• RSS
  • Twitter
  • FaceBook

Exchange Server Forums

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Yet Another Autodiscovery Thread ;)

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Microsoft Exchange 2007] >> General >> Yet Another Autodiscovery Thread ;) Page: [1]
Login
Message << Older Topic   Newer Topic >>
Yet Another Autodiscovery Thread ;) - 5.Dec.2008 12:36:42 AM   
Dave_R

 

Posts: 41
Joined: 20.Mar.2007
Status: offline
After troubleshooting my Certificate issues a while back I left autodiscovery for another day....well..that day is today ;)

Long story short - I followed the very helpful and detailed guide Sembee posted and bought a SAN cert and that is all configured and working. Outlook Anywhere works fine and all my users can log into the OWA website, it says its secured with the Cert, all my laptop users can use Outlook Anywhere to automagically connect to Exchange within Outlook no matter where they are....so all thats good.

However....

Outlook 2007 Users get thousands of OAB sync errors over time, when I do the Autodiscover test within outlook it says its unsuccessful and gives errors. If I run a: Test-OutlookWebServices | fl  in the EMS I get:

Id      : 1003
Type    : Information
Message : About to test AutoDiscover with the e-mail address User1@mydomain.org.

Id      : 1006
Type    : Information
Message : The Autodiscover service was contacted at https://owa.mydomain.org/autodiscover/autodiscover.xml.

Id      : 1013
Type    : Error
Message : When contacting https://owa.mydomain.org/EWS/Exchange.asmx received the error The request failed with HTTP status 404: Not Found.

Id      : 1016
Type    : Error
Message : [EXCH]-Error when contacting the AS service at https://owa.mydomain.org/EWS/Exchange.asmx. The elapsed time was 31 milliseconds.

Id      : 1015
Type    : Success
Message : [EXCH]-Successfully contacted the OAB service at https://owa.mydomain.org/EWS/Exchange.asmx. The elapsed time was 0 milliseconds.

Id      : 1013
Type    : Error
Message : When contacting https://owa.mydomain.org/UnifiedMessaging/Service.asmx received the error The remote server returned an error: (404) Not Found.

Id      : 1014
Type    : Error
Message : [EXCH]-Error when contacting the UM service at https://owa.mydomain.org/UnifiedMessaging/Service.asmx. The elapsed time was 31 milliseconds.

Id      : 1013
Type    : Error
Message : When contacting https://owa.mydomain.org/EWS/Exchange.asmx received the error The request failed with HTTP status 404: Not Found.

Id      : 1016
Type    : Error
Message : [EXPR]-Error when contacting the AS service at https://owa.mydomain.org/EWS/Exchange.asmx. The elapsed time was 31 milliseconds.

Id      : 1015
Type    : Success
Message : [EXPR]-Successfully contacted the OAB service at https://owa.mydomain.org/EWS/Exchange.asmx. The elapsed time was 0 milliseconds.

Id      : 1013
Type    : Error
Message : When contacting https://owa.mydomain.org/UnifiedMessaging/Service.asmx received the error The remote server returned an error: (404) Not Found.

Id      : 1014
Type    : Error
Message : [EXPR]-Error when contacting the UM service at https://owa.mydomain.org/UnifiedMessaging/Service.asmx. The elapsed time was 15 milliseconds.

Id      : 1017
Type    : Success
Message : [EXPR]-Successfully contacted the RPC/HTTP service at https://owa.mydomain.org/Rpc. The elapsed time was 15 milliseconds.

Id      : 1006
Type    : Success
Message : The Autodiscover service was tested successfully.

Id      : 1021
Type    : Information
Message : The following web services generated errors.
             As,UM in EXCH
             As,UM in EXPR
         Please use the prior output to diagnose and correct the errors.

**Note: I know the UM settings are incorrect, I don't care about those as we do not use UM**

I visited the testexchangeconnectivity.com and do the Autodiscover test and it succeeds at this part:

Attempting to test potential AutoDiscover URL https://autodiscover.mydomain.org/AutoDiscover/AutoDiscover.xml   Testing AutoDiscover URL succeeded
If I type this address into my browser: https://owa.mydomain.org/autodiscovery/autodiscovery.xml I get a generic 404 error page

If I type the same address on my server I get a prompt to accept a certificate - but its the old self signed cert. If I cancel or Accept it it prompts me for my login details and after 3 login attempts I get his XML output:

<?xml version="1.0" encoding="utf-8" ?>
- <Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
- <Response>
- <Error Time="13:40:07.2812500" Id="1689819300">
<ErrorCode>600</ErrorCode>
<Message>Invalid Request</Message>
<DebugData />
</Error>
</Response>
</Autodiscover>

Now, If I go into IIS and check the Default Website the Cert assigned to that whole site and all subsites, including Autodiscover and EWS subfolders is the Starfield 3rd Party SSL cert I purchased. When I use OWA its defiantely the Starfield 3rd APrty Cert as well. When typing the address in from my laptop it does not prompt to accept any certs just 404's on me.

Any idea's? I have about 90 pages of threads, tutorials, suggestions, step by step guides etc printed out and scattered about me with no luck so far lol ;)

Any help is greatly appreciated :)
Post #: 1
RE: Yet Another Autodiscovery Thread ;) - 5.Dec.2008 6:13:54 AM   
Sembee

 

Posts: 4093
Joined: 17.Jan.2008
From: Somewhere near London, UK
Status: offline
The fact that you are getting the self signed certificate is a concern.
If you look at the certificates in Exchange, is the self signed certificate assigned to W, for web? get-exchangecertificate is the command required.

Do you have more than one web site on the server?
Do you have host headers configured (you should not).

Simon.


_____________________________

Simon Butler,
Exchange MVP
Blog: http://blog.sembee.co.uk/
Web: http://www.amset.info/
In the UK? Hire me: http://www.sembee.co.uk/
Exchange Resources: http://exbpa.com/

(in reply to Dave_R)
Post #: 2
RE: Yet Another Autodiscovery Thread ;) - 6.Dec.2008 1:09:04 AM   
Dave_R

 

Posts: 41
Joined: 20.Mar.2007
Status: offline
Get-ExchangeCertificate lists:

Thumbprint                                Services   Subject
----------                                --------   -------
the thumbprint                            IP.WS      CN=owa.mydomain.org, OU=Domain Control Validated, O=owa.mydomain.org


That cert that is coming up on the Exchange Server when I try to browse to the autodiscover.xml is definately the old self signed 1 year cert from when I originally installed the Exchange 2007 server. The window that pops up says "Choose a digital Certificate" and only has that old one listed and does not show the current active one.

Yet in IIS, the Default Website has that new Starfield one installed, and that one is used on all sub folders including the Autodiscovery one. No other certs are listed :(

(in reply to Sembee)
Post #: 3
RE: Yet Another Autodiscovery Thread ;) - 6.Dec.2008 1:19:24 AM   
Dave_R

 

Posts: 41
Joined: 20.Mar.2007
Status: offline
OK, now this is wierd....I just typed Get-ExchangeCertificate again.....and now there is a local one listed in addition to the 3rd Party one.

Thumbprint                                Services   Subject
----------                                  --------   -------
the thumbprint                           .....          CN=server.mydomain.local
the thumbprint                          IP.WS      CN=owa.mydomain.org, OU=Domain Control Validated, O=owa.mydomain.org

Thats odd.... and still that cert is not listed in IIS for the Autodiscovery folder....

I did not create, renew or do anything to otherwise add a new cert at all.

< Message edited by Dave_R -- 6.Dec.2008 1:20:34 AM >

(in reply to Dave_R)
Post #: 4
RE: Yet Another Autodiscovery Thread ;) - 6.Dec.2008 1:46:12 AM   
Elan Shudnow

 

Posts: 897
Joined: 4.Jan.2007
From: Chicago, IL
Status: offline
Try setting the services to None on your real certificate and activate the old certificate for all the services.  Then set the self-signed certificate to None and re-activate all the services on your real certificate.  Then remove the self-signed. 

Sometimes unsetting something and re-setting something gets it going.  Perhaps it'll be the same in this case.

Anything in event logs?  BPA?

_____________________________

Elan Shudnow
Exchange MVP
http://www.shudnow.net

(in reply to Dave_R)
Post #: 5
RE: Yet Another Autodiscovery Thread ;) - 6.Dec.2008 4:51:33 AM   
Dave_R

 

Posts: 41
Joined: 20.Mar.2007
Status: offline
Whats the command to remove services from an enabled certificate??

