I have a single server running Win 2008 w/ Exchange 2007 and I'm trying to get Outlook Anywhere working from a workstation running Outlook 2007 outside the office. I've setup a UC SSL Cert with autodiscover.domain.local, autodiscover.domain.com, mail.domain.com, domain.com, and server.domain.com and server.domain.local configured. OWA is working correctly. I've setup external dns to point to autodiscover.domain.com and server.domain.com initially. For some reason, whenever I try to use the Autodiscover service, the server keeps requesting me to authenticate. I tried setting up the settings by putting server.domain.com and msstderver.domain.com with basic authentication and get the same thing.Any help with this would be greatly appreciated. I've been working on this problem for three days and I haven't been able to find anything online to help me with it.

Dear customer: Thank you for posting in the Microsoft TechNet forums! In order to better troubleshoot the issue, please provide me with the following information: 1. What is the mean of use the Autodiscover service? Please explain it more clearly. 2. Send the screenshot of the error that kept requesting you to authenticate to v-rocwan@microsoft.com. 3. Did you install Exchange server 2007 SP1? 4. On the Exchange server 2007, open EMS, run the following cmd-let, post the result to the forums: get-exchangecertificate | fl * Get-OutlookAnywhere -Server servername | fl * Test-OutlookWebServices e2007user1@fourthcoffee.com | fl 5. Make sure you can access the known Autodiscover service addresses: https://autodiscover.domain.com/autodiscover/autodiscover.xml or https://domain.com/autodiscover/autodiscover.xml 6. Open IIS Manager, Is the Autodiscover virtual directory in the correct application pool (MSExchangeAutodiscoverAppPool)? 7. On Exchange server 2007, open Event Viewer, right click Application, select save log file as .evt file, send the .evt file to v-rocwan@microsoft.com. 8. Run Exbpa tool on Exchange server 2007, and send the .xml file to v-rocwan@microsoft.com, you can perform the following steps: 1) Open EMC, navigate to Toolbox, open Best Practices Analyzer, 2) Click select options for a new scan. 3) Input the name of DC; make sure you are using Exchange Administrator account and Domain User account. 4) Click "Connect to the Active Directory Server" 5) Select entire Organization as the Scan Scope, type "Health Check" 6) Click "Start Scanning" 7) When the scan finishes, Click "View a report" in the left pane and click the report in the right pane 8) Click "Export report", select the type as XML (will save entire data file). 9) Compress the XML and send it to v-rocwan@microsoft.com. Please let me know the information above so that I can provide further assistance on this problem. I am looking forward to your reply. If anything is unclear, please feel free to let us know. Rock Wang - MSFT

Rock, I've responded below and also emailed you with a clean version of my below results. Dear customer: Thank you for posting in the Microsoft TechNet forums! In order to better troubleshoot the issue, please provide me with the following information: 1. What is the mean of use the Autodiscover service? Please explain it more clearly. I've setup autodiscover.domain.com to work both inside and outside the firewall in DNS. 2. Send the screenshot of the error that kept requesting you to authenticate to v-rocwan@microsoft.com. This is basically the login prompt you would get when using owa. I get stuck in a loop when trying to access email from outside the firewall though I'm