Please help with AutoDiscover (Full Version)

All Forums >> [Microsoft Exchange 2007] >> Mobility



Message


stevenjwilliams83 -> Please help with AutoDiscover (17.Oct.2008 12:08:03 PM)

I have read numerous articles on autodiscover and cant seem to get it to work.  I bought a SAN Cert with multiple domain names in it including autodiscover.mydomain.com....I did not get a name called autodiscover.mydomain.local for internal.  Is this a problem?  I am working with 1 CAS server and ISA server 2006 with 2 network cards and 1 external IP...I have read some things that say I need two External IP's?  I do not understand split-DNS, I tried it and my internal clients could resolve any external subdomains of root domain...maybe i didnt configure it right.  I just added an additional forward lookup zone in my internal AD DNS Server.  I set it up to be non AD integrated and not to allow dynamic updates, then I added my enternal URL's lilke mail.mydomain.com and autodiscover.mydomain.com......I have OWA and active sync working perfectly with Exchange 07 and ISA server but cant get Outlook anywhere working or Autodiscover.  Can Someone please help?  Any info you may need to more about my situation I will be more than willing to provide.  Thanks.




Elan Shudnow -> RE: Please help with AutoDiscover (20.Oct.2008 2:24:36 AM)

Autodiscover uses the person's primary SMTP domain.  So, if you have user@domain.com, you'll want to have a SAN name of autodiscover.domain.com.  This name is used for external clients or non-domain joined clients.  Essentially, any clients that don't have access to AD.

Because of this, you may need split DNS.  External DNS will need to have a zone for domain.com and internally, if you are using non-domain joined clients and want them to utilize Autodiscover, you'll need to have the DNS servers that DHCP point those clients to, to have a DNS zone of domain.com as well.

You then have to go and configure AutodiscoverInternalURI and your other services InternalURL and ExternalURL FQDNs to match names that are in the certificate.  AutodiscoverinternalURI is utilized for domain-joined users who have access to AD. InternalURL is handed out to domain-joined clients and ExternalURL is handed out to external or non-domain joined clients as well as Outlook Anywhere clients.

Set-ClientAccessServer -Identity CASServer -AutoDiscoverServiceInternalUri https://mail.domain.com/Autodiscover/Autodiscover.xml

Set-WebServicesVirtualDirectory -Identity “CASServer\EWS (Default Web Site)” -InternalURL https://mail.domain.comi/EWS/Exchange.asmx -ExternalURL https://mail.domain.comi/EWS/Exchange.asmx -BasicAuthentication:$true

Set-OABVirtualDirectory -Identity “CASServer\OAB (Default Web Site)” -InternalURL https://mail.domain.com/OAB -ExternalURL https://mail.domain.com/OAB

Enable-OutlookAnywhere -Server CASServer -ExternalHostname “mail.shudnow.net” -ClientAuthenticationMethod “Basic”-SSLOffloading:$False

Set-ActiveSyncVirtualDirectory -Identity “CASServer\Microsoft-Server-ActiveSync (Default Web Site)” -ExternalURL https://mail.domain.com/Microsoft-Server-Activesync

Set-UMVirtualDirectory -Identity “CASServer\UnifiedMessaging (Default Web Site)” -InternalURL https://mail.domain.com/UnifiedMessaging/Service.asmx -ExternalURL https://mail.domain.com/UnifiedMessaging/Service.asmx -BasicAuthentication:$true

There's even more to it once you start having multiple sites and when you don't have Split DNS.






stevenjwilliams83 -> RE: Please help with AutoDiscover (20.Oct.2008 12:35:49 PM)

So I host a non-active directory DNS in a datacenter and active directory integrated DNS in house to resolve internal clients.  Where do I set up DNS at?  The datacenter or internal DNS?  I think i understand everything you said if I could just figure out how to split DNS and where?  thanks.




