Configure OOF & Web Services with Certificate
Hi,I have a Exchange 2007 on a single box with all the roles HUB/CAS/Mailbox in it. The installation issuccessfuland able to send receive mails internal and external. Now the issue I, am facing is that :1)I, have generated a SAN Certificate from MS CA installed in DC itself, and imported the same to exchange and now my OWA is not prompting for Certificate error. Now when I, check the certificate details and look at SAN, its having a Yellow Triangle Exclamation mark on it.2)I have configured the web services, auto discover, OABwith proper URLs. When I, do a TEST-AUTODISCOVERSERVICES, it gives error 401 not authorised.3)When I,enter get-autodiscoverservices, the Internal & External Url ar blank even though I, have entered the URLS.4) I think coz of the above my OOF and OAB is not getting downloaded.This I, am doing within my domain so the root ca is trusted already.PS: It does have PUBLIC FOLDER database, as its my 2003 / 2007 clients.Thank you all in advance, hoping for a reply at the earliest.Regards,Kiran
April 2nd, 2009 8:19pm

Hi Kiran,1) I have also seen it, don't exactly know why it shows yellow triangle but things works just fine. Just to double check, your subject name should be the first name in alternate names list. For e.g. webmail.domain.com should be first in domains list of cert other then autodiscover.domain.com and others.2) It can be becuase of disable loopback check, you can enable it for a while to test. http://www.exchange-genie.com/2007/07/401-error-when-attempting-test-outlookwebservices/3)you can ignore it, you should look for the uri in get-clientaccessserver, this is the autodiscover SPN.4) Yes, outlook 2007 uses autodiscover for OOF and OAB, it that is not configured properly, availibility services will not work. You can check for autodiscover spn in get-clientaccessserver, oab url in get-oabvirtualdirectory and availibility services url get-webservicesvirtualdirecttory. Ctrl+rightclick on outlook icon in taskbar and run test-emailautoconfiguration, uncheck guesssmart options and run the test. You can look at log tabto find what is wrong. If you use IE proxy in your env, make sure that autodiscover spnand virtual directories url are in the exceptions.You can post the output here if you want.PS: 2003 clients need PF, its only 2007 that can work without PF.hth...-V
Free Windows Admin Tool Kit Click here and download it now
April 5th, 2009 1:05pm

Besides, please check the article below:Exchange 2007 Autodiscover and certificateshttp://msexchangeteam.com/archive/2007/04/30/438249.aspx How to configure the Web Services URLs that are used by Outlook 2007http://www.msexchange.org/articles_tutorials/exchange-server-2007/management-administration/configuring-exchange-server-2007-web-services-urls.htmlRegards,Xiu
April 7th, 2009 6:44am

HI, Thanks for the response.But the link mentioned by you is the one which I, refered for configuring the same.As mentioned earlier, When I,enter get-autodiscoverservices, the Internal & External Url ar blank even though I, have entered the URLS.Any inputs will greatly appreciated.Thanks a lot.Regards,Kiran
Free Windows Admin Tool Kit Click here and download it now
April 7th, 2009 6:59am

Hi, First please try to run Test-outlookwebservices |fl and then post the result here. Then please try to launch and try to use test-autoconfiguration to see if the OOF url and OAB url has been correctly set.Please post the result here. 1. Launch Outlook 2007 using any profile. 2. Hold down the CTRL key on your keyboard and click the Outlook icon in the notification area of the Windows taskbar, also known as the notification area. 3. In the menu that appears, click Test E-mail AutoConfiguration. 4. Enter your E-mail Address and Password (if not logged into the domain) in the respective edit boxes. 5. Choose the desired auto configuration methods with Use Autodiscover, clear other selection. 6. Click Test.Please also post the result here. 7. Test-outlookwebservices |fl Note: we recommend that you use a certificate from a public CA for the Autodiscover. The best practice for this is to use a public CA that is trusted by all clients by default. Regards, Xiu
April 7th, 2009 9:13am

Here is the output: Test-outlookwebservices |fl Id : 1003Type : InformationMessage : About to test AutoDiscover with the e-mail address inadmin@in.mydomain.com. Id : 1007Type : InformationMessage : Testing server INEXC10.in.mydomain.local with the published name htt ps://mail.in.mydomain.com/EWS/Exchange.asmx & https://mail.in.mydomain.com/EWS/Exchange.asmx. Id : 1019Type : InformationMessage : Found a valid AutoDiscover service connection point. The AutoDiscover URL on this object is https://autodiscover.in.mydomain.com/autodisc over/autodiscover.xml. Id : 1013Type : ErrorMessage : When contacting https://autodiscover.in.mydomain.com/autodiscover/au todiscover.xml received the error The remote server returned an error : (407) Proxy Authentication Required. Id : 1006Type : ErrorMessage : The Autodiscover service could not be contacted. Output for:Get-WebServicesVirtualDirectory |fl InternalNLBBypassUrl : https://inexc10.in.mydomain.local/ews/exchange .asmxName : EWS (Default Web Site)InternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated}ExternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated}BasicAuthentication : TrueDigestAuthentication : FalseWindowsAuthentication : TrueMetabasePath : IIS://INEXC10.in.mydomain.local/W3SVC/1/ROOT/E WSPath : F:\Exchange 2K7\ClientAccess\exchweb\EWSServer : INEXC10InternalUrl : https://mail.in.mydomain.com/EWS/Exchange.asmxExternalUrl : https://mail.in.mydomain.com/EWS/Exchange.asmxAdminDisplayName : ExchangeVersion : 0.1 (8.0.535.0)DistinguishedName : CN=EWS (Default Web Site),CN=HTTP,CN=Protocols, CN=INEXC10,CN=Servers,CN=Exchange Administrativ e Group (FYDIBOHF23SPDLT),CN=Administrative Gro ups,CN=mydomainIN,CN=Microsoft Exchange,CN=Ser vices,CN=Configuration,DC=in,DC=mydomain,DC=lo calIdentity : INEXC10\EWS (Default Web Site)Guid : ee48a3ae-6c21-4786-bde2-55fbc7e81b0eObjectCategory : in.mydomain.local/Configuration/Schema/ms-Exch -Web-Services-Virtual-DirectoryObjectClass : {top, msExchVirtualDirectory, msExchWebServices VirtualDirectory}WhenChanged : 4/8/2009 12:32:49 PMWhenCreated : 6/25/2008 11:11:20 PMOriginatingServer : INSVR02.in.mydomain.localIsValid : True InternalNLBBypassUrl : https://inexc11.in.mydomain.local/ews/exchange .asmxName : EWS (Default Web Site)InternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated}ExternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated}BasicAuthentication : TrueDigestAuthentication : FalseWindowsAuthentication : TrueMetabasePath : IIS://INEXC11.in.mydomain.local/W3SVC/1/ROOT/E WSPath : F:\Exchange 2K7\ClientAccess\exchweb\EWSServer : INEXC11InternalUrl : https://mail.in.mydomain.local/EWS/Exchange.as mxExternalUrl : https://mail.in.mydomain.com/EWS/Exchange.asmxAdminDisplayName : ExchangeVersion : 0.1 (8.0.535.0)DistinguishedName : CN=EWS (Default Web Site),CN=HTTP,CN=Protocols, CN=INEXC11,CN=Servers,CN=Exchange Administrativ e Group (FYDIBOHF23SPDLT),CN=Administrative Gro ups,CN=mydomainIN,CN=Microsoft Exchange,CN=Ser vices,CN=Configuration,DC=in,DC=mydomain,DC=lo calIdentity : INEXC11\EWS (Default Web Site)Guid : 6eb19af7-e0f6-444b-a67f-ba645fe3cf09ObjectCategory : in.mydomain.local/Configuration/Schema/ms-Exch -Web-Services-Virtual-DirectoryObjectClass : {top, msExchVirtualDirectory, msExchWebServices VirtualDirectory}WhenChanged : 4/1/2009 7:09:10 PMWhenCreated : 6/26/2008 11:41:33 AMOriginatingServer : INSVR02.in.mydomain.localIsValid : True Regards,Kiran
Free Windows Admin Tool Kit Click here and download it now
April 8th, 2009 10:41am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics