Reconfigure Outlook Anywhere
I've just taken over support of an Exch 2010 system on 2008r2.
It seems like the name of the self signed certificate has been set to the internal node name of the server. When O/L 2007 autoconfigures it enables rpc over https with the external FQDN of the server. But O/L complains about the certificate name. DNS there
does not have the external domain name set up (as in done in SBS setups) to resolve internally so I guess the name is resolving to the public IP of the site.
I'd like to correct the certificate name. Maybe my google-fu is lacking today but I can't find a checklist. Could you good folks here give me some pointers please.
I guess I need to change (1) settings in Exch, (2) settings in IIS & (3) Autodiscover settings and there are probably more things I have forgotten.
I'll also fix the internal DNS so it will resolve the external FQDN to the right internal IP
Thanks
Ken
It appears that you have OA enabled on your servers, and it has the external FQDN. If this is the case, and if you only need this for internal connections, you may be able to actually use what you have. Just set the URL for OA to your internal
FQDN for your servers.
Now, if you want things to work properly for internal and external connections, once you have your new cert, you will want to run the commands from the following blog:
http://social.technet.microsoft.com/wiki/contents/articles/5163.managing-exchange-2010-externalinternal-url-s-via-powershell.aspx
You should never have to do anything at the IIS level - the commands above will handle IIS configuration, if done properly. BTW, for your cert, you should read the following so you get it done right:
http://exchangeserverpro.com/configure-an-ssl-certificate-for-exchange-server-2010/
Similar Messages
-
SSL/MSSTD settings Outlook anywhere
All,
just want to raise a question, as I noticed a strange behaviour.
I have Exchange 2013 with Outlook Anywhare configured in this way:
So external and internal hostname is the same, SSL required only from external.
Internal connection works just fine and Outlook doesn't set the flag and the MSSTD setting for SSL.
Externally, If I setup from scratch, it's working as well, and the msstd is flagged and setup.
Problems begin when I migrate mailboxes from an Exchange 2010 in coexistance, which will be decomissioned in the future. After migration, user's Outlook (connected from external AND not domain-joined) was properly reconfigured BUT for the msstd setting
which was missing.
As result the Outlook connection was totally flickering, up and down every now and then plus keep "connecting" for the directory service.
Setting up the msstd setting manually, everything is fine.
Now, we know that in EX2013 the Autodiscovery behaviour has changed:
http://support.microsoft.com/kb/2754898/en-us
Practically, it will try always the internal first host name first, regardless where you're connecting from.
I was wondering if: since the hostname is the same for both internal and external, would this lead autodiscovery in misinterpret the configuration (InternalClientRequireSSL is set to $False) and left the configuration unflagged in Outlook?
And, if so, why on migrated mailboxes only ?
Any suggestion, answer and comment will be hughly appreciated!
Thanks!In the Autodiscover.xml that is returned to the client, there is
two EXHTTP sections with settings. Outlook will try the first block (internalSettings) and in your case it will be successfull since you are using the same name for both internal- and externalhostname. So with that, SSL will not be required.
Example:
<Type>EXHTTP</Type>
<Server>mail.domain.com</Server>
<SSL>Off</SSL>
<AuthPackage>Ntlm</AuthPackage>
<Type>EXHTTP</Type>
<Server>mail.domain.com</Server>
<SSL>On</SSL>
<AuthPackage>Ntlm</AuthPackage>
Personally, I always configure the same name for both internal- and externalhostname, use the authentication method NTLM AND
InternalClientsRequireSSL=True.
Not a good idea to disable Outlook Anywhere on Exchange 2010 when running in co-existence.
Can you also confirm that autodiscover is pointing to your Exchange 2013 Server?
Martina Miskovic
Hi Martina,
thanks for the clear answer! I had kind-of the same idea, wodering if Exchange could possibly mess up using the same name - sort of bug.
I'll try to set for both internal and external to require SSL.
I'm not clear, however, how set the authentication. NTLM only? NTLM + Basic + Negotiate? And same auth method for both int and ext? Ultimately, how would you setup the IISAuthenticationMethods?
Ah! What whoud you mean by: "confirm that autodiscover is pointing to your Exchange 2013 Server?"
Thanks in advance!
Ale. -
Outlook Anywhere Trouble for new users
Hello,
My client had Exchange 2010 SP3, lastest rollup. He has Outlook Anywhere enabled and all of his users, except a new one he created a few days ago, have no problem accessing their mailboxes.
This new user experiences a problem, once she goes home and tries to open her Outlook 2010, a User\Password prompt appears which does not go away even when you get it right. Eventually after 3 attempts usually, it goes away but outlook opens up disconnected.
There is this Error event - MSExchangeAL id 8364, on the exchange server, and it does correspond to our problem. although, no valid solution is given for it, wherever i've searched.
We've tried Changing authentication methods from Basic to NTLM to Negotiate and to Basic back again, tried disabling the "Encrypt data between Outlook and Exchange", We've tries online mode, it does not even open outlook. it gives us an error regarding
a bad ost file. If outlook does allow the user in, it's only in cached mode and it immeditaly changes status from "Trying to connect..." to "Disconnected". We've checked the checkbox of "On slow connections use....". OWA Works.
Any insight would be greatly appreciated. Thank you.Hi,
According to your description, only one your user cannot use Outlook Anywhere to connect to the server. If I misunderstand your meaning, please feel free to let me know.
If yes, I recommend you firstly troubleshoot if the issue is related to the certain Outlook client:
Recreate a new profile for the problematic users or change another computer to reconfigure the account.
Additionally, you can also use ExRCA to check the Outlook Anywhere connectivity:
https://testconnectivity.microsoft.com/
If you have any question, please feel free to let me know.
Thanks,
Angela Shi
TechNet Community Support -
Hi,
I have a Windows 2008R2 Updated / Exchange 2010 SP3 Rollup 7 (Role CAS,HUB,MBX) with only external users connection : ActiveSync, EWS, OWA, Outlook Anywhere.
4 processors and 24Go of memory are allocated to the Exchange server VM (VMWare).
Netscaller is used as reverse proxy in DMZ.
There is around 500 users connecting with Outlook Anywhere to Exchange. Users are using Outlook 2010 or 2013 with last updates and cache mode enabled (owner mailbox and delegations). Users are location all around the world (around 50 sites). So no users
is domain integrated.
Users are complaining about disconnection, and Outlook freeze (Outlook is not responding). This happened at any point of time during the day, and for different kind of actions (Outlook is just open, Try to press Send button, try to press Transfer button).
The freeze happened randomly for users. I have seen the problem, and Outlook sometimes freeze during few seconds, sometimes during 5 minutes without any reason. (no file copy, no action asked...)
I noticed that freeze are matching with the Outlook event id 26 on the workstation (Connection to the Microsoft Exchange Server has been lost. Outlook will restore the connection when possible). Also, at the same time, I can see around 200 lines in
the IIS HTTPERR Log (Exchange Server : C:\Windows\System32\LogFiles\HTTPERR) the following lines:
2014-11-20 10:39:43 NETSCALLERIP PORT EXCHANGEIP 443 HTTP/1.1 RPC_OUT_DATA /rpc/rpcproxy.dll?EXCHANGEFQDN:6004 - 1 Connection_Dropped_List_Full MSExchangeOutlookAnyWhere
2014-11-20 10:39:43 NETSCALLERIP PORT EXCHANGEIP 443 HTTP/1.1 RPC_OUT_DATA /rpc/rpcproxy.dll?EXCHANGEFQDN:6001 - 1 Connection_Dropped_List_Full MSExchangeOutlookAnyWhere
What has been already checked :
Check IOPS: seems to be normal
Check Processor consumption: seems to be normal
Netscaller TimeOut = 8h
Bandwidth where the server is hosted : more than enough
Bandwidth of client internet connection : Traffic do not increase when the problem happen
Firewall TimeOut : seems to be ok
Firewall Protocol Filter : seem to be ok
Workstation MTU : Ok : ping -l -f 1472 = Ok, so best MTU = 1500 (1472+28)
Outlook Profile : Clean Up OST, sync of all folders, download address book.
wireshark on workstation : nothing seems to be wrong but difficult to analyse, so I maybe missed something.
