Outlook Anywhere proxy changed from Basic to NTLM for external users
I have a Exchange 2013 environment that is also running Exchange 2010 coexistence (migrating). What is happening is autodiscover is handing out NTLM for the proxy settings and not basic. However when it is using NTLM we seem to get the password prompt over
and over. If I manually changed it to Basic then it works fine, but when autodiscover goes again it changes back to NTLM and prompts that the Administrator made a change and you need to restart Outlook.
I checked Outlook Anywhere and all my servers have Basic set for external users and NTLM set for internal.
I only have a few mailboxes on 2013 and 2010 mailboxes seem not to have a problem.
Here is an output for Outlook Anywhere on all six servers:
Identity : CAS01\Rpc (Default Web Site)
ExchangeVersion : 0.10 (14.0.100.0)
ExternalClientAuthenticationMethod : Basic
InternalClientAuthenticationMethod : Ntlm
IISAuthenticationMethods : {Basic, Ntlm}
Identity : CAS02\Rpc (Default Web Site)
ExchangeVersion : 0.10 (14.0.100.0)
ExternalClientAuthenticationMethod : Basic
InternalClientAuthenticationMethod : Ntlm
IISAuthenticationMethods : {Basic, Ntlm}
Identity : CAS03\Rpc (Default Web Site)
ExchangeVersion : 0.10 (14.0.100.0)
ExternalClientAuthenticationMethod : Basic
InternalClientAuthenticationMethod : Ntlm
IISAuthenticationMethods : {Basic, Ntlm}
Identity : EXCH2K13-01\Rpc (Default Web Site)
ExchangeVersion : 0.20 (15.0.0.0)
ExternalClientAuthenticationMethod : Basic
InternalClientAuthenticationMethod : Ntlm
IISAuthenticationMethods : {Basic, Ntlm, Negotiate}
Identity : EXCH2K13-02\Rpc (Default Web Site)
ExchangeVersion : 0.20 (15.0.0.0)
ExternalClientAuthenticationMethod : Basic
InternalClientAuthenticationMethod : Ntlm
IISAuthenticationMethods : {Basic, Ntlm, Negotiate}
Identity : EXCH2K13-03\Rpc (Default Web Site)
ExchangeVersion : 0.20 (15.0.0.0)
ExternalClientAuthenticationMethod : Basic
InternalClientAuthenticationMethod : Ntlm
IISAuthenticationMethods : {Basic, Ntlm, Negotiate}
Hi,
Please refer to the following KB to set the Outlook Anywhere settings on Exchange Server 2013 Client Access servers:
http://support.microsoft.com/en-us/kb/2834139
If it doesn’t work with the resolution above, please do the following checking in ADSI Edit:
1. In Adsiedit, expand Configuration-->CN=Services -> CN=Microsoft Exchange -> CN=domain -> CN=Administrative Groups -> CN=Exchange Administrative Group -> CN=Databases.
2. Right-click the listed database > Properties.
3. Check whether the msExchHomePublicMDB value is set to an available value. Please change the value to <not set>.
4. Click OK.
Then check whether the issue persists.
Regards,
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
Winnie Liang
TechNet Community Support
Similar Messages
-
Hello Folks,
I have this problem and is making me crazy if anyone have any idea please shed some light on this:-
1. Working Outlook 2010 and 2013 clients with webmail.xyz.com as Outlook Anywhere proxy address.
2. Installed new Exchange 2013 server (server02)with CAS and Mailbox role, Exchange install wizard finished and server is rebooted.
3. Server came up online started changing internal and external FQDN's of Virtual Directories and Outlook Anywhere to webmail.xyz.com
4. As soon as Fqdn's changed some outlook clients create support request that Outlook suddenly white's out and after reopening it is giving error cannot connect to exchange. upon checking Clients Exchange Proxy address is set to http://server02.xyz.com,
even though OA/OWA/ECP/OAB/EWS/Autodiscover/ActiveSync FQDN's Point to webmail.xyz.com, on all servers if i create new outlook profile for same user it picks up correct settings through autodiscover and connects fine, this is happening to about 20% of outlook
clients every time i am introducing new Exchange 2013 server in Organization. we have around 2000 users and planning on installing 4 exchange servers to distribute load and everytime changing outlook profile of close to 150-200 users is not possible.
Any help is greatly appreciated.
Thanks
CoolHere are the EXCRA results
Here IP (x.x.x.x) returned is my Load Balancer IP (Webmail.xyz.com).
Connectivity Test Successful with Warnings
Test Details
Testing Outlook connectivity.
The Outlook connectivity test completed successfully.
Additional Details
Elapsed Time: 9881 ms.
Test Steps
The Microsoft Connectivity Analyzer is attempting to test Autodiscover for [email protected].
Autodiscover was tested successfully.
Additional Details
Elapsed Time: 2063 ms.
Test Steps
Attempting each method of contacting the Autodiscover service.
The Autodiscover service was tested successfully.
Additional Details
Elapsed Time: 2063 ms.
Test Steps
Attempting to test potential Autodiscover URL https://xyz.com:443/Autodiscover/Autodiscover.xml
Testing of this potential Autodiscover URL failed.
Additional Details
Elapsed Time: 186 ms.
Test Steps
Attempting to resolve the host name xyz.com in DNS.
The host name couldn't be resolved.
Tell me more about this issue and how to resolve it
Additional Details
Host xyz.com couldn't be resolved in DNS InfoNoRecords.
Elapsed Time: 186 ms.
Attempting to test potential Autodiscover URL https://autodiscover.xyz.com:443/Autodiscover/Autodiscover.xml
Testing of the Autodiscover URL was successful.
Additional Details
Elapsed Time: 1876 ms.
Test Steps
Attempting to resolve the host name autodiscover.xyz.com in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: x.x.x.x
Elapsed Time: 338 ms.
Testing TCP port 443 on host autodiscover.xyz.com to ensure it's listening and open.
The port was opened successfully.
Additional Details
Elapsed Time: 173 ms.
Testing the SSL certificate to make sure it's valid.
The certificate passed all validation requirements.
Additional Details
Elapsed Time: 318 ms.
Test Steps
The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server autodiscover.xyz.com on port 443.
The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
Additional Details
Remote Certificate Subject: CN=webmail.xyz.com, Issuer: CN=VeriSign Class 3 Secure Server CA - G3, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US.
Elapsed Time: 219 ms.
Validating the certificate name.
The certificate name was validated successfully.
Additional Details
Host name autodiscover.xyz.com was found in the Certificate Subject Alternative Name entry.
Elapsed Time: 1 ms.
Certificate trust is being validated.
The certificate is trusted and all certificates are present in the chain.
Test Steps
The Microsoft Connectivity Analyzer is attempting to build certificate chains for certificate CN=webmail.xyz.com, OU=Terms of use at www.verisign.com/rpa (c)05,.
One or more certificate chains were constructed successfully.
Additional Details
A total of 1 chains were built. The highest quality chain ends in root certificate CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign,
Inc.", C=US.
Elapsed Time: 36 ms.
Analyzing the certificate chains for compatibility problems with versions of Windows.
Potential compatibility problems were identified with some versions of Windows.
Additional Details
The Microsoft Connectivity Analyzer can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the "Update Root Certificates" feature
isn't enabled.
Elapsed Time: 5 ms.
Testing the certificate date to confirm the certificate is valid.
Date validation passed. The certificate hasn't expired.
Additional Details
The certificate is valid. NotBefore = 1/3/2013 12:00:00 AM, NotAfter = 11/16/2015 11:59:59 PM
Elapsed Time: 0 ms.
Checking the IIS configuration for client certificate authentication.
Client certificate authentication wasn't detected.
Additional Details
Accept/Require Client Certificates isn't configured.
Elapsed Time: 289 ms.
Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
The Microsoft Connectivity Analyzer successfully retrieved Autodiscover settings by sending an Autodiscover POST.
Additional Details
Elapsed Time: 756 ms.
Test Steps
The Microsoft Connectivity Analyzer is attempting to retrieve an XML Autodiscover response from URL https://autodiscover.xyz.com:443/Autodiscover/Autodiscover.xml for user [email protected].
The Autodiscover XML response was successfully retrieved.
Additional Details
Autodiscover Account Settings
XML response:
<?xml version="1.0"?>
<Autodiscover xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
<Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">
<User>
<DisplayName>Test Exch1</DisplayName>
<LegacyDN>/o=DOMAIN/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=add423106fbb47d5bf237462f52b8dab-Test Exch1</LegacyDN>
<DeploymentId>4ec753c9-60d9-4c05-9451-5b24e2d527a7</DeploymentId>
</User>
<Account>
<AccountType>email</AccountType>
<Action>settings</Action>
<Protocol>
<Type>EXCH</Type>
<Server>[email protected]</Server>
<ServerDN>/o=DOMAIN/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/[email protected]</ServerDN>
<ServerVersion>73C0834F</ServerVersion>
<MdbDN>/o=DOMAIN/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/[email protected]/cn=Microsoft Private MDB</MdbDN>
<ASUrl>https://webmail.xyz.com/ews/exchange.asmx</ASUrl>
<OOFUrl>https://webmail.xyz.com/ews/exchange.asmx</OOFUrl>
<OABUrl>https://webmail.xyz.com/OAB/6a6a06ad-4717-4636-bd98-0b4fa3aaf4a5/</OABUrl>
<UMUrl>https://webmail.xyz.com/ews/UM2007Legacy.asmx</UMUrl>
<Port>0</Port>
<DirectoryPort>0</DirectoryPort>
<ReferralPort>0</ReferralPort>
<PublicFolderServer>webmail.xyz.com</PublicFolderServer>
<AD>DC-03.domain.xyz.com</AD>
<EwsUrl>https://webmail.xyz.com/ews/exchange.asmx</EwsUrl>
<EmwsUrl>https://webmail.xyz.com/ews/exchange.asmx</EmwsUrl>
<EcpUrl>https://webmail.xyz.com/ecp/</EcpUrl>
<EcpUrl-um>?rfr=olk&p=customize/voicemail.aspx&exsvurl=1&realm=domain.xyz.com</EcpUrl-um>
<EcpUrl-aggr>?rfr=olk&p=personalsettings/EmailSubscriptions.slab&exsvurl=1&realm=domain.xyz.com</EcpUrl-aggr>
<EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?rfr=olk&exsvurl=1&IsOWA=<IsOWA>&MsgID=<MsgID>&Mbx=<Mbx>&realm=domain.xyz.com</EcpUrl-mt>
<EcpUrl-ret>?rfr=olk&p=organize/retentionpolicytags.slab&exsvurl=1&realm=domain.xyz.com</EcpUrl-ret>
<EcpUrl-sms>?rfr=olk&p=sms/textmessaging.slab&exsvurl=1&realm=domain.xyz.com</EcpUrl-sms>
<EcpUrl-photo>PersonalSettings/EditAccount.aspx?rfr=olk&chgPhoto=1&exsvurl=1&realm=domain.xyz.com</EcpUrl-photo>
<EcpUrl-tm>?rfr=olk&ftr=TeamMailbox&exsvurl=1&realm=domain.xyz.com</EcpUrl-tm>
<EcpUrl-tmCreating>?rfr=olk&ftr=TeamMailboxCreating&SPUrl=<SPUrl>&Title=<Title>&SPTMAppUrl=<SPTMAppUrl>&exsvurl=1&realm=domain.xyz.com</EcpUrl-tmCreating>
<EcpUrl-tmEditing>?rfr=olk&ftr=TeamMailboxEditing&Id=<Id>&exsvurl=1&realm=domain.xyz.com</EcpUrl-tmEditing>
<EcpUrl-extinstall>Extension/InstalledExtensions.slab?rfr=olk&exsvurl=1&realm=domain.xyz.com</EcpUrl-extinstall>
<ServerExclusiveConnect>off</ServerExclusiveConnect>
</Protocol>
<Protocol>
<Type>EXPR</Type>
<Server>webmail.xyz.com</Server>
<ASUrl>https://webmail.xyz.com/ews/exchange.asmx</ASUrl>
<OOFUrl>https://webmail.xyz.com/ews/exchange.asmx</OOFUrl>
<OABUrl>https://webmail.xyz.com/OAB/6a6a06ad-4717-4636-bd98-0b4fa3aaf4a5/</OABUrl>
<UMUrl>https://webmail.xyz.com/ews/UM2007Legacy.asmx</UMUrl>
<Port>0</Port>
<DirectoryPort>0</DirectoryPort>
<ReferralPort>0</ReferralPort>
<SSL>On</SSL>
<AuthPackage>Ntlm</AuthPackage>
<EwsUrl>https://webmail.xyz.com/ews/exchange.asmx</EwsUrl>
<EmwsUrl>https://webmail.xyz.com/ews/exchange.asmx</EmwsUrl>
<EcpUrl>https://webmail.xyz.com/ecp/</EcpUrl>
<EcpUrl-um>?rfr=olk&p=customize/voicemail.aspx&exsvurl=1&realm=domain.xyz.com</EcpUrl-um>
<EcpUrl-aggr>?rfr=olk&p=personalsettings/EmailSubscriptions.slab&exsvurl=1&realm=domain.xyz.com</EcpUrl-aggr>
<EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?rfr=olk&exsvurl=1&IsOWA=<IsOWA>&MsgID=<MsgID>&Mbx=<Mbx>&realm=domain.xyz.com</EcpUrl-mt>
<EcpUrl-ret>?rfr=olk&p=organize/retentionpolicytags.slab&exsvurl=1&realm=domain.xyz.com</EcpUrl-ret>
<EcpUrl-sms>?rfr=olk&p=sms/textmessaging.slab&exsvurl=1&realm=domain.xyz.com</EcpUrl-sms>
<EcpUrl-photo>PersonalSettings/EditAccount.aspx?rfr=olk&chgPhoto=1&exsvurl=1&realm=domain.xyz.com</EcpUrl-photo>
<EcpUrl-tm>?rfr=olk&ftr=TeamMailbox&exsvurl=1&realm=domain.xyz.com</EcpUrl-tm>
<EcpUrl-tmCreating>?rfr=olk&ftr=TeamMailboxCreating&SPUrl=<SPUrl>&Title=<Title>&SPTMAppUrl=<SPTMAppUrl>&exsvurl=1&realm=domain.xyz.com</EcpUrl-tmCreating>
<EcpUrl-tmEditing>?rfr=olk&ftr=TeamMailboxEditing&Id=<Id>&exsvurl=1&realm=domain.xyz.com</EcpUrl-tmEditing>
<EcpUrl-extinstall>Extension/InstalledExtensions.slab?rfr=olk&exsvurl=1&realm=domain.xyz.com</EcpUrl-extinstall>
<ServerExclusiveConnect>on</ServerExclusiveConnect>
<EwsPartnerUrl>https://webmail.xyz.com/ews/exchange.asmx</EwsPartnerUrl>
<GroupingInformation>Default-First-Site-Name</GroupingInformation>
</Protocol>
<Protocol>
<Type>WEB</Type>
<Port>0</Port>
<DirectoryPort>0</DirectoryPort>
<ReferralPort>0</ReferralPort>
<Internal>
<OWAUrl AuthenticationMethod="Basic, Fba">https://webmail.xyz.com/owa/</OWAUrl>
<Protocol>
<Type>EXCH</Type>
<ASUrl>https://webmail.xyz.com/ews/exchange.asmx</ASUrl>
</Protocol>
</Internal>
<External>
<OWAUrl AuthenticationMethod="Fba">https://webmail.xyz.com/owa/</OWAUrl>
<Protocol>
<Type>EXPR</Type>
<ASUrl>https://webmail.xyz.com/ews/exchange.asmx</ASUrl>
</Protocol>
</External>
</Protocol>
<Protocol>
<Type>EXHTTP</Type>
<Server>webmail.xyz.com</Server>
<ASUrl>https://webmail.xyz.com/ews/exchange.asmx</ASUrl>
<OOFUrl>https://webmail.xyz.com/ews/exchange.asmx</OOFUrl>
<OABUrl>https://webmail.xyz.com/OAB/6a6a06ad-4717-4636-bd98-0b4fa3aaf4a5/</OABUrl>
<UMUrl>https://webmail.xyz.com/ews/UM2007Legacy.asmx</UMUrl>
<Port>0</Port>
<DirectoryPort>0</DirectoryPort>
<ReferralPort>0</ReferralPort>
<SSL>On</SSL>
<AuthPackage>Ntlm</AuthPackage>
<EwsUrl>https://webmail.xyz.com/ews/exchange.asmx</EwsUrl>
<EmwsUrl>https://webmail.xyz.com/ews/exchange.asmx</EmwsUrl>
<EcpUrl>https://webmail.xyz.com/ecp/</EcpUrl>
<EcpUrl-um>?rfr=olk&p=customize/voicemail.aspx&exsvurl=1&realm=domain.xyz.com</EcpUrl-um>
<EcpUrl-aggr>?rfr=olk&p=personalsettings/EmailSubscriptions.slab&exsvurl=1&realm=domain.xyz.com</EcpUrl-aggr>
<EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?rfr=olk&exsvurl=1&IsOWA=<IsOWA>&MsgID=<MsgID>&Mbx=<Mbx>&realm=domain.xyz.com</EcpUrl-mt>
<EcpUrl-ret>?rfr=olk&p=organize/retentionpolicytags.slab&exsvurl=1&realm=domain.xyz.com</EcpUrl-ret>
<EcpUrl-sms>?rfr=olk&p=sms/textmessaging.slab&exsvurl=1&realm=domain.xyz.com</EcpUrl-sms>
<EcpUrl-photo>PersonalSettings/EditAccount.aspx?rfr=olk&chgPhoto=1&exsvurl=1&realm=domain.xyz.com</EcpUrl-photo>
<EcpUrl-tm>?rfr=olk&ftr=TeamMailbox&exsvurl=1&realm=domain.xyz.com</EcpUrl-tm>
<EcpUrl-tmCreating>?rfr=olk&ftr=TeamMailboxCreating&SPUrl=<SPUrl>&Title=<Title>&SPTMAppUrl=<SPTMAppUrl>&exsvurl=1&realm=domain.xyz.com</EcpUrl-tmCreating>
<EcpUrl-tmEditing>?rfr=olk&ftr=TeamMailboxEditing&Id=<Id>&exsvurl=1&realm=domain.xyz.com</EcpUrl-tmEditing>
<EcpUrl-extinstall>Extension/InstalledExtensions.slab?rfr=olk&exsvurl=1&realm=domain.xyz.com</EcpUrl-extinstall>
<ServerExclusiveConnect>On</ServerExclusiveConnect>
</Protocol>
<Protocol>
<Type>EXHTTP</Type>
<Server>webmail.xyz.com</Server>
<ASUrl>https://webmail.xyz.com/ews/exchange.asmx</ASUrl>
<OOFUrl>https://webmail.xyz.com/ews/exchange.asmx</OOFUrl>
<OABUrl>https://webmail.xyz.com/OAB/6a6a06ad-4717-4636-bd98-0b4fa3aaf4a5/</OABUrl>
<UMUrl>https://webmail.xyz.com/ews/UM2007Legacy.asmx</UMUrl>
<Port>0</Port>
<DirectoryPort>0</DirectoryPort>
<ReferralPort>0</ReferralPort>
<SSL>On</SSL>
<AuthPackage>Ntlm</AuthPackage>
<EwsUrl>https://webmail.xyz.com/ews/exchange.asmx</EwsUrl>
<EmwsUrl>https://webmail.xyz.com/ews/exchange.asmx</EmwsUrl>
<EcpUrl>https://webmail.xyz.com/ecp/</EcpUrl>
<EcpUrl-um>?rfr=olk&p=customize/voicemail.aspx&exsvurl=1&realm=domain.xyz.com</EcpUrl-um>
<EcpUrl-aggr>?rfr=olk&p=personalsettings/EmailSubscriptions.slab&exsvurl=1&realm=domain.xyz.com</EcpUrl-aggr>
<EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?rfr=olk&exsvurl=1&IsOWA=<IsOWA>&MsgID=<MsgID>&Mbx=<Mbx>&realm=domain.xyz.com</EcpUrl-mt>
<EcpUrl-ret>?rfr=olk&p=organize/retentionpolicytags.slab&exsvurl=1&realm=domain.xyz.com</EcpUrl-ret>
<EcpUrl-sms>?rfr=olk&p=sms/textmessaging.slab&exsvurl=1&realm=domain.xyz.com</EcpUrl-sms>
<EcpUrl-photo>PersonalSettings/EditAccount.aspx?rfr=olk&chgPhoto=1&exsvurl=1&realm=domain.xyz.com</EcpUrl-photo>
<EcpUrl-tm>?rfr=olk&ftr=TeamMailbox&exsvurl=1&realm=domain.xyz.com</EcpUrl-tm>
<EcpUrl-tmCreating>?rfr=olk&ftr=TeamMailboxCreating&SPUrl=<SPUrl>&Title=<Title>&SPTMAppUrl=<SPTMAppUrl>&exsvurl=1&realm=domain.xyz.com</EcpUrl-tmCreating>
<EcpUrl-tmEditing>?rfr=olk&ftr=TeamMailboxEditing&Id=<Id>&exsvurl=1&realm=domain.xyz.com</EcpUrl-tmEditing>
<EcpUrl-extinstall>Extension/InstalledExtensions.slab?rfr=olk&exsvurl=1&realm=domain.xyz.com</EcpUrl-extinstall>
<ServerExclusiveConnect>On</ServerExclusiveConnect>
</Protocol>
</Account>
</Response>
</Autodiscover>HTTP Response Headers:
request-id: 9d325a80-f1fd-4496-ac48-2be6bb782c28
X-CalculatedBETarget: Server01.domain.xyz.com
X-DiagInfo: Server01
X-BEServer: Server01
Persistent-Auth: true
X-FEServer: Server01
Content-Length: 11756
Cache-Control: private
Content-Type: text/xml; charset=utf-8
Date: Mon, 25 Aug 2014 19:12:25 GMT
Set-Cookie: X-BackEndCookie=S-1-5-21-1293235207-2459173341-1304346827-14544=u56Lnp2ejJqBypqcnsfJx5nSy8ucnNLLnJzP0sfKz8/Sy5nHmsiamZrMyZrLgYHPxtDNy9DNz87L387Gxc7Nxc3J; expires=Thu, 25-Sep-2014 00:12:26 GMT; path=/Autodiscover; secure; HttpOnly
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Elapsed Time: 756 ms.
Autodiscover settings for Outlook connectivity are being validated.
The Microsoft Connectivity Analyzer validated the Outlook Autodiscover settings.
Additional Details
Elapsed Time: 0 ms.
Testing RPC over HTTP connectivity to server webmail.xyz.com
RPC over HTTP connectivity was verified successfully.
Additional Details
HTTP Response Headers:
request-id: 835acf95-78b7-40ae-b232-117318d1577e
Server: Microsoft-IIS/8.5
WWW-Authenticate: Basic realm="webmail.xyz.com",Negotiate,NTLM
X-Powered-By: ASP.NET
X-FEServer: Server01
Date: Mon, 25 Aug 2014 19:12:26 GMT
Content-Length: 0
Elapsed Time: 7817 ms.
Test Steps
Attempting to resolve the host name webmail.xyz.com in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: x.x.x.x
Elapsed Time: 107 ms.
Testing TCP port 443 on host webmail.xyz.com to ensure it's listening and open.
The port was opened successfully.
Additional Details
Elapsed Time: 180 ms.
Testing the SSL certificate to make sure it's valid.
The certificate passed all validation requirements.
Additional Details
Elapsed Time: 303 ms.
Test Steps
The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server webmail.xyz.com on port 443.
The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
Additional Details
Remote Certificate Subject: CN=webmail.xyz.com, OU=Terms of use at www.verisign.com/rpa (c)05, Issuer: CN=VeriSign Class 3 Secure Server CA - G3, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign,
Inc.", C=US.
Elapsed Time: 224 ms.
Validating the certificate name.
The certificate name was validated successfully.
Additional Details
Host name webmail.xyz.com was found in the Certificate Subject Common name.
Elapsed Time: 0 ms.
Certificate trust is being validated.
The certificate is trusted and all certificates are present in the chain.
Test Steps
The Microsoft Connectivity Analyzer is attempting to build certificate chains for certificate CN=webmail.xyz.com, OU=Terms of use at www.verisign.com/rpa (c)05,
One or more certificate chains were constructed successfully.
Additional Details
A total of 1 chains were built. The highest quality chain ends in root certificate CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign,
Inc.", C=US.
Elapsed Time: 34 ms.
Analyzing the certificate chains for compatibility problems with versions of Windows.
Potential compatibility problems were identified with some versions of Windows.
Additional Details
The Microsoft Connectivity Analyzer can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the "Update Root Certificates" feature
isn't enabled.
Elapsed Time: 5 ms.
Testing the certificate date to confirm the certificate is valid.
Date validation passed. The certificate hasn't expired.
Additional Details
The certificate is valid. NotBefore = 1/3/2013 12:00:00 AM, NotAfter = 11/16/2015 11:59:59 PM
Elapsed Time: 0 ms.
Checking the IIS configuration for client certificate authentication.
Client certificate authentication wasn't detected.
Additional Details
Accept/Require Client Certificates isn't configured.
Elapsed Time: 298 ms.
Testing HTTP Authentication Methods for URL https://webmail.xyz.com/rpc/[email protected]:6002.
The HTTP authentication methods are correct.
Additional Details
The Microsoft Connectivity Analyzer found all expected authentication methods and no disallowed methods. Methods found: Basic, Negotiate, NTLMHTTP Response Headers:
request-id: 835acf95-78b7-40ae-b232-117318d1577e
Server: Microsoft-IIS/8.5
WWW-Authenticate: Basic realm="webmail.xyz.com",Negotiate,NTLM
X-Powered-By: ASP.NET
X-FEServer: Server01
Date: Mon, 25 Aug 2014 19:12:26 GMT
Content-Length: 0
Elapsed Time: 296 ms.
Attempting to ping RPC proxy webmail.xyz.com.
RPC Proxy was pinged successfully.
Additional Details
Elapsed Time: 454 ms.
Attempting to ping the MAPI Mail Store endpoint with identity: [email protected]:6001.
The endpoint was pinged successfully.
Additional Details
The endpoint responded in 0 ms.
Elapsed Time: 1007 ms.
Testing the MAPI Address Book endpoint on the Exchange server.
The address book endpoint was tested successfully.
Additional Details
Elapsed Time: 2177 ms.
Test Steps
Attempting to ping the MAPI Address Book endpoint with identity: [email protected]:6004.
The endpoint was pinged successfully.
Additional Details
The endpoint responded in 906 ms.
Elapsed Time: 918 ms.
Testing the address book "Check Name" operation for user [email protected] against server [email protected].
The test passed with some warnings encountered. Please expand the additional details.
Tell me more about this issue and how to resolve it
Additional Details
The address book Bind operation returned ecNotSupported. This typically indicates that your server requires encryption. The Microsoft Connectivity Analyzer will attempt the Address Book test again with encryption.
NSPI Status: 2147746050
Elapsed Time: 825 ms.
Testing the address book "Check Name" operation for user [email protected] against server [email protected].
Check Name succeeded.
Additional Details
DisplayName: Test Exch1, LegDN: /o=DOMAIN/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=add423106fbb47d5bf237462f52b8dab-Test Exch1
Elapsed Time: 433 ms.
Testing the MAPI Referral service on the Exchange Server.
The Referral service was tested successfully.
Additional Details
Elapsed Time: 1808 ms.
Test Steps
Attempting to ping the MAPI Referral Service endpoint with identity: [email protected]:6002.
The endpoint was pinged successfully.
Additional Details
The endpoint responded in 953 ms.
Elapsed Time: 949 ms.
Attempting to perform referral for user /o=DOMAIN/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=add423106fbb47d5bf237462f52b8dab-Test Exch1 on server [email protected].
We got the address book server successfully.
Additional Details
The server returned by the Referral service: [email protected]
Elapsed Time: 858 ms.
Testing the MAPI Address Book endpoint on the Exchange server.
The address book endpoint was tested successfully.
Additional Details
Elapsed Time: 626 ms.
Test Steps
Attempting to ping the MAPI Address Book endpoint with identity: [email protected]:6004.
The endpoint was pinged successfully.
Additional Details
The endpoint responded in 156 ms.
Elapsed Time: 154 ms.
Testing the address book "Check Name" operation for user [email protected] against server [email protected].
Check Name succeeded.
Additional Details
DisplayName: Test Exch1, LegDN: /o=DOMAIN/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=add423106fbb47d5bf237462f52b8dab-Test Exch1
Elapsed Time: 472 ms.
Testing the MAPI Mail Store endpoint on the Exchange server.
We successfully tested the Mail Store endpoint.
Additional Details
Elapsed Time: 555 ms.
Test Steps
Attempting to ping the MAPI Mail Store endpoint with identity: [email protected]:6001.
The endpoint was pinged successfully.
Additional Details
The endpoint responded in 234 ms.
Elapsed Time: 228 ms.
Attempting to log on to the Mailbox.
We were able to log on to the Mailbox.
Additional Details
Elapsed Time: 326 ms. -
(I'll upload screen captures if needed once my account gets verified)
I have a basic (as in freshly installed single exchange server 2010 SP3) Exchange Server installation. I've setup Outlook Anywhere. I've also setup a SAN (SubjectAltName) certificate.
My setup:
ex01.eci.XXXX.XX = is the server name and also the CN of my SAN certificate
mail.eci.XXXX.XX = an A record I've setup to access my exchange server. It is also a subjectAltName in my SAN certificate
When setting up Outlook, I enter the server name and specify the Outlook Anywhere proxy server in the Outlook Anywhere section. This works fine and I connect to my exchange server using RPC over HTTPS.
Now, I was under the impression that specifying SANs in the certificate would allow me to enter the SAN alt name (mail.eci.XXXX.XX) in the field reserved for the Server Name, in Outlook..
But it does not work. The proxy will give me an error each time, like that:
HTTP 544 RPC_IN_DATA /rpc/rpcproxy.dll?mail.eci.XXXX.XX:6002 HTTP/1.1 , NTLMSSP_NEGOTIATE
HTTP 635 HTTP/1.1 401 Unauthorized , NTLMSSP_CHALLENGE (text/html)
HTTP 123 HTTP/1.0 503 RPC Error: 6ba
My question is: is this the behaviour I should expect? Or should I be able to specify the SAN alt name in the Server Name in Outlook?
Thanks!Hi,
Firstly, I’d like to explain, the server name tab should be filled with your mailbox server name in the process of configuring Exchange 2010 account.
And the Outlook Anywhere proxy server is configured at the server side and cannot be randomly defined at the client side. To check it, we can run: get-outlookanywhere |fl externalhostname
Thus, it’s an expected behavior that we would get error if we randomly enter name in the server name tab when we configure an account. If I misunderstand your meaning, please feel free to let me know.
Additionally, Autodiscover service can help us automatically complete the configuration of the Outlook account. And how about the result if you use the Autodiscover to automatically configure the account?
If you have any question, please feel free to let me know.
Thanks,
Angela Shi
TechNet Community Support -
Changes from 11i to R12 for General Ledger Module
Can anybody help me from where can i get the document for technical changes from 11i to R12 for General Ledger Module.
check at:
http://www.oracleappshub.com/general-ledger/r12-oracle-general-ledger-new-and-enhanced-features/ -
Revision: 11996
Revision: 11996
Author: [email protected]
Date: 2009-11-19 11:12:19 -0800 (Thu, 19 Nov 2009)
Log Message:
Updates and changes from the spec review for FMMLoader.
Modified Paths:
osmf/trunk/framework/MediaFramework/org/osmf/proxies/LoadableProxyElement.as
Added Paths:
osmf/trunk/framework/MediaFramework/org/osmf/net/FMMLoader.as
Removed Paths:
osmf/trunk/framework/MediaFramework/org/osmf/net/ManifestLoader.asHi
I've Updated App Builder, gone back to the DPS App Builder portal, regenerated new zip and ipa files and downloaded them.
I clicked the Application Loader 3.0 link, downloaded the latest Appication Version, clicked on the "Deliver your App" button, and submitted the newly built App that was built using 32.4.2 version. (All the app icons were listed as "stored on server" so I presume they are all ok). The .zip file appeared to 'deliver' to Apple successfully. I've tried to resubmit it but get ta "Redundant Binary Upload. There already exists a binary upload with build version..." error message, so presume the orginal binary upload was successful. I have no idea how I can get this app from the "prepare for submission", to "in review". The last time I thought I'd submitted this app I got as far as the "waiting for review" status, and no further.
At the moment I don't have a"+" button in the Build section - as mentioned on page 66 of Adobe's Step_by_step_guide_to_dps_se.pdf.
So I can't add the new .zip file to the iTunes Connect > My Apps portal in the Build section of the Versions tab.
I have put a support email into Apple, but don't expect a reply any day soon.
The problem with starting all the way back through the App wizard is that I really want to use all the same App Name, Bundle ID, and details etc.
Do you mean, going back to the Folio Producer Panel, and building a whole new App?
This process certainly isn't for the faint-hearted!
HELP! -
Exchange 2013 & Exchange 2007 Co-exist - Problems with Outlook anywhere proxy
Hi,
Got EX13 and EX07 in co-exist. Pointed all the external URL to EX13. ActiveSync proxies to 2007 and OWA redirects to legacy url with SSO. Working perfectly!
But with Outlook Anywhere it does not work. Mailboxes on EX13 works good, but not for EX07 user.
Error message from MRCA:
Attempting to ping RPC endpoint 6001 (Exchange Information Store) on server "internalFQDN ofbackend EX07 server"
The RPC_S_SERVER_UNAVAILABLE error (0x6ba) was thrown by the RPC Runtime process.Hi,
We need to change the Authenticaion on the Outlook Anywhere to NTLM
Set-OutlookAnywhere -Identity "xxx\Rpc (Default Web Site)" –InternalHostName mail.domain.com
-InternalClientsRequireSsl $True -ExternalHostName mail.domain.com
-ExternalClientsRequireSsl $True -InternalClientAuthenticationMethod NTLM
-ExternalClientAuthenticationMethod NTLM -IISAuthenticationMethods
Basic, NTLM, Negotiate
Please first backup the Outlook Anywhere settings then do the above changes.
Thanks,
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
[email protected]
Simon Wu
TechNet Community Support -
Outlook 2013 & Proxied accounts, FROM address not defaulting correctly
Hello,
We are hosted by Microsoft for our email. We have been on Outlook 2010 for a couple of years without any issues. I have proxy access to two other mailboxes for support purposes. Up until last Thursday, when I replied to an email in the support mailbox, the
default FROM address was the address for that mailbox. Last Thursday, something changed somewhere so the default FROM address is now my personal mailbox. I do have access to send mail from the proxied accounts so it isn't a rights issue. I am able to change
the FROM address each time I reply but this is cumbersome. My personal email should never be going out on replies but remembering has been a chore since it always used to work correctly.
Our helpdesk had me install a plugin called unisend which did fix one related issue but didn't correct the issue I'm experiencing. I have talked with our senior network engineer and mail administrator and both confirm they did not make any changes. I did
upgrade my PC to Office 2013 in hopes that something became corrupted with my installation (that the upgrade would fix) but that did not correct the problem.
Ideas?Hi there,
We have received many reports as your description since last week. It sounds like the sending behavior in Outlook 2010 has been changed by some Windows/Office update and goes back to the behavior before.
Before we go any further, I have to mention some of the history for Outlook 2010. In Outlook 2010 without SP1, Mailto’s will use the default/principal account for message when you use Microsoft Outlook 2010 which has multiple accounts delivered to different
data file. However, in later version (Outlook 2010 SP1/SP2), Outlook doesn’t use the default account set in Account settings for new messages. Instead, it uses the account associated with the mailbox or *.pst file you have in focus.
Actually, this behavior is controlled by the registry keys. At this point, I suggest we check the following registry entries are exist and set it to the proper value.
HKEY_CURRENT_USER\Software\Microsoft\Office\XX.0\Outlook\Options\Mail
DWORD value: NewItemsUseDefaultSendingAccount
Value type: REG_DWORD: 1 for force, 0 to disable.
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\XX.0\outlook\options
Value Name: ForceAccountSelection
Value type: REG_DWORD: 1 for force, 0 to disable.
Close the registry editor and restart Outlook to check if the behavior what you want would come back.
In addition, our Outlook MVP, Diane Poremsky has written an article with more detail information:
http://www.slipstick.com/outlook/outlook-2010/multiple-accounts-and-the-default-account/
By the way, we still cannot figure out which update is the root of the issue, if someone could test it and share the result here, I would appreciate that. Feel free to post back.
Tony Chen
TechNet Community Support -
Outlook anywhere can RPC from external but cannot authenticate with AD
HI all,
Recently, I have this weird problem surfacing and it has been bugging me ever since. Let me start of of our current setup: we have 2 CAS/HUB running on NLB and 2 MB on CCR. All 4 are installed with E2007 Sp2. We have users accessing their mailbox internally
and externally. We used self-signed certificate for all users so that they can use Outlook when they are not in the office. All was working fine for a few years when one day, one user bought a new notebook for us to configure. Following the procedure
like we had done numerous times, then, it prompt Outlook has to be online error
while using the external network. After checking all the Outlook over RPC settings and everything, all are configured as according to the plan and nothing has been changed. Internal network (ie using the company network ) all is ok.
Firewall has not been meddled with so I am not too sure it could be the problem. ( because other external users on their existing system are ok ).
Can anyone kindly advice?
Thanks
EricDoes the new computer trust the self-signed certificate?
Ed Crowley MVP "There are seldom good technological solutions to behavioral problems." -
Using Basic or NTLM for PSC to PO communication
Basic authentication is the easiest to get working, so we generally recommend that users start there, especially when setting up your first IAC environment. Consider NTLM as a more secure advanced option.
It can be diffcult to troubleshoot the NTLM issues described below, which is why we recommend basic for beginning users.
Now the NTLM option is more secure than basic authentication, which sends the password in clear text over the wire. This may not be as much of an issue if you use SSL, but it is certainly best practice to use both NTLM and SSL. So in a customer environment, it is best to work through these concerns to estanblish security. We are seeing more and more customers doing security audits, so we will want to make customer environments use NTLM.
A challenge with NTLM authentication is that the list of supported authentication schemes in the 2 products do not match.
PO uses whatever version of NTLM the domain is using. You can’t actually select v1 or v2. In the future we will make a UI change to indicate that this is vvulnerable to the domain of the account you specify and what version of NTLM it is configured for, but for now you need to undersdtand that. At the end of the day, it’s in PSC where you specify the account which will determine which doimain is used. If you’re using anything newer than W2K8R2, you’re probably running v2, unless you’ve manually set the domain to downlevel (e.g. for legacy application compatibility). PO is at the whim of your authenticating domain as to which version of NTLM will be required.
In PSC, one specifies exactly which NTLM version is to be used in the authentication.
Also, when specifying the connection in IAC of PSC, NTLM is actually NTLM v1, while NTLM is v2.
So in the IAC configuration wizard, if you are going to use NTLM, you need to specify the NTLM version to match the domain of the user credential you use to connect to PO, specifying NTLM if it is v1 and NTLMv2 if it is v2.Basic authentication is the easiest to get working, so we generally recommend that users start there, especially when setting up your first IAC environment. Consider NTLM as a more secure advanced option.
It can be diffcult to troubleshoot the NTLM issues described below, which is why we recommend basic for beginning users.
Now the NTLM option is more secure than basic authentication, which sends the password in clear text over the wire. This may not be as much of an issue if you use SSL, but it is certainly best practice to use both NTLM and SSL. So in a customer environment, it is best to work through these concerns to estanblish security. We are seeing more and more customers doing security audits, so we will want to make customer environments use NTLM.
A challenge with NTLM authentication is that the list of supported authentication schemes in the 2 products do not match.
PO uses whatever version of NTLM the domain is using. You can’t actually select v1 or v2. In the future we will make a UI change to indicate that this is vvulnerable to the domain of the account you specify and what version of NTLM it is configured for, but for now you need to undersdtand that. At the end of the day, it’s in PSC where you specify the account which will determine which doimain is used. If you’re using anything newer than W2K8R2, you’re probably running v2, unless you’ve manually set the domain to downlevel (e.g. for legacy application compatibility). PO is at the whim of your authenticating domain as to which version of NTLM will be required.
In PSC, one specifies exactly which NTLM version is to be used in the authentication.
Also, when specifying the connection in IAC of PSC, NTLM is actually NTLM v1, while NTLM is v2.
So in the IAC configuration wizard, if you are going to use NTLM, you need to specify the NTLM version to match the domain of the user credential you use to connect to PO, specifying NTLM if it is v1 and NTLMv2 if it is v2. -
Change of Basic Finish Date for a Maintenance Order
Hi Experts,
I have a requirement where I need to change the Basic Finish Date of an order. Currently in config for order type and plant combination, scheduling parameters are set as:
Adjust to Basic Finish Dates
Automatic Scheduling.
If in an order, I remove the tick for Automatic Scheduling, I am able to change that but I am not supposed to do that.
Can you suggest me how thisissue can be resolved. Remember, changing the Config is not an option.
Regards...hi
Since you have done the adjust basic dates ,kindly change the operation dates ,which will automatically change the dates specified in the operation dates
regards
thyagarajan -
Problem in delta changes from ECC to CRM for Customers created in CRM systm
Dear all,
I am replicating customers between CRM and ECC and vice versa. The Delta changes are replicating from CRM to ECC system, but not happening from ECC to CRM system.
I have created some customers in CRM system and changed some address data, those changes are perfectly updating in back end ECC system.
But when I make some changes for the same customer from ECC system, those changes are not updating back in the CRM system.
I could not get the problem where exactly is coming. I request your expertise to help me in resolving this issue. I believe all middleware and pide settings are correct.
Your suggestions are highly appreciated.
Best regards
Raghu ramHi Shanthala,
Thank you very much for your prompt response, I have checked Customer_main adapter object in R3AC1, no filter has been found there.
and in R3 table TBE31, I could not find entry for CRS_CUSTOMER_COLLECT_DATA for APPLK = BC-MID.
As well in CRMRFCPAR table I could see X assigned to field named with 'In Queue Flag', but I could not find DISCARDDAT for CRM (User) settings.
Kinldy help me to resolve the issue.
Your suggestions will be highly appreciated.
Best regards
Raghu ram -
How do I change from portrait to landscape for Skype on my iPad?
How do I change from portrait to landscape when using Skype on my iPad 2?
2 minutes on Google tells me that the current version of Skype does not support landscape on the iPad.
-
I pre-ordered my iPhone 5 on 9/15 at 4am EST. It said shipping in 2 weeks with an delivery date of 10/5... yadda yadda yadda. This morning my order status showed as 'processing'. This afternoon it changed to 'preparing for delivery'. Is there a chance I will now receive before 10/5? Trying to plan accordingly. Thanks in advance for any info you can give.
I was in the same boat. I ordered @ 5:09AM EST on 9/14 and had the 10/5 delivery date. My status changed from processing to preparing to ship yesterday 9/21. I got an e-mail from Apple @ 4:22AM this morning 9/22 that it has shipped (along with the precious tracking #)! I would expect it would arrive by this Friday 9/28 at the latest.
-
I want to change from windows to mac for cs5
I bought the upgrade for lightroom 5 and found I needed Windows 7 which I did not have. Thought now would be the time to change to Mac. How can I swap formats on the photoshop CS5 license I currently have?
Hi Marionneedshelpplease,
There shouldn't be any problem while upgrading and switching the OS.Please go through this link : http://helpx.adobe.com/x-productkb/policy-pricing/order-product-platform-language-swap.htm l
If you want to upgrade from CS5 Win to CS5.5 or CS6 MAC, you can do that. Its called Cross Platform Upgrade.
But as Bob mentioned, you need to contact adobe for that. It cannot be done online from adobe website.
For the best assistance, I recommend our chat support at http://adobe.ly/yxj0t6. Our chat representatives can provide a personalized experience to resolve the issue you have described.
Regards,
Rajshree -
Changing file clicking default behaviour for all users
Is there a way to change the default file clicking behaviour for all users? Each user can do it himself by going via the username menu ("Personal Preferences", "When clicking on a file...") but I would prefer to set it for all users to a value that is different from the default.
Hi Ganesh,
Can u pl post how you solved this.
Regards,
Reema.
Maybe you are looking for
-
Today I was doing my chemistry homework when all of a sudden my mid 2011 MacBook pro running Lion 10.7.4 started going very very VERY slowly to a point where it was unusable. I restarted my computer and went to type in my password. When I did this, t
-
JPEGS not rendering correctly in Finder, Preview or Safari
Need some quick help, guys. Here's the symptom: JPEGs look lousy in the Finder, Preview, Safari, etc. Open them in Photoshop, and they look fine. Move the file to another computer, and it looks fine. It appears to me that any application that uses OS
-
Why do all the programs open when the mini is turned on, and how to avoid this?
why do all the programs open when the mini is turned on, and how to avoid this?
-
I cannot save a httpd.conf file using the MS Notepad [ text editor]. I am trying to coinnect PHP with the Apache Web Server. Thanx in advance to anyone who helps me.
-
Trouble converting RAW to DNG from Nikon D90
Hi, I'm using CS4 and have uploaded the latest Adobe DNGConverter, 8.7.1 and still my raw photos taken with my Nikon D90 don't convert in Bridge or Photoshop. Anybody have ideas for what to do? Take care, Paul