• RSS
  • Twitter
  • FaceBook

Exchange Server Forums

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Cached Mode Outlook Anywhere Clients Can't Access Exchange Services

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Microsoft Exchange 2007] >> General >> Cached Mode Outlook Anywhere Clients Can't Access Exchange Services Page: [1]
Login
Message << Older Topic   Newer Topic >>
Cached Mode Outlook Anywhere Clients Can't Access Excha... - 12.Aug.2008 2:46:11 PM   
Mediaogre

 

Posts: 25
Joined: 26.Mar.2008
Status: offline
I'm reposting what I posted on Experts Exchange (including a couple of updates) due to the recent rash of irrelevant responses from "experts":

Hey folks,

Here is the issue:

Seemingly at random, some Outlook 2007 cached mode clients can't access free/busy data. For some of them, the service comes back, but others have been unable to retrieve free/busy since 8/4. As far as I know, the clients who still can't access are connecting from the Internet. Although, I've configured the web service external and internal URLs with one FQDN, cas.mydomain.com, which resolves internally on the local LAN and externally so I don't know how that could be a factor. For what it's worth, the service formerly known as RPC over HTTP still works well for everyone.

The environment:

Exchange 2007 SP1 Mailbox server and two HT/CAS (load balanced) servers. Outlook 2007 SP1 cached mode. SAN certificate is installed for all Exchange services and has been fine since March.

Exchange 2003 SP2 BE/FE server but no mailboxes are left and the routing master is one of my CAS boxes

Some data points: All clients on the LAN produce the desired results when running the Outlook Test E-mail AutoConfiguration tool. I'm still gathering data for the remote clients, but one user who's having trouble, receives this message: "Autoconfiguration was unable to determine your settings!" Running the Exchange Server Remote Connectivity Analyzer's Autodiscover Connectivity Test (a great tool folks- https://www.testexchangeconnectivity.com/ ) using test account domain credentials is successful.

Change in the SMTP landscape and possibly a crucial point: For reasons I'll leave to your imagination, on Monday night, I disabled the default recipient policy and assigned every user a new primary SMTP address with a different domain, e.g., instead of juser@mydomain.com, it's juser@someotherdomain.com. The old primary SMTP still exists in users' AD properties as an additional address.

***UPDATE*** Creating a new reg key UseLegacyFB "fixes" the free/busy issue but I'm not sure how or why and I'm certainly not comfortable with that as a "fix".

***UPDATE*** It's now evident that more folks are gradually losing connectivity to all Exchange Services including OOF and OAB with the annoyingly generic (0x8004010F) error- even though running Test E-mail Autoconfiguration returns no errors.

Thanks in advance,

Greg

< Message edited by Mediaogre -- 12.Aug.2008 2:48:27 PM >
Post #: 1
RE: Cached Mode Outlook Anywhere Clients Can't Access E... - 12.Aug.2008 8:09:03 PM   
John Weber

 

Posts: 1236
Joined: 20.Apr.2005
From: Portland, Oregon
Status: offline
For starters, the 010F error is a cert error.
That may be your entire problem.

AS for the OL2k7 users is a must.
F/B for OL2k3 clients MUST come from a PF.

I would closely check the certs on all touch points.

_____________________________

John Weber [Lync MVP] http://tsoorad.blogspot.com

(in reply to Mediaogre)
Post #: 2
RE: Cached Mode Outlook Anywhere Clients Can't Access E... - 12.Aug.2008 11:14:25 PM   
Mediaogre

 

Posts: 25
Joined: 26.Mar.2008
Status: offline
Thanks. That's something worth digging into a little further. Although I've run Get-ExchangeCertificate and everything looks OK. I could post the output though if you want to take a look.

All clients are 2K7.

-Greg

(in reply to John Weber)
Post #: 3
RE: Cached Mode Outlook Anywhere Clients Can't Access E... - 13.Aug.2008 5:08:34 PM   
Mediaogre

 

Posts: 25
Joined: 26.Mar.2008
Status: offline
OK, I feel silly, but at least I've identified the issue. (Wireshark on an external test system worked wonders :-/ ) The issue is our public DNS record for autodiscover is autodiscover.oldcompany.com and when an Outlook Anywhere client attempts to access an Exchange service, the client appends the request with the new primary SMTP domain, NewCompany.com.

My new issue is forcing Outlook Anywhere to the correct autodiscover url. Information I've found on this topic is inconsistent. Any help is appreciated.

Mods, I apologize for the evolution of this thread and I understand if it gets re-categorized or closed.

-Greg

(in reply to Mediaogre)
Post #: 4
RE: Cached Mode Outlook Anywhere Clients Can't Access E... - 13.Aug.2008 5:38:27 PM   
Sembee

 

Posts: 4093
Joined: 17.Jan.2008
From: Somewhere near London, UK
Status: offline
I had heard that the Exchange server zone at EE had gone downhill since I left. Unfortunately it was too much work on my own to keep it in line from the wannabee experts.

Anyway, if you have changed the URLs then you need to run some commands. What the commands are depends on whether you are using a SAN/UC certificate or a single name certificate.
If you are using a single name certificate then you will need to setup a split DNS setup.

Single Name SSL: http://www.amset.info/exchange/singlenamessl.asp
SAN/UC: http://www.sembee.co.uk/archive/2008/05/30/78.aspx

However it is important that the name resolve AND matches the name on your SSL certificate.

Simon.

_____________________________

Simon Butler,
Exchange MVP
Blog: http://blog.sembee.co.uk/
Web: http://www.amset.info/
In the UK? Hire me: http://www.sembee.co.uk/
Exchange Resources: http://exbpa.com/

(in reply to Mediaogre)
Post #: 5
RE: Cached Mode Outlook Anywhere Clients Can't Access E... - 14.Aug.2008 3:20:59 PM   
Mediaogre

 

Posts: 25
Joined: 26.Mar.2008
Status: offline
It's too bad about EE.

I haven't change any URLs. And actually, on-LAN domain-joined machines locate the Exchange services fine via SCP record regardless of primary SMTP domain mismatch- which is good. If this continues to work, I can roll out a "fix" to my external, non domain-joined Outlook Anywhere clients.

So, for now, the Exchange services issue only exist with external clients. I just can't get the combination of correct registry additions and local autodiscover.xml to properly redirect clients to my correct public DNS autodiscover url. I haven't ruled out asking our parent companie's DNS guy to add a new A record pointing to our public IP, but I'm not quite ready to go there yet.

For grins, here are some reg additions and various Test E-mail AutoConfiguration output data:

HKCU\Software\Microsoft\Office\12.0\Outlook\Autodiscover
 
ExcludeHttpRedirect  REG_DWORD  value = 1
ExcludeHttpsAutodiscover  REG_DWORD value  = 0
ExcludeScpLookup  REG_DWORD value = 1 (something's not working here because my LAN connected domain-joined clients STILL look for an SCP record)
ExcludeSrvLookup  REG_DWORD value = 1 (something's not working here because my external non domain-joined clients STILL look for an SRV record)
ExcludeSrvRecord  REG_DWORD value = 1
ExcludeRootDomain REG_DWORD value = 1
ExcludeAutodiscoverDomain REG_DWORD = 1
 
PreferLocalXML  REG_DWORD value = 1
 
OldDomain.com REG_SZ value = c:\autodiscover.xml (xml code attached)
 
Here is the output from Test E-mail Autoconfiguration with user@olddomain.com and user@newdomain.com on a domain-joined machine and all above-mentioned changes in place:
 
***Begin OldDomain.com output***
 
Local autodiscover for olddomain.com starting
Local autodiscovre for olddomain.com FAILED (0x800C8202)
Attempting URL https://cas.olddomain.com/autodiscover/autodiscover.xml found through SCP
Autodiscover to https://cas.olddomain.com/autodiscover/autodiscover.xml starting
Autodiscover to https://cas.olddomain.com/autodiscover/autodiscover.xml succeeded (0x00000000)
 
***End OldDomain.com output***
 
##########################
 
***Begin NewDomain.com output***
 
Local autodiscover for newdomain.com starting
Local autodiscovre for newdomain.com FAILED (0x800C8202)
Attempting URL https://cas.newdomain.com/autodiscover/autodiscover.xml found through SCP
Autodiscover to https://cas.newdomain.com/autodiscover/autodiscover.xml starting
Autodiscover to https://cas.newdomain.com/autodiscover/autodiscover.xml succeeded (0x00000000)
 
