Hi Guys, I have been having issues setting up and accessing MS Exchange 2007 Webservices, thats is when I try to access OOF from Outlook 2007, It keeps saying, "Server is unavailable", if I try to update the Address book it gives me an object can not be found error (0x8004010f) message. We constantly get pop-ups to type in our Outlook 2007 credentials. The problem first started when the System Admin I took over from tried to set up Outlook Anywhere about 7 weeks ago. At first it was intermittent in the sense that, one could access their OOF spontaneously throughout the day, now everyone in the organistaion can't. I have tried to check the Autodiscover settings but it says Autodiscover has failed for every and any user. Since I took over as Sys Admin I have been trying to get things going but so far no luck. We have a 3rd Party certificate (In my example I will call our internal domain trev.local and external web as www.trev.com) Our 3rd Party certificate subject name is mail.trev.com - it is issued to trev.local, mail.trev.com, autodiscover.trev.com and our internal FQDN for the exchange server is server.trev.local (assuming Exchange server name is Server). I have checked everything in IIS and all looks fine. Our ISP's who host our www.trev.com site created DNS settings which we set up in our Secondary zone. That is autodiscover.trev.com that points to mail.trev.com and SRV Record autodiscover also. For some reason I think I am missing something. Please can someone assist me. get-clientaccessserver Name ---- Server I checked Autodiscover via Outlook's Test email Configuration and it shows the following: 864 608707102 07/22/11 09:03:30 Attempting URL https://server.trev.local/autodiscover/autodiscover.xml found through SCP 864 608707102 07/22/11 09:03:30 Autodiscover to https://server.trev.local/autodiscover/autodiscover.xml starting 864 608707399 07/22/11 09:03:30 Autodiscover to https://server.trev.local/autodiscover/autodiscover.xml FAILED (0x80072F0C) test-outlookwebservices Id : 1003 Type : Information Message : About to test AutoDiscover with the e-mail address administrator@trev.com Id : 1007 Type : Information Message : Testing server MYGATESERVER.mygate.local with the published name https://server.trev.local/EWS/Exchange.asmx & https://mail.trev.com/EWS/Exchange.a smx. Id : 1019 Type : Information Message : Found a valid AutoDiscover service connection point. The AutoDiscover URL on this object is https://server.trev.local/autodiscover/autodiscover.xml. Id : 1006 Type : Information Message : The Autodiscover service was contacted at https://server.trev.local/autodiscover/autodiscover.xml. Id : 1016 Type : Success Message : [EXCH]-Successfully contacted the AS service at https://server.trev.local/EWS/Exchange.asmx. The elapsed time was 65 milliseconds. Id : 1015 Type : Success Message : [EXCH]-Successfully contacted the OAB service at https://server.trev.local/EWS/Exchange.asmx. The elapsed time was 0 milliseconds. Id : 1014 Type : Success Message : [EXCH]-Successfully contacted the UM service at https://server.trev.local/unifiedmessaging/service.asmx. The elapsed time was 999 milliseconds. Id : 1013 Type : Error Message : When contacting https://mail.trev.com/EWS/Exchange.asmx received the error The request failed with HTTP status 401: Unauthorized. Id : 1016 Type : Error Message : [EXPR]-Error when contacting the AS service at https://mail.trev.com/EWS/Exchange.asmx. The elapsed time was 499 milliseconds. Id : 1015 Type : Success Message : [EXPR]-Successfully contacted the OAB service at https://mail.trev.com/EWS/Exchange.asmx. The elapsed time was 0 milliseconds. Id : 1014 Type : Success Message : [EXPR]-Successfully contacted the UM service at https://mail.trev.com/unifiedmessaging/service.asmx. The elapsed time was 42 milliseconds. Id : 1013 Type : Error Message : When contacting https://mail.trev.com/Rpc received the error The remote server returned an error: (403) Forbidden. Id : 1017 Type : Error Message : [EXPR]-Error when contacting the RPC/HTTP service at https://mail.trev.com/Rpc. The elapsed time was 101 milliseconds. Id : 1006 Type : Success Message : The Autodiscover service was tested successfully. Id : 1021 Type : Information Message : The following web services generated errors. As, in EXPR Contacting server in EXPR Please use the prior output to diagnose and correct the errors. The online www.testexchangeconnectivity.com shows the following errors: 1.) Testing the SSL certificate to make sure it's valid. The SSL certificate failed one or more certificate validation checks. Test Steps ExRCA is attempting to obtain the SSL certificate from remote server trev.com on port 443. ExRCA wasn't able to obtain the remote SSL certificate. Additional Details The certificate couldn't be validated because SSL negotiation wasn't successful. This could have occurred as a result of a network error or because of a problem with the certificate installation. Attempting to test potential Autodiscover URL https://autodiscover.trev.com/AutoDiscover/AutoDiscover.xml Testing of this potential Autodiscover URL failed. 