Configuration change on Exchange :
HKLM\Software\Policies\Microsoft\Windows NT\RPC\MinimumConnectionTimeout = 120
Disable throttling Policy
Adsiedit, change Max Memory alloc for ESE : msExchESEParamCacheSizeMax = 327680 (around 10GB) msExchESEParamCacheSizeMin = 131072 (around 4GB
Adsiedit, change Min Memory alloc for ESE : msExchESEParamCacheSizeMin = 131072 (around 4GB)
Host file : add hostname and FQDN of Exchange Server
Disable IPV6 : HKLM\System\CurrentControlSet\services\TCPIP6\Parameters\DisabledComponents = HEX 0xffffffff
IIS : system.applicationHost : webLimits : minBytesPerSecond = 0
Create dedicated IIS AppPool MSExchangeOutlookAnyWhere for /RPC and /RPCWithCert
AppPool MSExchangeOutlookAnyWhere : Regular Time Interval (minutes) : 0
AppPool MSExchangeOutlookAnyWhere : Queue Length : 20000 (Should be the solution but not working)
netsh int tcp set global chimney=disabled
netsh int tcp set global rss=disabled
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\MaxUserPort = 65534
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\KeepAliveTime : 300000
HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\MaxConcurrentAPI = 150
IIS machine.config : <system.web> : requestQueueLimit="65535"
Microsoft.Exchange.RpcClientAccess.Service.exe.config <add key=”LoggingTag” value=”ConnectDisconnect, Logon, Failures, ApplicationData, Warnings, Throttling”/>
Uninstall All agents (except Backup Agent)
Uninstall Antivirus
Will be done tonight :
Exchange and DCs : HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\MaxConcurrentAPI = 100
Exchange IIS : Increase AppPool MSExchangeOutlookAnyWhere Queue Length to 40000
Exchange : decrease HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\KeepAliveTime to 60000
You're welcome if you have any idea.
Thanks.
Jo.Hi,
Thanks for your answer. Here are my comments :
1. Disable IPv6 then restart your Exchange server
Already done since the install of Exchange.
2. Confirm if there is any NLB device in your environment, please remove NLB firm client server
There is only one Exchange server in the Org. So no NLB installed on the server (NLB is used on the Netscaller used as a reverse proxy). In Addition, the article apply for Windows 2008, or the server is installed with Windows 2008 R2.
3. If there is a proxy server configured in IE, please uncheck it
I guess you are talking on the client side. There is no proxy on the client side, Outlook Anywhere connect directly to the internet.
4. Collect more error logs in Event Viewer in Exchange and collect the IIS logs in
folder “c:\inetpub\logs\logfiles\W3SVC1”
the error I reported in the description is from IIS, and always appear when end users report a problem. In W3SVC1 file, there is also errors, but those one appear even if Outlook clients are working fine. So I cannot isolate any specific
error. The most common from W3SVC1 log are :
2014-11-25 08:02:17 EXCHANGEIP POST /autodiscover/autodiscover.xml - 443 - NETSCALLERIP Microsoft+Office/15.0+(Windows+NT+6.1;+Microsoft+Outlook+15.0.4667;+Pro)
401 1 2148074254 0
2014-11-25 08:02:17 EXCHANGEIP POST /EWS/Exchange.asmx - 443 - NETSCALLERIP Mac_OS_X/10.9.5+(13F34)+CalendarAgent/176.2
401 1 2148074254 0
2014-11-25 08:02:18 EXCHANGEIP POST /EWS/Exchange.asmx - 443 - NETSCALLERIP Microsoft+Office/14.0+(Windows+NT+6.1;+Microsoft+Outlook+14.0.7128;+Pro)
401 1 2148074254 0
Regards,
Jo. -
Outlook Anywhere, Office 2013 + Exchange 2013 freezes
Hi.
I'm pulling my hair out with this problem as it seems to make no sense.
I have a client using outlook 2013 through outlook anywhere to their new server running Exchange 2013. when outlook is opened it seems to work for about 10 mins or so then after that if you go to send an email it freezes and says it trying to contact the
server. you wait for 10 mins then it works again for a while.
I've changed the timeout settings on the server and everything, they are currently experiencing this in their Spanish office which connects back to the UK.
No if they dial up the vpn ( no settings changed at all) and run outlook, it all works perfectly..... No one in the UK office (about 10 users) have any issues its only the 2 people in Spain, and one of them uses the laptop in the UK office that they have
in Spain with no issues.
I have a CA certificate from slls so not using a self certified one. however its not a wildcard so I haven't set-up on the external domain dns and instead just manually enter the settings (which works fine)
Its almost as if after 10 mins some connection drops but then takes ages to reconnect again.
There are a lot of schannel errors appearing on the machines which suggests they are looking at the wrong ports for connection on a couple of attempts, but the questions is why? and whether this has anything to do with the OA problem.
If anyone has some fresh ideas or any thoughts i would be very grateful as this is driving me round the bend, and i have 2 other clients who have a very similar set-up but have no issues.
Router Spanish side is a Comcast router and UK side is a draytek 2820
Exchange is running on Server 2012 with both the CA and Mailbox roles on the same server.
heeeellp before I go bald :)Hi,
Please have the users in Spain open Outlook, go to FILE
-> Account Settings -> Account Settings -> Double click the account name ->
More Settings -> Connection tab -> Select
Connect to Microsoft Exchange using HTTP, and click Exchange Proxy Settings, tick
On slow networks, connect using HTTP first, then connect using TCP/IP
-> OK.
We can also have the users in Spain test the connectivity to Exchange via Remote Connectivity Analyzer to find if there's any error.
https://testconnectivity.microsoft.com/
Regards,
Melon Chen
TechNet Community Support -
Outlook Anywhere not working for some users
Hi All,
I am having a strange issue today with a customer -
Outlook Anywhere has been enabled on their Exchange 2010 environment, but it doesn't work for some users.
Using the ExRCA I have been able to identify the following error on the users who are unable to connect:
"Testing the MAPI Mail Store endpoint on the Exchange server."
"Attempting to log on to the mailbox"
Mailbox logon returned ecLoginPerm 1010. You don't have the correct permissions to log in to the mailbox.
EMSMDB Status: ecLoginPerm 1010
Elapsed Time: 225 ms.
On users that are able to connect it goes through the ExRCA without any issues.
Any help would be much appreciated.
Cheers,
Jack
Testing the MAPI Mail Store endpoint on the Exchange server.
An error occurred while testing the Mail Store.
Additional Details
Elapsed Time: 333 ms.
Test Steps
Attempting to ping the MAPI Mail Store endpoint with identity: outlook.mg.com:6001.
The endpoint was pinged successfully.
Additional Details
Attempting to log on to the Mailbox.
An error occurred while logging on to the Mailbox.
Additional Details
Mailbox logon returned ecLoginPerm 1010. You don't have the correct permissions to log in to the mailbox.
EMSMDB Status: ecLoginPerm 1010
Elapsed Time: 225 ms.Hi,
I notice that this issue only impact "some users".
I suggest double confirm whether the Outlook Anywhere configuration set correctly on Outlook client. Pic as blow:
Thanks
Mavis Huang
TechNet Community Support -
Exchange 2007 to 2013 Migration Outlook Anywhere keeps asking password
Hi all,
i'm migrating an Exchange 2007 Server with all roles installed on a Windows Server 2008 R2 to 2 Exchange 2013 SP1 Servers (1 Cas and 1 Mailbox) installed on Windows Server 2012 R2.
I installed Exchange 2007 SP3 RU13 for coexistance and everything was ok until i switched to the new 2013 CAS.
After that the client using Outlook Anywhere started asking for password.
I configured the Outlook Anywhere with these settings:
Exchange 2007:
OA Hostname mail.domain.com
Client Authentication NTLM
IISAuthenticathion Basic, NTLM
SSL Required True
Exchange 2013
OA Hostname mail.domain.com
Client Authentication NTLM (Both internal and external)
IISAuthentication Basic, NTLM
SSL Required True (both internal and external)
Before switching to 2013 Cas everything works smoothly and the Outlook clients receive NTLM as HTTP Proxy authentication.
After switching to 2013 Cas, test users migrated on 2013 Mailbox Server are ok, but Outlook users on Exchange 2007 Server get Basic as HTTP Proxy authentication and continue asking for credentials.
In the Exchange 2007 server i configured the host file to resolve servername and servername.domain.local with the ipv4 address to avoid issues regarding IPv6 with OA in Exchange 2007.
Using Microsoft Connectivity Test i receive the error "RPC Proxy can't be pinged - The remote server returned an error:
(500) Internal Server Error"
Any Ideas?
Thanks for your HelpRun this and post the result
https://testconnectivity.microsoft.com/
Cheers,
Gulab Prasad
Technology Consultant
Blog:
http://www.exchangeranger.com Twitter:
LinkedIn:
Check out CodeTwo’s tools for Exchange admins
Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose. -
Access to Outlook Anywhere does not work
Good evening,
I recently installed an Exchange Server 2013 CAS / MB.
Until now, the server presented a few errors (mainly in the
event log) that does not seem to significantly influence functionality.
This week I published the server on the Internet and verified various malfunctions
related to the access from outside.
In particular from outside:
1 - OWA does not work with Windows integrated authentication, it works with the Forms based authentication;
2 - Outlook Anywhere does not work from internet.
I've done a lot of research and testing without success.
With regard to the first issue (which is not a priority but can relate to second one)
add that in Firefox I get a first authentication request. If
I enter credentials it ask again for identical authentication (repeatly), if I cancel it shows a second one that instead allows me access (are slightly different).
I assume that the first is the integrated Windows application and the second is basic authentication.
Internet Explorer shows me only the first authentication request and if I cancel shows blank page.
The problem is
priority 2:
Outlook connects without problems on LAN network, the Internet
seems to download the correct information
(autodiscover), but then does not connect
to the server (connection to Microsoft Exchange is unavailable).
If you manually edit the settings,
auto-configuration server returns as
a [email protected]. If I change
manually the server (and proxy settings
http), the result does not change.
- Setting information -
The server is installed
in the LAN network and is exposed on the Internet through
a firewall (Pat on port 443, et al. not 80)
on a public address.
The public and private DNS have been configured with a
host record (A) and two
CNAME (webmail and autodiscover).
The internal Outlook clients connect
with autodiscover and HTTPS /
NTLM / SSL (Outlook connectivity
status).
IMAP, SMTP, POP, ActiveSync function.
Exchange remote connectivity analizer retrieves Autodiscover information but doesn't pass test for RPC/HTTP access (it discard accesson
port 443 and try port 80, SPF isn't configured).
The navigation to the url
https://proxyexternalURL/rpc/rpcproxy.dll has the same behaviour like problem 1.
Test-OutlookConnectivity returns unmanaged error ('WARNING: An unexpected error has occurred and a Watson dump is being generated: Failed to find the probe result for invoke now request id -- and probe workdefinition id --').
Errors in eventviewer: 5011 - WAS (one time), 139 - MSExchange OWA (some not ripetitive), 3028 - MSExchangeApplicationLogic (every 6 hours), 106 - MSExchange common (many during working hour), 65535 - application (some at nighttime 00.00 - 03.00 a.m.), 1006
- MSExchangeDiagnostic (every 30 min), 6002 - MSExchange Mid-Tier Storage (about every 5 minutes), 5 - MSExcahnge Workload Management (one time).
Ask for further information.
- Cmdlet and Autodiscover output -
Get-OutlookAnywhere | fl name,*auth*,*ssl*,*host*
Name : Rpc (Default Web site)
ExternalClientAuthenticationMethod : Basic
InternalClientAuthenticationMethod : Ntlm
IISAuthenticationMethods : {Basic, Ntlm, Negotiate}
SSLOffloading : True
ExternalClientsRequireSsl : True
InternalClientsRequireSsl : True
ExternalHostname : webmail.name_domain.test
InternalHostname : webmail.name_domain.test
Get-OutlookProvider | ft -autosize
Name Server CertPrincipalName TTL
EXCH msstd:webmail.name_domain.test 1
EXPR msstd:webmail.name_domain.test 1
WEB
1
Get-AutodiscoverVirtualDirectory | fl name,*auth*,*url*
Name : Autodiscover (Default Web site)
InternalAuthenticationMethods : {Basic, WSSecu.testy, OAuth}
ExternalAuthenticationMethods : {Basic, WSSecu.testy, OAuth}
LiveIdNegotiateAuthentication : False
WSSecu.testyAuthentication : True
LiveIdBasicAuthentication : False
BasicAuthentication : True
DigestAuthentication : False
WindowsAuthentication : False
OAuthAuthentication : True
AdfsAuthentication : False
InternalUrl :
ExternalUrl :
Get-MapiVirtualDirectory | fl name,*auth*,*url*
Name : mapi (Default Web site)
IISAuthenticationMethods : {Basic, Ntlm, Negotiate}
InternalAuthenticationMethods : {Basic, Ntlm, Negotiate}
ExternalAuthenticationMethods : {Basic, Ntlm, Negotiate}
InternalUrl : https://webmail.name_domain.test/mapi
ExternalUrl : https://webmail.name_domain.test/mapi
Autodiscover.xml
<?xml version="1.0" encoding="utf-8"?>
<Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
<Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">
<User>
<DisplayName>user</DisplayName>
<LegacyDN>/o=organization_name/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=e4c0c18c8f214afbb5152bb08823179d-user</LegacyDN>
<AutoDiscoverSMTPAddress>user@name_domain.test</AutoDiscoverSMTPAddress>
<DeploymentId>d60c71c9-3740-404c-a38c-aa24e6105432</DeploymentId>
</User>
<Account>
<AccountType>email</AccountType>
<Action>settings</Action>
<MicrosoftOnline>False</MicrosoftOnline>
<Protocol>
<Type>EXCH</Type>
<Server>72036b30-a4d4-4b42-9c39-445bd04c23a6@name_domain.test</Server>
<ServerDN>/o=organization_name/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=72036b30-a4d4-4b42-9c39-445bd04c23a6@name_domain.test</ServerDN>
<ServerVersion>73C082C8</ServerVersion>
<MdbDN>/o=organization_name/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=72036b30-a4d4-4b42-9c39-445bd04c23a6@name_domain.test/cn=Microsoft Private MDB</MdbDN>
<PublicFolderServer>webmail.name_domain.test</PublicFolderServer>
<AD>DC2.name_domain.test</AD>
<ASUrl>https://webmail.name_domain.test/EWS/Exchange.asmx</ASUrl>
<EwsUrl>https://webmail.name_domain.test/EWS/Exchange.asmx</EwsUrl>
<EmwsUrl>https://webmail.name_domain.test/EWS/Exchange.asmx</EmwsUrl>
<EcpUrl>https://webmail.name_domain.test/ecp/</EcpUrl>
<EcpUrl-um>?rfr=olk&p=customize/voicemail.aspx&exsvurl=1&realm=name_domain.test</EcpUrl-um>
<EcpUrl-aggr>?rfr=olk&p=personalsettings/EmailSubscriptions.slab&exsvurl=1&realm=name_domain.test</EcpUrl-aggr>
<EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?rfr=olk&exsvurl=1&IsOWA=<IsOWA>&MsgID=<MsgID>&Mbx=<Mbx>&realm=name_domain.test</EcpUrl-mt>
<EcpUrl-ret>?rfr=olk&p=organize/retentionpolicytags.slab&exsvurl=1&realm=name_domain.test</EcpUrl-ret>
<EcpUrl-sms>?rfr=olk&p=sms/textmessaging.slab&exsvurl=1&realm=name_domain.test</EcpUrl-sms>
<EcpUrl-publish>customize/calendarpublishing.slab?rfr=olk&exsvurl=1&FldID=<FldID>&realm=name_domain.test</EcpUrl-publish>
<EcpUrl-photo>PersonalSettings/E.testAccount.aspx?rfr=olk&chgPhoto=1&exsvurl=1&realm=name_domain.test</EcpUrl-photo>
<EcpUrl-tm>?rfr=olk&ftr=TeamMailbox&exsvurl=1&realm=name_domain.test</EcpUrl-tm>
<EcpUrl-tmCreating>?rfr=olk&ftr=TeamMailboxCreating&SPUrl=<SPUrl>&.testle=<.testle>&SPTMAppUrl=<SPTMAppUrl>&exsvurl=1&realm=name_domain.test</EcpUrl-tmCreating>
<EcpUrl-tmE.testing>?rfr=olk&ftr=TeamMailboxE.testing&Id=<Id>&exsvurl=1&realm=name_domain.test</EcpUrl-tmE.testing>
<EcpUrl-extinstall>Extension/InstalledExtensions.slab?rfr=olk&exsvurl=1&realm=name_domain.test</EcpUrl-extinstall>
<OOFUrl>https://webmail.name_domain.test/EWS/Exchange.asmx</OOFUrl>
<UMUrl>https://webmail.name_domain.test/EWS/UM2007Legacy.asmx</UMUrl>
<OABUrl>https://webmail.name_domain.test/OAB/e66d9a4a-6ed2-4512-b72f-522381524dd9/</OABUrl>
<ServerExclusiveConnect>off</ServerExclusiveConnect>
<CertPrincipalName>msstd:webmail.name_domain.test</CertPrincipalName>
</Protocol>
<Protocol>
<Type>EXPR</Type>
<Server>webmail.name_domain.test</Server>
<SSL>On</SSL>
<AuthPackage>Basic</AuthPackage>
<ASUrl>https://webmail.name_domain.test/ews/exchange.asmx</ASUrl>
<EwsUrl>https://webmail.name_domain.test/ews/exchange.asmx</EwsUrl>
<EmwsUrl>https://webmail.name_domain.test/ews/exchange.asmx</EmwsUrl>
<EcpUrl>https://webmail.name_domain.test/ecp/</EcpUrl>
<EcpUrl-um>?rfr=olk&p=customize/voicemail.aspx&exsvurl=1&realm=name_domain.test</EcpUrl-um>
<EcpUrl-aggr>?rfr=olk&p=personalsettings/EmailSubscriptions.slab&exsvurl=1&realm=name_domain.test</EcpUrl-aggr>
<EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?rfr=olk&exsvurl=1&IsOWA=<IsOWA>&MsgID=<MsgID>&Mbx=<Mbx>&realm=name_domain.test</EcpUrl-mt>
<EcpUrl-ret>?rfr=olk&p=organize/retentionpolicytags.slab&exsvurl=1&realm=name_domain.test</EcpUrl-ret>
<EcpUrl-sms>?rfr=olk&p=sms/textmessaging.slab&exsvurl=1&realm=name_domain.test</EcpUrl-sms>
<EcpUrl-publish>customize/calendarpublishing.slab?rfr=olk&exsvurl=1&FldID=<FldID>&realm=name_domain.test</EcpUrl-publish>
<EcpUrl-photo>PersonalSettings/E.testAccount.aspx?rfr=olk&chgPhoto=1&exsvurl=1&realm=name_domain.test</EcpUrl-photo>
<EcpUrl-tm>?rfr=olk&ftr=TeamMailbox&exsvurl=1&realm=name_domain.test</EcpUrl-tm>
<EcpUrl-tmCreating>?rfr=olk&ftr=TeamMailboxCreating&SPUrl=<SPUrl>&.testle=<.testle>&SPTMAppUrl=<SPTMAppUrl>&exsvurl=1&realm=name_domain.test</EcpUrl-tmCreating>
<EcpUrl-tmE.testing>?rfr=olk&ftr=TeamMailboxE.testing&Id=<Id>&exsvurl=1&realm=name_domain.test</EcpUrl-tmE.testing>
<EcpUrl-extinstall>Extension/InstalledExtensions.slab?rfr=olk&exsvurl=1&realm=name_domain.test</EcpUrl-extinstall>
<OOFUrl>https://webmail.name_domain.test/ews/exchange.asmx</OOFUrl>
<UMUrl>https://webmail.name_domain.test/ews/UM2007Legacy.asmx</UMUrl>
<OABUrl>https://webmail.name_domain.test/OAB/e66d9a4a-6ed2-4512-b72f-522381524dd9/</OABUrl>
<ServerExclusiveConnect>on</ServerExclusiveConnect>
<CertPrincipalName>msstd:webmail.name_domain.test</CertPrincipalName>
<EwsPartnerUrl>https://webmail.name_domain.test/ews/exchange.asmx</EwsPartnerUrl>
<GroupingInformation>LAN</GroupingInformation>
</Protocol>
<Protocol>
<Type>WEB</Type>
<Internal>
<OWAUrl AuthenticationMethod="Basic, Fba">https://webmail.name_domain.test/</OWAUrl>
<Protocol>
<Type>EXCH</Type>
<ASUrl>https://webmail.name_domain.test/EWS/Exchange.asmx</ASUrl>
</Protocol>
</Internal>
<External>
<OWAUrl AuthenticationMethod="Basic">https://webmail.name_domain.test/</OWAUrl>
<Protocol>
<Type>EXPR</Type>
<ASUrl>https://webmail.name_domain.test/ews/exchange.asmx</ASUrl>
</Protocol>
</External>
</Protocol>
<Protocol>
<Type>EXHTTP</Type>
<Server>webmail.name_domain.test</Server>
<SSL>On</SSL>
<AuthPackage>Ntlm</AuthPackage>
<ASUrl>https://webmail.name_domain.test/EWS/Exchange.asmx</ASUrl>
<EwsUrl>https://webmail.name_domain.test/EWS/Exchange.asmx</EwsUrl>
<EmwsUrl>https://webmail.name_domain.test/EWS/Exchange.asmx</EmwsUrl>
<EcpUrl>https://webmail.name_domain.test/ecp/</EcpUrl>
<EcpUrl-um>?rfr=olk&p=customize/voicemail.aspx&exsvurl=1&realm=name_domain.test</EcpUrl-um>
<EcpUrl-aggr>?rfr=olk&p=personalsettings/EmailSubscriptions.slab&exsvurl=1&realm=name_domain.test</EcpUrl-aggr>
<EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?rfr=olk&exsvurl=1&IsOWA=<IsOWA>&MsgID=<MsgID>&Mbx=<Mbx>&realm=name_domain.test</EcpUrl-mt>
<EcpUrl-ret>?rfr=olk&p=organize/retentionpolicytags.slab&exsvurl=1&realm=name_domain.test</EcpUrl-ret>
<EcpUrl-sms>?rfr=olk&p=sms/textmessaging.slab&exsvurl=1&realm=name_domain.test</EcpUrl-sms>
<EcpUrl-publish>customize/calendarpublishing.slab?rfr=olk&exsvurl=1&FldID=<FldID>&realm=name_domain.test</EcpUrl-publish>
<EcpUrl-photo>PersonalSettings/E.testAccount.aspx?rfr=olk&chgPhoto=1&exsvurl=1&realm=name_domain.test</EcpUrl-photo>
<EcpUrl-tm>?rfr=olk&ftr=TeamMailbox&exsvurl=1&realm=name_domain.test</EcpUrl-tm>
<EcpUrl-tmCreating>?rfr=olk&ftr=TeamMailboxCreating&SPUrl=<SPUrl>&.testle=<.testle>&SPTMAppUrl=<SPTMAppUrl>&exsvurl=1&realm=name_domain.test</EcpUrl-tmCreating>
<EcpUrl-tmE.testing>?rfr=olk&ftr=TeamMailboxE.testing&Id=<Id>&exsvurl=1&realm=name_domain.test</EcpUrl-tmE.testing>
<EcpUrl-extinstall>Extension/InstalledExtensions.slab?rfr=olk&exsvurl=1&realm=name_domain.test</EcpUrl-extinstall>
<OOFUrl>https://webmail.name_domain.test/EWS/Exchange.asmx</OOFUrl>
<UMUrl>https://webmail.name_domain.test/EWS/UM2007Legacy.asmx</UMUrl>
<OABUrl>https://webmail.name_domain.test/OAB/e66d9a4a-6ed2-4512-b72f-522381524dd9/</OABUrl>
<ServerExclusiveConnect>On</ServerExclusiveConnect>
<CertPrincipalName>msstd:webmail.name_domain.test</CertPrincipalName>
</Protocol>
<Protocol>
<Type>EXHTTP</Type>
<Server>webmail.name_domain.test</Server>
<SSL>On</SSL>
<AuthPackage>Basic</AuthPackage>
<ASUrl>https://webmail.name_domain.test/ews/exchange.asmx</ASUrl>
<EwsUrl>https://webmail.name_domain.test/ews/exchange.asmx</EwsUrl>
<EmwsUrl>https://webmail.name_domain.test/ews/exchange.asmx</EmwsUrl>
<EcpUrl>https://webmail.name_domain.test/ecp/</EcpUrl>
<EcpUrl-um>?rfr=olk&p=customize/voicemail.aspx&exsvurl=1&realm=name_domain.test</EcpUrl-um>
<EcpUrl-aggr>?rfr=olk&p=personalsettings/EmailSubscriptions.slab&exsvurl=1&realm=name_domain.test</EcpUrl-aggr>
<EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?rfr=olk&exsvurl=1&IsOWA=<IsOWA>&MsgID=<MsgID>&Mbx=<Mbx>&realm=name_domain.test</EcpUrl-mt>
<EcpUrl-ret>?rfr=olk&p=organize/retentionpolicytags.slab&exsvurl=1&realm=name_domain.test</EcpUrl-ret>
<EcpUrl-sms>?rfr=olk&p=sms/textmessaging.slab&exsvurl=1&realm=name_domain.test</EcpUrl-sms>
<EcpUrl-publish>customize/calendarpublishing.slab?rfr=olk&exsvurl=1&FldID=<FldID>&realm=name_domain.test</EcpUrl-publish>
<EcpUrl-photo>PersonalSettings/E.testAccount.aspx?rfr=olk&chgPhoto=1&exsvurl=1&realm=name_domain.test</EcpUrl-photo>
<EcpUrl-tm>?rfr=olk&ftr=TeamMailbox&exsvurl=1&realm=name_domain.test</EcpUrl-tm>
<EcpUrl-tmCreating>?rfr=olk&ftr=TeamMailboxCreating&SPUrl=<SPUrl>&.testle=<.testle>&SPTMAppUrl=<SPTMAppUrl>&exsvurl=1&realm=name_domain.test</EcpUrl-tmCreating>
<EcpUrl-tmE.testing>?rfr=olk&ftr=TeamMailboxE.testing&Id=<Id>&exsvurl=1&realm=name_domain.test</EcpUrl-tmE.testing>
<EcpUrl-extinstall>Extension/InstalledExtensions.slab?rfr=olk&exsvurl=1&realm=name_domain.test</EcpUrl-extinstall>
<OOFUrl>https://webmail.name_domain.test/ews/exchange.asmx</OOFUrl>
<UMUrl>https://webmail.name_domain.test/ews/UM2007Legacy.asmx</UMUrl>
<OABUrl>https://webmail.name_domain.test/OAB/e66d9a4a-6ed2-4512-b72f-522381524dd9/</OABUrl>
<ServerExclusiveConnect>On</ServerExclusiveConnect>
<CertPrincipalName>msstd:webmail.name_domain.test</CertPrincipalName>
</Protocol>
</Account>
</Response>
</Autodiscover>
Get-OwaVirtualDirectory | fl name,*auth*,*url*
Name : owa (Default Web Site)
ClientAuthCleanupLevel : High
InternalAuthenticationMethods : {Basic, Fba}
BasicAuthentication : True
WindowsAuthentication : False
DigestAuthentication : False
FormsAuthentication : True
LiveIdAuthentication : False
AdfsAuthentication : False
OAuthAuthentication : False
ExternalAuthenticationMethods : {Basic}
Url : {}
SetPhotoURL :
Exchange2003Url :
FailbackUrl :
InternalUrl : https://webmail.name_domain.test/
ExternalUrl : https://webmail.name_domain.test/Follow the results of the test
Outlook Anywhere (RPC over HTTP).
Has been used an account for which
outlook anywhere works. The account
for which the outlook anywhere does not work is
an administrative account and therefore
can not be used in the test.
Autodiscovery returns the
same result for both mailbox.
I'm testing RPC/HTTP connectivity.
Testing RPC over HTTP has not been exceeded.
Test steps
Microsoft connectivity Analyzer is attempting to test the Autodiscover service for user_test@domain_name.test.
Test the Autodiscover service has not been exceeded.
Test steps
I'm trying to contact the Autodiscover service with each method available.
I was not able to contact the Autodiscover service with no method.
Test steps
I'm trying to test the possible URL for the Autodiscover service https://domain_name.test/AutoDiscover/AutoDiscover.xml
The test of this potential URL for the Autodiscover service has not been exceeded.
Test steps
I'm trying to resolve the host name domain_name. DNS test.
I was able to resolve the host name.
IP addresses are returned: xxx.yyy.zzz.www
I'm testing the TCP port 443 on the host domain_name. tests to check that is open and listening.
The door has been opened properly.
I'm testing the validity of your SSL certificate.
The SSL certificate has not exceeded one or more validation controls.
Test steps
Microsoft connectivity Analyzer is attempting to obtain the SSL certificate from the remote server domain_name. test on port 443.
Microsoft connectivity Analyzer got the remote SSL certificate.
Remote certificate subject: E = it_staff@domain_name.test, CN = * domain_name. test, OU = it staff, O = domain_name, L = city, S = state, C = test issuer: E = it_staff@domain_name.test, CN = * domain_name. test, OU = it staff, O = domain_name,
L = city, S = state, C = test.
I am validating the certificate name.
I could not validate the certificate name.
More info about this issue and how to resove it
The host name domain_name. testing does not match any name found on the certificate and server = it_staff@domain_name.test, CN = * domain_name. test, OU = it staff, O = domain_name, L = city, S = state, C = test.
I'm trying to test the possible URL for the Autodiscover service https://autodiscover.domain_name.test/AutoDiscover/AutoDiscover.xml
The test of this potential URL for the Autodiscover service has not been exceeded.
Test steps
I'm trying to resolve the host name autodiscover. domain_name. DNS test.
I was able to resolve the host name.
IP addresses are returned: xxx.yyy.zzz.kkk
I'm testing the TCP port 443 on the host autodiscover. domain_name. tests to check that is open and listening.
The door has been opened properly.
I'm testing the validity of your SSL certificate.
The SSL certificate has not exceeded one or more validation controls.
Test steps
Microsoft connectivity Analyzer is attempting to obtain the SSL certificate from the remote server autodiscover. domain_name. test on port 443.
Microsoft connectivity Analyzer got the remote SSL certificate.
Other details
Remote certificate subject: CN = webmail. domain_name. test, OU = it staff, O = domain_name, L = city, S = city, C = test issuer: CN = domain_name-DC1-CA, DC = domain_name, DC = test.
I am validating the certificate name.
I validated the certificate name.
Other details
I found the host name autodiscover. domain_name. test in the voice of the alternative name of the certificate object.
Elapsed time: 1 ms.
I am validating the reliability of certificates.
I was not able to validate the reliability of the certificate.
Test steps
Microsoft connectivity Analyzer is attempting to generate certificate chains to a certificate CN = webmail. domain_name. test, OU = it staff, O = domain_name, L = city, S = city, C = test.
I failed to build a certificate chain for the certificate.
Other details
Failed to generate the certificate chain.
May be missing the required intermediate certificates.
I'm trying to contact the Autodiscover service using the HTTP redirect method.
I was not able to contact the Autodiscover service using the HTTP redirect method.
Test steps
I'm trying to resolve the host name autodiscover. domain_name. DNS test.
I was able to resolve the host name.
IP addresses are returned: xxx.yyy.zzz.kkk
I'm testing the TCP port 80 on the host autodiscover. domain_name. tests to check that is open and listening.
The specified port is blocked, is not listening or doesn't produce the expected response.
More info about this issue and how to resove it
I encountered a network error while communicating with the remote host.
I'm trying to
find the
SRV DNS record _audiscover._tcp.domain_name.test.
I failed to find
the SRV record of the
Autodiscover service
in DNS.
