Don't ask. I inherited the environment this way. The Exchange 2007 that I just migrated to sits in a different domain than the end user workstations and laptops where Outlook clients are installed. End users can log into Outlook with the profile's different domain's username and password saved. However, turning on the Out of Office Assistant results in the error of "Your Out of Office settings cannot be displayed, because the server is currently unavailable. Try again later." I have a DNS zone created for the Exchange server's domain in the user domain, autodiscover DNS A record is created. I have a SSL certificate that points to the public DNS name of the Exchange server which I have also configured accordingly in the EWS URI. My speculation right now is the fact that pc's from this different domain is trying to look at the EWS IIS virtual directory on the Exchange 2007 using the default Digest authentcation, but fails. There is no trust established between the 2 domains. Can someone shed some light on this? thanks. By the way, if I open this same mailbox within an Outlook profile configured on a pc within the same domain as the Exchange server, then all is good. So it is the cross-domain thing that's complicating this issue.

Outlook 2007? I'm guessing that for some reason they can't get to Exchange Web Services, perhaps because Autodiscover isn't properly configured or a firewall or reverse proxy isn't working propely.-- Ed Crowley MVP"There are seldom good technological solutions to behavioral problems.". "ronnieshih" wrote in message news:68a49ef3-8c27-4b5d-a73f-eff6e468d831...Don't ask. I inherited the environment this way. The Exchange 2007 that I just migrated to sits in a different domain than the end user workstations and laptops where Outlook clients are installed. End users can log into Outlook with the profile's different domain's username and password saved. However, turning on the Out of Office Assistant results in the error of "Your Out of Office settings cannot be displayed, because the server is currently unavailable. Try again later." I have a DNS zone created for the Exchange server's domain in the user domain, autodiscover DNS A record is created. I have a SSL certificate that points to the public DNS name of the Exchange server which I have also configured accordingly in the EWS URI. My speculation right now is the fact that pc's from this different domain is trying to look at the EWS IIS virtual directory on the Exchange 2007 using the default Digest authentcation, but fails. There is no trust established between the 2 domains. Can someone shed some light on this? thanks. By the way, if I open this same mailbox within an Outlook profile configured on a pc within the same domain as the Exchange server, then all is good. So it is the cross-domain thing that's complicating this issue. Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

On Wed, 24 Feb 2010 01:12:16 +0000, ronnieshih wrote:>Don't ask. I inherited the environment this way. The Exchange 2007 that I just migrated to sits in a different domain than the end user workstations and laptops where Outlook clients are installed. End users can log into Outlook with the profile's different domain's username and password saved. However, turning on the Out of Office Assistant results in the error of "Your Out of Office settings cannot be displayed, because the server is currently unavailable. Try again later." I have a DNS zone created for the Exchange server's domain in the user domain, autodiscover DNS A record is created. I have a SSL certificate that points to the public DNS name of the Exchange server which I have also configured accordingly in the EWS URI. My speculation right now is the fact that pc's from this different domain is trying to look at the EWS IIS virtual directory on the Exchange 2007 using the default Digest authentcation, but fails. There is no trust established between the 2 domains.>Can someone shed some light on this? thanks. By the way, if I open this same mailbox within an Outlook profile configured on a pc within the same domain as the Exchange server, then all is good. So it is the cross-domain thing that's complicating this issue. Have you read this?http://msexchangeteam.com/archive/2008/02/13/448127.aspxI'm pretty sure that you're really talking about two AD forests, nottwo AD domains in the same forest.---Rich MatheisenMCSE+I, Exchange MVP--- Rich Matheisen MCSE+I, Exchange MVP

Based on the description, yes, looks like two forests. Let’s call different domain as “Domain B”, and your original domain as “Domain A” Is it a simple outlook anywhere environment? Users are just using the credentials in Domain B to access the mailboxes in there? Or, it’s a resources forest scenario? As there’s no trust between the domains, I don’t think soJames Luo TechNet Subscriber Support (http://technet.microsoft.com/en-us/subscriptions/ms788697.aspx) If you have any feedback on our support, please contact tngfb@microsoft.com

I had some sort of a fix since last night. Yes, they are two different forests. My predecessor had created a DNS zone of the end user's AD domain on the domain controller of the Exchange server's domain. However, it is not a secondary or AD integrated authorized to do zone transfer. Ok fine, to minimize too many system changes, I simply popped in a DNS A record of autodiscover.domain.local and Out of Office Assistant + OAB started working, but not without the initial certificate error when opening Outlook 2007. After even further investigations, I discovered that such error can be resolved by using a SSL certificate with a subject alternative name of autodiscover.domain.com popped in. But these guys bought the cheapest SSL cert possible from godaddy.com so that option isn't possible! I have a SSL cert that points to the public DNS name of the Exchange server and Exchange server's service URIs are all pointing to this DNS name. I have an external DNS zone created on the AD server's DNS so this name resolves to the internal IP of the Exchange server. So that's where I'm at so far. Everything works now except for the certificate error when opening Outlook 2007 and I am stuck with the cheap SSL cert without subject alternative name.

“If you are not able to get a Unified Communications Certificate then there are two other methods you can use to get the same level of functionality. Both of these methods are supported by Microsoft but are harder to implement and manage over the longer term and thus could have a higher total cost of ownership depending on your environment. Both also require that you have two external IP address available” ---------------Refer to <Exchange 2007 Autodiscover and certificates>James Luo TechNet Subscriber Support (http://technet.microsoft.com/en-us/subscriptions/ms788697.aspx) If you have any feedback on our support, please contact tngfb@microsoft.com

I have chosen to have my cilent live with the certificate error for now rather than implementing a secnod certificate or a second IP address to complicate the matter. The certificate will expire in 11 months, and I will have them renew the cert to a UCC cert instead then all problems will be solved. Plus, most people have their Outlook client open on the computer 24/7 anyway. They only see this issue when they are in the office. They use OWA or Outlook 2003 via Citrix which both don't show this issue.thanks again.