MS Exchange 2007 OOF and Autodiscover Issues
Hi Guys,
I have been having issues setting up and accessing MS Exchange 2007 Webservices, thats is when I try to access OOF from Outlook 2007, It keeps saying, "Server is unavailable", if I try to update the Address book it gives me an object can not be found error
(0x8004010f) message. We constantly get pop-ups to type in our Outlook 2007 credentials. The problem first started when the System Admin I took over from tried to set up Outlook Anywhere about 7 weeks ago. At first it was intermittent in the sense that, one
could access their OOF spontaneously throughout the day, now everyone in the organistaion can't. I have tried to check the Autodiscover settings but it says Autodiscover has failed for every and any user. Since I took over as Sys Admin I have been trying to
get things going but so far no luck.
We have a 3rd Party certificate (In my example I will call our internal domain trev.local and external web as www.trev.com) Our 3rd Party certificate subject name is mail.trev.com - it is issued to trev.local, mail.trev.com, autodiscover.trev.com and our
internal FQDN for the exchange server is server.trev.local (assuming Exchange server name is Server). I have checked everything in IIS and all looks fine. Our ISP's who host our www.trev.com site created DNS settings which we set up in our Secondary zone.
That is autodiscover.trev.com that points to mail.trev.com and SRV Record autodiscover also. For some reason I think I am missing something. Please can someone assist me.
get-clientaccessserver
Name
----
Server
I checked Autodiscover via Outlook's Test email Configuration and it shows the following:
864 608707102 07/22/11 09:03:30 Attempting URL https://server.trev.local/autodiscover/autodiscover.xml found through SCP
864 608707102 07/22/11 09:03:30 Autodiscover to https://server.trev.local/autodiscover/autodiscover.xml starting
864 608707399 07/22/11 09:03:30 Autodiscover to https://server.trev.local/autodiscover/autodiscover.xml FAILED (0x80072F0C)
test-outlookwebservices
Id : 1003
Type : Information
Message : About to test AutoDiscover with the e-mail address administrator@trev.com
Id : 1007
Type : Information
Message : Testing server MYGATESERVER.mygate.local with the published name https://server.trev.local/EWS/Exchange.asmx & https://mail.trev.com/EWS/Exchange.a
smx.
Id : 1019
Type : Information
Message : Found a valid AutoDiscover service connection point. The AutoDiscover URL on this object is https://server.trev.local/autodiscover/autodiscover.xml.
Id : 1006
Type : Information
Message : The Autodiscover service was contacted at https://server.trev.local/autodiscover/autodiscover.xml.
Id : 1016
Type : Success
Message : [EXCH]-Successfully contacted the AS service at https://server.trev.local/EWS/Exchange.asmx. The elapsed time was 65 milliseconds.
Id : 1015
Type : Success
Message : [EXCH]-Successfully contacted the OAB service at https://server.trev.local/EWS/Exchange.asmx. The elapsed time was 0 milliseconds.
Id : 1014
Type : Success
Message : [EXCH]-Successfully contacted the UM service at https://server.trev.local/unifiedmessaging/service.asmx. The elapsed time was 999 milliseconds.
Id : 1013
Type : Error
Message : When contacting https://mail.trev.com/EWS/Exchange.asmx received the error The request failed with HTTP status 401: Unauthorized.
Id : 1016
Type : Error
Message : [EXPR]-Error when contacting the AS service at https://mail.trev.com/EWS/Exchange.asmx. The elapsed time was 499 milliseconds.
Id : 1015
Type : Success
Message : [EXPR]-Successfully contacted the OAB service at https://mail.trev.com/EWS/Exchange.asmx. The elapsed time was 0 milliseconds.
Id : 1014
Type : Success
Message : [EXPR]-Successfully contacted the UM service at https://mail.trev.com/unifiedmessaging/service.asmx. The elapsed time was 42 milliseconds.
Id : 1013
Type : Error
Message : When contacting https://mail.trev.com/Rpc received the error The remote server returned an error: (403) Forbidden.
Id : 1017
Type : Error
Message : [EXPR]-Error when contacting the RPC/HTTP service at https://mail.trev.com/Rpc. The elapsed time was 101 milliseconds.
Id : 1006
Type : Success
Message : The Autodiscover service was tested successfully.
Id : 1021
Type : Information
Message : The following web services generated errors.
As, in EXPR
Contacting server in EXPR
Please use the prior output to diagnose and correct the errors.
The online www.testexchangeconnectivity.com shows the following errors:
1.)
Testing the SSL certificate to make sure it's valid.
The SSL certificate failed one or more certificate validation checks.
Test Steps
ExRCA is attempting to obtain the SSL certificate from remote server trev.com on port 443.
ExRCA wasn't able to obtain the remote SSL certificate.
Additional Details
The certificate couldn't be validated because SSL negotiation wasn't successful. This could have occurred as a result of a network error or because of a problem with the certificate installation.
Attempting to test potential Autodiscover URL https://autodiscover.trev.com/AutoDiscover/AutoDiscover.xml
Testing of this potential Autodiscover URL failed.
2.) Attempting to test potential Autodiscover URL https://mail.trev.com/Autodiscover/Autodiscover.xml
Testing of this potential Autodiscover URL failed.
Test Steps
Attempting to resolve the host name mail.trev.com in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 1xx.xxx.xxx.xxx
Testing TCP port 443 on host mail.trev.com to ensure it's listening and open.
The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
The SSL certificate failed one or more certificate validation checks.
Test Steps
ExRCA is attempting to obtain the SSL certificate from remote server mail.trev.com on port 443.
ExRCA wasn't able to obtain the remote SSL certificate.
Additional Details
The certificate couldn't be validated because SSL negotiation wasn't successful. This could have occurred as a result of a network error or because of a problem with the certificate installation.
A test Exchange Certificate returns:
AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAccess
Rule}
CertificateDomains : {mail.trev.com, autodiscover.trev.com, trev.com, trev.local, remote.trev.com, server.trev.local}
HasPrivateKey : True
IsSelfSigned : False
Can someone please tell me what the problem is? Is it a SSL Certificate misconfiguration or Autodiscover. Do I have to create any autodiscover record in the local trev.local DNS Zone? Pleasekindly assist.
If you notice I change the Autodiscover Internal Url and webservicesvirtualdirectory to https://server.trev.local from mail.trev.com is this right? We are using a 3rd party certie as mentioned above with IMAP, POP, SMTP and IIS services.
Please kindly assist. Thank you in advance
July 25th, 2011 11:55am
Hi,
Here are my finds and suggestion:
1.
The autodiscover service internal URL
https://server.trev.local/autodiscover/autodiscover.xml was found through SCP; this is correct.
2.
The internal URL above is resolved successfully but not accessible due to error 0x80072F0C, which means ERROR_INTERNET_CLIENT_AUTH_CERT_NEEDED; what’s
why you are not able to access OOF and OAB in Outlook.
However, you asked about if you should create a DNS record, so I guess the URL is pointing to another server instead of your CAS server.
Therefore, I suggest you ping the URL above and make sure it is pointing to your CAS server’s internal IP address.
3.
Regarding the Online test, it is a normal test and we need to analize the outcome with other test.
I tested the URL
https://trev.com &
https://autodiscover.trev.com/AutoDiscover/AutoDiscover.xml; it returned different web pages, which are
NOT expected.
Moreover, it displays a certificate mismatch error, where *.gridserver.com is used.
My suggestion is:
a). Verify your External DNS record, and make sure the URL
https://trev.com &
https://autodiscover.trev.com/AutoDiscover/AutoDiscover.xml is pointing to the external IP address of your CAS server.
b). Verify your CAS server’s virtual directory, make sure there is no any redirection or web application. Note that, an Exchange server
should not contain any web application.
c). Verify the certificate installed on your CAS server. See step5.
4.
You received error 1016, 1013 & 10017, which is pointing to the external URL of the availability service and the URL of Outlook Anywhere; this may occur
if the virtual directories is not correctly setup, or the certificate related issue.
So, I’d suggest you verify the permission settings. See “Default
settings for Exchange-related virtual directories in Exchange Server 2007”.
Besides, verify and make sure the certificate for mail.trev.com is installed on the CAS server.
5.
The outcome returned by the certificate test appears normal, the CN name is correct. However, there is not service items displays.
So, run Get-ExchangeCertificate again on the CAS server, make sure this certificate with the CN names listed is enabled for
IIS service.
Good luck.
Fiona
Free Windows Admin Tool Kit Click here and download it now
July 27th, 2011 4:42am