I have a setup with single Exchange organisation which includes 5 CAS servers in different locations. Problem is when user of one ,Suppose A ,access mails through outlook,A security alert pops up saying "information you exchange with this site cannot be viewed or changed by others.However there is a problem with the site's security certificate.........",now I have to click yes,This certificate pop up is from other CAS servers of other AD sites.Though these pop ups are not regular but intermittent only but still My users are very much irritated from this pop up message Can somebody please let me know why my client is going to remote site's CAS server while it is having CAS server in its own site. I will be very much thankfull if somebody can please help me out Thanks Luxmi narayan

Hi, Did you checked this thread: http://social.technet.microsoft.com/Forums/en-US/itprovistaie/thread/348a5a29-5311-4c29-b358-c54c8446264e/ Gulab | MCITP: Exchange 2010-2007 | Lync Server 2010 | Windows Server 2008 | Skype: Exchange.Ranger | Blog: www.ExchangeRanger.Blogspot.com

You should configure your virtual directories that users access so they use a URL that is in the certificate on each CAS. You could use a script like: http://nathanwinters.co.uk/2010/05/30/script-to-set-internalurl-and-externalurl-for-all-exchange-2010-virtual-directories/ to configure themMagnus Bjrk www.mailmaster.se/blog

Hi Luxmi, See this: http://support.microsoft.com/kb/555842. Outlook 2007 client should connect to CAS server in it’s own AD site. I suggest you run “Test Email Autoconfiguration” (see http://technet.microsoft.com/en-us/library/bb397225(EXCHG.80).aspx ) on the problematic Outlook client when the issue occurs. And then verify the result returned. In the LOG tab, it should show the SCP record that Outlook is trying to connect. By default it should be the URL of https://CASFQDN/autodiscover/autodiscover.xml. Please make sure the URL is pointing to the CAS server in the Outlook site. Also, check the Results tab, and make sure the URLs returned is pointing to the CAS serer in Outlook site. If there is any error, capture a screenshot and paste it. Fiona

Thanks gulab,magnus and Fiona for you replies but let me tell inform you please gulab 's reply doesn't seem to be of my concern and magnus's reply ,i will avoid for timebeing because I don't want to move towards server side in first go. Fiona ,I already told ,this problem is not regular but it's intermittent only,So I cann't do the testing at the same time when problem comes because may be user will not be interested to inform IT every time when problem comes.Nor ,he will be agree to do this testing by his own So I will be thankful to you if without waiting for any problem,we can do setting that outlook client should not go to any other site's CAS server in any case. Can we do this setting through exchange or AD.Is it possible? I m using Exchange 2007 with SP1 and outlook 2007

Fioan ,Also let me tell you please that ,as I am not using router which support feature that is disabled by no ip http secure-server ,so there is not use of article containing that command

Hi Luxmi, I appreciate your understanding that if the issue could not be reproduce, it is hard or impossible to find the root cause. While waitting for the issue to be reproduced, we may verify the CAS server configuration: Run cmdlet "Get-clientaccessserver |FL", and verify the autodiscoversitescope and the autodiscoverserviceinternaluri. RUn cmdlet "Test-OutlookWebServices |FL" and verify the URLs returned. Hope it is helpful.Fiona

