The SBS2008 Exchange server has now been running for over a year, mail comes and goes just like we want it to.However, I STILL have various problems with certificates/OABs. I've spent hours creating certificates, changing service URLS etc. The entire situation is a joke - we are only running local email here. Nothing else matters. I have:1 - Clients getting messages about autodiscover certificate names not matching - I don't care what it wants to discover automatically I just wish it would turn off.2 - Messages about not finding a URL for OAB - 0X80072F06, 0X8004010F, 0X80072F0D - None of which have clear KB articles applying to my situation.3 - A synchronisation error every hour on most clients (one of the above codes) - A really smart way to handle the error... NOT!Once again I have ONE server and all I want to do is read mail over the LAN. I don't even want OAB! In fact I will never give it any of my time or effort, because all it's done so far is f*** up the emails and annoy my clients.I am happy to provide information, and I have refamiliarised myself with installing a certificate, but please no solutions involving DNS records (there aren't any) and no suggestions to pay someone for a certificate (I shouldn't need that to read my own email locally).Celebrating 20 years of supporting someone else's software for a living.

Need to support users over the internet? click here try our remote control online beta

It'd be easier for us to help you if you explain what you've

done.



1. You have to tell us what the name is on the

certificate and what the URL people use to get to Autodiscover.

Run:

Get-ClientAccessServer -Server Your_Server |

Format-List

and see what domain members should be getting for their

Autodiscover URL (AutoDiscoverServiceInternalURI property), and

run:

Get-AutodiscoverVirtualDirectory -Server Your_Server |

Format-List

and see what the values for InternalURL and ExternalURL

are. Feel free to post your full output if you can't glean anything useful

from it.



2. In IIS look under Default Web Site and verify that

there's an OAB virtual directory there. Open "Basic

Settings" and note the "Physical Path". Open Internet Explorer, drill

down to that folder and its child folder and see if there are some 102 files

there. That's the web distribution OAB, as opposed to the public

folder-based OAB. Do you have an OAB being generated?



3. How would you have it handled, then? Is there a

question here?-- Ed Crowley MVP"There are seldom good

technological solutions to behavioral problems.".



"Freqy" wrote in message news:750738ba-6d6e-47cb-9db7-8efb5bcd3d98...The

SBS2008 Exchange server has now been running for over a year, mail comes and

goes just like we want it to.However, I STILL have

various problems with certificates/OABs. I've spent hours creating

certificates, changing service URLS etc. The entire situation is a joke - we

are only running local email here. Nothing else

matters. I have:1 - Clients getting messages about

autodiscover certificate names not matching - I don't care what it wants to

discover automatically I just wish it would turn off.2 - Messages about

not finding a URL for OAB - 0X80072F06,

0X8004010F,

0X80072F0D -

None of which have clear KB articles applying to my situation.3 - A

synchronisation error every hour on most clients (one of the above codes) - A

really smart way to handle the error... NOT!Once again I have ONE

server and all I want to do is read mail over the LAN. I don't

even want OAB! In fact I will never give it any of my time or

effort, because all it's done so far is f*** up the emails and annoy my

clients.I am happy to provide information, and I have refamiliarised

myself with installing a certificate, but please no solutions

involving DNS records (there aren't any) and no suggestions to pay someone for

a certificate (I shouldn't need that to read my own email locally).



Celebrating 20 years of supporting someone else's software for a

living.


Ed Crowley MVP
"There are seldom good technological solutions to behavioral problems."

Need to support users over the internet? click here try our remote control online beta