Elan Shudnow -> RE: Please help with AutoDiscover (20.Oct.2008 2:49:05 PM)

Well, depends on what you set as the InternalURL and what you set as the ExternalURL.  If you have domain.com zones both externally (internet) and internally, then you can set both InternalURL and ExternalURL to the same values as having domain.com available on internet DNS and internal DNS is split DNS.

Now if you have domain.com available externally only and domain.local available internally, you can set externalURL to domain.com and InternalURL to domain.local.  You would have to make sure the certificate you obtain whatever FQDNs you utilize both externally and internally.

You can even set the InternalURL to https://netbiosnameofCAS/etc.....  You should then have the NetBIOS name of your server in the certificate.




stevenjwilliams83 -> RE: Please help with AutoDiscover (20.Oct.2008 4:45:51 PM)

My Cert has the following names:

ServerName.MyDomain.local
ServerNetBiosName
Mail.MyDomain.com
AutoDiscover.MyDomain.com


I was just under the impression, for autodiscover that internal clients and external clients had to be able to link to AutoDiscover.MyDomain.com?  So that's why I needed split DNS, so that my internal clients could resolve AutoDiscover.MyDomain.com.

Heres some things I can show you:

InternalNLBBypassUrl          : https://exch07srv01.MyDomain.local/ews/exchange.asmx
Name                          : EWS (Default Web Site)
InternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated}
ExternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated}
BasicAuthentication           : True
DigestAuthentication          : False
WindowsAuthentication         : True
MetabasePath                  : IIS://EXCH07SRV01.MyDomain.local/W3SVC/1/ROOT/EWS
Path                          : E:\EXCH07\ClientAccess\exchweb\EWS
Server                        : EXCH07SRV01
InternalUrl                   : https://exch07srv01.MyDomain.local/EWS/Exchange.asmx
ExternalUrl                   : https://mail.MyDomain.com/EWS/Exchange.asmx
AdminDisplayName              :
ExchangeVersion               : 0.1 (8.0.535.0)
DistinguishedName             : CN=EWS (Default Web Site),CN=HTTP,CN=Protocols,CN=EXCH07SRV01,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT)
                               CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=MyDomain,DC=local
Identity                      : EXCH07SRV01\EWS (Default Web Site)
Guid                          : 06519879-99e2-4138-a8f6-c2bff17698ce
ObjectCategory                : MyDomain.local/Configuration/Schema/ms-Exch-Web-Services-Virtual-Directory
ObjectClass                   : {top, msExchVirtualDirectory, msExchWebServicesVirtualDirectory}
WhenChanged                   : 10/17/2008 2:04:10 PM
WhenCreated                   : 6/25/2008 3:46:45 PM
OriginatingServer             : DC.MyDomain.local
IsValid                       : True

-----------------------------------------------------------------------------------

Name                          : Autodiscover (Default Web Site)
InternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated}
ExternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated}
BasicAuthentication           : True
DigestAuthentication          : False
WindowsAuthentication         : True
MetabasePath                  : IIS://EXCH07SRV01.MyDomain.local/W3SVC/1/ROOT/Autodiscover
Path                          : E:\EXCH07\ClientAccess\Autodiscover
Server                        : EXCH07SRV01
InternalUrl                   :
ExternalUrl                   :
AdminDisplayName              :
ExchangeVersion               : 0.1 (8.0.535.0)
DistinguishedName             : CN=Autodiscover (Default Web Site),CN=HTTP,CN=Protocols,CN=EXCH07SRV01,CN=Servers,CN=Exchange Administrative Group (FYDIBOH
                               m Design,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=MyDomain,DC=local
Identity                      : EXCH07SRV01\Autodiscover (Default Web Site)
Guid                          : 9c487f95-3b19-4ab1-b16f-2603efd7725d
ObjectCategory                : MyDomain.local/Configuration/Schema/ms-Exch-Auto-Discover-Virtual-Directory
ObjectClass                   : {top, msExchVirtualDirectory, msExchAutoDiscoverVirtualDirectory}
WhenChanged                   : 6/25/2008 3:46:42 PM
WhenCreated                   : 6/25/2008 3:46:27 PM
OriginatingServer             : DC.MyDomain.local
IsValid                       : True

-----------------------------------------------------------------------------------

Name                          : OAB (Default Web Site)
PollInterval                  : 480
OfflineAddressBooks           : {}
RequireSSL                    : True
MetabasePath                  : IIS://EXCH07SRV01.MyDomain.local/W3SVC/1/ROOT/OAB
Path                          : E:\EXCH07\ClientAccess\OAB
Server                        : EXCH07SRV01
InternalUrl                   : http://exch07srv01.MyDomain.local/OAB
InternalAuthenticationMethods : {WindowsIntegrated}
ExternalUrl                   : https://mail.MyDomain.com/OAB
ExternalAuthenticationMethods : {WindowsIntegrated}
AdminDisplayName              :
ExchangeVersion               : 0.1 (8.0.535.0)
DistinguishedName             : CN=OAB (Default Web Site),CN=HTTP,CN=Protocols,CN=EXCH07SRV01,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT)
                               CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=MyDomain,DC=local
Identity                      : EXCH07SRV01\OAB (Default Web Site)
Guid                          : 830771d4-0f53-4538-8590-010403079736
ObjectCategory                : MyDomain.local/Configuration/Schema/ms-Exch-OAB-Virtual-Directory
ObjectClass                   : {top, msExchVirtualDirectory, msExchOABVirtualDirectory}
WhenChanged                   : 10/17/2008 2:03:22 PM
WhenCreated                   : 6/25/2008 3:46:22 PM
OriginatingServer             : DC.MyDomain.local
IsValid                       : True

I can't seem to get the internal or external URL's set on the autodiscovery.

Outlook anywhere works but only if I set my RPC proxy settings in the More Settings>Connections tab of outlook.  Just cant get it to work from outside on non-domain member with autodiscover.

Thanks For all the help, I was beginning to get frustrated.




Elan Shudnow -> RE: Please help with AutoDiscover (20.Oct.2008 4:56:21 PM)

You don't need to set the InternalURL and ExternalURL on the autodiscover itself.  To be honest, I have absolutely no idea why those options were added there.  The only thing you ever have to modify with Autodiscover is the AutodiscoverInternalURI which is set using Set-ClientAccessServer.

And as I stated, the only time a client will ever have to contact autodiscover.domain.com is if they don't have access to Active Directory.  That may be due to the client being on the internal LAN but not being domain joined or due to the client being external to the network (home/client site/etc.)

The commands I gave you are the only commands you will have to run.  InternalURL when you are domain joined and ExternalURL when on LAN and not domain joined and/or using Outlook Anywhere.

And no problem for the help.  If you're still confused with something, just ask.  The autodiscover service and wrapping your head around the InternalURL, externalURL, and all the new service stuff can be challenging.




stevenjwilliams83 -> RE: Please help with AutoDiscover (20.Oct.2008 5:04:11 PM)

So I guess I am still confused with Split-DNS, with the names that my cert holds, is Split DNS needed?  I wish my internal domain name was the same as my external domain name, this would be easier I think.




Elan Shudnow -> RE: Please help with AutoDiscover (20.Oct.2008 5:12:50 PM)

No, Split DNS isn't needed but you will lack some functionality for non-domain joined machines when on the corporate LAN.  I go into why in the last paragraph in this post.  So let's say your AD DNS is domain.local and your external dns is domain.com.  You would do the following:

Set-ClientAccessServer -Identity CASServer -AutoDiscoverServiceInternalUri https://mail.domain.local/Autodiscover/Autodiscover.xml

Set-WebServicesVirtualDirectory -Identity “CASServer\EWS (Default Web Site)” -InternalURL https://mail.domain.locali/EWS/Exchange.asmx -ExternalURL https://mail.domain.comi/EWS/Exchange.asmx -BasicAuthentication:$true

Set-OABVirtualDirectory -Identity “CASServer\OAB (Default Web Site)” -InternalURL https://mail.domain.local/OAB -ExternalURL https://mail.domain.com/OAB

Enable-OutlookAnywhere -Server CASServer -ExternalHostname “mail.domain.com” -ClientAuthenticationMethod “Basic”-SSLOffloading:$False

Set-ActiveSyncVirtualDirectory -Identity “CASServer\Microsoft-Server-ActiveSync (Default Web Site)” -ExternalURL https://mail.domain.com/Microsoft-Server-Activesync

Set-UMVirtualDirectory -Identity “CASServer\UnifiedMessaging (Default Web Site)” -InternalURL https://mail.domain.local/UnifiedMessaging/Service.asmx -ExternalURL https://mail.domain.com/UnifiedMessaging/Service.asmx -BasicAuthentication:$true

So now when clients are domain-joined and on the corporate network, they will have direct connectivity to AD and won't need to contact autodiscover.domain.com.  Instead, they will be able to locate the SCP (AutodiscoverInternalURI) and utilize that FQDN for Autodiscover functionality.

And because they have access to AD, once they contact the Autodiscover Service by using the AutodiscoverInternalURI, they will retrieve InternalURLs which will have the FQDN of domain.local.  But since they are on the corporate LAN, the DNS servers they retrieved from DNS will contain the domain.local zone.

Now when the user is outside of the corporate network, they will not have access to AD and will then try to contact autodiscover.domain.com.  When they contact the Autodiscover service, Autodiscover will know it was contacted by autodiscover.domain.com and will hand out the ExternalURLs.  Because the user is on the internet, they will be able to contact the domain.com zone.

The only issue you will run into is for non-domain joined clients on the corporate LAN.  Outlook Anywhere won't work for them as you don't set an InternalURL and ExternalURL.  You set the ExternalHostName.  So if you were on the corporate LAN, you wouldn't be able to use Outlook Anywhere as you're not using split DNS and the mail.domain.com FQDN you set for Outlook anywhere isn't located on the DNS servers on your corporate LAN.




Exchange_Geek -> RE: Please help with AutoDiscover (20.Oct.2008 5:13:51 PM)

That was an easy way out.
[:D][:D][:D][:D]




stevenjwilliams83 -> RE: Please help with AutoDiscover (20.Oct.2008 5:19:56 PM)

Now where you put mail.Mydomain.local.....I dont have that on my cert....I just have mail.mydomain.com  I have the netbios name and FQDN (Server.mydomain.local) but not mail.mydomain.local.....do I need that or can I use Server.mydomain.local?




Elan Shudnow -> RE: Please help with AutoDiscover (20.Oct.2008 5:21:27 PM)

Change mail.domain.local to the ServerName.MyDomain.local or ServerNetbiosName.




Elan Shudnow -> RE: Please help with AutoDiscover (20.Oct.2008 5:28:52 PM)

quote:

ORIGINAL: Exchange_Geek

That was an easy way out.
[:D][:D][:D][:D]


He owes me beer if he comes out to Chicago.[:)]




Exchange_Geek -> RE: Please help with AutoDiscover (20.Oct.2008 5:33:07 PM)

lol i agree, in fact a night out if this works - damn i already forgot the entire link from where this thread started and at which point of troubleshooting you guys are.

Need some sleep...........................................




stevenjwilliams83 -> RE: Please help with AutoDiscover (20.Oct.2008 5:38:10 PM)

In an earlier post you put:

Set-ClientAccessServer -Identity CASServer -AutoDiscoverServiceInternalUri https://mail.domain.com/Autodiscover/Autodiscover.xml

In the latest one you put:

Set-ClientAccessServer -Identity CASServer -AutoDiscoverServiceInternalUri https://mail.domain.local/Autodiscover/Autodiscover.xml

which one is correct?  I assume mail.mydomain.com?




Elan Shudnow -> RE: Please help with AutoDiscover (20.Oct.2008 5:45:12 PM)

quote:

ORIGINAL: Elan Shudnow

Change mail.domain.local to the ServerName.MyDomain.local or ServerNetbiosName.


This applies to AutodiscoverInternalURI.  I explained this all.  Please read everything I wrote and you should understand what the AutodiscoverInternalURI is.




stevenjwilliams83 -> RE: Please help with AutoDiscover (20.Oct.2008 6:02:36 PM)

Ok so I have autodiscover internalURL set to Servername/autodiscover/autodiscover.xml and set everything else up like you instructed.  At first the Exchange connectivity tool was failing but I figured it out, it was ISA Server, I had to add autodiscover.mydomain.com to public name tab along with my Mail.mydomain.com name, then the connectivity tool passed with flying colors, so i know it works internally, and I know I can get to it from the internet, but yet my client still wont take email and password input, it just errors and says:

an encrypted connection to your mail server is not available.

I see that on the exchange connectivity testing tool that it also tries to contact:

MyDomain.com/autodiscover/autodiscover.xml

Where is it getting that from? 




Elan Shudnow -> RE: Please help with AutoDiscover (20.Oct.2008 7:59:23 PM)

Well, I told you not to set the InternalURL or ExternalURL on the Autodiscover.  You want to configure the AutodiscoverInternalURI.  I'm assuming that's what you meant, just making sure.

Autodiscover always tries to use Mydomain.com/autodiscover before autodiscover.mydomain.com/autodiscover.  Don't worry about that.  Just about all people use the autodiscover.mydomain.com method.

As for your encryption error, check out this hotfix:
http://support.microsoft.com/kb/949401




stevenjwilliams83 -> RE: Please help with AutoDiscover (20.Oct.2008 9:00:09 PM)

OK thanks, I will take a look at the hot fix.  One more thing:

A client on a laptop, not part of the corporate domain, on the road traveling needs to setup his exchange using autodiscover....So he plugs in his email address and password.  Outlook goes out and looks for user@Mydomain.com, External DNS tells outlook, Mydomain.com is at 10.0.0.0.  Then it looks for Mydomain.com/autodiscover/autodiscover.xml and cant find that so then it looks for autodiscover.mydomain.com and External DNS says its at 10.0.0.1.  So then the request makes it to the ISA server, ISA server says you are looking for autodiscover.mydomain.com.....How does ISA server know the exchange server uses this site?  We never specified anywhere? We only specified Server.mydomain.local/autodiscover/autodiscover.xml?  This may be and IIS thing which is not my strongest point, just trying to get an understanding what the process of autodiscover is.  Thanks for all your help.  I will post good news if the hot fix works.




Elan Shudnow -> RE: Please help with AutoDiscover (20.Oct.2008 9:39:01 PM)

Well because you need to publish autodiscover.domain.com and have a certificate on your ISA box that contains the autodiscover.domain.com name.  It sounds like you already did this from putting the autodiscover.domain.com name in your Public Name tab on your ISA rule.  That should do it.  It'll just look at the To: Tab to see what server it should send the request to.  And this should be your CAS server that services Autodiscover requests.

In fact, I wrote an article on how to publish autodiscover via ISA 2006.  Keep in mind this article was written over a year ago and is based on ISA 2006 RTM.  But it will get you what you need as I have updated it a little.

http://www.shudnow.net/2007/07/15/publishing-exchange-2007-autodisover-in-isa-2006/




stevenjwilliams83 -> RE: Please help with AutoDiscover (20.Oct.2008 11:43:01 PM)

Hotfix, No Workie!  This is frustrating.....the Testexchangeconnectivity test successful for Autodiscover....So what the heck....still cant get external clients to use autodiscover....Where do I start the troubleshooting...ISA log files or exchange log files?  I did look at my Rule for outlook anywhere and Public Tab has:

Mail.Mydomain.com
Autodiscover.Mydomain.com

The To tab has:

Mail.Mydomain.com and ip address of my exchange server.....

Should it be autodiscover.Mydomain.com and Server IP address??  Or maybe the internal name server.Mydomain.local?

So close, why doesnt it just work!!!




Page: [1] 2 3   next >   >>