2.) Attempting to test potential Autodiscover URL https://mail.trev.com/Autodiscover/Autodiscover.xml Testing of this potential Autodiscover URL failed. Test Steps Attempting to resolve the host name mail.trev.com in DNS. The host name resolved successfully. Additional Details IP addresses returned: 1xx.xxx.xxx.xxx Testing TCP port 443 on host mail.trev.com to ensure it's listening and open. The port was opened successfully. Testing the SSL certificate to make sure it's valid. The SSL certificate failed one or more certificate validation checks. Test Steps ExRCA is attempting to obtain the SSL certificate from remote server mail.trev.com on port 443. ExRCA wasn't able to obtain the remote SSL certificate. Additional Details The certificate couldn't be validated because SSL negotiation wasn't successful. This could have occurred as a result of a network error or because of a problem with the certificate installation. A test Exchange Certificate returns: AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAccess Rule} CertificateDomains : {mail.trev.com, autodiscover.trev.com, trev.com, trev.local, remote.trev.com, server.trev.local} HasPrivateKey : True IsSelfSigned : False Can someone please tell me what the problem is? Is it a SSL Certificate misconfiguration or Autodiscover. Do I have to create any autodiscover record in the local trev.local DNS Zone? Pleasekindly assist. If you notice I change the Autodiscover Internal Url and webservicesvirtualdirectory to https://server.trev.local from mail.trev.com is this right? We are using a 3rd party certie as mentioned above with IMAP, POP, SMTP and IIS services. Please kindly assist. Thank you in advance

Hi, Here are my finds and suggestion: 1. The autodiscover service internal URL https://server.trev.local/autodiscover/autodiscover.xml was found through SCP; this is correct. 2. The internal URL above is resolved successfully but not accessible due to error 0x80072F0C, which means ERROR_INTERNET_CLIENT_AUTH_CERT_NEEDED; what’s why you are not able to access OOF and OAB in Outlook. However, you asked about if you should create a DNS record, so I guess the URL is pointing to another server instead of your CAS server. Therefore, I suggest you ping the URL above and make sure it is pointing to your CAS server’s internal IP address. 3. Regarding the Online test, it is a normal test and we need to analize the outcome with other test. I tested the URL https://trev.com & https://autodiscover.trev.com/AutoDiscover/AutoDiscover.xml; it returned different web pages, which are NOT expected. Moreover, it displays a certificate mismatch error, where *.gridserver.com is used. My suggestion is: a). Verify your External DNS record, and make sure the URL https://trev.com & https://autodiscover.trev.com/AutoDiscover/AutoDiscover.xml is pointing to the external IP address of your CAS server. b). Verify your CAS server’s virtual directory, make sure there is no any redirection or web application. Note that, an Exchange server should not contain any web application. c). Verify the certificate installed on your CAS server. See step5. 4. You received error 1016, 1013 & 10017, which is pointing to the external URL of the availability service and the URL of Outlook Anywhere; this may occur if the virtual directories is not correctly setup, or the certificate related issue. So, I’d suggest you verify the permission settings. See “Default settings for Exchange-related virtual directories in Exchange Server 2007”. Besides, verify and make sure the certificate for mail.trev.com is installed on the CAS server. 5. The outcome returned by the certificate test appears normal, the CN name is correct. However, there is not service items displays. So, run Get-ExchangeCertificate again on the CAS server, make sure this certificate with the CN names listed is enabled for IIS service. Good luck. Fiona