Still no solution - Exchange 2007 OAB/Certificates - 0X80072F06, 0X8004010F, 0X80072F0D
The SBS2008 Exchange server has now been running for over a year, mail comes and goes just like we want it to.However, I STILL have various problems with certificates/OABs. I've spent hours creating certificates, changing service URLS etc. The entire situation is a joke - we are only running local email here. Nothing else matters. I have:1 - Clients getting messages about autodiscover certificate names not matching - I don't care what it wants to discover automatically I just wish it would turn off.2 - Messages about not finding a URL for OAB - 0X80072F06, 0X8004010F, 0X80072F0D - None of which have clear KB articles applying to my situation.3 - A synchronisation error every hour on most clients (one of the above codes) - A really smart way to handle the error... NOT!Once again I have ONE server and all I want to do is read mail over the LAN. I don't even want OAB! In fact I will never give it any of my time or effort, because all it's done so far is f*** up the emails and annoy my clients.I am happy to provide information, and I have refamiliarised myself with installing a certificate, but please no solutions involving DNS records (there aren't any) and no suggestions to pay someone for a certificate (I shouldn't need that to read my own email locally).Celebrating 20 years of supporting someone else's software for a living.
March 18th, 2010 3:43am

It'd be easier for us to help you if you explain what you've done. 1. You have to tell us what the name is on the certificate and what the URL people use to get to Autodiscover. Run: Get-ClientAccessServer -Server Your_Server | Format-List and see what domain members should be getting for their Autodiscover URL (AutoDiscoverServiceInternalURI property), and run: Get-AutodiscoverVirtualDirectory -Server Your_Server | Format-List and see what the values for InternalURL and ExternalURL are. Feel free to post your full output if you can't glean anything useful from it. 2. In IIS look under Default Web Site and verify that there's an OAB virtual directory there. Open "Basic Settings" and note the "Physical Path". Open Internet Explorer, drill down to that folder and its child folder and see if there are some 102 files there. That's the web distribution OAB, as opposed to the public folder-based OAB. Do you have an OAB being generated? 3. How would you have it handled, then? Is there a question here?-- Ed Crowley MVP"There are seldom good technological solutions to behavioral problems.". "Freqy" wrote in message news:750738ba-6d6e-47cb-9db7-8efb5bcd3d98...The SBS2008 Exchange server has now been running for over a year, mail comes and goes just like we want it to.However, I STILL have various problems with certificates/OABs. I've spent hours creating certificates, changing service URLS etc. The entire situation is a joke - we are only running local email here. Nothing else matters. I have:1 - Clients getting messages about autodiscover certificate names not matching - I don't care what it wants to discover automatically I just wish it would turn off.2 - Messages about not finding a URL for OAB - 0X80072F06, 0X8004010F, 0X80072F0D - None of which have clear KB articles applying to my situation.3 - A synchronisation error every hour on most clients (one of the above codes) - A really smart way to handle the error... NOT!Once again I have ONE server and all I want to do is read mail over the LAN. I don't even want OAB! In fact I will never give it any of my time or effort, because all it's done so far is f*** up the emails and annoy my clients.I am happy to provide information, and I have refamiliarised myself with installing a certificate, but please no solutions involving DNS records (there aren't any) and no suggestions to pay someone for a certificate (I shouldn't need that to read my own email locally). Celebrating 20 years of supporting someone else's software for a living. Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
Free Windows Admin Tool Kit Click here and download it now
March 18th, 2010 4:15am

OK I'll attempt to explain what I've done:1 - Installed SBS 20082 - Installed Exchange 20073 - All users and mailboxes were re-added manually using backup PSTs imported into new domain users.4 - Users start getting synch errors and certificate name warnings.5 - I create a certificate with one target - 'winserver'.6 - Problem half goes away (still getting logs), then comes back with a vengeance in Windows 7.If I run Get-ClientAccessServer I get this:Get-ClientAccessServer : A parameter cannot be found that matches parameter name 'Server'.At line:1 char:31+ Get-ClientAccessServer -Server <<<< winserver | Format-Listor this if I omit the -server parameter (this is SBS remember):Name : WINSERVEROutlookAnywhereEnabled : FalseAutoDiscoverServiceCN : WINSERVERAutoDiscoverServiceClassName : ms-Exchange-AutoDiscover-ServiceAutoDiscoverServiceInternalUri : https://winserver/autodiscover/autodiscover.xmlAutoDiscoverServiceGuid : 77378f46-2c66-4aa9-a6a6-3e7a48b19596AutoDiscoverSiteScope : {Default-First-Site-Name}IsValid : TrueOriginatingServer : WINSERVER.lakegroup.localExchangeVersion : 0.1 (8.0.535.0)DistinguishedName : CN=WINSERVER,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=First Organiz ation,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=lakegroup,DC=localIdentity : WINSERVERGuid : affa49f3-be3e-4077-b744-f899619325baObjectCategory : lakegroup.local/Configuration/Schema/ms-Exch-Exchange-ServerObjectClass : {top, server, msExchExchangeServer}WhenChanged : 16/01/2009 11:35:57 PMWhenCreated : 16/01/2009 11:19:00 PMIf I run Get-AutodiscoverVirtualDirectory I get this:Name : Autodiscover (SBS Web Applications)InternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated}ExternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated}BasicAuthentication : TrueDigestAuthentication : FalseWindowsAuthentication : TrueMetabasePath : IIS://WINSERVER.lakegroup.local/W3SVC/3/ROOT/AutodiscoverPath : C:\Program Files\Microsoft\Exchange Server\ClientAccess\AutodiscoverServer : WINSERVERInternalUrl : https://mail.lakegroupstrata.com/Autodiscover/Autodiscover.xmlExternalUrl : https://mail.lakegroupstrata.com/Autodiscover/Autodiscover.xmlAdminDisplayName :ExchangeVersion : 0.1 (8.0.535.0)DistinguishedName : CN=Autodiscover (SBS Web Applications),CN=HTTP,CN=Protocols,CN=WINSERVER,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,D C=lakegroup,DC=localIdentity : WINSERVER\Autodiscover (SBS Web Applications)Guid : 3fe03bed-1811-43c9-a994-3207d3a28591ObjectCategory : lakegroup.local/Configuration/Schema/ms-Exch-Auto-Discover-Virtual-DirectoryObjectClass : {top, msExchVirtualDirectory, msExchAutoDiscoverVirtualDirectory}WhenChanged : 16/01/2009 11:35:56 PMWhenCreated : 16/01/2009 11:23:09 PMOriginatingServer : WINSERVER.lakegroup.localIsValid : TrueAs you correctly guessed, this is gobbledeygook to me. My emails work off a server called Winserver and the users are domain users; that's all I've ever needed to know until Server 2008. Any further configuration should have defaulted to values that worked and frankly I don't want to know what they do - it's not like I'm trying to run Eudora here, everyone is running Outlook 2003 or 2007. Why can't it just connect? Why is my SBS server issuing itself hacked up certificates just to pass an empty address list over the LAN? Why if this is SOO damn important can I myself still not see where this OAB is and what it contains?Under IIS under default web site I can find no mention of OAB, this may be because this morning I discovered public folder OAB distribution and turned it on. Perhaps that feature will work out of the box... [cough] Right now I'm trying to find where I restart my Exchange server and wondering why clients are being asked repeatedly to authenticate to no avail...As for part 3 of the 'question', it just strikes me as strange to log a server error EVERY hour on EVERY client that encounters the error. Meanwhile the server never has any indication that anything is wrong. It's kind of like if I created a log file in your C: every time you followed a hyperlink to something that doesn't exist, but never did anything to inform the webmaster. Better yet I'd put the information in the message in a format only I can understand (error codes instead of messages) and then create a folder on your desktop to put them in, so even if you could otherwise ignore them they would be in your face every single day. So I guess in answer to your question, there's quite a few things I'd do differently with those messages. :-)Thanks in advance for any more info...Celebrating 20 years of supporting someone else's software for a living.
March 18th, 2010 4:55am

