I'm at my wits' end with some Exchange problems and Google hasn't been very helpful. One domain user gets prompted by Outlook for her username and password (looks like a basic authentication prompt), even though she's logged in with a domain account. She has always gotten this prompt, no one else ever has. When I try to test Autodiscover using her Outlook diagnostics, it fails. Other users are fine, even when logged into her PC. OWA shows a basic authentication prompt for some users, not all, instead of using the forms-based login. About two weeks ago, one (existing) user noticed a new folder under his Inbox named Sync Errors, rapidly filling with messages. He was getting hundreds each day -- apparently every time Outlook attempted to sync with the server. Today, mysteriously, all of the messages have vanished, though I can't delete the folder. Attempting to download the address book (Tools - Send/Receive - Download Address Book) always gives the error "(0x80200049) The operation failed." and the error messages were related the OAB (though I can't remember now what they said). Autodiscover is broken, and I think it has been that way for a while. When I run test-outlookwebservices from the Exchange Shell, I get this (domain name changed): Id : 1003 Type : Information Message : About to test AutoDiscover with the e-mail address Administrator@example.com. Id : 1007 Type : Information Message : Testing server server.GlobalGuns.local with the published name https://mail.example.com/EWS/Exchange.asmx & https://mail.example.com/EWS/Exchange.asmx. Id : 1019 Type : Information Message : Found a valid AutoDiscover service connection point. The AutoDiscover URL on this object is https://mail.example.com/Autodiscover/Autodiscover.xml. Id : 1013 Type : Error Message : When contacting https://mail.example.com/Autodiscover/Autodiscover.xml received the error The remote server returned an error: (401) Unauthorized. Id : 1006 Type : Error Message : The Autodiscover service could not be contacted. I think the Autodiscover problem is likely at the heart of all the other errors, but that's just a gut feeling, not a professional diagnosis. I can't reinstall Exchange or move it to another server, but I can do practically anything else in-place. Can anyone help me? I've lost count of the steps I've taken to try to fix this. I've rebuilt the OAB using the EMC multiple times with no resolution. I've deleted the Exchange profile (in Outlook) and recreated it for each of these users. I've used the shell scripts to delete and recreate the autodiscover directory. I've fiddled with IIS settings for requiring SSL and using different types of authentication. I've updated the Active Directory objects to change the internal and external URLs of the Autodiscover service. But since I don't really understand Exchange, nor how Exchange is tied to IIS and Active Directory, I'm really only shooting in the dark. I'm scared to blindly follow too many hints from Google without knowing what they actually do. I have a very simple topography -- one server running Windows Server 2008 (not R2) that is the domain controller. It is also running Exchange 2007 Standard. Three other servers are domain members, hosting file shares. No backup controllers, no additional Exchange boxes. Blackberry Professional 4.1 runs on a member server and accesses the mail store. All workstations (about 35) are on Windows Vista Business or Windows 7 Professional, using Outlook 2007. All updates are applied on the workstations and the servers. All users have roaming profiles with redirected folders. All of the Blackberry users have Exchange Cached Mode disabled (it causes sync strangeness with the Blackberries). All non-Blackberry people use Cached Mode. A few people (3 or 4) have iPads with ActiveSync setup. Many thanks in advance!

Exactly what version of Exchange are you using, and service pack? Are you using Blackberry with a BES? As I am unaware of strange things with Blackberry and cached mode with BES based system. Are you using a commercial SSL certificate? The autodiscover address has obviously been changed. Does the host name shown actually resolve correctly internally? Simon.Simon Butler, Exchange MVP Blog | Exchange Resources | In the UK? Hire Me.

The server is running Server 2008 (not R2) with SP2 and all updates applied. Exchange is 2007 Standard with SP1 and Update Rollup 10. The "get-exchangeserver" scriptlet reports "AdminDisplayVersion: Version 8.1 (Build 240.6)" and "ExchangeVersion: 0.1 (8.0.535.0)". I'm not sure how else to tell what updates have been applied. For the Blackberries, we're using the Blackberry Professional server software, which is one step down from the Enterprise Server (BES). It does all the same stuff (it's just relabeled BES), but it's cheaper than BES because we don't have 30 users yet. The latest version of the Blackberry server software is 5.x, we're still using 4.1. The reason for turning off cached mode was because the Blackberry users were complaining that deleting a message on their phone didn't remove it from their inbox; they had to restart Outlook before it would go away. The SSL cert is real -- issued by GoDaddy. I did change the Autodiscover URL in my post but the real one does resolve correctly, both on the server and from the workstations. It points to an internal IP address.

Any reason you are still on Exchange 2007 SP1? The latest version is SP3, with some rollups. BPS is also very old now, I would suggest a move to BES Express. That will allow you to use Blackberry devices on the cheaper BIS plan, and has no user limitations. With regards to your issue with the items being deleted, do be aware that deleting items isn't live. If you delete an item it will take a few minutes before the item is removed from the mailbox. That is because the Blackberry prioritises the inbox traffic. The same goes for contact and calendar changes, those are subject to a slight delay as well. Is the commercial certificate a single name or Unified Communications certificate? Personally I would update the server to SP3 to begin with, look at updating the very old BPS to BES Express. If your clients are not in cached mode, then the OAB isn't being used. Simon.Simon Butler, Exchange MVP Blog | Exchange Resources | In the UK? Hire Me.

Hi SamYewell, Any updates? It is a best practice to install the latest service pack and rollup...Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Sorry I was offline for a few days... The reason I'm on SP1 is that I had no idea SP3 was even available. I expected updates like that would come down through Microsoft Update, like all other service packs, but apparently not. I'll look into installing it tomorrow and report back. Upgrading BPS is a little more problematic. Unless it's actually causing the problems with OAB and Autodiscover, upgrading is going to be a lot of pain for no benefit, so I'd rather avoid it. :) This company may soon go to iPhones anyway, which would take BPS out of the picture entirely. Item deletion with caching enabled wasn't just slow, it didn't happen at all. The deleted messages would simply sit in the Inbox, for days, until the user closed Outlook. Sometimes deleted messages would survive several Outlook restarts. Disabling caching made the deletes (nearly) instantaneous, which made them happy, so that's how I left it. The certificate is a single cert. Not using the OAB without cached mode makes sense to me, but I don't understand why I'm getting errors about it. If Outlook doesn't need it, shouldn't it stop trying to download it? All the "Sync Errors" messages related to the OAB, though I can't send you the exact text now because they disappeared. The error code was the same as when I try to manually fetch the address book, which is why I mentioned it. Thanks for your help so far, I'll let you know how SP3 goes.

Exchange Service Packs do not come through Microsoft Update. The rollups do, but not the service packs. The service pack basically reinstalls the product, so can correct a lot of things. All settings are retained. I suggest that you install SP3, then run the BPA from the Toolbox in EMC and ensure it doesn't flag anything of concern. Personally I would find that the upgrade to BESX is worth it myself. If you are going to iPhones though, apart from making a major step backwards in functionality and management, it doesn't really matter. Simon.Simon Butler, Exchange MVP Blog | Exchange Resources | In the UK? Hire Me.

OK, SP3 is now installed. The upgrade was very smooth, no errors, and the EMC now starts up much much faster than it did previously. However, the test-outlookwebservices scriptlet gives exactly the same output as before. I'm not sure what I'm supposed to look for in the BPA, but I ran all of the available scans. The Health Check scan showed 4 problems: incoming message size not set, outgoing message size not set, database backup and certificate SAN mismatch. I don't see how the first 3 could be related to the errors I'm seeing. The BPA tested the SSL certificate for https://server.example.local/UnifiedMessaging/Service.asmx and found the cert was issued for mail.example.com, not server.example.local (yes, I've changed the name). Could that be causing any of these issues? As for Blackberries vs. iPhones, I think we'll have to agree to disagree. :)

Do you have the UM role installed? If you do then it would be a problem. However it shouldn't stop the test-outlookwebservices from working, unless the test user is UM implemented. My opinion of Blackberry is based on real world experience. I have had two clients ban them and remove them from their staff as they found remote productivity dropped. When the devices and their use was analysed it was found that the amount of email, calendar and contact work they were doing was minimal. It was just a way for employees to get a shiny new toy with the company paying for it. ActiveSync is a long way behind on management, and Apple quite frankly don't care about business users, other than as a means to sell more devices to tie to the iTunes ecosystem to sell more apps/music which they take a cut of. If they cared, then I could block the use of iTunes on the iPhone and control what applications run on the device. I can do both with the Blackberry, not possible on the iPhone. Simon. Simon Butler, Exchange MVP Blog | Exchange Resources | In the UK? Hire Me.