Some clarifications:
1 - xxx.yyy.zzz.www and xxx.yyy.zzz.kkk
are two static public addresses
of which only the latter exposes Exchange services;
2 - The certificate
*. Domain_name.test is not related
to Exchange services;
3 -I imported the certificate
of the issuing CA on the standalone test PC to validate the certificate.
3- The port 80 is not open and are not published SRV records.
Best regards. -
After specifying the external host name under outlook anywhere, users pop up for password
Dear All,
I have installed and configured exchange 2013 as a fresh installation on server 2012 and it worked fine till i changed
specifying the external host name under outlook anywhere(in exchange ECP -> Server -> server -> W12R2-Email2013).
My internal domain is starnavigator.lk and we have several accepted domains listed. but all the staff checked web mail through
mail.leoburnett.lk internally and externally. even now web mail is working fine.
After i added external host name as mail.leoburnett.lk
all the internal PCs start to pop up for user name and password and its not connecting.
even if I reversed back the settings, still prompt for user name and password. also auto discover cant locate the settings. if i configure the settings manually, i t works for first time and after restarting outlook, again prompt for name and password.Any
any advice or solution please??
Thx,
DulanaRun this tool and post the result (only errors)
https://testconnectivity.microsoft.com/
After configuring outlook manually, run Test E-Mail Autoconfiguration and Connection Status and post the result.
Editing just an URL for OA shouldn't cause any issue.
Did you restarted IIS Service?
Cheers,
Gulab Prasad
Technology Consultant
Blog:
http://www.exchangeranger.com Twitter:
LinkedIn:
Check out CodeTwo’s tools for Exchange admins
Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose. -
Exchange 2010 Autodiscovery & Outlook Anywhere kind of but really not working
This is driving me nuts. We have a single Exchange Server 2010 running (everything is on one box). It works fine internally (all Outlook clients can see and grab the login info from the user login). OWA works from outside, mail delivers nicely. My problems
all seem to stem around some mysterious problem in autodiscover and outlook anywhere.
Our domain is internally like this: mycompany2.com and outside like this: mycompanyllc.com
So the mail server inside looks like server1.mycompany2.com and outside: mail.mycompanyllc.com - from what I can see it's all set up correctly in both.
I've run the connectivity analyzer and apart from a minor certificate warning ('Your certificate may not be trusted on Windows if the "Update Root Certificates" feature isn't enabled) it passes every test on the site for EAS and Outlook Anywhere
(and for good measure I ran everything, all green checks!). Autodiscover works in the test, everything gets found and pointed to the right place.
When I have a user that wants to configure Outlook 2010 or 2013 outside
the org. they start the wizard, type their name, their email, their password. The server or user can't be found and no matter what they do it won't find it. If you go in and manually configure the
internal server name, domain, username you can connect. It just won't set it up automatically. The odd thing is, in the analyzer the autodiscovery XML is found and downloaded fine, all the server name info and detail is displayed.
In Outlook 2013, both Exchange and EAS connection doesn't work even though phones can be set up through EAS (although they require the same kind of manual setup--autodiscover doesn't seem to work even though it keeps telling me everything
is fine).
I'm at wits end, all the tests show it's working, but in the real world the server can't be found. It's right on the DNS servers, it's right in the tests, it responds correctly manually. I'd love users to be able to set up their own mail without a 10 page
printout of all the manual settings. It's all relatively late model hardware, Outlook 2010 or 2013, and a fully patched up to date Exchange 2010 server. Anyone have an idea?
Curt Kessler - FLCWe don't use TMG we use a WatchGuard Firewall and it is configured to allow all traffic to this server (that's why manual works fine with Outlook and OWA).
When I run the get-autodiscovervirtualdirectory it returns my internal server under the Server, and nothing more, so this possibly could be it?? I'm definitely not good at IIS at all, I would need guidance to investigate that further...
This is my EXRCA results, the first fail is because it tests the root of mydomain.com rather than mail.mydomain.com which is a different server. I've replaced some names for security purposes:
The Microsoft Connectivity Analyzer is attempting to test Autodiscover for
[email protected].
Autodiscover was tested successfully.
Test Steps
Attempting each method of contacting the Autodiscover service.
The Autodiscover service was tested successfully.
Test Steps
Attempting to test potential Autodiscover URL https://mydomain.com/AutoDiscover/AutoDiscover.xml
Testing of this potential Autodiscover URL failed.
Test Steps
Attempting to resolve the host name franklinlc.com in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 76.79.142.101
Testing TCP port 443 on host franklinlc.com to ensure it's listening and open.
The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
The SSL certificate failed one or more certificate validation checks.
Test Steps
The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server franklinlc.com on port 443.
The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
Additional Details
Remote Certificate Subject: CN=apps.franklinlc.com, OU=Domain Control Validated, O=apps.franklinlc.com, Issuer: SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale,
S=Arizona, C=US.
Validating the certificate name.
Certificate name validation failed.
<label for="testSelectWizard_ctl12_ctl06_ctl00_ctl00_ctl02_ctl01_tmmArrow">Tell
me more about this issue and how to resolve it</label>
Additional Details
Host name franklinlc.com doesn't match any name found on the server certificate CN=apps.franklinlc.com, OU=Domain Control Validated, O=apps.franklinlc.com.
Attempting to test potential Autodiscover URL https://autodiscover.mydomain.com/AutoDiscover/AutoDiscover.xml
Testing of the Autodiscover URL was successful.
Test Steps
Attempting to resolve the host name autodiscover.mydomain.com in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 76.xx.xx.xx this is the mail server IP address
Testing TCP port 443 on host autodiscover.franklinlc.com to ensure it's listening and open.
The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
The certificate passed all validation requirements.
Test Steps
The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server autodiscover.mydomain.com on port 443.
The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
Additional Details
Remote Certificate Subject: CN=mail.franklinlc.com, OU=Domain Control Validated, O=mail.mydomain.com, Issuer: SERIALNUMBER=xxxxxxxxxxxxx, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale,
S=Arizona, C=US.
Validating the certificate name.
The certificate name was validated successfully.
Additional Details
Host name autodiscover.mydomain.com was found in the Certificate Subject Alternative Name entry.
Testing the certificate date to confirm the certificate is valid.
Date validation passed. The certificate hasn't expired.
Additional Details
The certificate is valid. NotBefore = 9/28/2012 10:20:20 PM, NotAfter = 9/28/2015 10:20:20 PM
Checking the IIS configuration for client certificate authentication.
Client certificate authentication wasn't detected.
Additional Details
Accept/Require Client Certificates isn't configured.
Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
The Microsoft Connectivity Analyzer successfully retrieved Autodiscover settings by sending an Autodiscover POST.
Test Steps
The Microsoft Connectivity Analyzer is attempting to retrieve an XML Autodiscover response from URL https://autodiscover.mydomain.com/AutoDiscover/AutoDiscover.xml for user [email protected].
The Autodiscover XML response was successfully retrieved.
Additional Details
Autodiscover Account Settings
XML response:
<?xml version="1.0"?>
<Autodiscover xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
<Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">
<User>
<DisplayName>Curt Kessler</DisplayName>
<LegacyDN>/o=mydomain/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=Curt Kessler</LegacyDN>
<DeploymentId>14a1e263-943a-4609-865c-ba22802e45aa</DeploymentId>
</User>
<Account>
<AccountType>email</AccountType>
<Action>settings</Action>
<Protocol>
<Type>EXCH</Type>
<Server>FLC5.internaldomainname.com</Server>
<ServerDN>/o=mydomain/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=FLC5</ServerDN>
<ServerVersion>7383807B</ServerVersion>
<MdbDN>/o=mydomain/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=FLC5/cn=Microsoft Private MDB</MdbDN>
<ASUrl>https://mail.mydomain.com/ews/exchange.asmx</ASUrl>
<OOFUrl>https://mail.mydomain.com/ews/exchange.asmx</OOFUrl>
<OABUrl>https://mail.mydomain.com/OAB/9c85c0c4-48f4-4aa8-99b2-f640651b130a/</OABUrl>
<UMUrl>https://mail.mydomain.com/ews/UM2007Legacy.asmx</UMUrl>
<Port>0</Port>
<DirectoryPort>0</DirectoryPort>
<ReferralPort>0</ReferralPort>
<PublicFolderServer>FLC5.internaldomainname.com</PublicFolderServer>
<AD>PRIME.internaldomainname.com</AD>
<EwsUrl>https://mail.mydomain.com/ews/exchange.asmx</EwsUrl>
<EcpUrl>https://flc5.internaldomainname.com/ecp/</EcpUrl>
<EcpUrl-um>?p=customize/voicemail.aspx&exsvurl=1</EcpUrl-um>
<EcpUrl-aggr>?p=personalsettings/EmailSubscriptions.slab&exsvurl=1</EcpUrl-aggr>
<EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?exsvurl=1&IsOWA=<IsOWA>&MsgID=<MsgID>&Mbx=<Mbx></EcpUrl-mt>
<EcpUrl-ret>?p=organize/retentionpolicytags.slab&exsvurl=1</EcpUrl-ret>
<EcpUrl-sms>?p=sms/textmessaging.slab&exsvurl=1</EcpUrl-sms>
</Protocol>
<Protocol>
<Type>EXPR</Type>
<Server>mail.mydomain.com</Server>
<ASUrl>https://mail.mydomain.com/ews/exchange.asmx</ASUrl>
<OOFUrl>https://mail.mydomain.com/ews/exchange.asmx</OOFUrl>
<OABUrl>https://mail.mydomain.com/OAB/9c85c0c4-48f4-4aa8-99b2-f640651b130a/</OABUrl>
<UMUrl>https://mail.mydomain.com/ews/UM2007Legacy.asmx</UMUrl>
<Port>0</Port>
<DirectoryPort>0</DirectoryPort>
<ReferralPort>0</ReferralPort>
<SSL>On</SSL>
<AuthPackage>Ntlm</AuthPackage>
<EwsUrl>https://mail.mydomain.com/ews/exchange.asmx</EwsUrl>
<EcpUrl>https://mail.mydomain.com/ecp/</EcpUrl>
<EcpUrl-um>?p=customize/voicemail.aspx&exsvurl=1</EcpUrl-um>
<EcpUrl-aggr>?p=personalsettings/EmailSubscriptions.slab&exsvurl=1</EcpUrl-aggr>
<EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?exsvurl=1&IsOWA=<IsOWA>&MsgID=<MsgID>&Mbx=<Mbx></EcpUrl-mt>
<EcpUrl-ret>?p=organize/retentionpolicytags.slab&exsvurl=1</EcpUrl-ret>
<EcpUrl-sms>?p=sms/textmessaging.slab&exsvurl=1</EcpUrl-sms>
</Protocol>
<Protocol>
<Type>WEB</Type>
<Port>0</Port>
<DirectoryPort>0</DirectoryPort>
<ReferralPort>0</ReferralPort>
<Internal>
<OWAUrl AuthenticationMethod="Basic, Ntlm, Fba, WindowsIntegrated">https://flc5.internaldomainname.com/owa/</OWAUrl>
<Protocol>
<Type>EXCH</Type>
<ASUrl>https://mail.mydomain.com/ews/exchange.asmx</ASUrl>
</Protocol>
</Internal>
<External>
<OWAUrl AuthenticationMethod="Fba">https://mail.mydomain.com/owa/</OWAUrl>
<Protocol>
<Type>EXPR</Type>
<ASUrl>https://mail.mydomain.com/ews/exchange.asmx</ASUrl>
</Protocol>
</External>
</Protocol>
</Account>
</Response>
</Autodiscover>
I've replaced my public domain with mydomain.com and my internal domain with internaldomainname.com, and hidden the IP, but everything else is the same. The tests all pass
Curt Kessler - FLC -
Hello,
I have an Exchange 2010 question which I will post in the Exchange 2013 section since the Ask a question button in the legacy Exchange Servers section of technet takes me back to the part of Technet where I can only ask questions regarding Exchange 2013.
If someone can point me to a part where I can place a question in an Exchange 2010 forum please let me know.
We have Exchange 2010 setup with a CAS array listening to outlook.internaldomain.com
We have TMG 2010 setup with a rule for Outlook Anywhere, the rule listens to mail.externaldomain.com and traffic that meets this rule is let through to outlook.internaldomain.com.
When I fire up my laptop, which is connected to the internet, and start Outlook and let it configure my profile through autodiscover it sets it up correct and fills the Outlook profile with a servername stating outlook.internaldomain.com and a proxyserver
to be used stating mail.externaldomain.com. After initial setup when my Outlook starts it almost immediatly prompts me for a username and a password so this is working fine.
At the office we have an internal network segment where DHCP is servicing the connecting clients and giving them our internal DNS servers because they need connection to some other network segments which are not available to the internet. This network segment
does not have access to our internal Exchange environment but has full access to the internet. Clients in this network segment do want to use Outlook so using Outlook Anywhere for them is the logical way to go. When I connect my laptop to this network segment
I get handed an IP address and our internal DNS servers, when I start Outlook it takes about two minutes before a the credential prompt pops up and another 2 to 6 minutes after entering credentials before it says all folders are in sync. This is quite long
and our clients find this unacceptable.
I started testing what might be going on here and I have found that when I manually enter external DNS servers the Outlook password prompt will popup in seconds and all is working as expected so it seems Outlook is trying to connect to the internal servername
when using our internal DNS servers (which can resolve outlook.internalnetwork.com) instead of directly going to the proxy server which is to be used for Outlook Anywhere.
When I start a network monitor trace my thoughts are confirmed because when I am connected to the internal network segment OUTLOOK.EXE first tries to connect to outlook.internaldomain.com, it almost immediately gets a response stating that this route is
inaccessible but OUTLOOK.EXE keeps on trying to connect untill some sort of time out is reached (somewhere around two minutes) after which it connects to mail.externaldomain.com and Outlook shows the credential prompt.
So to round it up, when connected to DNS servers that can resolve the internal servername Outlook tries to connect to the internal servername in stead of the external name, Outlook does not reckognize the answer from the network that the internal route is
not acessible (or it does but does nothing with this information).
Has anybody experienced this behaviour in Outlook?
Does anyone have a solution in where I can force Outlook to connect to it's proxyserver and disregard the internal servername?Thank you for your reply.
The client computers that are experiencing the issues are not domain joined, the only reason I can think of why this is occurring is because the DNS servers are able to resolve the internal hostname of the server, but I would expect Outlook to always use
the proxy server that has been set in the configuration of the Outlook profile. Or at least acknowledging the answer that the initially tried route is inaccessible and immediately continue to the proxy server.
For setting the same hostname for internal and external use, we use different namespaces internally and externally, do you mean setting the external hostname on the CAS array for internal use ? Wouldn't that push all internal communication to the internet
and to the outside interface of the TMG where the server is published with that hostname ? -
Client side disabling of Outlook anywhere in Outlook 2013
Hi
Our admins recently had to disable external access for Outlook while keeping ActiveSync for Mobile Clients working. This was done by placing the autodiscover service (autodiscover.ourexternaldomain.com) behind a TMG with two factor authentication, and also
putting our mail.ourexternaldomain.com behind the same TMG. So, Outlook from outside the network can't connect anymore (it will show you the login/pass prompt but what it wants is the two factor credentials, not your domain credentials.. so essentially you
can't connect anymore), and mobile client still work.
In addition, they've disabled the "Outlook anywhere" options (specifically, "Connect to Microsoft Exchange using HTTP" is not only grayed out, it is forced disabled) by GPO.
Unfortunately, that doesn't work for the handful that's already using Outlook 2013. There, even when the "Connect to Microsoft Exchange using HTTP" option is unchecked, the client will query autodiscover.ourexternaldomain.com, and eventually gets
the response containing not only the EXCH protocol (which contains the internal urls), but also the EXPR protocol containing the public urls. That in turn re-enables "Connect to Microsoft Exchange using HTTP", so now clients, even when inside the
organization will try to access the mail.ourexternaldomain.com which is behind the TMG, resulting in perpetual login prompts being displayed (the login actually comes from the TMG, not Exchange).