OK I'll attempt to explain what I've done:1 - Installed SBS 20082 - Installed Exchange 20073 - All users and mailboxes were re-added manually using backup PSTs imported into new domain users.4 - Users start getting synch errors and certificate name warnings.5 - I create a certificate with one target - 'winserver'.6 - Problem half goes away (still getting logs), then comes back with a vengeance in Windows 7.If I run Get-ClientAccessServer I get this:Get-ClientAccessServer : A parameter cannot be found that matches parameter name 'Server'.At line:1 char:31+ Get-ClientAccessServer -Server <<<< winserver | Format-Listor this if I omit the -server parameter (this is SBS remember):Name : WINSERVEROutlookAnywhereEnabled : FalseAutoDiscoverServiceCN : WINSERVERAutoDiscoverServiceClassName : ms-Exchange-AutoDiscover-ServiceAutoDiscoverServiceInternalUri : https://winserver/autodiscover/autodiscover.xmlAutoDiscoverServiceGuid : 77378f46-2c66-4aa9-a6a6-3e7a48b19596AutoDiscoverSiteScope : {Default-First-Site-Name}IsValid : TrueOriginatingServer : WINSERVER.lakegroup.localExchangeVersion : 0.1 (8.0.535.0)DistinguishedName : CN=WINSERVER,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=First Organiz ation,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=lakegroup,DC=localIdentity : WINSERVERGuid : affa49f3-be3e-4077-b744-f899619325baObjectCategory : lakegroup.local/Configuration/Schema/ms-Exch-Exchange-ServerObjectClass : {top, server, msExchExchangeServer}WhenChanged : 16/01/2009 11:35:57 PMWhenCreated : 16/01/2009 11:19:00 PMIf I run Get-AutodiscoverVirtualDirectory I get this:Name : Autodiscover (SBS Web Applications)InternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated}ExternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated}BasicAuthentication : TrueDigestAuthentication : FalseWindowsAuthentication : TrueMetabasePath : IIS://WINSERVER.lakegroup.local/W3SVC/3/ROOT/AutodiscoverPath : C:\Program Files\Microsoft\Exchange Server\ClientAccess\AutodiscoverServer : WINSERVERInternalUrl :
https://mail.lakegroupstrata.com/Autodiscover/Autodiscover.xmlExternalUrl
:
https://mail.lakegroupstrata.com/Autodiscover/Autodiscover.xmlAdminDisplayName
:ExchangeVersion : 0.1 (8.0.535.0)DistinguishedName : CN=Autodiscover (SBS Web Applications),CN=HTTP,CN=Protocols,CN=WINSERVER,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,D C=lakegroup,DC=localIdentity : WINSERVER\Autodiscover (SBS Web Applications)Guid : 3fe03bed-1811-43c9-a994-3207d3a28591ObjectCategory : lakegroup.local/Configuration/Schema/ms-Exch-Auto-Discover-Virtual-DirectoryObjectClass : {top, msExchVirtualDirectory, msExchAutoDiscoverVirtualDirectory}WhenChanged : 16/01/2009 11:35:56 PMWhenCreated : 16/01/2009 11:23:09 PMOriginatingServer : WINSERVER.lakegroup.localIsValid : TrueAs you correctly guessed, this is gobbledeygook to me. My emails work off a server called Winserver and the users are domain users; that's all I've ever needed to know until Server 2008. Any further configuration should have defaulted to values that worked and frankly I don't want to know what they do - it's not like I'm trying to run Eudora here, everyone is running Outlook 2003 or 2007. Why can't it just connect? Why is my SBS server issuing itself hacked up certificates just to pass an empty address list over the LAN? Why if this is SOO damn important can I myself still not see where this OAB is and what it contains?Under IIS under default web site I can find no mention of OAB, this may be because this morning I discovered public folder OAB distribution and turned it on. Perhaps that feature will work out of the box... [cough] Right now I'm trying to find where I restart my Exchange server and wondering why clients are being asked repeatedly to authenticate to no avail...As for part 3 of the 'question', it just strikes me as strange to log a server error EVERY hour on EVERY client that encounters the error. Meanwhile the server never has any indication that anything is wrong. It's kind of like if I created a log file in your C: every time you followed a hyperlink to something that doesn't exist, but never did anything to inform the webmaster. Better yet I'd put the information in the message in a format only I can understand (error codes instead of messages) and then create a folder on your desktop to put them in, so even if you could otherwise ignore them they would be in your face every single day. So I guess in answer to your question, there's quite a few things I'd do differently with those messages. :-)Thanks in advance for any more info...Celebrating 20 years of supporting someone else's software for a living.

Need to support users over the internet? click here try our remote control online beta

5 - is "winserver" a FQDN?



