Exchange Server Forums
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
RE: Autodiscover configuration (for lack of a better discription)
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
RE: Autodiscover configuration (for lack of a better di... - 16.Aug.2007 10:17:23 PM
|
|
|
t0ta11ed
Posts: 288
Joined: 2.Feb.2007
From: Mars
Status: offline
|
quote:
ORIGINAL: TwoJ
t0ta11ed - Sorry thats not it :-(, i already changed those URLs, i turned on logging in Outlook and this is part of the log;
Thread Tick Count Date/Time Description
1476 835411 06/18/07 08:24:39 Autodiscover to https://domain.com/autodiscover/autodiscover.xml starting
1476 856631 06/18/07 08:25:01 Autodiscover to https://domain.com/autodiscover/autodiscover.xml FAILED (0x800C8203)
1476 856631 06/18/07 08:25:01 Autodiscover to https://autodiscover.domain.com/autodiscover/autodiscover.xml starting
1476 896208 06/18/07 08:25:40 Autodiscover XML Received
As i mentioned i have an A record in my external DNS for autodiscover to point to my IP.
Do you have any external autodiscover entries for dns?
Do you know what URL outlook is getting for autodiscover.xml when it is connecting from the internet?
As far as i understand, Outlook is hard coded to search at either
domain.com/autodiscover
autodiscover.domain.com
for the autodiscover.xml, meaning that you would need a cert for domain.com or autodiscover.domain.com
Henrik- I appreciate the suggestion, however i will consider it after. I truly find that most CA roots are really cashing in on the need of most companies now to present SSL certs. I think the prices are highly inflated, and to have some CA's charging $600 for SAN because a simple $20 cert can no longer be used just adds to my overall feeling that the whole CA root structure should be revamped.
Sorry I'm late here, been extremly busy. In this case, a CNAME on the outside would've worked. However, in our initial parts of the thread we were dealing with Autodiscover from an internal perspective, and looking back on it now I see you were trying to get it working externally as well. I've only used Outlook 2003 externally using RPC over HTTPS. Haven't tried Outlook 2007 yet, however availability, etc is working on 2k3 without any further configuration. Glad to see you worked it out though.
|
|
|
|
|
RE: Autodiscover configuration (for lack of a better di... - 16.Aug.2007 10:26:00 PM
|
|
|
TwoJ
Posts: 46
Joined: 21.Feb.2007
Status: offline
|
Thanks t0ta11ed, i understand too well about being busy ;-)
I gave you some thanks for my little guide that is linked above for all your help
Yes from the start i had to consider outlook 2007 from the external, so it was a little frustrating that i couldn't find any solutions incept multiple external IPs or $$$ SAN SSL certs. anyways all is working now
On to the next hurdle, integrating hotmail & yahoo through a pop connector into exchange - or back to pencil & paper sounds a lot easier!!
|
|
|
|
|
RE: Autodiscover configuration (for lack of a better di... - 16.Aug.2007 10:31:39 PM
|
|
|
t0ta11ed
Posts: 288
Joined: 2.Feb.2007
From: Mars
Status: offline
|
I'm actually having a weird problem with Autodiscover right now. For some reason the URL my Outlook 2k7 clients use for it has reverted to the internal server name even though Exchange still has it configured for the mail.domain.com one. This causes a cert name mismatch error everytime you start Outlook. I'm not sure how it went from that to the internal name. Know of a way to get the client to use the correct URL? This basically breaks my CNAME in DNS.
Update: I've gotten around this for now by creating another zone and CNAME to resolve the Autodiscover URL the client is using back to mail.domain.com, although it's a rather ugly DNS hack since I'm aliasing the internal FQDN.
< Message edited by t0ta11ed -- 16.Aug.2007 11:23:25 PM >
|
|
|
|
|
RE: Autodiscover configuration (for lack of a better di... - 17.Aug.2007 8:20:56 AM
|
|
|
TwoJ
Posts: 46
Joined: 21.Feb.2007
Status: offline
|
If i understand well, you are saying that Outlook 2007 is connecting to exchange but the internal URL for autodiscover is cas.domain.com, hense a ssl mismatch error, but the url in exchange is still mail.domain.com?
I think maybe try deleting the DNS entry for autodiscover and rebuilding it, also to flush the resolver cache.
Also to set the autodiscover internal URL again with mail.domain.com to insure that it really is pulling the right info.
I think a simple test would be to have a 2007 outlook connected from outside the network, if it connects properly then it seems the issue is a DNS resolution, if not then it seems to indicate an Exchange connection problem
|
|
|
|
|
RE: Autodiscover configuration (for lack of a better di... - 17.Aug.2007 8:34:53 AM
|
|
|
t0ta11ed
Posts: 288
Joined: 2.Feb.2007
From: Mars
Status: offline
|
quote:
ORIGINAL: TwoJ
If i understand well, you are saying that Outlook 2007 is connecting to exchange but the internal URL for autodiscover is cas.domain.com, hense a ssl mismatch error, but the url in exchange is still mail.domain.com?
Autodiscover in the client (Outlook) was orginally using autodiscover.domain.com to find the service. A CNAME pointing autodiscover.domain.com to mail.domain.com fixed that. The problem was that the client for some unknown reason started looking for it at the internal server name, ie; mx1.local.domain.com. This broke the original CNAME.
quote:
I think maybe try deleting the DNS entry for autodiscover and rebuilding it, also to flush the resolver cache.
Good idea, but this wouldn't have stopped the client from attempting to use mx1.local.domain.com.
quote:
Also to set the autodiscover internal URL again with mail.domain.com to insure that it really is pulling the right info.
This was not a problem on the Exchange side. The Autodiscover service is still set for mail.domain.com there, so even trying to reset it results in Exchange saying nothing was changed because it was already set to the same value.
quote:
I think a simple test would be to have a 2007 outlook connected from outside the network, if it connects properly then it seems the issue is a DNS resolution, if not then it seems to indicate an Exchange connection problem
Good suggestion, but this was strictly an internal issue. I fixed it by creating another CNAME pointing mx1.local.domain.com to mail.domain.com. Again, a dirty DNS hack, but it works. Really weird that Outlook decided to use a different URL all of a sudden though.
|
|
|
|
|
RE: Autodiscover configuration (for lack of a better di... - 17.Aug.2007 12:02:01 PM
|
|
|
TwoJ
Posts: 46
Joined: 21.Feb.2007
Status: offline
|
What about the Outlook Anywhere settings?
In the autoconfiguartion test in outllook i have the FQDN for the RPC connection and mail.domain.com for the server name for HTTPS.
any help there?
|
|
|
|
|
RE: Autodiscover configuration (for lack of a better di... - 17.Aug.2007 12:09:13 PM
|
|
|
t0ta11ed
Posts: 288
Joined: 2.Feb.2007
From: Mars
Status: offline
|
I'm not using Outlook Anywhere internally. The Autoconfiguration test shows the client trying to use mx1.local.domain.com as the URL for Autodiscover. Since it is, the only way to remove the cert mismatch errors was to do the CNAME in DNS. Works fine now. I just find it odd that the URL changed by itself.
|
|
|
|
|
RE: Autodiscover configuration (for lack of a better di... - 17.Aug.2007 12:14:00 PM
|
|
|
TwoJ
Posts: 46
Joined: 21.Feb.2007
Status: offline
|
Maybe you should check in the exchange console - under Client Access->Secret Settings->URLs-> check if the setting is for;
-Completely Random change
or
-Change every x weeks
:-)
Glad to hear its working
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
