I have gone to my wits end with this problem and I figured I would post here before screwing up my server some more. At this point any DOMAIN COMPUTER cannot log onto Exchange remotely on Outlook Anywhere, through the local users account or the domain account. I CAN set up an entirely new account on a non-domain members computer and it will sync all the mail, contacts and everything that OutlookAnywhere should do. When logged on to a local user, connecting via a remote connection it will tell me the proxy certificate is invalid and continuously asks me to authenticate. Same with the domain user. I have flushed the DNS and rebooted the computer, no such luck. There is a TMG firewall on the edge of the network and I am guessing that has a little to do with it. The TMG SSL listener is configured for HTTP Auth with Basic. The OA rule has Basic Auth and is listening on port 443. Here is what "testexchangeconnectivity" brought me. Connectivity Test Failed Test Details Attempting to test Autodiscover for tino@domain.tld Testing Autodiscover failed Test Steps Attempting each method of contacting the AutoDiscover Service Failed to contact the AutoDiscover service successfully by any method Test Steps Attempting to test potential AutoDiscover URL https://domain.tld/AutoDiscover/AutoDiscover.xml Failed testing this potential AutoDiscover URL Test Steps Attempting to resolve the host name domain.tld in DNS. Host successfully resolved Additional Details IP(s) returned: "MyIPAddress" Testing TCP Port 443 on host domain.tld to ensure it is listening and open. The port was opened successfully. Testing SSL Certificate for validity. The SSL Certificate failed one or more certificate validation checks. Test Steps Validating certificate name Successfully validated the certificate name Additional Details Found hostname domain.tld in Certificate Subject Alternative Name entry Validating certificate trust Certificate trust validation failed Tell me more about this issue and how to resolve it Additional Details The certificate chain did not end in a trusted root. Root = CN=StartCom Certification Authority, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL Attempting to test potential AutoDiscover URL https://autodiscover.domain.tld/AutoDiscover/AutoDiscover.xml Failed testing this potential AutoDiscover URL Test Steps Attempting to resolve the host name autodiscover.domain.tld in DNS. Host successfully resolved Additional Details IP(s) returned: "MyIPAddress" Testing TCP Port 443 on host autodiscover.domain.tld to ensure it is listening and open. The port was opened successfully. Testing SSL Certificate for validity. The SSL Certificate failed one or more certificate validation checks. Test Steps Validating certificate name Successfully validated the certificate name Additional Details Found hostname autodiscover.domain.tld is a Wildcard Certificate match for Common name: *.domain.tld Validating certificate trust Certificate trust validation failed Tell me more about this issue and how to resolve it Additional Details The certificate chain did not end in a trusted root. Root = CN=StartCom Certification Authority, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL Attempting to contact the AutoDiscover service using the HTTP redirect method. Failed to contact AutoDiscover using the HTTP Redirect method Test Steps Attempting to resolve the host name autodiscover.domain.tld in DNS. Host successfully resolved Additional Details IP(s) returned: "MyIPAddress" Testing TCP Port 80 on host autodiscover.domain.tld to ensure it is listening and open. The port was opened successfully. Checking Host autodiscover.domain.tld for an HTTP redirect to AutoDiscover Failed to get an HTTP redirect response for AutoDiscover Tell me more about this issue and how to resolve it Additional Details An HTTP 403 was received because ISA denied the specified URL Attempting to contact the AutoDiscover service using the DNS SRV redirect method. Failed to contact AutoDiscover using the DNS SRV redirect method. Test Steps Attempting to locate SRV record _autodiscover._tcp.domain.tld in DNS. Failed to find AutoDiscover SRV record in DNS. Tell me more about this issue and how to resolve it © 2009 Microsoft | Forum | Version 1.0 | Feedback | Privacy | Legal Error Exchange Remote Connectivity Analyzer has encountered an error. The entire error report is listed below Show Report Hide Report

On Fri, 14 May 2010 18:05:09 +0000, abuttino wrote: > > >I have gone to my wits end with this problem and I figured I would post here before screwing up my server some more. > >At this point any DOMAIN COMPUTER cannot log onto Exchange remotely on Outlook Anywhere, through the local users account or the domain account. > >I CAN set up an entirely new account on a non-domain members computer and it will sync all the mail, contacts and everything that OutlookAnywhere should do. > >When logged on to a local user, connecting via a remote connection it will tell me the proxy certificate is invalid and continuously asks me to authenticate. Same with the domain user. > >I have flushed the DNS and rebooted the computer, no such luck. > >There is a TMG firewall on the edge of the network and I am guessing that has a little to do with it. > >The TMG SSL listener is configured for HTTP Auth with Basic. The OA rule has Basic Auth and is listening on port 443. What certificate is installed on the TMG server, and what certificate is the listener using? --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP

The listener and the TMG server certificate are all the same wildcard issued by startssl.com and have a certifying authority as well as a intermediate cert. I did get this fixed by editing the proxy server info on outlook, not having to change anything in Exchange, IIS or GPO. The question I have now is, can RDWeb co-exist with Exchange or should I leave that job for another server.