5 - is "winserver" a FQDN? Sorry it's Get-ClientAccessServer -Identity winserver | Format-List but omitting -Server defaults to -Identity so you got the desired information. Your InternalURL appears to be wrong in Get-AutodiscoverVirtualDirectory. You can use Set-AutodiscoverVirtualDirectory to try setting it to the proper URL for internal access. You have quite a variety of domains in these settings, and I'm pretty sure that's what's causing your problems. You might consider implementing a split-brain DNS and using the same DNS space for internal and external. You'd have all your clients point to your internal DNS and it would resolve your internal names to internal addresses, and your external DNS would resolve them to external addresses.-- Ed Crowley MVP"There are seldom good technological solutions to behavioral problems.". "Freqy" wrote in message news:6f577845-e29a-4997-8f99-ca98e2ec45ba...OK I'll attempt to explain what I've done:1 - Installed SBS 20082 - Installed Exchange 20073 - All users and mailboxes were re-added manually using backup PSTs imported into new domain users.4 - Users start getting synch errors and certificate name warnings.5 - I create a certificate with one target - 'winserver'.6 - Problem half goes away (still getting logs), then comes back with a vengeance in Windows 7.If I run Get-ClientAccessServer I get this:Get-ClientAccessServer : A parameter cannot be found that matches parameter name 'Server'.At line:1 char:31+ Get-ClientAccessServer -Server <<<< winserver | Format-Listor this if I omit the -server parameter (this is SBS remember):Name : WINSERVEROutlookAnywhereEnabled : FalseAutoDiscoverServiceCN : WINSERVERAutoDiscoverServiceClassName : ms-Exchange-AutoDiscover-ServiceAutoDiscoverServiceInternalUri : https://wins erver/autodiscover/autodiscover.xmlAutoDiscoverServiceGuid : 77378f46-2c66-4aa9-a6a6-3e7a48b19596AutoDiscoverSiteScope : {Default-First-Site-Name}IsValid : TrueOriginatingServer : WINSERVER.lakegroup.localExchangeVersion : 0.1 (8.0.535.0)DistinguishedName : CN=WINSERVER,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=First Organiz ation,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=lakegroup,DC=localIdentity : WINSERVERGuid : affa49f3-be3e-4077-b744-f899619325baObjectCategory : lakegroup.local/Configuration/Schema/ms-Exch-Exchange-ServerObjectClass : {top, server, msExchExchangeServer}WhenChanged : 16/01/2009 11:35:57 PMWhenCreated : 16/01/2009 11:19:00 PMIf I run Get-AutodiscoverVirtualDirectory I get this:Name : Autodiscover (SBS Web Applications)InternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated}ExternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated}BasicAuthentication : TrueDigestAuthentication : FalseWindowsAuthentication : TrueMetabasePath : IIS://WINSERVER.lakegroup.local/W3SVC/3/ROOT/AutodiscoverPath : C:\Program Files\Microsoft\Exchange Server\ClientAccess\AutodiscoverServer : WINSERVERInternalUrl : https://mail.lakegroupstrata.com/Autodiscover/Autodiscover.xmlExternalUrl : https://mail.lakegroupstrata.com/Autodiscover/Autodiscover.xmlAdminDisplayName :ExchangeVersion : 0.1 (8.0.535.0)DistinguishedName : CN=Autodiscover (SBS Web Applications),CN=HTTP,CN=Protocols,CN=WINSERVER,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,D C=lakegroup,DC=localIdentity : WINSERVER\Autodiscover (SBS Web Applications)Guid : 3fe03bed-1811-43c9-a994-3207d3a28591ObjectCategory : lakegroup.local/Configuration/Schema/ms-Exch-Auto-Discover-Virtual-DirectoryObjectClass : {top, msExchVirtualDirectory, msExchAutoDiscoverVirtualDirectory}WhenChanged : 16/01/2009 11:35:56 PMWhenCreated : 16/01/2009 11:23:09 PMOriginatingServer : WINSERVER.lakegroup.localIsValid : TrueAs you correctly guessed, this is gobbledeygook to me. My emails work off a server called Winserver and the users are domain users; that's all I've ever needed to know until Server 2008. Any further configuration should have defaulted to values that worked and frankly I don't want to know what they do - it's not like I'm trying to run Eudora here, everyone is running Outlook 2003 or 2007. Why can't it just connect? Why is my SBS server issuing itself hacked up certificates just to pass an empty address list over the LAN? Why if this is SOO damn important can I myself still not see where this OAB is and what it contains?Under IIS under default web site I can find no mention of OAB, this may be because this morning I discovered public folder OAB distribution and turned it on. Perhaps that feature will work out of the box... [cough] Right now I'm trying to find where I restart my Exchange server and wondering why clients are being asked repeatedly to authenticate to no avail...As for part 3 of the 'question', it just strikes me as strange to log a server error EVERY hour on EVERY client that encounters the error. Meanwhile the server never has any indication that anything is wrong. It's kind of like if I created a log file in your C: every time you followed a hyperlink to something that doesn't exist, but never did anything to inform the webmaster. Better yet I'd put the information in the message in a format only I can understand (error codes instead of messages) and then create a folder on your desktop to put them in, so even if you could otherwise ignore them they would be in your face every single day. So I guess in answer to your question, there's quite a few things I'd do differently with those messages. :-)Thanks in advance for any more info... Celebrating 20 years of supporting someone else's software for a living. Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
Free Windows Admin Tool Kit Click here and download it now
March 18th, 2010 5:19am

