Autodiscover and OAB does not work internally - from the internet it works fine!!
Hello all! We're running an exchange 2007 SP2 server on Win2003. Domain is Win2008 R2. Exchange server has CAS, MBX, HUB roles. We also run an ISA 2006 srv as firewall/proxy. With it I'm publishing OWA, OA, Activesync, Autodiscover. Internet clients can successfully download the Address Book, and can also test email autoconfiguration (by right-clicking the Outlook taskbar icon) successfully.Internal clients cannot!!!! Internal Outlook clients give the following error when trying to download the OAB: "Not downloading Offline address book files. A server (URL) could not be located. 0X8004010F"With Autoconfiguration, I'm getting mixed results. Some clients succeed. Some clients fail with the following error: "Redirect check tohttp://autodiscover.mydomain.gr/autodiscover/autodiscover.xml FAILED (0x80004005)." Note that it's looking for http instead of https.Others produce the following error:"Autodiscover to https://emailserver.mydomain.gr/autodiscover/autodiscover.xml startingAutodiscover request completed with status code 502Autodiscover to https://emailserver.mydomain.gr/autodiscover/autodiscover.xml FAILED (0x80004005)."I have tried any and all throubleshooting tips I could find on the net... everything SHOULD be working.... could there be some weird conflict with the ISA server ?!?!?please.... HEEEEELP
April 16th, 2010 10:50am

What do you show for Get-OABVirtualDirectory | Format-List, especially for the InternalURL and ExternalURL? When your internal client browses to the InternalURL does it go through the ISA? If so, is that the way you want it? Do you have a split-brain DNS so that internal DNS lookups resolve to internal addresses and external lookups to extenral addresses? -- Ed Crowley MVP"There are seldom good technological solutions to behavioral problems."."Bombadill" wrote in message news:49a9f467-7916-4b2d-933b-99469b217946...Hello all! We're running an exchange 2007 SP2 server on Win2003. Domain is Win2008 R2. Exchange server has CAS, MBX, HUB roles. We also run an ISA 2006 srv as firewall/proxy. With it I'm publishing OWA, OA, Activesync, Autodiscover. Internet clients can successfully download the Address Book, and can also test email autoconfiguration (by right-clicking the Outlook taskbar icon) successfully.Internal clients cannot!!!! Internal Outlook clients give the following error when trying to download the OAB: "Not downloading Offline address book files. A server (URL) could not be located. 0X8004010F"With Autoconfiguration, I'm getting mixed results. Some clients succeed. Some clients fail with the following error: "Redirect check tohttp://autodiscover.mydomain.gr/autodiscover/autodiscover.xml FAILED (0x80004005)." Note that it's looking for http instead of https.Others produce the following error:"Autodiscover to https://emailserver.mydomain.gr/autodiscover/autodiscover.xml startingAutodiscover request completed with status code 502Autodiscover to https://emailserver.mydomain.gr/autodiscover/autodiscover.xml FAILED (0x80004005)."I have tried any and all throubleshooting tips I could find on the net... everything SHOULD be working.... could there be some weird conflict with the ISA server ?!?!?please.... HEEEEELP Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
Free Windows Admin Tool Kit Click here and download it now
April 17th, 2010 8:25pm

Also post a Get-ClientAccessServer | fl name,*uri*Active Directory, 4th Edition - www.briandesmond.com/ad4/
April 19th, 2010 2:08am

Hi, From the symptom, it seems that the client cannot connect the Autodiscover service by the connection manner. I suspect the requests for Autodiscover are being forwarded to the external IP address of ISA server. Please understand that internal Outlook clients connect the Autodiscover service via the SCP object in AD. Now please try to https://CASName/autodiscover/autodiscover.xml on the problematic clients. What's the result? Thanks Allen
Free Windows Admin Tool Kit Click here and download it now
April 19th, 2010 8:42am

Hello all, and thank you for your replies. I've had some help with this by Ryan Ye in the Partner Messaging Forums. Allen is spot on! As it turns out, the issue I describe occurs only when proxy is enabled in IE connection settings. If IE proxy is disabled 'Test email autoconfig' and OAB download works fine. If I try https://casname/autodiscover/autodiscover.xml with IE proxy settings on, I get an "Internet Explorer cannot display the webpage" error message. With proxy settings off I get a logon prompt. We use the same ISA 2006 server as a firewall, proxy, and to publish Exchange. Ryan Ye suggested that I submit a new thread in the ISA Server forum... which I plan on doing, unless anyone here has some insight to this matter. Many thanks Andreas
April 19th, 2010 10:57am

Can you provide the data Ed and I asked for?Active Directory, 4th Edition - www.briandesmond.com/ad4/
Free Windows Admin Tool Kit Click here and download it now
April 19th, 2010 5:45pm

Hi, Thanks for your sharing. Allen
April 20th, 2010 8:23am

@ Ed; Name : OAB (Default Web Site) PollInterval : 480 OfflineAddressBooks : {\COZ} RequireSSL : False BasicAuthentication : True WindowsAuthentication : True MetabasePath : IIS://mailserver.internaldomain.gr/W3SVC/1/RO OT/OAB Path : D:\Exchange\ExchangeOAB Server : MAILSERVER InternalUrl : https://mailserver.internaldomain.gr/oab InternalAuthenticationMethods : {Basic, WindowsIntegrated} ExternalUrl : https://mailserver.externaldomain.gr/oab ExternalAuthenticationMethods : {Basic, WindowsIntegrated} AdminDisplayName : ExchangeVersion : 0.1 (8.0.535.0) DistinguishedName : CN=OAB (Default Web Site),CN=HTTP,CN=Protocols, CN=MAILSERVER,CN=Servers,CN=Exchange Administrativ e Group (FYDIBOHF23SPDLT),CN=Administrative Gro ups,CN=InternalDomain,CN=Microsoft Exchang e,CN=Services,CN=Configuration,DC=internaldomain,DC=gr Identity : MAILSERVER\OAB (Default Web Site) Guid : 2d8cffce-a9a1-4346-a1b5-d120a9ae5fba ObjectCategory : internaldomain.gr/Configuration/Schema/ms- Exch-OAB-Virtual-Directory ObjectClass : {top, msExchVirtualDirectory, msExchOABVirtualD irectory} WhenChanged : 15/4/2010 1:51:05 μμ WhenCreated : 14/3/2008 7:45:25 μμ OriginatingServer : DomainController.internaldomain.gr IsValid : True Like I said before, everything is as it should be. Yes, we have a split-DNS configuration. External Domain = Email Domain, while our internal domain is different. This works fine as well. The issue is with the ISA server; When an internal client is set to use ISA as a proxy (in IE settings) but BYPASS local addresses, it's going through ISA anyway when browsing to https://autodiscover.internaldomain.gr/autodiscover/autodiscover.xml. We clearly DO NOT want this to happen. @ Brian; Name : MAILSERVER AutoDiscoverServiceInternalUri : https://mailserver.internaldomain.gr/autodiscover/autodiscover.xml
Free Windows Admin Tool Kit Click here and download it now
April 20th, 2010 10:48am

Andreas did you find an answer to this - this describes my exact issue also and it's driving me crazy... Any ideas gratefully received. Regards Chris Latham
April 22nd, 2010 9:29pm

Andreas did you find an answer to this - this describes my exact issue also and it's driving me crazy... Any ideas gratefully received. Regards Chris Latham Actually I did, or to be exact I'm really close now. If you can, check out the thread I posted in the Partner Forums: http://social.microsoft.com/Forums/en-US/partnersecurityisa/thread/0ccdb004-03d1-4c01-8639-f8d01495262d?prof=required If you don't have access, check back here in a couple of days. To give you some hints on the matter, it's the way ISA works with IE. Try instaling the latest version of Microsoft Firewall Client on a client PC, have it push settings to IE, and presto! it all works. The reason it does, is that it needs to have "Use Automatic Configuration Script" enabled (in IE proxy settings window) and pointing to: http://ISAServer.internaldomain.gr:8080/array.dll?Get.Routing.Script As soon as you've set this up, it all comes together. I'm experimenting with group policies to automate the config process, like I said, check back here in a couple of days and I'll have everything laid out by then Cheers!
Free Windows Admin Tool Kit Click here and download it now
April 23rd, 2010 1:04pm

OK, got everything sorted now.... here goes: Problem description: When ISA server is used both as a firewall and a proxy server, as well as to publish autodiscover and Exchange in general, INTRANET clients are unable to access Autodiscover and OAB The starting point is this; For some reason, OAB and Autodiscover gets routed to the ISA server, REGARDLESS if "Bypass proxy server for local addresses" is checked or not. ISA then proceeds to block such connections. As a result, OAB and Autodiscover is unreachable from the internal network... That is UNLESS you check the "Use automatic configuration script" option and in the address field type: http://ISAServer.internaldomain.com:8080/array.dll?Get.Routing.Script, you can uncheck all other options in the LAN settings window, the automatic configuration script is all that's needed for everything to work! Half client workstations in our environment are laptops used by technicians off site. In such a case, having just the automatic config script option checked and everything else unchecked is very helpful because it means that when users are on-site, the ISA server is reachable so IE uses the routing script to route all packets in proper fashion through the ISA server; When users are off-site, ISA server is unreachable, so proxying is effectively disabled and IE routes packets directly to the internet!!!! In other words, users will not have to go inside IE LAN Settings to uncheck the "use a proxy server option" every time they leave our internal network, and re-check it every time they come back!!! This can be neatly achieved with Group Policies: Create a GPO: User Configuration\Policies\Windows Settings\Internet Explorer Maintenance\Connection\Automatic Browser Configuration and type in on both fields the http://ISAServer.internaldomain.com:8080/array.dll?Get.Routing.Script URL. Make sure User Configuration\Policies\Windows Settings\Internet Explorer Maintenance\Connection\Proxy Settings is left blank, then apply this GPO to your users container. Ta-da!!! This however just pushes the settings, it does not lock them. Therefore users can change them. If you're like me, you'd want to restrict your users from tampering with your perfectly configured IE settings. So you can create a second GPO to remove the "Connections" Tab from IE Options: Computer Configuration\Policies\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Disable the Connections Page. Set this to 'Enabled', apply this GPO to your computers container, and presto!!! Perfectly configured IE LAN settings for all flavours!! Regards Andreas
April 29th, 2010 11:37am

Was looking all over the net for this fix. Job well done. This resolved my problem. Never underestimate the ability ISA has to break stuff :-D
Free Windows Admin Tool Kit Click here and download it now
December 1st, 2011 5:11am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics