INFO TRANSPORT TransportUtilityFunctions.cpp/689:<SentRequest>
GET https://lync.cherry.loc/Autodiscover/AutodiscoverService.svc/root/user?originalDomain=extdomain.ru
Request Id: 0x133b6a8
HttpHeader:Accept
</SentRequest>
2014-09-22 15:17:53.052 Lync[299:659a000] INFO UTILITIES CHttpStreamPool.cpp/399:Allocating stream 0x14102a0 for url - https://lync.cherry.loc/Autodiscover/AutodiscoverService.svc/root/user with persistent id as 16
2014-09-22 15:17:53.053 Lync[299:659a000] VERBOSE TRANSPORT CHttpProxyHelper.cpp/435:CHttpProxyHelper::discoverProxy : No proxy found for url
https://lync.cherry.loc/Autodiscover/AutodiscoverService.svc/root/user?originalDomain=extdomain.ru. Sending over direct connection.
2014-09-22 15:17:53.056 Lync[299:659a000] ERROR TRANSPORT CHttpConnection.cpp/1029:Request Type = 0x%u0x14080f0 Error domain = kCFErrorDomainCFNetwork code =
0x2 ErrorDescription = The operation couldn‚Äôt be completed. (kCFErrorDomainCFNetwork error 2.) ErrorFailureReason = ErrorRecoverySuggestion =
2014-09-22 15:17:53.056 Lync[299:659a000] ERROR UTILITIES CHttpConnection.cpp/958:GetAddrInfo returned error 0x8
2014-09-22 15:17:53.056 Lync[299:659a000] INFO UTILITIES CHttpStreamPool.cpp/467:Releasing stream 0x14102a0.
2014-09-22 15:17:53.056 Lync[299:659a000] INFO UTILITIES CHttpStreamPool.cpp/599:Releasing stream 0x14102a0.
2014-09-22 15:17:53.057 Lync[299:659a000] INFO TRANSPORT CHttpRequestProcessor.cpp/173:Received response of request() with status = 0x22020001
2014-09-22 15:17:53.057 Lync[299:659a000] INFO TRANSPORT CHttpRequestProcessor.cpp/201:Request resulted in E_ConnectionError (E2-2-1). The retry counter is: 1
2014-09-22 15:17:53.057 Lync[299:659a000] INFO TRANSPORT CHttpRequestProcessor.cpp/266:Sending event to main thread for request(0x133b6a8)
2014-09-22 15:17:53.058 Lync[299:3c2a218c] INFO TRANSPORT CMetaDataManager.cpp/572:Received response for meta data request of type 60 with status 570556417
2014-09-22 15:17:53.058 Lync[299:3c2a218c] ERROR TRANSPORT CMetaDataManager.cpp/588:Unable to get a response to an unauthenticated get to url
https://lync.cherry.loc/Autodiscover/AutodiscoverService.svc/root/user?originalDomain=extdomain.ru
2014-09-22 15:17:53.059 Lync[299:3c2a218c] INFO TRANSPORT CAuthenticationResolver.cpp/208:MetaData retrieval for url https://lync.cherry.loc/Autodiscover/AutodiscoverService.svc/root/user?originalDomain=extdomain.ru completed with status 570556417
2014-09-22 15:17:53.059 Lync[299:3c2a218c] INFO TRANSPORT CAuthenticationResolver.cpp/238:Deleting 1 pended Meta data requests for url
https://lync.cherry.loc/Autodiscover/AutodiscoverService.svc/root/user?originalDomain=extdomain.ru
2014-09-22 15:17:53.059 Lync[299:3c2a218c] ERROR TRANSPORT CAuthenticationResolver.cpp/334:Unable to get the meta data for server url
https://lync.cherry.loc/Autodiscover/AutodiscoverService.svc/root/user?originalDomain=extdomain.ru
2014-09-22 15:17:53.059 Lync[299:3c2a218c] INFO TRANSPORT CAuthenticationResolver.cpp/337:Failing request to the request manager
2014-09-22 15:17:53.060 Lync[299:3c2a218c] INFO TRANSPORT CRequestManager.cpp/284:Failing secure request UcwaAutoDiscoveryRequest with status E_ConnectionError (E2-2-1)
2014-09-22 15:17:53.060 Lync[299:3c2a218c] INFO APPLICATION CTransportRequestRetrialQueue.cpp/822:Req. completed, Stopping timer.
2014-09-22 15:17:53.060 Lync[299:3c2a218c] INFO APPLICATION CUcwaAutoDiscoveryService.cpp/1358:Received autodiscovery response with status E_ConnectionError (E2-2-1)
2014-09-22 15:17:53.060 Lync[299:3c2a218c] INFO APPLICATION CUcwaAutoDiscoveryService.cpp/1316:Raising Autodiscovery event with status E_ConnectionError (E2-2-1) for eventType 0
2014-09-22 15:17:53.061 Lync[299:3c2a218c] INFO APPLICATION CUcwaAutoDiscoveryServiceRetrialWrapper.cpp/417:Received event for type 0 with status E_ConnectionError (E2-2-1)
2014-09-22 15:17:53.061 Lync[299:3c2a218c] INFO APPLICATION CUcwaAutoDiscoveryServiceRetrialWrapper.cpp/539:Autodiscovery scheduled retrial timer. Timer 0.000000 seconds
2014-09-22 15:17:53.061 Lync[299:3c2a218c] INFO APPLICATION CAlertReporter.cpp/64:Alert received! Category 1, Type 201, level 0, error E_ConnectionError (E2-2-1), context '', hasAction=false
2014-09-22 15:17:53.061 Lync[299:3c2a218c] INFO APPLICATION CAlertReporter.cpp/117:Alert cleared of Category 1, Type 201, cleared 0 alerts
2014-09-22 15:17:53.062 Lync[299:3c2a218c] INFO APPLICATION CTransportRequestRetrialQueue.cpp/725:Response received for req. GET-AuthenticatedUserGetRequest (0x6e83da8): E_ConnectionError (E2-2-1) (RemoteNetworkTemporaryError); Done with req.; Stopping resend
timer
2014-09-22 15:17:53.062 Lync[299:3c2a218c] INFO UI CMAlertViewController.mm/87:ObservableListItem Added event received
2014-09-22 15:17:53.062 Lync[299:3c2a218c] INFO UI CMAlertViewController.mm/97:showalert is 1
2014-09-22 15:17:53.063 Lync[299:3c2a218c] INFO UI CMConversationCommon.mm/43:not signed in
2014-09-22 15:17:53.063 Lync[299:3c2a218c] INFO UI CMConversationCommon.mm/43:not signed in
2014-09-22 15:17:53.063 Lync[299:3c2a218c] INFO UI CMConversationCommon.mm/43:not signed in
2014-09-22 15:17:53.063 Lync[299:3c2a218c] INFO UI CMConversationCommon.mm/43:not signed in
2014-09-22 15:17:53.063 Lync[299:3c2a218c] INFO UI CMConversationCommon.mm/43:not signed in
2014-09-22 15:17:53.064 Lync[299:3c2a218c] INFO UI CMNotificationManager.mm/697:desired view is alert, size 1
2014-09-22 15:17:53.064 Lync[299:3c2a218c] INFO UI CMNotificationManager.mm/737:adding the desired view
2014-09-22 15:17:53.065 Lync[299:3c2a218c] INFO UI CMNotificationManager.mm/472:reposition floating views
2014-09-22 15:17:53.065 Lync[299:3c2a218c] INFO UI CMAlertViewController.mm/104:showalert is 1
2014-09-22 15:17:53.065 Lync[299:3c2a218c] INFO UI CMAlertViewController.mm/108:showalert is 0
2014-09-22 15:17:53.066 Lync[299:3c2a218c] INFO UI CMUIUtil.mm/410:Mapping error code = 0x22020001, context = , type = 201
2014-09-22 15:17:53.066 Lync[299:3c2a218c] INFO UI CMUIUtil.mm/1708:Mapped error message is 'Unable to connect to the server. Check your network connection or the server address and try again.