I will try setting the URL again to winserver.lakegroup.local, however the only time this ever worked in the past was with a certificate (and all URLs) set to just plain winserver, the NetBIOS name. I will also set the URL for autodiscover to winserver.lakegroup.local/etc and see what happens.Again, there is NO external access and NO DNS over which I have control. All I want is people to do what they can already do and have been doing for months, without the annoying messages and popups.Edit:[PS] C:\Windows\System32>Set-AutodiscoverVirtualDirectory -Identity winserver -InternalUrl https://winserver.lakegroup.localSet-AutodiscoverVirtualDirectory : The operation could not be performed because object 'winserver' could not be found on domain controller 'WINSERVER.lakegroup.local'.At line:1 char:33+ Set-AutodiscoverVirtualDirectory <<<< -Identity winserver -InternalUrl https://winserver.lakegroup.localI give up, I'm going to do something I've never done and that is PAY someone at Microsoft to fix it for me. Celebrating 20 years of supporting someone else's software for a living.
March 18th, 2010 5:39am

Hi Freqy, Very good, if you have any solution about your issue, it would be very kinkdly of you for sharing with us. :) Regards! gavin
Free Windows Admin Tool Kit Click here and download it now
March 22nd, 2010 11:00am

No offence Gavin, but there is no way I'm sharing information I've paid for with the forum techs here just so they can paste it into someone's unrelated question and mark it as the answer.Celebrating 20 years of supporting someone else's software for a living.
March 23rd, 2010 8:18am

Why has Freqy marked this as answered when the answer isn't in this thread? Frankly I'm offended by Freqy's attitude that since he paid for MS to resolve his issue, he is withholding the solution from the rest of us.- Michael Faklis
Free Windows Admin Tool Kit Click here and download it now
July 10th, 2011 8:24pm

I don't take issue with your offense taken except that you're taking it about 16 months late!Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
July 10th, 2011 11:36pm

That's OK, the issue is over 2 years old and still hasn't been fixed. MS really hopes that people will stop talking about it, but they won't.Working in C++ reminds me that some things are almost as illogical as Microsoft
Free Windows Admin Tool Kit Click here and download it now
August 5th, 2011 8:29am

his problem solved? because i am having thiis problem now on a sbs2008 Erik
April 27th, 2012 5:03pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics