Hi, I'm having problems to get working Autodiscovery Service from outside the corporate network. The Scenario is the following: Exchange 2010 Server with all roles being published through TMG. From outside the network all is working nicely, except the autoconfiguration of Outlook 2007. OWA is working fine, and Outlook Anywhere (manually configured) also works great. Certificates are correctly configured, and no error is reported when i use the "Test Autoconfiguration" from outlook If i use the Test-OutlookWebServices PS command from the server (the server can resolve all the possible fqdn) the result is the following (in bold the error): [PS] C:\Windows\system32>Test-OutlookWebServices |fl RunspaceId : ec215358-e3db-442a-a75e-c6c328486277 Id : 1019 Type : Information Message : A valid Autodiscover service connection point was found. The Autodiscover URL on this object is https://tueris.cgnexd.cgn/autodiscover/autodiscover.xml. RunspaceId : ec215358-e3db-442a-a75e-c6c328486277 Id : 1006 Type : Information Message : Contacted the Autodiscover service at https://tueris.cgnexd.cgn/autodiscover/autodiscover.xml. RunspaceId : ec215358-e3db-442a-a75e-c6c328486277 Id : 1016 Type : Information Message : [EXCH] The AS is configured for this user in the AutoDiscover response received from https://tueris.cgnexd.cgn/autodiscover/autodiscover.xml. RunspaceId : ec215358-e3db-442a-a75e-c6c328486277 Id : 1015 Type : Information Message : [EXCH] The OAB is configured for this user in the AutoDiscover response received from https://tueris.cgnexd.cgn/autodiscover/autodiscover.xml. RunspaceId : ec215358-e3db-442a-a75e-c6c328486277 Id : 1014 Type : Information Message : [EXCH] The UM is configured for this user in the AutoDiscover response received from https://tueris.cgnexd.cgn/autodiscover/autodiscover.xml. RunspaceId : ec215358-e3db-442a-a75e-c6c328486277 Id : 1016 Type : Information Message : [EXPR] The AS is configured for this user in the AutoDiscover response received from https://tueris.cgnexd.cgn/autodiscover/autodiscover.xml. RunspaceId : ec215358-e3db-442a-a75e-c6c328486277 Id : 1015 Type : Information Message : [EXPR] The OAB is configured for this user in the AutoDiscover response received from https://tueris.cgnexd.cgn/autodiscover/autodiscover.xml. RunspaceId : ec215358-e3db-442a-a75e-c6c328486277 Id : 1014 Type : Information Message : [EXPR] The UM is configured for this user in the AutoDiscover response received from https://tueris.cgnexd.cgn/autodiscover/autodiscover.xml. RunspaceId : ec215358-e3db-442a-a75e-c6c328486277 Id : 1022 Type : Success Message : Autodiscover was tested successfully. RunspaceId : ec215358-e3db-442a-a75e-c6c328486277 Id : 1024 Type : Success Message : [EXCH] Successfully contacted the AS service at https://tueris.cgnexd.cgn/EWS/Exchange.asmx. The elapsed time was 62 milliseconds. RunspaceId : ec215358-e3db-442a-a75e-c6c328486277 Id : 1026 Type : Success Message : [EXCH] Successfully contacted the UM service at https://tueris.cgnexd.cgn/EWS/Exchange.asmx. The elapsed time was 15 milliseconds. RunspaceId : ec215358-e3db-442a-a75e-c6c328486277 Id : 1013 Type : Error Message : When contacting https://desowa.mydomain.org/EWS/Exchange.asmx received the error The request failed with an empty response. RunspaceId : ec215358-e3db-442a-a75e-c6c328486277 Id : 1025 Type : Error Message : [EXPR] Error contacting the AS service at https://desowa.mydomain.org/EWS/Exchange.asmx. Elapsed time was 0 milliseconds. RunspaceId : ec215358-e3db-442a-a75e-c6c328486277 Id : 1026 Type : Success Message : [EXPR] Successfully contacted the UM service at https://desowa.mydomain.org/EWS/Exchange.asmx. The elapsed time was 15 milliseconds. RunspaceId : ec215358-e3db-442a-a75e-c6c328486277 Id : 1124 Type : Success Message : [Server] Successfully contacted the AS service at https://tueris.cgnexd.cgn/ews/exchange.asmx. The elapsed time was 343 milliseconds. RunspaceId : ec215358-e3db-442a-a75e-c6c328486277 Id : 1126 Type : Success Message : [Server] Successfully contacted the UM service at https://tueris.cgnexd.cgn/ews/exchange.asmx. The elapsed time was 31 milliseconds. RunspaceId : ec215358-e3db-442a-a75e-c6c328486277 Id : 1028 Type : Success Message : [EXPR] Successfully contacted the RPC/HTTP service at https://desowa.mydomain.org/rpc. The elapsed time was 0 milliseconds. RunspaceId : ec215358-e3db-442a-a75e-c6c328486277 Id : 1128 Type : Success Message : [EXPR] Successfully contacted the RPC/HTTP service at https://tueris.cgnexd.cgn/rpc. The elapsed time was 0 milliseconds. Can anybody help me? I have been looking many blogs and resources and all seems correct in my configuration. Thanks in Advance, Monguitronik

Hi, It seems to me a cert issue and this desowa.mydomain.org may not be inculded into the cert as Subject Alternative Name (SAN), the cert which you are using on your exch server. Are u using self signed certificate ? And can u post the result of this EMS command get-exchangeCertificate | FL *Domain* RegardsLaeeq Qazi|Team Lead(Exchange + Sharepoint + BES + DynamicsCRM) www.HostingController.com

Nope, that name is not on the Exchange Server certificate. On the exchange Server certificate I only have the internal names. All the external names are on the certificates that publish through TMG. This is the result of the get-exchangecertificate: CertificateDomains : {owa.cgnexd.cgn, tueris.cgnexd.cgn, tueris} <-- this is the exchange certificate CertificateDomains : {desowa.mydomain.org, autodiscover.mydomain.org, mydomain.org} <-- request made for the TMG certificates (not installed in Exchange Server) CertificateDomains : {TUERIS, TUERIS.cgnexd.cgn} Thanks a lot! Regards,Monguitronik

I finally find the solution... It was a problem with the TMG rules. When Outlook tries to contact, TMG presents a forms based authentication, that Outlook can't understand. I changed the rule, so now it presents and html basic authentication and all works fine. Another option is to have two listeners, one for owa and another for Outlook Anywhere, but this requires more IPs. It's a more secure manner, but in my environment is not needed. Kind Regards,Monguitronik

Dear Sir, Could you tell me where is the location to change the rule.$$ Gary Yuan. http://yuanwenshin.spaces.live.com why0412.blogspot.com