Result of Lync Connectivity Analyzer.
External Auto discover service : https://lync.cherry.loc/Autodiscover/AutodiscoverService.svc/root
Starting Lync server autodiscovery
Please wait; this test may take several minutes to complete...
Starting automatic discovery for secure (HTTPS) internal channel
lyncdiscoverinternal.extdomain.ru can't be resolved by the DNS server. Skipping internal discovery.
Starting automatic discovery for secure (HTTPS) external channel
Server discovery has completed for https://lyncdiscover.extdomain.ru/.
Automatic discovery results for https://lyncdiscover.extdomain.ru/
Access Location : Internal
SIP Server Internal Access : lync.cherry.loc
SIP Server External Access : sip.extdomain.ru
SIP Client Internal Access : lync.cherry.loc
SIP Client External Access : sip.extdomain.ru
Internal Auth broker service : https://lync.cherry.loc/Reach/sip.svc
External Auth broker service : https://lync.cherry.loc/Reach/sip.svc
Internal Auto discover service : https://lync.cherry.loc/Autodiscover/AutodiscoverService.svc/root
External Auto discover service : https://lync.cherry.loc/Autodiscover/AutodiscoverService.svc/root
Internal MCX service : https://lync.cherry.loc/Mcx/McxService.svc
External MCX service : https://lync.cherry.loc/Mcx/McxService.svc
Internal UCWA service : https://lync.cherry.loc/ucwa/v1/applications
External UCWA service : https://lync.cherry.loc/ucwa/v1/applications
Internal Webscheduler service : https://lync.cherry.loc/Scheduler
External Webscheduler service : https://lync.cherry.loc/Scheduler
Total server discovery time: 5,0 seconds
Server discovery succeeded for secure (HTTPS) external channel against URL https://lyncdiscover.extdomain.ru/
Starting automatic discovery for unsecure (HTTP) external channel
Couldn't connect to URL http://lyncdiscover.extdomain.ru/[email protected] (HTTP status code NotAcceptable)
Server discovery failed for unsecured external channel against http://lyncdiscover.extdomain.ru/
Starting the requirement tests for Lync Mobile 2013 App
Please wait; this test may take several minutes to complete...
Testing the app requirements using the following discovery response:
Access Location : Internal
SIP Server Internal Access : lync.cherry.loc
SIP Server External Access : sip.extdomain.ru
SIP Client Internal Access : lync.cherry.loc
SIP Client External Access : sip.extdomain.ru
Internal Auth broker service : https://lync.cherry.loc/Reach/sip.svc
External Auth broker service : https://lync.cherry.loc/Reach/sip.svc
Internal Auto discover service : https://lync.cherry.loc/Autodiscover/AutodiscoverService.svc/root
Internal MCX service : https://lync.cherry.loc/Mcx/McxService.svc
External MCX service : https://lync.cherry.loc/Mcx/McxService.svc
Internal UCWA service : https://lync.cherry.loc/ucwa/v1/applications
External UCWA service : https://lync.cherry.loc/ucwa/v1/applications
Internal Webscheduler service : https://lync.cherry.loc/Scheduler
External Webscheduler service : https://lync.cherry.loc/Scheduler
Starting tests for Mobility (UCWA) service
Verifying internal Ucwa service: https://lync.cherry.loc/ucwa/v1/applications
Successfully created the UCWA service
Completed tests for Mobility (UCWA) service
Verification failed for Mobility (UCWA) service. The service could not be reached from an external network.
Select All results above for more information about the failures. Detailed information can also be found in the log file.
Your deployment meets the minimum requirements for Lync Mobile 2013 App.

Exchange 2013 Realtime Block List is Kind of Working

Hi Everyone.
I've been setting up a RBL in exchange 2013 using zen.spamhaus.org. The IPBlockListProviders require that the connection filtering agent be enabled. By default when running the installantispamagents.ps1, this script will not install that connection filtering
agent because it only installs on an "edge" server and since exchange 2013 did away with the "edge" role, it did not get installed. I had to modify the script so it installed that connection filtering agent with all the other anti-spam agents. (We are a one
exchange server shop so the CAS and Mailbox roles are on one box.)
I'm having a very weird response. The RBL list works and when I get a test email sent to me using the service at '[email protected]', I can see the Reject message getting sent back out in the agent logs and the SMTP logs. This is the message
I see in the logs. Notice that the originating IP and the RBL triggering IP are the same: 192.203.178.107.
2012-12-14T01:59:04.970Z,08CFA71A75A19B4B,10.10.3.50:2525,192.203.178.107:55186,192.203.178.107
,,<>,,t***********e@*****.org,1,Connection Filtering Agent,OnRcptCommand,RejectCommand,550
5.7.1 zen.spamhaus.org has blocked your IP address (192.203.178.107) using the list
'zen.spamhaus.org'. Please see http://www.spamhaus.org/query/bl?ip=192.203.178.107 for further
information. This organization has no control over this RBL (Realtime Blo,BlockListProvider,
zen.spamhaus.org,,,,Undefined
This is a correct message and that IP address matches the Test RBL IP address spamhaus has blacklisted to check RBL filters. The IP address is added dynamically to the message with a variable in the reject message settings and should list the IP address
of the SMTP server that triggered the RBL hit.
The VERY strange thing is when I trigger the RBL with the test message, exchange rejects all incoming mail for my account from any source for several minutes and rejects with that same message. I send a test message from my google account and I can clearly
see in the agent log that the SMTP connection is coming from a google IP but it still rejects and issues the message that was sent in response to my test using the nelson-'[email protected]'
This is the reject message sent to my google account after I sent myself an email following the RBL test message. Notice that the originating IP is a google IP and does not match the IP the the reject message claims the message came from. The log
shows the originating IP as 74.125.82.179 (A google IP) but im rejecting the message because 192.203.178.107 is blocked??? The message didn't come from that IP. :
2012-12-14T02:00:06.318Z,08CFA71A75A19B4B,10.10.3.50:2525,74.125.82.179:50654,74.125.82.179,,
t***t@******.net,,t*******te@******.org,1,Connection Filtering Agent,OnRcptCommand,
RejectCommand,550 5.7.1 zen.spamhaus.org has blocked your IP address (192.203.178.107) using
the list 'zen.spamhaus.org'. Please see http://www.spamhaus.org/query/bl?ip=192.203.178.107
for further information. This organization has no control over this RBL
(Realtime Blo,BlockListProvider,zen.spamhaus.org,,,,Undefined
After a couple minutes, it clears up and I can get mail again. I just can not for the life of me figure out why all messages are rejected for several minutes after I have an RBL hit and the reject message is always referencing the the SMTP transaction
that originally triggered the hit. Which in this case, is blocking my Gmail message thinking its coming forom the crynwr.com test even when the smtp logs show a completely different SMTP originating IP and Connection.
Here is my IPBlockListProvider:
RunspaceId : 068b87d2-9c34-4ce9-ab05-eedef928cb27
RejectionResponse : {1} has blocked your IP address ({0}) using the list '{2}'. Please see
http://www.spamhaus.org/query/bl?ip={0} for further information. This organization has no control
over this RBL (Realtime Block List).
LookupDomain : zen.spamhaus.org
Enabled : True
AnyMatch : True
BitmaskMatch :
IPAddressesMatch : {}
Priority : 1
AdminDisplayName :
ExchangeVersion : 0.1 (8.0.535.0)
Name : zen.spamhaus.org
DistinguishedName : CN=zen.spamhaus.org,CN=IPBlockListProviderConfig,CN=Message Hygiene,CN=Transport
Settings,CN=Bel******ch,CN=Microsoft
Exchange,CN=Services,CN=Configuration,DC=b******rk,DC=net
Identity : zen.spamhaus.org
Guid : 0c9b5eec-b19a-4ab5-9c6a-cb1666cf68d6
ObjectCategory : beltwaypark.net/Configuration/Schema/ms-Exch-Message-Hygiene-IP-Block-List-Provider
ObjectClass : {top, msExchMessageHygieneIPBlockListProvider}
WhenChanged : 12/12/2012 10:02:36 PM
WhenCreated : 12/12/2012 10:02:36 PM
WhenChangedUTC : 12/13/2012 4:02:36 AM
WhenCreatedUTC : 12/13/2012 4:02:36 AM
OrganizationId :
OriginatingServer : Lucas.*****.net
IsValid : True
ObjectState : Unchanged

