Hi guys

Hope anyone can advise to the following:

I had Exchange 2013 Std up and running for about a week now. All services worked 100% internally and externally.

The last couple of days there were some mimecast entries made as Exchange server will work through it. Even though the necessary entries were made, all services kept running and were accessible internally and externally.

Today, all of a sudden, both owa and general connectivity ( through outlook ) can't be accessible.

I've checked that internally, if I use the IP/owa instead of mail.domain.com/owa it works.

How could this happen, as all the DNS entries have not changed, nor certificates.

Currently, there is also NAT-ing involved, where RDP is made available to a public IP assigned to exchange. This is also the IP that is used for the public DNS records where autodiscover and mail.domain.com points to. Will this have changed since mimecast came in to play? Will these public DNS entries still point to the public IP made available to the Exchange server?

Regards

 

If it works internally but not externally, then it's very likely a problem with the firewall, NAT or something like that.

Hi Ed

Seems that internally it also does not work. Both internal and external directories are set up with mail.domain.com, so essentially using mail.domain.com/owa does not suffice, but using the exchange server IP internally, works.

When you ping mail.domain.com does it resolve to the server's IP address?

To its public IP yes

And does that make it to the Exchange 2013 server?

Hi,

I have noticed you can access the page using the exchange server IP.

Can you provide the detailed error information about OWA?

Please ensure that you have the correct DNS record(A record) for the Exchange Server.You can use Nslookup to check it.

Please refer to the below link :

http://support.microsoft.com/kb/200525

I have noticed your outlook can't connect the Exchange server in your post.

I suggest we can do an Outlook connectivity test with https://testconnectivity.microsoft.com/   and see what went wrong.

Regards,

David

• Edited by David Wang_Microsoft contingent staff 5 hours 48 minutes ago

Hi,

I have noticed you can access the page using the exchange server IP.

Can you provide the detailed error information about OWA?

Please ensure that you have the correct DNS record(A record) for the Exchange Server.You can use Nslookup to check it.

Please refer to the below link :

http://support.microsoft.com/kb/200525

I have noticed your outlook can't connect the Exchange server in your post.

I suggest we can do an Outlook connectivity test with https://testconnectivity.microsoft.com/   and see what went wrong.

Regards,

David

• Edited by David Wang_Microsoft contingent staff Tuesday, July 14, 2015 1:38 AM

Hi David

When trying to access OWA, it only shows "page can't be displayed".

If I check OWA internally, it only works as mentioned above with the internal exchange IP.

All DNS entries are unchanged, and verified. This seems to be in check, private and public DNS entries.

Outlook connectivity results, does this point to certificate issue? :

Testing Outlook connectivity.
 The Outlook connectivity test failed.
 
Additional Details
 
Elapsed Time: 43566 ms.

 
Test Steps
 
The Microsoft Connectivity Analyzer is attempting to test Autodiscover for 
 Testing Autodiscover failed.
 
Additional Details
 
Elapsed Time: 43566 ms.

 
Test Steps
 
Attempting each method of contacting the Autodiscover service.
 The Autodiscover service couldn't be contacted successfully by any method.
 
Additional Details
 
Elapsed Time: 43566 ms.

 
Test Steps
 
Attempting to test potential Autodiscover URL 
 Testing of this potential Autodiscover URL failed.
 
Additional Details
 
Elapsed Time: 1108 ms.

 
Test Steps
 
Attempting to resolve the host name in DNS.
 The host name resolved successfully.
 
Additional Details
 
IP addresses returned: correct

Elapsed Time: 181 ms.

Testing TCP port 443 on host to ensure it's listening and open.
 The port was opened successfully.
 
Additional Details
 
Elapsed Time: 304 ms.

Testing the SSL certificate to make sure it's valid.
 The SSL certificate failed one or more certificate validation checks.
 
Additional Details
 
Elapsed Time: 623 ms.

 
Test Steps
 
The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server on port 443.
 The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
 
Additional Details
 
Remote Certificate Subject: OU=GT14623739, Issuer: CN=RapidSSL CA, O="GeoTrust, Inc.", C=US.

Elapsed Time: 603 ms.

Validating the certificate name.
 Certificate name validation failed.
  Tell me more about this issue and how to resolve it
 
Additional Details
 
Host name doesn't match any name found on the server certificate, OU=Domain Control Validated - RapidSSL(R).

Elapsed Time: 0 ms.

Attempting to test potential Autodiscover URL
 Testing of this potential Autodiscover URL failed.
 
Additional Details
 
Elapsed Time: 21203 ms.

 
Test Steps
 
Attempting to resolve the host name in DNS.
 The host name resolved successfully.
 
Additional Details
 
IP addresses returned: correct

Elapsed Time: 103 ms.

Testing TCP port 443 on host to ensure it's listening and open.
 The specified port is either blocked, not listening, or not producing the expected response.
  Tell me more about this issue and how to resolve it
 
Additional Details
 
A network error occurred while communicating with the remote host.

Elapsed Time: 21100 ms.

Attempting to contact the Autodiscover service using the HTTP redirect method.
 The attempt to contact Autodiscover using the HTTP Redirect method failed.
 
Additional Details
 
Elapsed Time: 21062 ms.

 
Test Steps
 
Attempting to resolve the host name in DNS.
 The host name resolved successfully.
 
Additional Details
 
IP addresses returned: correct

Elapsed Time: 9 ms.

Testing TCP port 80 on host to ensure it's listening and open.
 The specified port is either blocked, not listening, or not producing the expected response.
  Tell me more about this issue and how to resolve it
 
Additional Details
 
A network error occurred while communicating with the remote host.

Elapsed Time: 21053 ms.

Attempting to contact the Autodiscover service using the DNS SRV redirect method.
 The Microsoft Connectivity Analyzer failed to contact the Autodiscover service using the DNS SRV redirect method.
 
Additional Details
 
Elapsed Time: 96 ms.

 
Test Steps
 
Attempting to locate SRV record in DNS.
 The Autodiscover SRV record wasn't found in DNS.
  Tell me more about this issue and how to resolve it
 
Additional Details
 
Elapsed Time: 96 ms.

Hi,

According to the test results, "Host name doesn't match any name found on the server certificate",

it indicated you need to add the host name into your certificate.

You can run the following command to check your certificate settings and autodiscover setting on Exchange server:

Get-ExchangeCertificate | fl

Get-ClientAccessServer | FL Identity,AutodiscoverServiceInternalUri

And I noticed the Autodiscover SRV record wasn't found in DNS.

Please create the SRV record for Autodiscover service.

Regards,

David

• Proposed as answer by David Wang_Microsoft contingent staff 6 hours 12 minutes ago

Hi

Certificates seem to be correct using the cmd your suggested. Autodiscover also shows up with the right identity.

Regarding the srv record, I've created this as a _tcp entry point to mail.domain.com?

Regards

Hi,

About the SRV record, you are right.

I have noticed you re-post a new thread in the forum.

We'll reply your question for further troubleshooting  in the new thread.

https://social.technet.microsoft.com/Forums/office/en-US/ac844657-cb40-47aa-b9d2-f74c53508e86/certificates?forum=exchangesvrclients

Thank you for your understanding.

Regards,

David

• Edited by David Wang_Microsoft contingent staff 6 hours 10 minutes ago