• RSS
  • Twitter
  • FaceBook

Exchange Server Forums

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Exchange 2007 Autodiscovery problems

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Microsoft Exchange 2007] >> Management >> Exchange 2007 Autodiscovery problems Page: [1]
Login
Message << Older Topic   Newer Topic >>
Exchange 2007 Autodiscovery problems - 23.Nov.2007 10:08:09 AM   
komando

 

Posts: 10
Joined: 12.Dec.2006
Status: offline
Hello all,

I have an exchange 2007 server with mailbox, hub transport and CAS all installed on single server in a WINDOWS 2003 domain. My exchange server is NOT a domain controller. The outlook anywhere, OWA and all the functions seem to be working normally with no issues. But I am having major issues while testing my autodiscover function. When I try to use the outlook 2007 autodiscover, it picks up the username and email address. Then I get an SSL warning because I am using self signed certificate on the autodiscover website which is a separate website. After that I get a message that "The name cannot be matched to a name in the address list."
 
Another bummer is that this is only happening with my existing accounts. If I create a new user and then launch the autodiscover, it works like a charm internally. The account is configured automatically using the correct RPC over HTTPS (outlook anywhere) options. Now even if I add exchange account manually into the outlook 2007, I get the same error. This is only happening with OUTLOOK 2007. All the OUTLOOK 2003 clients are working without any issues. Can someone please point me in the right direction as to what might be the issue? This is my third day of troubleshooting.

Thank you,

Palwinder
Post #: 1
RE: Exchange 2007 Autodiscovery problems - 23.Nov.2007 10:09:26 AM   
komando

 

Posts: 10
Joined: 12.Dec.2006
Status: offline
Oh and I did check that all the names are there in the GAL.

Thanks,

Palwinder

(in reply to komando)
Post #: 2
RE: Exchange 2007 Autodiscovery problems - 26.Nov.2007 11:26:57 AM   
John Weber

 

Posts: 1236
Joined: 20.Apr.2005
From: Portland, Oregon
Status: offline
Your issue is that the cert name is stuck on the internal fqdn, while the ol2k7 client is looking at the https name, eg; mail.mydomain.com not server.insidedomain.net.

There are several fixes, some dealing with SAN naming on the certs.

Do a search on this in this forum.  I posted serveral times how to fix this.  As well, there are MSKB articles.
Shudnow.net has a fix - which is the same one I posted here.
NM, here it is again.  Not my material, but fixed it for me.
Outlook 2007 Certificate Error?
When importing a new certificate into Exchange 2007, you might encounter a certificate error in Outlook 2007. I have included a screenshot of the error I encountered today:

When you choose the View Certificate button, it brings up another window that shows you what certificate is in error. In this case, the certificate name is “mail.shudnow.net.”
So the million dollar question? Why the error?
Well, when we install a new certificate, there are a few tasks we want to do. Obviously, we install the certificate for a purpose. This purpose is till allow us to use Exchange services securely. So how do we enable Exchange to use these services? If you are planning to do a very simple configuration and do not care about external Autodiscover access, you do not need to use a Unified Communication Certificate. You can read more about these certificates in one of my other articles here.
So let’s say we have a simple regular common certificate. A certificate with a Common Name (CN) of mail.shudnow.net We install this certificate onto our Exchange box with its’ private key. In our case we were migrating so we did not have to request a certificate via IIS. We just exported it with its’ private key and imported onto the new box. We then assigned this certificate to IIS. Now I went to the Exchange Management Shell and enabled Exchange services to use this certificate. In order to do this, you must run the following commands:
Get-ExchangeCertificate
Thumbprint Services Subject
———- ——– ——-
BCF9F2C3D245E2588AB5895C37D8D914503D162E9 SIP.W CN=mail.shudnow.net.com
What I did was go ahead and enable all new services to use every available service by using the following command:
Enable-exchangecertificate -services IMAP, POP, UM, IIS, SMTP -Thumbprint BCF9F2C3D245E2588AB5895C37D8D914503D162E9
The next step would be to ensure the AutodiscoverInternalURI is pointed to the CAS that will be your primary CAS for Autodiscover servicing.
Get-ClientAccessServer -Identity CASServer | FL
AutoDiscoverServiceInternalUri : https://casnetbiosname/Autodiscover/Autodiscover.xml
See the issue here? We are not using a UC certificate that contains the names, “casnetbiosname, casnetbiosname.shudnow.net, mail.shudnow.net, and autodiscover.shudnow.net” Since the Autodiscover directory in IIS will be requring SSL encryption, the url specified in the AutoDiscoverServiceInternalURI must match what is specified in your certificate. You must also ensure there is a DNS record that allows mail.shudnow.net to resolve to your CAS. We should re-configure the AutoDiscoverServiceInternalURI by using the following command:
Set-ClientAccessServer -Identity CASServer -AutoDiscoverServiceInternalUri https://mail.shudnow.net/Autodiscover/Autodiscover.xml
We now need to go configure all the InternalURLs for each web distributed service. Here is the reason why we were receiving the certificate errors. Your InternalURLs most likely are not using mail.shudnow.net. Your InternalURLs are most likely pointed to something such as https://casnetbiosname/ServiceURL which will fail since this is not the CN of your simple certificate.
You can run the following commands to fix your internalURLs so your Outlook 2007 client can successfully take advantage of your web distribution services.
Set-WebServicesVirtualDirectory -Identity “CASServer\EWS (Default Web Site)” -InternalURL https://mail.shudnow.net/EWS/Exchange.asmx -BasicAuthentication:$true
Set-OABVirtualDirectory -Identity “CASServer\OAB (Default Web Site)” -InternalURL https://mail.shudnow.net/OAB -BasicAuthentication:$true
Enable-OutlookAnywhere -Server CASServer -ExternalHostname “mail.shudnow.net” -ExternalAuthenticationMethod “Basic”-SSLOffloading:$False
Set-ActiveSyncVirtualDirectory -Identity “CASServer\Microsoft-Server-ActiveSync (Default Web Site)” -ExternalURL https://mail.shudnow.net/Microsoft-Server-Activesync
Set-UMVirtualDirectory -Identity “CASServer\UnifiedMessaging (Default Web Site)” -InternalURL https://mail.shudnow.net/UnifiedMessaging -BasicAuthentication:$true