thanks for your time fiona My AD site name is GGN-FIP output of get-clientaccessserver|fl is Name : myaccessYNRCDC01 OutlookAnywhereEnabled : True AutoDiscoverServiceCN : myaccessynrcdc01 AutoDiscoverServiceClassName : ms-Exchange-AutoDiscover-Service AutoDiscoverServiceInternalUri : https://submail1.bilt.com/autodiscover/autodis cover.xml AutoDiscoverServiceGuid : 77378f46-2c66-4aa9-a6a6-3e7a48b19596 AutoDiscoverSiteScope : {YNR-CDC} IsValid : True OriginatingServer : gasggnfip01.softibil.com ExchangeVersion : 0.1 (8.0.535.0) DistinguishedName : CN=myaccessYNRCDC01,CN=Servers,CN=Exchange Admin istrative Group (FYDIBOHF23SPDLT),CN=Administr ative Groups,CN=myorg,CN=Microsoft Exchange, CN=Services,CN=Configuration,DC=softibil,DC=co m Identity : myaccessYNRCDC01 Guid : dd1eb997-2b1e-45be-b4c4-0a883befcf78 ObjectCategory : softibil.com/Configuration/Schema/ms-Exch-Exch ange-Server ObjectClass : {top, server, msExchExchangeServer} WhenChanged : 10/18/2011 7:26:23 PM WhenCreated : 8/9/2007 10:00:09 PM Name : myaccessGGNFIP01 OutlookAnywhereEnabled : True AutoDiscoverServiceCN : myaccessggnfip01 AutoDiscoverServiceClassName : ms-Exchange-AutoDiscover-Service AutoDiscoverServiceInternalUri : https://submail2.bilt.com/autodiscover/autodis cover.xml AutoDiscoverServiceGuid : 77378f46-2c66-4aa9-a6a6-3e7a48b19596 AutoDiscoverSiteScope : {GGN-FIP} IsValid : True OriginatingServer : gasggnfip01.softibil.com ExchangeVersion : 0.1 (8.0.535.0) DistinguishedName : CN=myaccessGGNFIP01,CN=Servers,CN=Exchange Admin istrative Group (FYDIBOHF23SPDLT),CN=Administr ative Groups,CN=myorg,CN=Microsoft Exchange, CN=Services,CN=Configuration,DC=softibil,DC=co m Identity : myaccessGGNFIP01 Guid : 55d4b7dd-39e5-4ed7-9afc-49ab76af5ae2 ObjectCategory : softibil.com/Configuration/Schema/ms-Exch-Exch ange-Server ObjectClass : {top, server, msExchExchangeServer} WhenChanged : 10/11/2011 1:32:09 PM WhenCreated : 8/13/2007 5:00:26 PM Name : myaccessBPQBPU01 OutlookAnywhereEnabled : True AutoDiscoverServiceCN : myaccessbpqbpu01 AutoDiscoverServiceClassName : ms-Exchange-AutoDiscover-Service AutoDiscoverServiceInternalUri : https://myaccessbpqbpu01.softibil.com/Autodiscov er/Autodiscover.xml AutoDiscoverServiceGuid : 77378f46-2c66-4aa9-a6a6-3e7a48b19596 AutoDiscoverSiteScope : {BPQ-BPU} IsValid : True OriginatingServer : gasggnfip01.softibil.com ExchangeVersion : 0.1 (8.0.535.0) DistinguishedName : CN=myaccessBPQBPU01,CN=Servers,CN=Exchange Admin istrative Group (FYDIBOHF23SPDLT),CN=Administr ative Groups,CN=myorg,CN=Microsoft Exchange, CN=Services,CN=Configuration,DC=softibil,DC=co m Identity : myaccessBPQBPU01 Guid : 00b32030-2bcd-4c03-afee-39c3a258db33 ObjectCategory : softibil.com/Configuration/Schema/ms-Exch-Exch ange-Server ObjectClass : {top, server, msExchExchangeServer} WhenChanged : 10/11/2011 5:28:56 PM WhenCreated : 8/17/2007 12:30:32 PM Name : myaccessBNWBWN01 OutlookAnywhereEnabled : True AutoDiscoverServiceCN : myaccessBNWBWN01 AutoDiscoverServiceClassName : ms-Exchange-AutoDiscover-Service AutoDiscoverServiceInternalUri : https://myaccessbnwbwn01.softibil.com/Autodiscov er/Autodiscover.xml AutoDiscoverServiceGuid : 77378f46-2c66-4aa9-a6a6-3e7a48b19596 AutoDiscoverSiteScope : {BNW-BWN} IsValid : True OriginatingServer : gasggnfip01.softibil.com ExchangeVersion : 0.1 (8.0.535.0) DistinguishedName : CN=myaccessBNWBWN01,CN=Servers,CN=Exchange Admin istrative Group (FYDIBOHF23SPDLT),CN=Administr ative Groups,CN=myorg,CN=Microsoft Exchange, CN=Services,CN=Configuration,DC=softibil,DC=co m Identity : myaccessBNWBWN01 Guid : 772ca06f-dcf9-4143-8370-320d9fb9b2b5 ObjectCategory : softibil.com/Configuration/Schema/ms-Exch-Exch ange-Server ObjectClass : {top, server, msExchExchangeServer} WhenChanged : 10/11/2011 4:28:56 PM WhenCreated : 8/17/2007 1:52:28 PM Name : myaccessJPRSEW01 OutlookAnywhereEnabled : True AutoDiscoverServiceCN : myaccessJPRSEW01 AutoDiscoverServiceClassName : ms-Exchange-AutoDiscover-Service AutoDiscoverServiceInternalUri : https://myaccessjprsew01.softibil.com/autodiscov er/autodiscover.xml AutoDiscoverServiceGuid : 77378f46-2c66-4aa9-a6a6-3e7a48b19596 AutoDiscoverSiteScope : {JPR-SEW} IsValid : True OriginatingServer : gasggnfip01.softibil.com ExchangeVersion : 0.1 (8.0.535.0) DistinguishedName : CN=myaccessJPRSEW01,CN=Servers,CN=Exchange Admin istrative Group (FYDIBOHF23SPDLT),CN=Administr ative Groups,CN=myorg,CN=Microsoft Exchange, CN=Services,CN=Configuration,DC=softibil,DC=co m Identity : myaccessJPRSEW01 Guid : f4852216-a066-469c-bac1-62f494dbf559 ObjectCategory : softibil.com/Configuration/Schema/ms-Exch-Exch ange-Server ObjectClass : {top, server, msExchExchangeServer} WhenChanged : 10/11/2011 5:28:56 PM WhenCreated : 8/17/2007 4:01:57 PM output of test-outlookwebservices|fl Id : 1003 Type : Information Message : About to test AutoDiscover with the e-mail address rajeev.sharma@bilt .com. Id : 1007 Type : Information Message : Testing server exccasggnfip01.optibilt.com with the published name ht tps://submail2.bilt.com/ews/exchange.asmx & . Id : 1019 Type : Information Message : Found a valid AutoDiscover service connection point. The AutoDiscover URL on this object is https://submail2.bilt.com/autodiscover/autodis cover.xml. Id : 1013 Type : Error Message : When contacting https://submail2.bilt.com/autodiscover/autodiscover.x ml received the error The remote server returned an error: (401) Unau thorized. Id : 1006 Type : Error Message : The Autodiscover service could not be contacted. PLEASE SUGGEST WHAT CAN WE DO NEXT........ Thanks Luxmi narayan