When you install the Antispam agents on Exchange 2013 servers you get all of them installed like you did for previous versions of Exchange server. most of them will get installed on the mailbox role but not the Connection filtering agent aka. RBL, DNS Block
List etc.
The powershell script: install-AntispamAgents.ps1 will look for which server role is installed and will not install Connection filtering if the server hold the mailbox role. This is understandable since SMTP connection should come in from the CAS server
and then the original sending IP will not be show since CAS do Source-NAT. So the logic would be to install the connection filtering agent on CAS but the install script will not let you do that either. Connection Filtering will only install on Edge role.
I can only speculate why this is, but either Microsoft want it to be like this or they have found some trouble with the Connection Filtering Agent running on CAS.
I figured I will give this a try anyway, and here is how you get it to work.
Start Exchange Management Shell as administrator.
Change Directory to scripts folder.
cd $exscripts
Install the agent.
Install-TransportAgent -Name "Connection Filtering Agent" -TransportService FrontEnd -TransportAgentFactory "Microsoft.Exchange.Transport.Agent.ConnectionFiltering.ConnectionFilteringAgentFactory" -AssemblyPath "C:\Program Files\Microsoft\Exchange
Server\V15\TransportRoles\agents\Hygiene\Microsoft.Exchange.Transport.Agent.Hygiene.dll"
If you have multiple agents running on the frontend transport you must set them in the correct order with the priority parameter
Add a IPBlocklistprovider of your choice
Add-IPBlockListProvider -Name zen.spamhaus.org -LookupDomain zen.spamhaus.org -AnyMatch $true -Enabled $true
You can add more than one provider if you like. If you Don’t provide a custom response it will be “Recipient not authorized, your IP has been found on a block list”
Enable the agent
Enable-TransportAgent -TransportService FrontEnd -Identity "Connection Filtering Agent"
Restart FrontEnd transport service
Restart-Service MSExchangeFrontEndTransport
Now the agent should be live and kicking. Logging for the frontend agent is here
“C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\Logs\FrontEnd\AgentLog” instead of the directory for the backend transport “C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\Logs\Hub\AgentLog”
Since the script don’t install the Connection filtering agent on CAS it is probably unsupported to install the agent manually, but I had it running for months without any problem so make your own judgment.

How to configure AD on windows 2012 server for Exchange 2013 internal and external email flow

Dear Experts,
I have to configure exchange 2013 on Windows server 2012 STD. Company has registered Static IP addresses and can get the MX record pointing to any of this Static IP.
The registered domain name is e.g. contoso.com.
a. What should I use as domain name on AD? contoso.com or contoso.local
b. Is it recommended to have two different servers for AD and Exchange?
c. What should be my connector settings for mail flow?
d. how can I set 2 email servers in company for load balancing?

Hi,
a, I suggest use contoso.com as domain name. It is convenient to add urls into our certificate for internal and external mail flow.
b, Recommended that installing AD
and Exchange Server on two separate
Servers. If Exchange Server downed unfortunately, it can prevent AD server from crushing at the same time.
c, Found some articles for your reference:
Configure Mail Flow and Client Access
http://technet.microsoft.com/en-us/library/jj218640(v=exchg.150).aspx
Configuring Outbound Mail Flow in Exchange Server 2013
http://exchangeserverpro.com/configuring-outbound-mail-flow-in-exchange-server-2013/
d, Load Balancing
http://technet.microsoft.com/en-us/library/jj898588(v=exchg.150).aspx
Hope it is helpful
Thanks
Mavis
Mavis Huang
TechNet Community Support

Exchange 2013 EAC shows "error Sorry, your request couldn't be completed. Try deleting the cookies from your browser, and then sign in again. If the problem continues, contact your helpdesk."

Hi,
My Exchange 2013 Hybrid environment is at CU5 level. Multiple administrators have started experiencing the error message
"error
Sorry, your request couldn't be completed. Try deleting the cookies from your browser, and then sign in again. If the problem continues, contact your helpdesk."
It only started two weeks ago and did not coincide with any infrastructure changes. The message occurs when clicking anything on the EAC GUI and it eventually allows you to perform the operation but only after the message
pops up a few times.
I have tried clearing the browser cookies, history, etc. Note that using the Office 365 EAC does not yield the same messages and it only happens in IE (IE 11).
Thanks.

Hi,
From your description, please make sure that the "Require SSL" is checked in IIS Manager -> Sites -> Exchange Back End -> ECP -> SSL Settings.
What's more, ensure that EAC site is added to the “Compatibility Mode”.
Hope this can be helpful to you.
Best regards,
Amy Wang
TechNet Community Support

Exchange 2013 user cann't access exchange 2013 public folder

Hi, during the coexistence exchange 2007 and exchange 2013, outlook is unable to access public folder of exchange 2007 from exchange 2013, I've install CU2 for exchange 2013 and also set authentication to Ntlm, but also failed. please help to look into this
problem, thanks.
belows are information about outlook anywhere in our exchange.
exchange 2007：(primary site)shmail04,shmail05,shmail06; (DR site)drpmail05,drpmail06
exchange 2013：(primary site)shcas01,shcas02; (DR site)wxcas01
Identity                         : SHCAS01\Rpc (Default Web Site)
InternalHostname                : infor.tdw.com
InternalClientAuthenticationMethod : Ntlm
InternalClientsRequireSsl       : True
ExternalHostname                : infor.tdw.com
ExternalClientAuthenticationMethod : Ntlm
ExternalClientsRequireSsl       : True
IISAuthenticationMethods          : {Ntlm}
Identity                         : SHCAS02\Rpc (Default Web Site)
InternalHostname                : infor.tdw.com
InternalClientAuthenticationMethod : Ntlm
InternalClientsRequireSsl       : True
ExternalHostname                : infor.tdw.com
ExternalClientAuthenticationMethod : Ntlm
ExternalClientsRequireSsl       : True
IISAuthenticationMethods          : {Ntlm}
Identity                         : WXCAS01\Rpc (Default Web Site)
InternalHostname                : infor.tdw.com
InternalClientAuthenticationMethod : Ntlm
InternalClientsRequireSsl       : True
ExternalHostname                : infor.tdw.com
ExternalClientAuthenticationMethod : Ntlm
ExternalClientsRequireSsl       : True
IISAuthenticationMethods          : {Ntlm}
Identity                         : SHMAIL04\Rpc (Default Web Site)
InternalHostname                :
InternalClientAuthenticationMethod : Ntlm
InternalClientsRequireSsl       : False
ExternalHostname                : legacy.tdw.com
ExternalClientAuthenticationMethod : Ntlm
ExternalClientsRequireSsl       : True
IISAuthenticationMethods          : {Ntlm}
Identity                         : SHMAIL05\Rpc (Default Web Site)
InternalHostname                :
InternalClientAuthenticationMethod : Ntlm
InternalClientsRequireSsl       : False
ExternalHostname                : legacy.tdw.com
ExternalClientAuthenticationMethod : Ntlm
ExternalClientsRequireSsl       : True
IISAuthenticationMethods          : {Ntlm}
Identity                         : SHMAIL06\Rpc (Default Web Site)
InternalHostname                :
InternalClientAuthenticationMethod : Ntlm
InternalClientsRequireSsl       : False
ExternalHostname                : legacy.tdw.com
ExternalClientAuthenticationMethod : Ntlm
ExternalClientsRequireSsl       : True
IISAuthenticationMethods          : {Ntlm}
Identity                         : DRPMAIL05\Rpc (Default Web Site)
InternalHostname                :
InternalClientAuthenticationMethod : Ntlm
InternalClientsRequireSsl       : False
ExternalHostname                : legacy.tdw.com
ExternalClientAuthenticationMethod : Ntlm
ExternalClientsRequireSsl       : True
IISAuthenticationMethods          : {Ntlm}
Identity                         : DRPMAIL06\Rpc (Default Web Site)
InternalHostname                :
InternalClientAuthenticationMethod : Ntlm
InternalClientsRequireSsl       : False
ExternalHostname                : legacy.tdw.com
ExternalClientAuthenticationMethod : Ntlm
ExternalClientsRequireSsl       : True
IISAuthenticationMethods          : {Ntlm}

Hi,
I have found an article said that we need to set the external host name the same. See more details in the following link:
http://blogs.technet.com/b/mspfe/archive/2013/10/21/upgrading-to-on-premises-exchange-server-2013.aspx
To allow your Exchange 2013 Client Access server to redirect connections to your Exchange 2007 servers, you must enable and configure
Outlook Anywhere on all of the Exchange 2007 servers in your organization. If some Exchange 2007 servers in your organization are already configured to use Outlook Anywhere, their configuration must also be updated to support Exchange 2013.
The following configuration is set on each Exchange 2007 server:
The Outlook Anywhere external URL is set to the external hostname of the Exchange 2013 server.
Sent By
Silver

Exchange 2013 Public Folders external issues

Hello,
I am having some issues with gaining access to my public folders externally.
OS: Windows Server 2012 Datacenter
Exchange: 2013 with SP1
Domain: i.client.local
External & internal hostname: ex01.client.dk
I have tried from Windows 7 with Outlook 2010, and Windows 8 with Outlook 2013. (I have also tried to apply patch from: http://support.microsoft.com/kb/2839517)
If I try to access public folders, I get this error:
Cannot expand the folder. The set of folders cannot be opened. The attempt to log on to Microsoft Exchange.
If I try to access public folders with cache enabled, I get this error: http://support.microsoft.com/kb/2788136
I have tried deleting all public folders, public folder databases, and the related mailbox database. And creating all again, however
with same result.
[PS] C:\Windows\system32>Get-PublicFolder | fl
RunspaceId : a90240df-5376-4397-8c2a-4291a924e911
Identity : \
Name : IPM_SUBTREE
MailEnabled : False
MailRecipientGuid :
ParentPath :
ContentMailboxName : Public
ContentMailboxGuid : d97cbc5c-4c39-47c7-8b56-764396dc32ca
EformsLocaleId :
PerUserReadStateEnabled : True
EntryId : 00000000134872D0905F3849B78B9128A8B0CBE30100DF9CA23E198A714AB68A74F2C09F11020000000000020000
DumpsterEntryId : 00000000134872D0905F3849B78B9128A8B0CBE30100DF9CA23E198A714AB68A74F2C09F110200000000000A0000
ParentFolder : 00000000134872D0905F3849B78B9128A8B0CBE30100DF9CA23E198A714AB68A74F2C09F11020000000000010000
OrganizationId :
AgeLimit :
RetainDeletedItemsFor :
ProhibitPostQuota : Unlimited
IssueWarningQuota : Unlimited
MaxItemSize : Unlimited
LastMovedTime :
FolderSize : 0
HasSubfolders : True
FolderClass :
FolderPath : {}
DefaultFolderType : None
ExtendedFolderFlags : SharedViaExchange
MailboxOwnerId : i.client.local/Public
IsValid : True
ObjectState : Unchanged
[PS] C:\Windows\system32>Get-PublicFolder \ -GetChildren
Name Parent Path
Mira \
[PS] C:\Windows\system32>Get-OrganizationConfig | FL RootPublicFolderMailbox
RootPublicFolderMailbox : d97cbc5c-4c39-47c7-8b56-764396dc32ca
[PS] C:\Windows\system32>Get-Mailbox -PublicFolder | FL Name,ExchangeGuid
Name : Public
ExchangeGuid : d97cbc5c-4c39-47c7-8b56-764396dc32ca
I can easily access the Exchange-server internally and externally.
XML from Outlook "Test autoconfiguration" tool.
<?xml version="1.0" encoding="utf-8"?>
<Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
<Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">
<User>
<DisplayName>Alex Mathiasen</DisplayName>
<LegacyDN>/o=client/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=8cfd63e296ee4d6d99fa842a78584d43-Alex Mathiasen34410</LegacyDN>
<AutoDiscoverSMTPAddress>[email protected]</AutoDiscoverSMTPAddress>
<DeploymentId>823f5581-e9a1-4b8c-a79e-afcbe9900267</DeploymentId>
</User>
<Account>
<AccountType>email</AccountType>
<Action>settings</Action>
<MicrosoftOnline>False</MicrosoftOnline>
<Protocol>
<Type>EXCH</Type>
<Server>[email protected]</Server>
<ServerDN>/o=client/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/[email protected]</ServerDN>
<ServerVersion>73C0834F</ServerVersion>
<MdbDN>/o=client/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/[email protected]/cn=Microsoft Private MDB</MdbDN>
<PublicFolderServer>ex01.client.dk</PublicFolderServer>
<AD>ex01.i.client.local</AD>
<ASUrl>https://ex01.client.dk/ews/exchange.asmx</ASUrl>
<EwsUrl>https://ex01.client.dk/ews/exchange.asmx</EwsUrl>
<EmwsUrl>https://ex01.client.dk/ews/exchange.asmx</EmwsUrl>
<EcpUrl>https://ex01.client.dk/ecp/</EcpUrl>
<EcpUrl-um>?rfr=olk&p=customize/voicemail.aspx&exsvurl=1&realm=i.client.local</EcpUrl-um>
<EcpUrl-aggr>?rfr=olk&p=personalsettings/EmailSubscriptions.slab&exsvurl=1&realm=i.client.local</EcpUrl-aggr>
<EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?rfr=olk&exsvurl=1&IsOWA=<IsOWA>&MsgID=<MsgID>&Mbx=<Mbx>&realm=i.client.local</EcpUrl-mt>
<EcpUrl-ret>?rfr=olk&p=organize/retentionpolicytags.slab&exsvurl=1&realm=i.client.local</EcpUrl-ret>
<EcpUrl-sms>?rfr=olk&p=sms/textmessaging.slab&exsvurl=1&realm=i.client.local</EcpUrl-sms>
<EcpUrl-publish>customize/calendarpublishing.slab?rfr=olk&exsvurl=1&FldID=<FldID>&realm=i.client.local</EcpUrl-publish>
<EcpUrl-photo>PersonalSettings/EditAccount.aspx?rfr=olk&chgPhoto=1&exsvurl=1&realm=i.client.local</EcpUrl-photo>
<EcpUrl-extinstall>Extension/InstalledExtensions.slab?rfr=olk&exsvurl=1&realm=i.client.local</EcpUrl-extinstall>
<OOFUrl>https://ex01.client.dk/ews/exchange.asmx</OOFUrl>
<UMUrl>https://ex01.client.dk/ews/UM2007Legacy.asmx</UMUrl>
<OABUrl>https://ex01.client.dk/OAB/fa8a9ffb-9d6c-4d66-acec-e23c2cbc63d1/</OABUrl>
<ServerExclusiveConnect>off</ServerExclusiveConnect>
</Protocol>
<Protocol>
<Type>EXPR</Type>
<Server>ex01.client.dk</Server>
<SSL>On</SSL>
<AuthPackage>Ntlm</AuthPackage>
<ASUrl>https://ex01.client.dk/ews/exchange.asmx</ASUrl>
<EwsUrl>https://ex01.client.dk/ews/exchange.asmx</EwsUrl>
<EmwsUrl>https://ex01.client.dk/ews/exchange.asmx</EmwsUrl>
<EcpUrl>https://ex01.client.dk/ecp/</EcpUrl>
<EcpUrl-um>?rfr=olk&p=customize/voicemail.aspx&exsvurl=1&realm=i.client.local</EcpUrl-um>
<EcpUrl-aggr>?rfr=olk&p=personalsettings/EmailSubscriptions.slab&exsvurl=1&realm=i.client.local</EcpUrl-aggr>
<EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?rfr=olk&exsvurl=1&IsOWA=<IsOWA>&MsgID=<MsgID>&Mbx=<Mbx>&realm=i.client.local</EcpUrl-mt>
<EcpUrl-ret>?rfr=olk&p=organize/retentionpolicytags.slab&exsvurl=1&realm=i.client.local</EcpUrl-ret>
<EcpUrl-sms>?rfr=olk&p=sms/textmessaging.slab&exsvurl=1&realm=i.client.local</EcpUrl-sms>
<EcpUrl-publish>customize/calendarpublishing.slab?rfr=olk&exsvurl=1&FldID=<FldID>&realm=i.client.local</EcpUrl-publish>
<EcpUrl-photo>PersonalSettings/EditAccount.aspx?rfr=olk&chgPhoto=1&exsvurl=1&realm=i.client.local</EcpUrl-photo>
<EcpUrl-extinstall>Extension/InstalledExtensions.slab?rfr=olk&exsvurl=1&realm=i.client.local</EcpUrl-extinstall>
<OOFUrl>https://ex01.client.dk/ews/exchange.asmx</OOFUrl>
<UMUrl>https://ex01.client.dk/ews/UM2007Legacy.asmx</UMUrl>
<OABUrl>https://ex01.client.dk/OAB/fa8a9ffb-9d6c-4d66-acec-e23c2cbc63d1/</OABUrl>
<ServerExclusiveConnect>on</ServerExclusiveConnect>
<EwsPartnerUrl>https://ex01.client.dk/ews/exchange.asmx</EwsPartnerUrl>
<GroupingInformation>Default-First-Site-Name</GroupingInformation>
</Protocol>
<Protocol>
<Type>WEB</Type>
<Internal>
<OWAUrl AuthenticationMethod="Basic, Fba">https://ex01.client.dk/owa/</OWAUrl>
<Protocol>
<Type>EXCH</Type>
<ASUrl>https://ex01.client.dk/ews/exchange.asmx</ASUrl>
</Protocol>
</Internal>
<External>
<OWAUrl AuthenticationMethod="Fba">https://ex01.client.dk/owa/</OWAUrl>
<Protocol>
<Type>EXPR</Type>
<ASUrl>https://ex01.client.dk/ews/exchange.asmx</ASUrl>
</Protocol>
</External>
</Protocol>
<Protocol>
<Type>EXHTTP</Type>
<Server>ex01.client.dk</Server>
<SSL>On</SSL>
<AuthPackage>Ntlm</AuthPackage>
<ASUrl>https://ex01.client.dk/ews/exchange.asmx</ASUrl>
<EwsUrl>https://ex01.client.dk/ews/exchange.asmx</EwsUrl>
<EmwsUrl>https://ex01.client.dk/ews/exchange.asmx</EmwsUrl>
<EcpUrl>https://ex01.client.dk/ecp/</EcpUrl>
<EcpUrl-um>?rfr=olk&p=customize/voicemail.aspx&exsvurl=1&realm=i.client.local</EcpUrl-um>
<EcpUrl-aggr>?rfr=olk&p=personalsettings/EmailSubscriptions.slab&exsvurl=1&realm=i.client.local</EcpUrl-aggr>
<EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?rfr=olk&exsvurl=1&IsOWA=<IsOWA>&MsgID=<MsgID>&Mbx=<Mbx>&realm=i.client.local</EcpUrl-mt>
<EcpUrl-ret>?rfr=olk&p=organize/retentionpolicytags.slab&exsvurl=1&realm=i.client.local</EcpUrl-ret>
<EcpUrl-sms>?rfr=olk&p=sms/textmessaging.slab&exsvurl=1&realm=i.client.local</EcpUrl-sms>
<EcpUrl-publish>customize/calendarpublishing.slab?rfr=olk&exsvurl=1&FldID=<FldID>&realm=i.client.local</EcpUrl-publish>
<EcpUrl-photo>PersonalSettings/EditAccount.aspx?rfr=olk&chgPhoto=1&exsvurl=1&realm=i.client.local</EcpUrl-photo>
<EcpUrl-extinstall>Extension/InstalledExtensions.slab?rfr=olk&exsvurl=1&realm=i.client.local</EcpUrl-extinstall>
<OOFUrl>https://ex01.client.dk/ews/exchange.asmx</OOFUrl>
<UMUrl>https://ex01.client.dk/ews/UM2007Legacy.asmx</UMUrl>
<OABUrl>https://ex01.client.dk/OAB/fa8a9ffb-9d6c-4d66-acec-e23c2cbc63d1/</OABUrl>
<ServerExclusiveConnect>On</ServerExclusiveConnect>
</Protocol>
<Protocol>
<Type>EXHTTP</Type>
<Server>ex01.client.dk</Server>
<SSL>On</SSL>
<AuthPackage>Ntlm</AuthPackage>
<ASUrl>https://ex01.client.dk/ews/exchange.asmx</ASUrl>
<EwsUrl>https://ex01.client.dk/ews/exchange.asmx</EwsUrl>
<EmwsUrl>https://ex01.client.dk/ews/exchange.asmx</EmwsUrl>
<EcpUrl>https://ex01.client.dk/ecp/</EcpUrl>
<EcpUrl-um>?rfr=olk&p=customize/voicemail.aspx&exsvurl=1&realm=i.client.local</EcpUrl-um>
<EcpUrl-aggr>?rfr=olk&p=personalsettings/EmailSubscriptions.slab&exsvurl=1&realm=i.client.local</EcpUrl-aggr>
<EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?rfr=olk&exsvurl=1&IsOWA=<IsOWA>&MsgID=<MsgID>&Mbx=<Mbx>&realm=i.client.local</EcpUrl-mt>
<EcpUrl-ret>?rfr=olk&p=organize/retentionpolicytags.slab&exsvurl=1&realm=i.client.local</EcpUrl-ret>
<EcpUrl-sms>?rfr=olk&p=sms/textmessaging.slab&exsvurl=1&realm=i.client.local</EcpUrl-sms>
<EcpUrl-publish>customize/calendarpublishing.slab?rfr=olk&exsvurl=1&FldID=<FldID>&realm=i.client.local</EcpUrl-publish>
<EcpUrl-photo>PersonalSettings/EditAccount.aspx?rfr=olk&chgPhoto=1&exsvurl=1&realm=i.client.local</EcpUrl-photo>
<EcpUrl-extinstall>Extension/InstalledExtensions.slab?rfr=olk&exsvurl=1&realm=i.client.local</EcpUrl-extinstall>
<OOFUrl>https://ex01.client.dk/ews/exchange.asmx</OOFUrl>
<UMUrl>https://ex01.client.dk/ews/UM2007Legacy.asmx</UMUrl>
<OABUrl>https://ex01.client.dk/OAB/fa8a9ffb-9d6c-4d66-acec-e23c2cbc63d1/</OABUrl>
<ServerExclusiveConnect>On</ServerExclusiveConnect>
</Protocol>
<PublicFolderInformation>
<SmtpAddress>[email protected]</SmtpAddress>
</PublicFolderInformation>
</Account>
</Response>
</Autodiscover>

I can't access the public folders at all. Trying to access the public folders, result in the error from the following page: http://support.microsoft.com/kb/2788136,
or "Cannot expand the folder..."
It is affecting all users using this Exchange-server. I am actually having this error on two different Exchange-serverens at two different companies at the moment.
And it is a fresh Exchange 2013 environment in both cases.
PS: I discovered that the public folders works inside the same domain as the Exchange-server, however users can't access the public folders externally.
I also tried to use the Exchange-server as DNS, in order to be able to resolve i.client.local:
<PublicFolderInformation>
<SmtpAddress>[email protected]</SmtpAddress>
</PublicFolderInformation>
however I am still unable to open the public folders, even after being able to resolve the DNS name i.client.local.

Exchange 2013 - Proxy through client access server not working

Hello All -
I recently migrated our company to Exchange 2013 and noticed that our email was leaving through the mailbox server. I put a check mark in the Send Connector where it says "Proxy through Client Access Server" and my mail is still coming from the
mailbox server. How can I go about fixing this problem?
Environment:
1 CAS Server
1 Mailbox Server
Both server are behind the firewall with only port 25 opened to the CAS. The CAS has a Send Connector to a smart host for all messages.
Thank you!
Ryan

Hi,
Please check if the outbound messages without smart host are coming from CAS .
I doubt it send to the smart host directly if you configure smart host, and not use proxy thogh CAS.
If you have any feedback on our support, please click
here
Wendy Liu
TechNet Community Support

Exchange 2013 autodiscover finds external & internal SSL certificate causing autodiscover to fail

<p>Hi:</p><p>I'm currently working on a windows 2012 server, with exchange 2013, lets say our internal domain is "cars.com" and ALSO the case for our external domain. We have purchased an SSL wildcard positive certificate
*.cars.com so that we could configure Outlook Anywhere, we have created the needed DNS records at godaddy and our internal server, OWA, ECP it all works if you go to  <a href="https://bird.cars.com/owa">https://bird.cars.com/owa</a>
because we have a DNS record for bird in godaddy and out local server, so all of that is working like a pro ! here comes the tricky part, our website is registered in godaddy but hosted by someone else a company called poetic systems; when we test the connection
with the remote connectivity analyzer website we get a very peculiar error that says SSL certificate not valid, now it provides the name of the certificate it found and is not ours, we found that the hosting company is listening in port 443, therefore, it
is pulling their self signed certificate also, does anyone have a fix for this, I have done this same setup before for other companies and this is the first time a situation like this happens. I REALLY NEED HELP !!!!!</p>

Hi,
According to your description, there is a certificate error when you test Outlook Anywhere connection by ExRCA.
If I misunderstand your meaning, please feel free to let me know.
And to understand more about the issue, I’d like to confirm the following information:
What’s detail error page?
Check the Outlook Anywhere configuration: get-outlookanywhere |fl
Check the certificate : get-exchangecertificate |fl
If you have any question, please feel free to let me know.
Thanks,
Angela Shi
TechNet Community Support

Exchange 2013 EAC- block external access only

Similar Messages

Maybe you are looking for