able to reach both autodiscover urls. 3. Did you install Exchange server 2007 SP1? yes 4. On the Exchange server 2007, open EMS, run the following cmd-let, post the result to the forums: get-exchangecertificate | fl * AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAccCertificateDomains : {domain.com, autodiscover.domain.com, autodiscover.domain.local, server.domain.com, server.domain.local, mail.domain.com}CertificateRequest :IisServices : {IIS://server/W3SVC/1}IsSelfSigned : FalseKeyIdentifier : 643235A4418ECC6937DF5C0EDC7182721B28F0A2RootCAType : ThirdPartyServices : IMAP, POP, UM, IIS, SMTPStatus : ValidPrivateKeyExportable : TrueArchived : FalseExtensions : {System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.SFriendlyName : Microsoft ExchangeIssuerName : System.Security.Cryptography.X509Certificates.X500DistinguishedNameNotAfter : 6/5/2009 4:59:59 PMNotBefore : 6/9/2008 5:00:00 PMHasPrivateKey : TruePrivateKey : System.Security.Cryptography.RSACryptoServiceProviderPublicKey : System.Security.Cryptography.X509Certificates.PublicKeyRawData : {48, 130, 5, 52, 48, 130, 4, 28, 160, 3, 2, 1, 2, 2, 16, 6...}SerialNumber : 065C35D03952F9D6FB02DACE923387BDSubjectName : System.Security.Cryptography.X509Certificates.X500DistinguishedNameSignatureAlgorithm : System.Security.Cryptography.OidThumbprint : 10CE8FE2E69FDEBAA09973F801A78D7D8C8E4D73Version : 3Handle : 495946896Issuer : CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, S=Greater Manchester, C=GBSubject : CN=domain.com, OU=Comodo Unified Communications, O=DELTA WRX LLC, STREET=21700 Oxnard Street, L=Woodland Hills, S=California, PostalCode=91367, AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAccCertificateDomains : {domain.com, autodiscover.deltatwrx.com, autodiscover.domain.local, server.domain.com, server.domain.local, mail.domain.com}CertificateRequest :IisServices : {}IsSelfSigned : FalseKeyIdentifier : A274286EF059C4151C2D6B3E81BA3AA49A83A608RootCAType : ThirdPartyServices : IMAP, POP, UM, SMTPStatus : ValidPrivateKeyExportable : TrueArchived : FalseExtensions : {System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.SFriendlyName : Microsoft ExchangeIssuerName : System.Security.Cryptography.X509Certificates.X500DistinguishedNameNotAfter : 6/5/2009 4:59:59 PMNotBefore : 6/4/2008 5:00:00 PMHasPrivateKey : TruePrivateKey : System.Security.Cryptography.RSACryptoServiceProviderPublicKey : System.Security.Cryptography.X509Certificates.PublicKeyRawData : {48, 130, 5, 54, 48, 130, 4, 30, 160, 3, 2, 1, 2, 2, 17, 0...}SerialNumber : 00A6B78C9290D2826CEA2B034D4D94BBC5SubjectName : System.Security.Cryptography.X509Certificates.X500DistinguishedNameSignatureAlgorithm : System.Security.Cryptography.OidThumbprint : EDCEFADF22B3B0E601F93969021ABCA6C7F19E93Version : 3Handle : 495946768Issuer : CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, S=Greater Manchester, C=GBSubject : CN=domain.com, OU=Comodo Unified Communications, O=DELTA WRX LLC, STREET=21700 Oxnard Street, L=Woodland Hills, S=California, PostalCode=91367, AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAccessRule}CertificateDomains : {mail.domain.com, server.domain.local, autodiscover.domain.local, autodiscover.domain.com, server.domain.com}CertificateRequest : MIIDZzCCAtACAQAwgYExGjAYBgNVBAMMEW1haWwuZGVsdGF3cnguY29tMSgwJgYD VQQKDB9EZWx0YXdyeCBNYW5hZ2VtZW50IENvbnN1bHRhbnRzMRcwFQYDVQQHDA5X b29kbGFuZCBIaWxsczETMBEGA1UECAwKQ2FsaWZvcm5pYTELMAkGA1UEBhMCVVMw gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKbAWh9eDOi9evyuSIA5dZwJo3y8 mc2S0X6cp64PmxA7ubGQJbGJkICIio9vljKL3RAuKlEiSaGrk5ILf0OqV3BY99dJ 6WX6AWPkwpm76+6eVP7QWIdeZAaWs9ESTTbFh2hMIpFNT+lxWPsbGEMwmMs+CxA8 DWd5VTqMn6zaksmRAgMBAAGgggGjMBoGCisGAQQBgjcNAgMxDBYKNi4wLjYwMDEu MjBRBgkrBgEEAYI3FRQxRDBCAgEFDBVob2JiZXMuZGVsdGF3cngubG9jYWwMFkRF TFRBV1JYXEFkbWluaXN0cmF0b3IMDnBvd2Vyc2hlbGwuZXhlMHIGCisGAQQBgjcN AgIxZDBiAgEBHloATQBpAGMAcgBvAHMAbwBmAHQAIABSAFMAQQAgAFMAQwBoAGEA bgBuAGUAbAAgAEMAcgB5AHAAdABvAGcAcgBhAHAAaABpAGMAIABQAHIAbwB2AGkA ZABlAHIDAQAwgb0GCSqGSIb3DQEJDjGBrzCBrDAOBgNVHQ8BAf8EBAMCBaAwbQYD VR0RBGYwZIIVaG9iYmVzLmRlbHRhd3J4LmxvY2FsghthdXRvZGlzY292ZXIuZGVs dGF3cngubG9jYWyCGWF1dG9kaXNjb3Zlci5kZWx0YXdyeC5jb22CE2hvYmJlcy5k ZWx0YXdyeC5jb20wDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUpgwmVNV7h5CIrxK+ 9J53MvNHKygwDQYJKoZIhvcNAQEFBQADgYEAi7sTiDSVpk+8m0yyzsakGoRjf6kT 7kxfiwKyS9eAmcIy7Oyvs/AVl5JWdo8Uv+sESEqeqWDfZ+nJ/7lKtuwXYtJiaJVQ /+bkVJdfOSJcu/WuQgp8sXyD79Y4qmIiAeK92nPmqwNzLyzJZ7PBV1bL/njUURdZ AUw5qfS1MBtHWSA= stIeh??IisServices : {}IsSelfSigned : TrueKeyIdentifier : A60C2654D57B879088AF12BEF49E7732F3472B28RootCAType : NoneServices : NoneStatus : ValidPrivateKeyExportable : TrueArchived : FalseExtensions : {System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.SFriendlyName : Microsoft ExchangeIssuerName : System.Security.Cryptography.X509Certificates.X500DistinguishedNameNotAfter : 6/2/2009 10:52:50 PMNotBefore : 6/2/2008 10:32:50 PMHasPrivateKey : TruePrivateKey : System.Security.Cryptography.RSACryptoServiceProviderPublicKey : System.Security.Cryptography.X509Certificates.PublicKeyRawData : {48, 130, 3, 111, 48, 130, 2, 216, 160, 3, 2, 1, 2, 2, 16, 105...}SerialNumber : 69341AC2353F1DB14A6BE6E2AB427C2BSubjectName : System.Security.Cryptography.X509Certificates.X500DistinguishedNameSignatureAlgorithm : System.Security.Cryptography.OidThumbprint : C0A24FA46A45113DF171E229FF115FA408083D4CVersion : 3Handle : 495946000Issuer : C=US, S=California, L=Woodland Hills, O=domain Management Consultants, CN=mail.domain.comSubject : C=US, S=California, L=Woodland Hills, O=domain Management Consultants, CN=mail.domain.com AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAccessRule}CertificateDomains : {mail.domain.com, server.local, server, server.domain.local, server.domain.com, autodiscover.domain.com, autodiscover.domain.local, delCertificateRequest : MIIDtDCCAx0CAQAwgYExGjAYBgNVBAMMEW1haWwuZGVsdGF3cnguY29tMSgwJgYD VQQKDB9EZWx0YXdyeCBNYW5hZ2VtZW50IENvbnN1bHRhbnRzMRcwFQYDVQQHDA5X b29kbGFuZCBIaWxsczETMBEGA1UECAwKQ2FsaWZvcm5pYTELMAkGA1UEBhMCVVMw gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKOEIFUfKn9L3/KrdB1jLKrpJsLY iSReSZyCKCAdnxYbI2eNtZaBNhTDJeooNgHvYezgBdUtYmF/IOh/jXcd9aP0bRgN sOkulLt8MtSD+O5tZyC+HyRf4m5Ds/ANGX54cVyrSe0PgTkDE/Yv0LVzeQNnmGQx wzkzkAdjszZ7ioaNAgMBAAGgggHwMBoGCisGAQQBgjcNAgMxDBYKNi4wLjYwMDEu MjBRBgkrBgEEAYI3FRQxRDBCAgEFDBVob2JiZXMuZGVsdGF3cngubG9jYWwMFkRF TFRBV1JYXEFkbWluaXN0cmF0b3IMDnBvd2Vyc2hlbGwuZXhlMHIGCisGAQQBgjcN AgIxZDBiAgEBHloATQBpAGMAcgBvAHMAbwBmAHQAIABSAFMAQQAgAFMAQwBoAGEA bgBuAGUAbAAgAEMAcgB5AHAAdABvAGcAcgBhAHAAaABpAGMAIABQAHIAbwB2AGkA ZABlAHIDAQAwggEJBgkqhkiG9w0BCQ4xgfswgfgwDgYDVR0PAQH/BAQDAgWgMIG4 BgNVHREEgbAwga2CDGhvYmJlcy5sb2NhbIIGaG9iYmVzghVob2JiZXMuZGVsdGF3 cngubG9jYWyCE2hvYmJlcy5kZWx0YXdyeC5jb22CGWF1dG9kaXNjb3Zlci5kZWx0 YXdyeC5jb22CG2F1dG9kaXNjb3Zlci5kZWx0YXdyeC5sb2NhbIIMZGVsdGF3cngu Y29tgg5kZWx0YXdyeC5sb2NhbIITbWFpbC5kZWx0YXdyeC5sb2NhbDAMBgNVHRMB Af8EAjAAMB0GA1UdDgQWBBSgnTo3CjWkgctmfesM3VwWt7JSpzANBgkqhkiG9w0B AQUFAAOBgQAg/qyDGjv93JxXoNBfrKaVPcAEG+olS6keVbsHkJGIARDKROFE3BHx xzhuJ795jwYyjwTd1cX70AACZCuYaAIvj0AyzPFm6o+inzxibkeWXNpT4KYjYUyY k5u/wVnveouTVimmKx3Sfr3yZA3midg2rh7WezlR7BOZMZmubk9tjA== net1.crlrI_?w??IisServices : {}IsSelfSigned : TrueKeyIdentifier : A09D3A370A35A481CB667DEB0CDD5C16B7B252A7RootCAType : NoneServices : NoneStatus : ValidPrivateKeyExportable : TrueArchived : FalseExtensions : {System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.SFriendlyName : Microsoft ExchangeIssuerName : System.Security.Cryptography.X509Certificates.X500DistinguishedNameNotAfter : 5/26/2009 11:46:14 PMNotBefore : 5/26/2008 11:26:14 PMHasPrivateKey : TruePrivateKey : System.Security.Cryptography.RSACryptoServiceProviderPublicKey : System.Security.Cryptography.X509Certificates.PublicKeyRawData : {48, 130, 3, 189, 48, 130, 3, 38, 160, 3, 2, 1, 2, 2, 16, 112...}SerialNumber : 7004B22AD46595AF421492E024F3FFEDSubjectName : System.Security.Cryptography.X509Certificates.X500DistinguishedNameSignatureAlgorithm : System.Security.Cryptography.OidThumbprint : 98156408F1CA654872D5966D45FB950045121E87Version : 3Handle : 495948176Issuer : C=US, S=California, L=Woodland Hills, O=domain Management Consultants, CN=mail.domain.comSubject : C=US, S=California, L=Woodland Hills, O=domain Management Consultants, CN=mail.domain.com AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAccCertificateDomains : {server, server.domain.local}CertificateRequest :IisServices : {}IsSelfSigned : TrueKeyIdentifier : 6874F124BDA73AB6AB3D3EB61632116F510C61C5RootCAType : RegistryServices : UM, SMTPStatus : ValidPrivateKeyExportable : FalseArchived : FalseExtensions : {System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security.Cryptography.Oid}FriendlyName : Microsoft ExchangeIssuerName : System.Security.Cryptography.X509Certificates.X500DistinguishedNameNotAfter : 5/4/2009 3:39:09 PMNotBefore : 5/4/2008 3:39:09 PMHasPrivateKey : TruePrivateKey : System.Security.Cryptography.RSACryptoServiceProviderPublicKey : System.Security.Cryptography.X509Certificates.PublicKeyRawData : {48, 130, 3, 11, 48, 130, 1, 243, 160, 3, 2, 1, 2, 2, 16, 232...}SerialNumber : E840E89CACA0FD9440BF94EF826EE08ESubjectName : System.Security.Cryptography.X509Certificates.X500DistinguishedNameSignatureAlgorithm : System.Security.Cryptography.OidThumbprint : 6FDA8E0FD0A44F2E8DF4AD4703C1171AD08438D6Version : 3Handle : 495942800Issuer : CN=serverSubject : CN=server

Get-OutlookAnywhere -Server servername | fl * [PS] C:\Windows\System32>get-outlookanywhere -server server | fl * ServerName : serverSSLOffloading : FalseExternalHostname : server.domain.comClientAuthenticationMethod : NtlmIISAuthenticationMethods : {Basic}MetabasePath : IIS://server.domain.local/W3SVC/1/ROOT/RpcPath : C:\Windows\System32\RpcProxyServer : serverAdminDisplayName :ExchangeVersion : 0.1 (8.0.535.0)Name : Rpc (Default Web Site)DistinguishedName : CN=Rpc (Default Web Site),CN=HTTP,CN=Protocols,CN=server,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=domain,DC=localIdentity : server\Rpc (Default Web Site)Guid : 8aa6878c-0785-4c17-97f2-1f8b0673456dObjectCategory : domain.local/Configuration/Schema/ms-Exch-Rpc-Http-Virtual-DirectoryObjectClass : {top, msExchVirtualDirectory, msExchRpcHttpVirtualDirectory}WhenChanged : 6/10/2008 6:58:00 PMWhenCreated : 6/6/2008 6:21:30 PMOriginatingServer : server.domain.localIsValid : True Test-OutlookWebServices e2007user1@fourthcoffee.com | fl PS] C:\Windows\System32>test-outlookwebservices rmiller@domain.com | fl Id : 1003Type : InformationMessage : About to test AutoDiscover with the e-mail address RMiller@domain.com. Id : 1006Type : InformationMessage : The Autodiscover service was contacted at https://server.domain.local/Autodiscover/Autodiscover.xml. Id : 1016Type : SuccessMessage : [EXCH]-Successfully contacted the AS service at https://server.domain.local/EWS/Exchange.asmx. The elapsed time was 44 milliseconds. Id : 1015Type : SuccessMessage : [EXCH]-Successfully contacted the OAB service at https://server.domain.local/EWS/Exchange.asmx. The elapsed time was 0 milliseconds. Id : 1014Type : SuccessMessage : [EXCH]-Successfully contacted the UM service at https://server.domain.local/UnifiedMessaging/Service.asmx. The elapsed time was 3 milliseconds. Id : 1013Type : ErrorMessage : When contacting https://server.domain.com/EWS/Exchange.asmx received the error The request failed with HTTP status 401: Unauthorized. Id : 1016Type : ErrorMessage : [EXPR]-Error when contacting the AS service at https://server.domain.com/EWS/Exchange.asmx. The elapsed time was 11 milliseconds. Id : 1015Type : SuccessMessage : [EXPR]-Successfully contacted the OAB service at https://server.domain.com/EWS/Exchange.asmx. The elapsed time was 0 milliseconds. Id : 1014Type : InformationMessage : [EXPR]-The UM is not configured for this user. Id : 1017Type : SuccessMessage : [EXPR]-Successfully contacted the RPC/HTTP service at https://server.domain.com/Rpc. The elapsed time was 83 milliseconds. Id : 1006Type : SuccessMessage : The Autodiscover service was tested successfully. Id : 1021Type : InformationMessage : The following web services generated errors. As in EXPR Please use the prior output to diagnose and correct the errors. 5. Make sure you can access the known Autodiscover service addresses: https://autodiscover.domain.com/autodiscover/autodiscover.xml or https://domain.com/autodiscover/autodiscover.xml <?xml version="1.0" encoding="utf-8" ?> - <Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">- <Response>- <Error Time="17:28:47.4640560" Id="3794497073"> <ErrorCode>600</ErrorCode> <Message>Invalid Request</Message> <DebugData /> </Error> </Response> </Autodiscover> ------------------------------ <?xml version="1.0" encoding="utf-8" ?> - <Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">- <Response>- <Error Time="17:30:57.0094755" Id="3794497073"> <ErrorCode>600</ErrorCode> <Message>Invalid Request</Message> <DebugData /> </Error> </Response> </Autodiscover> 6. Open IIS Manager, Is the Autodiscover virtual directory in the correct application pool (MSExchangeAutodiscoverAppPool)? I confirmed this. 7. On Exchange server 2007, open Event Viewer, right click Application, select save log file as .evt file, send the .evt file to v-rocwan@microsoft.com. I sent this to you 8. Run Exbpa tool on Exchange server 2007, and send the .xml file to v-rocwan@microsoft.com, you can perform the following steps: 1) Open EMC, navigate to Toolbox, open Best Practices Analyzer, 2) Click select options for a new scan. 3) Input the name of DC; make sure you are using Exchange Administrator account and Domain User account. 4) Click "Connect to the Active Directory Server" 5) Select entire Organization as the Scan Scope, type "Health Check" 6) Click "Start Scanning" 7) When the scan finishes, Click "View a report" in the left pane and click the report in the right pane 8) Click "Export report", select the type as XML (will save entire data file). 9) Compress the XML and send it to v-rocwan@microsoft.com. I sent this to you. Please let me know the information above so that I can provide further assistance on this problem. I am looking forward to your reply. If anything is unclear, please feel free to let us know. Rock Wang - MSFT

Dear Robert: Thanks for your reply. I cant open the app_061108.evtx file, please ensure the files extension is .evt, and you can open it on your computer. Please send it again. From the Exbpa log file, I found the following two warning information, the detail information is send to your mailbox. Certificate principal mismatch : Certificate principal mismatch : I want to confirm the following information with you: 1. from the get-exchangecertificate |fl * cmd-let, I found there are five certificates on your Exchange server, in order to determine which certificate is used by IIS, please perform the following steps: a) On Exchange server 2007, open IIS manager, navigate to default web site, right click it, select properties, click directory security, click view certificate, click detail, click Subject Alternative Name and thumbprint, b) send the screenshot of it to v-rocwan@microsoft.com, 2. Did you install any certificate at an earlier time? 3. On Exchange server 2007, run the following command, send the result txt file to v-rocwan@microsoft.com: Get-OutlookProvider EXPR | fl >c:\outlookprovider.txt Get-WebServicesVirtualDirectory | fl >c:\WebServicesVirtualDirectory.txt Get-ClientAccessServer | fl >c:\ClientAccessServer.txt 4. I noticed you mentioned you tried setting up the settings by putting server.domain.com and msstderver.domain.com with basic authentication and get the same thing, please send the screenshot of it to v-rocwan@microsoft.com, 5. Perform the following steps to enable Outlook logging, and send the log file to me. a) Launch Outlook. b) Select Options from the Tools menu. c) Select the Other tab. d) Click the Advanced Options button. e) Enable the Enable logging (troubleshooting) check box. f) Click OK. You receive a prompt reporting that logging take effect the next time you restart Outlook. g) Restart Outlook. h) Reproduce the issue, When Outlook launches a log file is generated and updated as the launch occurs. This file is located in your users TEMP folder. By default that is in the following location: C:\Documents and Settings\<User Name>\Local Settings\Temp Name of file: olkdisc.log. i) Send the log file to v-rocwan@microsoft.com. Additionally, you can try to perform the following steps to fix the issue: On Exchange server 2007, open EMS, run the following cmd-let, Set-OutlookAnywhere -Name:CAS01 -DefaultAuthenticationMethod:Basic Check the effect; please let me know the result. Thanks for cooperation. if you have any question, please feel free to let me know. Rock Wang - MSFT

I cant open the app_061108.evtx file, please ensure the files extension is .evt, and you can open it on your computer. Please send it again. I've saved this as a tab separated file. I'm running a Win 2008 server and the .evtx file is the new file format. I'm unable to "Save As" .evt. From the Exbpa log file, I found the following two warning information, the detail information is send to your mailbox. Certificate principal mismatch : Certificate principal mismatch : I responded to your email about the certificate mismatch. I want to confirm the following information with you: 1. from the get-exchangecertificate |fl * cmd-let, I found there are five certificates on your Exchange server, in order to determine which certificate is used by IIS, please perform the following steps: a) On Exchange server 2007, open IIS manager, navigate to default web site, right click it, select properties, click directory security, click view certificate, click detail, click Subject Alternative Name and thumbprint, b) send the screenshot of it to v-rocwan@microsoft.com, This will be in the email. 2. Did you install any certificate at an earlier time? I created a few different CSR requests when figuring out how to setup the UC cert but I only should have three installed on the server using EMS, the one which is created by default in Exchange 2007 install, a cert which has one of the SAN names spelled incorrectly, and a third one which should have everything correct.There aretwo additional certs which were imported as part of the process of setting up Comodo certificate.I'll include those in my email. 3. On Exchange server 2007, run the following command, send the result txt file to v-rocwan@microsoft.com: Get-OutlookProvider EXPR | fl >c:\outlookprovider.txt Get-WebServicesVirtualDirectory | fl >c:\WebServicesVirtualDirectory.txt Get-ClientAccessServer | fl >c:\ClientAccessServer.txt Emailed. 4. I noticed you mentioned you tried setting up the settings by putting server.domain.com and msstderver.domain.com with basic authentication and get the same thing, please send the screenshot of it to v-rocwan@microsoft.com, Emailed 5. Perform the following steps to enable Outlook logging, and send the log file to me. a) Launch Outlook. b) Select Options from the Tools menu. c) Select the Other tab. d) Click the Advanced Options button. e) Enable the Enable logging (troubleshooting) check box. f) Click OK. You receive a prompt reporting that logging take effect the next time you restart Outlook. g) Restart Outlook. h) Reproduce the issue, When Outlook launches a log file is generated and updated as the launch occurs. This file is located in your users TEMP folder. By default that is in the following location: C:\Documents and Settings\<User Name>\Local Settings\Temp Name of file: olkdisc.log. i) Send the log file to v-rocwan@microsoft.com. DONE Additionally, you can try to perform the following steps to fix the issue: On Exchange server 2007, open EMS, run the following cmd-let, Set-OutlookAnywhere -Name:CAS01 -DefaultAuthenticationMethod:Basic Check the effect; please let me know the result. I tried to run the above command but I got an error message which I've emailed to you. Thanks for cooperation. if you have any question, please feel free to let me know. Rock Wang - MSFT

Dear customer: Thanks for your reply. Certificate principal mismatch error means there are some issue on the two certificates. In order to now which certificate you used it for default web site, please provide me with the following information. 1. On Exchange server 2007, open IIS manager, navigate to default web site, right click it, select properties, click directory security, click view certificate, click detail, click thumbprint, 2. Send the screenshot of it to v-rocwan@microsoft.com. From your outlook anywhere error txt file, I found the following information, when you run Set-OutlookAnywhere -Name:CAS01 -DefaultAuthenticationMethod:Basic cmd-let, system prompt you to input the virtual directorys identity. cmdlet set-outlookanywhere at command pipeline position 1 Supply values for the following parameters: Identity: This parameter specifies the name or GUID of the virtual directory. It is represented as: ServerName\VirtualDirectoryName (WebsiteName). You can also get the identity from get-outlookanywhere | fl cmd-let. Additionally, you can perform the following steps to achieve the same goal: On Exchange server 2007, open EMC, navigate to server configuration- client access, right click servername, select properties,click outlook anywhere, under client authentication method, select basic authentication, Click OK. Wait for few minutes and check the effect. On Outlook 2007, in Microsoft Exchange proxy setting unchecks only connect to proxy server option, and under proxy authentication setting, select basic authentication. Open Outlook 2007, and check the effect, please let me know the result. When you enable Outlook 2007 logging, the fastest way to get the log file is to follow the following steps: 1. Click your Windows Start button. 2. Select Run. 3. Enter the following: %temp% 4. Click OK. You are now in the correct folder and can locate the olkdisc.log file. Send the file to v-rocwan@microsoft.com. Thanks for cooperation. If anything is unclear, please feel free to let us know. Rock Wang - MSFT

Rock,I made those last couple of changes you suggested and everything seems to be working all of a sudden. I'm not quite sure what I did though. Is there anyway you could give me step by step instructions on setting up Outlook Anywhere so I can try and do this from scratch on another test server. I feel like I've been wondering in the dark for days so I'm not sure i could set this up again on a new server without some kind of Best Practice steps. Most of the different websites & forums I've gone to have listed different ways to set this up and I've found none of them to be complete so far.

Dear Robert: I am so glad to know the issue has been solved. From your certificate thumbprint file, I can determine the thumbprint of the certificate that you are using is 10CE8FE.. You can find it in the output of get-exchangecertificate | fl * cmd-let. From your olkdisc.log file, the last autodiscover is succeeded. 5004 691611656 06/13/08 11:55:23 Autodiscover to https://domain.com/autodiscover/autodiscover.xml starting 5004 691614515 06/13/08 11:55:25 Autodiscover XML Received ---BEGIN XML--- ----END XML---- 5004 691614546 06/13/08 11:55:25 Autodiscover to https://domain.com/autodiscover/autodiscover.xml succeeded (0x00000000) According to your issue, when you run Set-OutlookAnywhere -Name:CAS01 -DefaultAuthenticationMethod:Basic, the issue seems to resolved. The other settting are all correct. Anyway, to enable Outlook Anywhere, you must follow these steps in order: 1. Install a valid Secure Sockets Layer (SSL) certificate from a certification authority (CA) that is trusted by Outlook clients. 2. Install the Windows RPC over HTTP proxy component. 3. Enable Outlook Anywhere on an Exchange 2007 Client Access server by using the Enable Outlook Anywhere Wizard. 4. Configure Exchange services, such as the Availability service, for external access. For more information about it, please refer to the following document: How to Configure Exchange Services for the Autodiscover Service http://technet.microsoft.com/en-us/library/bb201695(EXCHG.80).aspx When you install Exchange 2007, you can install a default SSL certificate that is created by Exchange Setup. However, this certificate is not a trusted SSL certificate and will not work for Outlook Anywhere. Outlook Anywhere uses the Autodiscover service to provide the external URLs for the Exchange services such as the Availability service and the offline address book. After you configure your Exchange 2007 deployment for Outlook Anywhere, you must configure the external URLs for these services for your Outlook 2007 clients to access these services from the Internet. For more information about autodiscover, you can refer to the following documents: White Paper: Exchange 2007 Autodiscover Service http://technet.microsoft.com/en-us/library/bb332063(EXCHG.80).aspx Thanks again and have a great day! Rock Wang - MSFT