So, is there a way to force disable "Connect to Microsoft Exchange using HTTP" for Outlook 2013, preferably without changing anything on Exchange and the GPO. I guess I'm looking for the registry key that is set for outlook 2010. I checked up on
the GPO for Outlook 2010 and it seems it sets HKCU/Software/Policies/Microsoft/Office/14.0/Outlook/RPC/ProxyServerFlags = 0. Doing the same for Outlook 2013 (so using the Office/15.0/Outlook/RPC key) results in outlook no longer being able to connect altogether.
When I manually remove the checkbox and restart Outlook, it first connects using the internal url, then after getting autodiscover it sets the checkbox "Connect to Microsoft Exchange using HTTP" again, and since the external url can be resolved
from inside the network, I get the password prompts again even from inside the corporate network.
Is there a registry key combination that keeps outlook connecting but never using the http proxy?Hi Stephan,
How about the suggestion from Ed.
Feel free to contact me if there is any update.
Thanks
Mavis
If you have feedback for TechNet Subscriber Support, contact
[email protected]
Mavis Huang
TechNet Community Support -
Outlook Anywhere Prompts for Credentials only for Outlook 2010, not Outlook 2013
I'm having a heck of a time with this one. We have Exchange 2010 on premise, with our filtering through EOP. Clients that are using Outlook 2010 Professional Plus are continuously getting prompted for credentials when off network and relying
on Outlook Anywhere.
I've read many threads about configuring credential manager appropriately for the internal domain and our external domain. I can get them to authenticate just fine, and email flows, but they continue to be prompted everytime they connect again.
Here is the kicker: When I install Outlook 2013 on the same computer, outlook anywhere functions just fine, no problems, no authentication prompt.
Like I said I have read a plethera of articles and threads about this, I have gone through all settings on Exchange, our edge server, our firewall, our certificate. The MSSTD string matches our "Issued To" string. NTLM authentication
is configured on both the client and the server. Appropriate settings are configured on the firewalls.
Anyone know why Outlook 2010 would have this problem, but not Outlook 2013 on the same computer, same user, same mailbox database?
Thanks in advance!!!I'd still Echo Ed's original question.
Do you have Outlook 2010 patched up? At this time you need to be on SP1, and SP2 by October the 14th.
Also I expect you to have a recent update ontop of that as well.
http://blogs.technet.com/b/rmilne/archive/2014/04/14/office-2010-sp2_1320_-do-you-need-to-upgrade_3f00_.aspx
Cheers,
Rhoderick
Microsoft Senior Exchange PFE
Blog:
http://blogs.technet.com/rmilne
Twitter: LinkedIn:
Facebook:
XING:
Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose. -
Outlook Anywhere is not working
Hello all,
I have Exchange 2007 SP3 running. I have enabled Outllook anywhere. I have yet to be able to get it to work. I have been told the only port I need open is 443. when I go to setup my clients, I do a manual configuration. for
the server I enter my internal server name ( I have been told this is how its to be setup), then I go specify the outside URL for the proxy. I have RPC over HTTP Proxy installed on the server, but when I run Microsoft's test I get the following
RPC over HTTP Connectivity failed. This is running on a Server 2008 64-bit machine.
Any pointers on what to check would be very helpful. I have quite a few people that would like to use this, but it fails connecting at the last step in the Outlook setup due to the RPC failure.
edit- I also opened my firewall wide open to make sure that wasn't blocking it, and with all ports open it still failed.
Thanks
DavidHi David,
Thank you for your question.
We could disable IPv6 on Exchange server which install on Window server 2008 to check if the issue persist.
If the issue persist, we could refer to the following steps to reinstall RPC-over-http:
Disable outlook anywhere using the Exchange Management Console
Remove RPC proxy component using PowerShell servermanagercmd -r rpc-over-http-proxy
Reboot the server
Install RPC proxy component using PowerShell servermanagercmd -i rpc-over-http-proxy
Enable outlook anywhere using the Exchange Management Console
Restart the Microsoft Active Directory Topology Service
Try the test again
If there are any questions regarding this issue, please be free to let me know.
Best Regard,
Jim
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
Jim Xu
TechNet Community Support -
ISA 2006 with IPSEC and NAT - Publishing Outlook Anywhere - TCP Checksum Dropped 0xc0040031 problem
Hi
I am looking to publish Outlook Anywhere, with IPSEC configured as per (http://www.microsoft.com/en-us/download/confirmation.aspx?id=23708) to lock down Outlook Anywhere to
machines with internal certificates only.
I have the following infrastructure setup:
ISA 2006 SP1 - Server 2003 R2 / SP2
-Allows UDP 4500/500 and TCP 443
-Hosted on VMWare ESXi 5
Test laptop - Windows 7
External Firewall static NAT's from a public IP to ISA server and allows the following:
UDP 4500/500
Protocol 50/51
IPSEC policy configured on the ISA server:
-IP Filter List = DMZ IP of ISA server, source port any, destination port 443
-Filter Action = Negotiate Security, Integrity Only
-Authentication Methods = Certifciate Authority, internal enterprise CA selected
IPSEC policy configured on the Windows 7 Test Laptop:
-IP Filter List = External (public) IP of ISA server, source port any, destination port 443
-Filter Action = Negotiate Security, Integrity Only
-Authentication Methods = Certifciate Authority, internal enterprise CA selected
So far the following works:
I have a port listener running on the ISA server to mimic Exchange (just to keep things simple to begin with).
If I unassign the IPSEC policies, I can telnet from an external network on the test laptop successfully to the external IP of the ISA server.
If I assign the IPSEC policies, I cannot telnet from an external network on the test laptop to the external IP of the ISA server. I note the following:
-HTTPS is denied with no rule (an allow rule is present)
-Result Code = 0xc0040031 FWX_E_BAD_TCP_CHECKSUM_DROPPED
-The ISA log shows IKE Client and IPSEC NAT-T client traffic as successful.
-The event log shows main mode and quick mode as successful.
-The IPSEC monitor shows SA's for quick mode and main mode.
If I google the error code I gather it relates to the TCP checksum being calculated by the ISA server disagreeing with the actual checksum received. I guess this is part of AH. I have tried the following:
-Add the AssumeUDPEncapsulationContextOnSendRule = 2 on the ISA server under services\IPSEC and reboot.
-Add the AssumeUDPEncapsulationContextOnSendRule = 2 on the Windows 7 Laptop under services\PolicyAgent and reboot.
-Disable the following in the ISA server registry and reboot:
RSS
SecurityFilters
TCPA
TCPChimney
-Disable Chimney Offload via Netsh command
-Disable all Offload options on VMXNET 3 driver advanced settings and rebooting
-Switching to an E1000 NIC and disabling all offload options and rebooting
-Upgrading E1000 drivers from base version (2002 driver) to intels later version (2008), rebooting and disabling all offload options.
-Run a wireshark trace - cannot see anything useful
-Checked oackley log - cannot see anything useful
I still cannot get the 443 traffic to successfully connect without the FWX_E_BAD_TCP_CHECKSUM_DROPPED error and have run out of google articles.
I would really appreciate if anyone has any suggestions?
Many Thanks
StevenHi,
Glad to hear that. I'll mark it as answer. Thank you.
Best Regards,
Joyce
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place.
Maybe you are looking for
-
I have a macbook air running on OS X 10.5.8. I wish to run on the new mountain lion. I realise that i am currently on leopard which means i have to upgrade to snow leopard or lion before i can get mountain lion. However because i am on leopard, i hav
-
Can you change the theme color in iMovie for example from its current color of blue to red?
Can you change the color of a theme in iMovie ?- example: the sports theme is set to be blue and I would like it red.
-
Difference between sh ip bgp & sh ip route? BGP tables and main routing table.
Difference between sh ip bgp & sh ip route? sh ip bgp :::: loc-rib ? sh ip bgp nei x.x.x.x advertised-routes : adj-rib-in. sh ip bgp nei x.x.x.x recieved-routes : adj-rib-out. sh ip bgp nei x.x.x.x routes : loc-rib ? sh ip route = rib ? if yes does i
-
How I get the screen to staty put if I turn it to read a scanned document?
-
Calling a function from string
I have a little class that is used to call a function at a certain interval in ms and one of my parameters for the method is the name of the function to be called. However I'm not sure how to implement this as i come from a Flash/Actionscript backgro