Thanks for your update. From the information provided, the autodiscover service on CAS myaccessGGNFIP01 is not available for clients. My suggestion is: 1. Launch IIS manager and verify the /Autodiscover virtual directory configuration on the CAS server myaccessGGNFIP01. Make sure the authentication is Basic and integrated; if it is Exchange 2010, add Anonymous. Refer to: Default settings for Exchange-related virtual directories in Exchange Server 2010 http://blogs.technet.com/b/exchange/archive/2010/09/23/3411146.aspx Default settings for Exchange-related virtual directories in Exchange Server 2007 http://blogs.technet.com/b/exchange/archive/2008/02/01/3404755.aspx 2. If the error continues in Test-OutlookWebservices, test the Autodiscover service in CAS server https://localhost/autodiscover/autodiscover.xml. It will help us verify if the autodiscover service is working well on the server (the expected result is error code 600). 3. Apply the latest hotfix for all Outlook clients (at least Outlook 2007 SP2); Let me know if there is questions. Fiona

thanks again fiona for your favors I have already same setting ehich is given in this article for autodiscover folder of default site Service is working fine in server Already I have latest service pack installed for office 2007 Thanks Luxmi narayan

You are welcome. so are you still encounter error when running Test-OutlookWebservices? If you run the cmdlet without user id specified, does the issue continues? How about if you test the url manually in a client computer? what is the error code in IIS log? Fiona

I m already using this command withour specifying any user id but I don't know why is it testing it by using a user's mail ID.IS this normal behaviour? if i give this uRL in browser ,it works fine. Also let me please tell you.all of my users are not facing this problem but only a few users are facing thisa problem thanks luxmi narayan

Hi Luxmi, yes the cmdlets will use a user automatically. Regarding the error 1013 returned by Test-OutlookWebservices, it might be an know issue. I would suggest you submit a new thread for this problem, this is for the administrative purpose since troubleshooting multiple issues in the same thread may cause confusion. your understanding would be appreciated. Regarding the original issue in this thread that Outlook client connects to remote CAS, consider we run the autodiscover related confguration on the server and all appear to be fine, I am afraid you need to wait till it is reoccurs. Just a reminder, I copied the action plan below: Run “Test Email Autoconfiguration” (see http://technet.microsoft.com/en-us/library/bb397225(EXCHG.80).aspx ) on the problematic Outlook client when the issue occurs. And then verify the result returned.In the LOG tab, it should show the SCP record that Outlook is trying to connect. By default it should be the URL ofhttps://CASFQDN/autodiscover/autodiscover.xml. Please make sure the URL is pointing to the CAS server in the Outlook site. Capture a screenshot for the error message you received, it will help us research. Thanks. Fiona

thanks fiona for you efforts Ultimately my problem is resolved now.Actually my AD sites were wrongly configured

Good to hear that issue is resolved. you mean to say in the registry it was pointing to wrong site?Gulab | MCITP: Exchange 2010-2007 | Lync Server 2010 | Windows Server 2008 | Skype: Exchange.Ranger | Blog: www.ExchangeRanger.Blogspot.com