Sorry it's Get-ClientAccessServer -Identity winserver |

Format-List but omitting -Server defaults to -Identity so you got the

desired information.



Your InternalURL appears to be wrong in

Get-AutodiscoverVirtualDirectory. You can use

Set-AutodiscoverVirtualDirectory to try setting it to the proper URL for

internal access. You have quite a variety of domains in these settings,

and I'm pretty sure that's what's causing your problems.



You might consider implementing a split-brain DNS and using

the same DNS space for internal and external. You'd have all your clients

point to your internal DNS and it would resolve your internal names to internal

addresses, and your external DNS would resolve them to external

addresses.-- Ed Crowley MVP"There are seldom good

technological solutions to behavioral problems.".



"Freqy" wrote in message news:6f577845-e29a-4997-8f99-ca98e2ec45ba...OK

I'll attempt to explain what I've done:1 - Installed SBS 20082 -

Installed Exchange 20073 - All users and mailboxes were re-added manually

using backup PSTs imported into new domain users.4 - Users start getting

synch errors and certificate name warnings.5 - I create a certificate with

one target - 'winserver'.6 - Problem half goes away (still getting

logs), then comes back with a vengeance in Windows 7.If I run

Get-ClientAccessServer I get this:Get-ClientAccessServer : A

parameter cannot be found that matches parameter name 'Server'.At line:1

char:31+ Get-ClientAccessServer -Server <<<< winserver |

Format-Listor this if I omit the -server parameter (this is SBS

remember):Name

:

WINSERVEROutlookAnywhereEnabled

:

FalseAutoDiscoverServiceCN

: WINSERVERAutoDiscoverServiceClassName :

ms-Exchange-AutoDiscover-ServiceAutoDiscoverServiceInternalUri : https://wins
erver/autodiscover/autodiscover.xmlAutoDiscoverServiceGuid

:

77378f46-2c66-4aa9-a6a6-3e7a48b19596AutoDiscoverSiteScope

:

{Default-First-Site-Name}IsValid

:

TrueOriginatingServer

:

WINSERVER.lakegroup.localExchangeVersion

: 0.1

(8.0.535.0)DistinguishedName

: CN=WINSERVER,CN=Servers,CN=Exchange Administrative Group

(FYDIBOHF23SPDLT),CN=Administrative Groups,CN=First

Organiz

ation,CN=Microsoft

Exchange,CN=Services,CN=Configuration,DC=lakegroup,DC=localIdentity

:

WINSERVERGuid

:

affa49f3-be3e-4077-b744-f899619325baObjectCategory

:

lakegroup.local/Configuration/Schema/ms-Exch-Exchange-ServerObjectClass

: {top, server,

msExchExchangeServer}WhenChanged

: 16/01/2009 11:35:57

PMWhenCreated

: 16/01/2009 11:19:00 PMIf I run

Get-AutodiscoverVirtualDirectory I get

this:Name

: Autodiscover (SBS Web Applications)InternalAuthenticationMethods :

{Basic, Ntlm, WindowsIntegrated}ExternalAuthenticationMethods : {Basic,

Ntlm,

WindowsIntegrated}BasicAuthentication

:

TrueDigestAuthentication

:

FalseWindowsAuthentication

:

TrueMetabasePath

:

IIS://WINSERVER.lakegroup.local/W3SVC/3/ROOT/AutodiscoverPath

: C:\Program Files\Microsoft\Exchange

Server\ClientAccess\AutodiscoverServer

:

WINSERVERInternalUrl

:
https://mail.lakegroupstrata.com/Autodiscover/Autodiscover.xmlExternalUrl


:
https://mail.lakegroupstrata.com/Autodiscover/Autodiscover.xmlAdminDisplayName


:ExchangeVersion

: 0.1

(8.0.535.0)DistinguishedName

: CN=Autodiscover (SBS Web

Applications),CN=HTTP,CN=Protocols,CN=WINSERVER,CN=Servers,CN=Exchange

Administrative

Group

(FYDIBOHF23SPDLT),CN=Administrative Groups,CN=First Organization,CN=Microsoft

Exchange,CN=Services,CN=Configuration,D

C=lakegroup,DC=localIdentity

: WINSERVER\Autodiscover (SBS Web

Applications)Guid

:

3fe03bed-1811-43c9-a994-3207d3a28591ObjectCategory

:

lakegroup.local/Configuration/Schema/ms-Exch-Auto-Discover-Virtual-DirectoryObjectClass

: {top, msExchVirtualDirectory,

msExchAutoDiscoverVirtualDirectory}WhenChanged

: 16/01/2009 11:35:56

PMWhenCreated

: 16/01/2009 11:23:09

PMOriginatingServer

:

WINSERVER.lakegroup.localIsValid

: TrueAs you correctly guessed, this is gobbledeygook to

me. My emails work off a server called Winserver and the users are domain

users; that's all I've ever needed to know until Server 2008. Any further

configuration should have defaulted to values that worked and frankly I don't

want to know what they do - it's not like I'm trying to run Eudora here,

everyone is running Outlook 2003 or 2007. Why can't it just connect? Why is my

SBS server issuing itself hacked up certificates just to pass an empty address

list over the LAN? Why if this is SOO damn important can I myself still not

see where this OAB is and what it contains?Under IIS under default web

site I can find no mention of OAB, this may be because this morning I

discovered public folder OAB distribution and turned it on. Perhaps that

feature will work out of the box... [cough] Right now I'm trying to find where

I restart my Exchange server and wondering why clients are being asked

repeatedly to authenticate to no avail...As for part 3 of the

'question', it just strikes me as strange to log a server error EVERY

hour on EVERY client that encounters the error. Meanwhile the server never has

any indication that anything is wrong. It's kind of like if I created a log

file in your C: every time you followed a hyperlink to something that doesn't

exist, but never did anything to inform the webmaster. Better yet I'd put the

information in the message in a format only I can understand (error codes

instead of messages) and then create a folder on your desktop to put them

in, so even if you could otherwise ignore them they would be in your face

every single day. So I guess in answer to your question, there's quite a few

things I'd do differently with those messages. :-)Thanks in advance

for any more info...



Celebrating 20 years of supporting someone else's software for a

living.


Ed Crowley MVP
"There are seldom good technological solutions to behavioral problems."

There is an amazing pack of free network admin tools. click here to download it

I will try setting the URL again to winserver.lakegroup.local, however the only time this ever worked in the past was with a certificate (and all URLs) set to just plain winserver, the NetBIOS name. I will also set the URL for autodiscover to winserver.lakegroup.local/etc and see what happens.Again, there is NO external access and NO DNS over which I have control. All I want is people to do what they can already do and have been doing for months, without the annoying messages and popups.Edit:[PS] C:\Windows\System32>Set-AutodiscoverVirtualDirectory -Identity winserver -InternalUrl
https://winserver.lakegroup.localSet-AutodiscoverVirtualDirectory
: The operation could not be performed because object 'winserver' could not be found on domain controller 'WINSERVER.lakegroup.local'.At line:1 char:33+ Set-AutodiscoverVirtualDirectory <<<< -Identity winserver -InternalUrl
https://winserver.lakegroup.localI
give up, I'm going to do something I've never done and that is PAY someone at Microsoft to fix it for me.

Celebrating 20 years of supporting someone else's software for a living.

Need to support users over the internet? click here try our remote control online beta

Hi Freqy,
Very good, if you have any solution about your issue, it would be very kinkdly of you for sharing with us.
:)
Regards!
gavin

Need to support users over the internet? click here try our remote control online beta

No offence Gavin, but there is no way I'm sharing information I've paid for with the forum techs here just so they can paste it into someone's unrelated question and mark it as the answer.Celebrating 20 years of supporting someone else's software for a living.

Need to support users over the internet? click here try our remote control online beta

Why has Freqy marked this as answered when the answer isn't in this thread? Frankly I'm offended by Freqy's attitude that since he paid for MS to resolve his issue, he is withholding the solution from the rest of us.- Michael Faklis

Need to support users over the internet? click here try our remote control online beta

I don't take issue with your offense taken except that you're taking it about 16 months late!Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

There is an amazing pack of free network admin tools. click here to download it