(in reply to Elan Shudnow)
Post #: 6
RE: Yet Another Autodiscovery Thread ;) - 6.Dec.2008 6:59:46 AM   
Dave_R

 

Posts: 41
Joined: 20.Mar.2007
Status: offline
OK, I have sorted the certs out, I did a little digging and found a MS KB article to remove some Trusted Certs that were lying around from old installs and whatnot. Rebooted the server a few times and only my 3rd part cert is showing now. I also went into the IIS properties of 'Default Website' and checke dthe security and told it to 'Ignore Client Certificates' as it was set to Accept Client certs which is why I beleive that box was popping up and had an old self signed cert come up in it.

So all thats good....so now I am back to my original question in the first post.  LOL ;)

Those erorrs when I enter: test-outlookwebservices are still the same (as the original post in this thread). When I browse to https://owa.mydomain.org/autodiscover/autodiscover.xml it 404's on me, on all machines including the server. Is this the correct response when browsing to that address? That directory and file do exist in IIS.

< Message edited by Dave_R -- 6.Dec.2008 7:32:59 AM >

(in reply to Dave_R)
Post #: 7
RE: Yet Another Autodiscovery Thread ;) - 6.Dec.2008 11:19:00 AM   
Sembee

 

Posts: 4093
Joined: 17.Jan.2008
From: Somewhere near London, UK
Status: offline
Having just checked my own system, it doesn't get a 404, it gets the 600 error that you posted above. That would tend to be the correct response as it isn't coming from Outlook.

Has it ever worked?

Simon.

_____________________________

Simon Butler,
Exchange MVP
Blog: http://blog.sembee.co.uk/
Web: http://www.amset.info/
In the UK? Hire me: http://www.sembee.co.uk/
Exchange Resources: http://exbpa.com/

(in reply to Dave_R)
Post #: 8
RE: Yet Another Autodiscovery Thread ;) - 6.Dec.2008 9:50:44 PM   
Dave_R

 

Posts: 41
Joined: 20.Mar.2007
Status: offline
To be honest I am not sure. I only really noticed it once I started rolling out Office 2007 and saw the OAB sync errors. And then I had the self signed cert issue you helped me out with several months ago.

I am just not sure why I am getting 404 errors when I can see plainly that the folders and xml file exist in IIS on that server.

(in reply to Sembee)
Post #: 9
RE: Yet Another Autodiscovery Thread ;) - 6.Dec.2008 10:11:45 PM   
Elan Shudnow

 

Posts: 897
Joined: 4.Jan.2007
From: Chicago, IL
Status: offline
So let's go over the basics and make sure everything is covered here.

You clearly have owa.mydomain.org on your certificate.  Do you also have autodiscover.mydomain.org on your certificate?  If not, you will need a SAN certificate also known as a Unified Communications certificate. 

Then you will need to set all your service URLs to match a name that is on your certificate.  You will need to set both InternalURL and ExternalURL which can be the same if you have Split-Brain DNS.

The service URLs are configured using the following commands:
Set-WebServicesVirtualDirectory -Identity “CASServer\EWS (Default Web Site)” -InternalURL https://owa.mydomain.org/EWS/Exchange.asmx -ExternalURL https://owa.mydomain.org/EWS/Exchange.asmx -BasicAuthentication:$true

Set-OABVirtualDirectory -Identity “CASServer\OAB (Default Web Site)” -InternalURL https://owa.mydomain.org/OAB -ExternalURL owa.mydomain.org/OAB -RequireSSL:$true

Enable-OutlookAnywhere -Server CASServer -ExternalHostname “owa.mydomain.org” -ClientAuthenticationMethod “Basic” -SSLOffloading:$False

Set-ActiveSyncVirtualDirectory -Identity “CASServer\Microsoft-Server-ActiveSync (Default Web Site)” -ExternalURL owa.mydomain.org/Microsoft-Server-Activesync

Set-UMVirtualDirectory -Identity “CASServer\UnifiedMessaging (Default Web Site)” -InternalURL owa.mydomain.org/UnifiedMessaging/Service.asmx -ExternalURL owa.mydomain.org/UnifiedMessaging/Service.asmx -BasicAuthentication:$true

You can do a Get- command against your Directory with a pipe to FL * to see what the existing InternalURLs and ExternalURLs are.  If you include the name that is currently defined as InternalURL on the third party certificate you use, you don't necessarily have to modify InternalURL.

Hope this helps.

_____________________________

Elan Shudnow
Exchange MVP
http://www.shudnow.net

(in reply to Dave_R)
Post #: 10
RE: Yet Another Autodiscovery Thread ;) - 7.Dec.2008 2:09:17 AM   
Dave_R

 

Posts: 41
Joined: 20.Mar.2007
Status: offline
Cheers for that Elan ;)

Yep, when I got the SAN I followed Sembee's excellent guide on the subject. I registered:

owa.mydomain.org
server.mydomain.local
server
autodiscovery.mydomain.org

I keep thinking there was one more as well but cannot recall off the top of my head.

I also set up a split DNS system for local resolution of external names as per the guide.

(in reply to Elan Shudnow)
Post #: 11
RE: Yet Another Autodiscovery Thread ;) - 7.Dec.2008 8:17:46 AM   
Elan Shudnow

 

Posts: 897
Joined: 4.Jan.2007
From: Chicago, IL
Status: offline
It should be autodiscover.mydomain.org, not autodiscovery.mydomain.org.

_____________________________

Elan Shudnow
Exchange MVP
http://www.shudnow.net

(in reply to Dave_R)
Post #: 12
RE: Yet Another Autodiscovery Thread ;) - 7.Dec.2008 10:53:12 AM   
Dave_R

 

Posts: 41
Joined: 20.Mar.2007
Status: offline
My typo here, not on the cert ;)

(in reply to Elan Shudnow)
Post #: 13
RE: Yet Another Autodiscovery Thread ;) - 7.Dec.2008 11:09:04 AM   
Elan Shudnow

 

Posts: 897
Joined: 4.Jan.2007
From: Chicago, IL
Status: offline
I'm thinking something is wrong with IIS. 

You can try following this guide if you agree with my assumption:
http://support.microsoft.com/kb/320202

_____________________________

Elan Shudnow
Exchange MVP
http://www.shudnow.net

(in reply to Dave_R)
Post #: 14
RE: Yet Another Autodiscovery Thread ;) - 8.Dec.2008 5:21:57 AM   
Dave_R

 

Posts: 41
Joined: 20.Mar.2007
Status: offline
I am really hoping it doesn't have to go that far to be honest...sounds like it could be a mess heading down that path.....call that my last resort ;)

Going through the system today, for shits and giggles I decided to try connecting a Windows Mobile 6.1 Palm Treo 750V to Mobile Active Sync and after installing my 3rd Party Cert its Syncing via GPRS like a champion. OWA works fine on any PC connected to the net, site comes up and says its secure and has my 3rd party cert details fine, my original OAB sync error (in Outlook 2007 only) error is now finally gone.....its just this bloody Autodiscovery and Avaliability that is giving me grief now.

(in reply to Elan Shudnow)
Post #: 15
RE: Yet Another Autodiscovery Thread ;) - 8.Dec.2008 8:51:49 AM   
Elan Shudnow

 

Posts: 897
Joined: 4.Jan.2007
From: Chicago, IL
Status: offline
Well if your Outlook 2007 client is getting the OAB, they must be successfully contacting the Autodiscover service to get the URL for OAB.

Have you tried doing control + right-clicking on your Outlook icon in the notification area and choosing test e-mail autoconfiguration.   Put in account info and only check for Autodiscover.  This will tell you if the client is really contacting Autodiscover and pulling down the service URLs that it should be.

_____________________________

Elan Shudnow
Exchange MVP
http://www.shudnow.net

(in reply to Dave_R)
Post #: 16
RE: Yet Another Autodiscovery Thread ;) - 8.Dec.2008 8:38:13 PM   
Dave_R

 

Posts: 41
Joined: 20.Mar.2007
Status: offline
I am trying to work out what I changed to get it working.....bloody autodiscovery has now decided to work all of a sudden and I can't pinpoint what I did to get it working since yesterday......god I hate that!  ;)

I will go back over what I did and post back here what I think it was that fixed it, mainly for anyone who may have similar issues.

So now Autodiscovery is working - yay!

But still, Avaliability is not working...its the last thing on my list....

(in reply to Elan Shudnow)
Post #: 17

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [Microsoft Exchange 2007] >> General >> Yet Another Autodiscovery Thread ;) Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts


Follow TechGenix on Twitter