-jmw

(in reply to komando)
Post #: 3
RE: Exchange 2007 Autodiscovery problems - 26.Nov.2007 2:38:06 PM   
komando

 

Posts: 10
Joined: 12.Dec.2006
Status: offline
Hello John,

Thanks for your reply. I have changed all the internal URLs and I am not getting any certificate alerts now. But still when I try to configure exchange in outlook 2007, I get the message "The name cannot be matched to a name in the address list." And under the mailbox name field in the Microsoft Exchange dialog box it says "=SMTP:palwinder.singh@domain.com". This is happening both internally and externally.
 
Could there be something in my GAL permissions?

Thanks a bunch once again,

Palwinder
 
 

(in reply to John Weber)
Post #: 4
RE: Exchange 2007 Autodiscovery problems - 26.Nov.2007 2:39:33 PM   
komando

 

Posts: 10
Joined: 12.Dec.2006
Status: offline
Here is what I get when I connect to

https://mail.domain.com/autodiscover/autodiscover.xml


<?xml version="1.0" encoding="utf-8" ?>

- <Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">

- <Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">

- <Error Time="14:38:46.3451131" Id="1021898332">

  <ErrorCode>600</ErrorCode>
  <Message>Invalid Request</Message>
  <DebugData />   </Error>  </Response>  </Autodiscover> Palwinder

(in reply to komando)
Post #: 5
RE: Exchange 2007 Autodiscovery problems - 26.Nov.2007 2:49:36 PM   
komando

 

Posts: 10
Joined: 12.Dec.2006
Status: offline
This is what I get when I do a Test-OutlookWebServices
 

#TYPE Microsoft.Exchange.Management.SystemConfigurationTasks.TestOutlookWebServicesTask+TestOwsEvent
Id,Type,Message
1003,Information,"About to test AutoDiscover with the e-mail address user@domain.com."
1007,Information,"Testing server e2k7mosac.MOSAC.CORP with the published name https://mail.domain.com/EWS/Exchange.asmx & ."
1019,Information,"Found a valid AutoDiscover service connection point. The AutoDiscover URL on this object is https://mail.domain.com/Autodiscover/Autodiscover.xml."
1013,Error,"When contacting https://mail.domain.com/Autodiscover/Autodiscover.xml received the error The remote server returned an error: (401) Unauthorized."
1006,Error,"Failed to contact AutoDiscover"

(in reply to komando)
Post #: 6
RE: Exchange 2007 Autodiscovery problems - 27.Nov.2007 1:44:28 PM   
komando

 

Posts: 10
Joined: 12.Dec.2006
Status: offline
Ok I got it working. After an extensive troubleshooting I found out that the permissions were not correct on the address list container. So using ADSIEDIT I changed the permissions so that inheritable permissions are allowed on "Address list container" Configuration Object and it is working fine now.

(in reply to komando)
Post #: 7
RE: Exchange 2007 Autodiscovery problems - 28.Nov.2007 3:19:27 AM   
kani_cyber

 

Posts: 1
Joined: 28.Nov.2007
Status: offline
komando, can u please let me know the permissions changes using asiedit, i have the same error,
 
did u add users or give extra permiations ??? please reply

(in reply to komando)
Post #: 8
RE: Exchange 2007 Autodiscovery problems - 30.Nov.2007 9:20:33 AM   
komando

 

Posts: 10
Joined: 12.Dec.2006
Status: offline
This is what worked for me.

Using ADSI Edit, expand Configuration | CN=Configuration,DC=mydomain,DC=local | CN=Services | CN=Microsoft Exchange | CN=My Organization | CN=Address Lists Container, right click CN=All Address Lists and select Properties

The "Allow inheritable permissions from the parent to propagate to this object" was not checked for me. Once I did this, I had another error that started appearing in outlook send/receive. It was "task 'Microsoft Exchange Server' reported error (0x8004010F)". So then I deleted my offline address book as thats what was causing this error. I recreated the offline address book in EMC and then I added that offline address book to my mailbox database. After a reboot in the night, it took about 5-6 hours for the message to go away but next morning evrything was working fine. Now my autodiscovery is working flawlessly internally and externally.

Palwinder

(in reply to kani_cyber)
Post #: 9
RE: Exchange 2007 Autodiscovery problems - 28.Jul.2009 10:00:53 AM   
ahmedza76

 

Posts: 5
Joined: 27.Jul.2009
Status: offline
dear ,

please visit this site , i am sure you find the answer for your problems there

http://www.ms-phantom.com

thanx

(in reply to komando)
Post #: 10

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [Microsoft Exchange 2007] >> Management >> Exchange 2007 Autodiscovery problems Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts


Follow TechGenix on Twitter