exchange connectivity problem
Hi
Here is my setup:
1 CAS 2010SP1
2 mailbox server with Exchange 2010SP1 in two different site, the main one and a Branch
Here is my problem
In the branch site users are always prompt to enter their credentials in Outlook 2003/2007/2010 if they are out of the office, working remotely via a VPN connection or with autodiscover. If they are connected in the branch site everything is fine
It's happening only for mailboxes located on the branch EXchange server, users on the other server doesn't have this issue. I have tried to move one "affected" mailbox from the branch server to the main site server and the issue stops instantly.
Have any hints our clues?
thanks
May 2nd, 2011 11:35am
Hi,
Where is the CAS server location, in main office or Branch office? Are the two Exchange servers in the different subnet?
Since each Mailbox server need one CAS Server and Hub Server in the same AD site, the mailbox server won’t work without CAS in certain AD site. So, can you
describe the topology of AD and Exchange server more detail?
Meanwhile, please test E-Mail AutoConfiguration and post the result here or send it to
me for research.
1. While Outlook is running, hold down the CTRL key, right-click the Outlook icon in the notification area, and then select Test E-mail AutoConfiguration.
2. Verify that the correct e-mail address is in the box next to E-mail Address.
3. Clear the check boxes next to Use Guessmart and Secure Guessmart Authentication.
4. On the Test E-mail AutoConfiguration page, verify that the check box next to Use AutoDiscover is selected, and then click the Test button.
5. Then, please capture the Result window and Log window on the problematic machine.
Thanks.
Novak Wu
TechNet Subscriber Support in forum
If you have any feedback on our support, please contact
tngfb@microsoft.com
Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
May 3rd, 2011 3:50am
Hi
The CAS server is in teh main office and all exchange servers are located in the same subnet and in the same active directory site. We only have one domain and one AD site. A Forefront TMG firewall server is publishing our Exchange servers to
the web
I'll come back with the results of the email autoConfiguration
thanks
May 3rd, 2011 9:32am
Ok. Please run the E-Mail AutoConfiguration at your convenience and post the result to me. Meanwhile, the prompt password behavior should be expected for basic authentication.
Please assure that NTLM authentication is selected on the Outlook side.
I also found one user who found the fix on the Exchange server. Under Autodiscover properties> Directory Security> Authentication Methods>checked "Integrated
Windows Authentication".
For more information, please refer to the link.
http://office.microsoft.com/en-us/outlook-help/use-outlook-anywhere-to-connect-to-your-exchange-server-without-vpn-HP010102444.aspx
Thanks.
Novak Wu
TechNet Subscriber Support in forum
If you have any feedback on our support, please contact
tngfb@microsoft.com
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
May 5th, 2011 12:33am
hi thanks for your answer
Do I need to change from basic to ntlm in Exchange to; server configuration>client access>properties of cas server>outlook anywhere tab> change from basic to ntlm authentication
also i'm using a TMG firewall to publish outlook anywhere do I need to change the authentication delegation from my rule to ntlm? now it is a basic authentication
also I can't find the where is the autodiscover properties
thanks again
May 5th, 2011 12:22pm
Yes. You can change authentication on both Exchange server and firewall to NTLM to check the result. If the issue persists, please send me the E-Mail AutoConfiguration
result.
Thanks.
Novak Wu
TechNet Subscriber Support in forum
If you have any feedback on our support, please contact
tngfb@microsoft.com Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
May 6th, 2011 1:46am
How is thing going on? If there is any problem, please feel free to post it here.
Regards,
Novak
Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
May 8th, 2011 11:22pm
Hi
I have made the change but now outlook anywhere is not working anymore.
I used the remote connectivity analyzer and here is the results
Testing RPC/HTTP connectivity.
The RPC/HTTP test failed.
Test Steps
ExRCA is attempting to test Autodiscover for flepage@master.ca.
Autodiscover was tested successfully.
Test Steps
Autodiscover settings for Outlook Anywhere are being validated.
ExRCA validated the Outlook Anywhere Autodiscover settings.
Attempting to resolve the host name mail.master.ca in DNS.
The host name resolved successfully.
Additional Details
Testing TCP port 443 on host mail.master.ca to ensure it's listening and open.
The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
The certificate passed all validation requirements.
Test Steps
Checking the IIS configuration for client certificate authentication.
Client certificate authentication wasn't detected.
Additional Details
Testing HTTP Authentication Methods for URL https://mail.master.ca/rpc/rpcproxy.dll.
The HTTP authentication test failed.
Tell me more about this issue and how to resolve it
Additional Details
Not all the required authentication methods were found.
Methods Found: Basic
Methods Required: NTLM
here is the results of the get-outlookanywhere cmdlet
RunspaceId : 13198db3-8b0a-424b-a462-608f85db9f9b
ServerName : VMMAILCAS
SSLOffloading : False
ExternalHostname : mail.master.ca
ClientAuthenticationMethod : Ntlm
IISAuthenticationMethods : {Basic, Ntlm}
XropUrl :
MetabasePath : IIS://VMMAILCAS.master.ca/W3SVC/1/ROOT/Rpc
Path : C:\Windows\System32\RpcProxy
ExtendedProtectionTokenChecking : None
ExtendedProtectionFlags : {}
ExtendedProtectionSPNList : {}
Server : VMMAILCAS
AdminDisplayName :
ExchangeVersion : 0.10 (14.0.100.0)
Name : Rpc (Default Web Site)
DistinguishedName : CN=Rpc (Default Web Site),CN=HTTP,CN=Protocols,CN=VMMAILCAS,CN=Servers,CN=Exchange Ad
ministrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Master,CN=Microsoft
Exchange,CN=Services,CN=Configuration,DC=master,DC=ca
Identity : VMMAILCAS\Rpc (Default Web Site)
Guid : 5a7a75ca-1616-4398-be78-9c3bd06f573d
ObjectCategory : master.ca/Configuration/Schema/ms-Exch-Rpc-Http-Virtual-Directory
ObjectClass : {top, msExchVirtualDirectory, msExchRpcHttpVirtualDirectory}
WhenChanged : 10/05/2011 11:38:47 AM
WhenCreated : 16/10/2010 12:42:14 PM
WhenChangedUTC : 10/05/2011 3:38:47 PM
WhenCreatedUTC : 16/10/2010 4:42:14 PM
OrganizationId :
OriginatingServer : VMSUBCA.master.ca
IsValid : True
It seems that client authentication method is good
I don't understand why?
thanks
Free Windows Admin Tool Kit Click here and download it now
May 10th, 2011 12:22pm
here is the result of the aut-mail configuration sorry for the xml
<?xml version="1.0" encoding="utf-8"?>
<Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
<Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">
<User>
<DisplayName>Jean-François Auclair</DisplayName>
<LegacyDN>/o=Master/ou=Montreal/cn=Recipients/cn=jfauclair</LegacyDN>
<AutoDiscoverSMTPAddress>jfauclair@master.ca</AutoDiscoverSMTPAddress>
<DeploymentId>5612acba-ecf6-46c2-8ae1-d89f7f01760f</DeploymentId>
</User>
<Account>
<AccountType>email</AccountType>
<Action>settings</Action>
<Protocol>
<Type>EXCH</Type>
<Server>VMMAILCAS.master.ca</Server>
<ServerDN>/o=Master/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=VMMAILCAS</ServerDN>
<ServerVersion>738180DA</ServerVersion>
<MdbDN>/o=Master/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=VMMAILCAS/cn=Microsoft Private MDB</MdbDN>
<PublicFolderServer>exchangemaster.master.ca</PublicFolderServer>
<AD>VMDCLEBEAU.master.ca</AD>
<ASUrl>https://vmmailcas.master.ca/EWS/Exchange.asmx</ASUrl>
<EwsUrl>https://vmmailcas.master.ca/EWS/Exchange.asmx</EwsUrl>
<EcpUrl>https://vmmailcas.master.ca/ecp/</EcpUrl>
<EcpUrl-um>?p=customize/voicemail.aspx&exsvurl=1</EcpUrl-um>
<EcpUrl-aggr>?p=personalsettings/EmailSubscriptions.slab&exsvurl=1</EcpUrl-aggr>
<EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?exsvurl=1&IsOWA=<IsOWA>&MsgID=<MsgID>&Mbx=<Mbx></EcpUrl-mt>
<EcpUrl-ret>?p=organize/retentionpolicytags.slab&exsvurl=1</EcpUrl-ret>
<EcpUrl-sms>?p=sms/textmessaging.slab&exsvurl=1</EcpUrl-sms>
<OOFUrl>https://vmmailcas.master.ca/EWS/Exchange.asmx</OOFUrl>
<UMUrl>https://vmmailcas.master.ca/EWS/UM2007Legacy.asmx</UMUrl>
<OABUrl>http://vmmailcas.master.ca/OAB/ac96a2fb-a58b-4c4f-98df-a8b8e6cfc78a/</OABUrl>
</Protocol>
<Protocol>
<Type>EXPR</Type>
<Server>mail.master.ca</Server>
<SSL>On</SSL>
<AuthPackage>Ntlm</AuthPackage>
<ASUrl>https://mail.master.ca/EWS/Exchange.asmx</ASUrl>
<EwsUrl>https://mail.master.ca/EWS/Exchange.asmx</EwsUrl>
<EcpUrl>https://mail.master.ca/ecp/</EcpUrl>
<EcpUrl-um>?p=customize/voicemail.aspx&exsvurl=1</EcpUrl-um>
<EcpUrl-aggr>?p=personalsettings/EmailSubscriptions.slab&exsvurl=1</EcpUrl-aggr>
<EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?exsvurl=1&IsOWA=<IsOWA>&MsgID=<MsgID>&Mbx=<Mbx></EcpUrl-mt>
<EcpUrl-ret>?p=organize/retentionpolicytags.slab&exsvurl=1</EcpUrl-ret>
<EcpUrl-sms>?p=sms/textmessaging.slab&exsvurl=1</EcpUrl-sms>
<OOFUrl>https://mail.master.ca/EWS/Exchange.asmx</OOFUrl>
<UMUrl>https://mail.master.ca/EWS/UM2007Legacy.asmx</UMUrl>
<OABUrl>https://mail.master.ca/OAB/ac96a2fb-a58b-4c4f-98df-a8b8e6cfc78a/</OABUrl>
</Protocol>
<Protocol>
<Type>WEB</Type>
<Internal>
<OWAUrl AuthenticationMethod="Basic, Ntlm, WindowsIntegrated">https://vmmailcas.master.ca/owa/</OWAUrl>
<Protocol>
<Type>EXCH</Type>
<ASUrl>https://vmmailcas.master.ca/EWS/Exchange.asmx</ASUrl>
</Protocol>
</Internal>
<External>
<OWAUrl AuthenticationMethod="Fba">https://mail.master.ca/owa/</OWAUrl>
<Protocol>
<Type>EXPR</Type>
<ASUrl>https://mail.master.ca/EWS/Exchange.asmx</ASUrl>
</Protocol>
</External>
</Protocol>
</Account>
</Response>
</Autodiscover>
May 18th, 2011 3:43pm