***End NewDomain.com output***
 
With non domain-joined machines, failure occurs during redirect. I don't know that I have the time to worry about why, even after making the "exclude" SRV registry addtions, the client still tries SRVs. If it didn't fail at the redirect, it wouldn't be an issue. Here's output from an external non domain-joined machine (I only tested E-mail Autoconfiguration using @newdomain.com because I'm guessing that simulates what happens when one clicks something like- Tools | Out of Office Assistant. Essentially, the client's going to use the new primary SMTP address):
 
 ***Begin NewDomain.com output (non domain-joined)***
 
Local autodiscover for newdomain.com starting
Local autodiscovre for newdomain.com FAILED (0x800C8202)
Autodiscover to https://newdomain.com/autodiscover/autodiscover.xml starting
Autodiscover to https://newdomain.com/autodiscover/autodiscover.xml FAILED (0x800C8203)
Autodiscover to https://autodiscover.newdomain.com/autodiscover/autodiscover.xml starting
Autodiscover to https://autodiscover.newdomain.com/autodiscover/autodiscover.xml FAILED (0x800C8203)
Redirect check to https://autodiscover.newdomain.com/autodiscover/autodiscover.xml starting
Redirect check to https://autodiscover.newdomain.com/autodiscover/autodiscover.xml FAILED (0x80072EE7) ###Here is where it's painfully obvious the xml file is being ignored###
SRV Record Lookup for newdomain.com starting
SRV Record Lookup for newdomain.com FAILED (0x8004010F)
 
***End NewDomain.com output (non domain-joined)***


(in reply to Sembee)
Post #: 6
RE: Cached Mode Outlook Anywhere Clients Can't Access E... - 18.Aug.2008 12:18:35 PM   
Sembee

 

Posts: 4093
Joined: 17.Jan.2008
From: Somewhere near London, UK
Status: offline
If you haven't changed any URLs then that might be the first place I would be looking. Do you have an SSL certificate with the relevant names in it? The process should only be using SRV records if everything else fails. You need to have autodiscover.domain.com pointing to the Exchange server and the relevant URL set in Exchange. Then as long as the other URLs for Outlook Anywhere are set correctly it should resolve without trying DRV records. SRV records are really for people who are using a single name SSL certificate.

Simon.

_____________________________

Simon Butler,
Exchange MVP
Blog: http://blog.sembee.co.uk/
Web: http://www.amset.info/
In the UK? Hire me: http://www.sembee.co.uk/
Exchange Resources: http://exbpa.com/

(in reply to Mediaogre)
Post #: 7
RE: Cached Mode Outlook Anywhere Clients Can't Access E... - 18.Aug.2008 6:04:32 PM   
Mediaogre

 

Posts: 25
Joined: 26.Mar.2008
Status: offline
Simon,

I'm using a SAN cert with two names. The autodiscover process is getting as far as the SRV lookup because all else fails. I get that. I'm trying to get the client to ignore (Supposedly, this can be accomplished with registry additions- see my massive post above.) the new root/primary SMTP domain and look to a local xml file for the redirect url., e.g., Outlook Anywhere client, don't  bother looking for autodiscover.newdomain.com, look at this local file instead for this url: autodiscover.olddomain.com. Then routers and DNS can do their thing.

Our parent company owns the namespace newdomain.com so configuring a new public A record and adding another name to my SAN cert may not be an option.

Any ideas about redirecting and using local autodiscover xml files?

-Greg

(in reply to Sembee)
Post #: 8
RE: Cached Mode Outlook Anywhere Clients Can't Access E... - 19.Aug.2008 10:20:14 AM   
Sembee

 

Posts: 4093
Joined: 17.Jan.2008
From: Somewhere near London, UK
Status: offline
Can't help with using local files as I do all my deployments to best practises and that is to use DNS settings. I haven't even looked at the local files method as I haven't needed to.

Simon.

_____________________________

Simon Butler,
Exchange MVP
Blog: http://blog.sembee.co.uk/
Web: http://www.amset.info/
In the UK? Hire me: http://www.sembee.co.uk/
Exchange Resources: http://exbpa.com/

(in reply to Mediaogre)
Post #: 9

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [Microsoft Exchange 2007] >> General >> Cached Mode Outlook Anywhere Clients Can't Access Exchange Services Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts


Follow TechGenix on Twitter