Exchange 2007 - CAS server, how does outlook 2007 determine what CAS server to use
I was troubleshooting a cross-forest availability issue, and ran across this. It's not really an issue, but more of a "why is this happening" issue.
We are Exchange 2007 SP1 UR9 running on server 2003 SP2. Clients are all Outlook 2007 SP2. Everything is working, has been working for quite some time (3 years). We have a cross-forest availability space set up for a partner company which has been set up for
2 years and working. No exchange changes made on either side allegedly (definitely on our side) except last week I renewed the certificates on our CAS servers. I have verified through logs that this has been happening for longer than that, it was just not
reported.
At any rate, when I run the "test email autoconfiguration" from the Outlook 2007 client, everything works, however, the CAS server it finds through SCP is not the expected one. The test succeeds, but it is a CAS in another AD site. Also when I do a "test-outlookwebservices",
the default CAS that it uses is the one in the other AD site, but it does succeed. I can force test-outlookwebservices to use a specific CAS in my site by using the -clientaccessserver switch, and it succeeds as well, but it has me wondering, why is it using
the CAS in this other AD site. It's bizzare that this is happening. It seems all my outlook clients are using autodiscover off of a CAS in another AD site, across a 10MB wan link rather than locally here on a fast 1GB LAN. I thought something might be funky
on our CAS servers, so I restarted the AD topology service and IIS on the CAS servers here at my central site, but it has not made any effect.
Why is this happening, any suggestions as to what I can do to troubleshoot. Again, everything seems to be working except this cross-forest availability service, but this is definetly not right and I think it may be contributing to this issue I am seeing to
the cross-forest availability.
June 13th, 2011 3:05pm
Here are the results from my EMC:
1. Test1 checking cross-forest free-busy
[PS] C:\>Test-OutlookWebServices -Identity troy12n@mydomain.org -TargetAddress spencerr@theirdomain.org -ClientAccessServer hubsite-cas1 | ft -AutoSize
Id Type Message
-- ---- -------
1003 Information About to test AutoDiscover with the e-mail address troy12n@mydomain.org.
1007 Information Testing server hubsite-cas1.mydomain.local with the published name https://autodiscover.mydomain.org/ews/exchange.asmx & https://autodiscover.mydomain.org/ews/exchange.asmx.
1019 Information Found a valid AutoDiscover service connection point. The AutoDiscover URL on this object is https://hubsite-cas1.mydomain.local/Autodiscover/Autodiscover.xml.
1006 Information The Autodiscover service was contacted at https://hubsite-cas1.mydomain.local/Autodiscover/Autodiscover.xml.
1011 Error When querying Availability for SPENCERR@theirdomain.org received 5027:
1016 Error [EXCH]-Error when contacting the AS service at https://autodiscover.mydomain.org/ews/exchange.asmx. The elapsed time was 0 milliseconds.
1015 Success [EXCH]-Successfully contacted the OAB service at https://autodiscover.mydomain.org/ews/exchange.asmx. The elapsed time was 0 milliseconds.
1014 Success [EXCH]-Successfully contacted the UM service at https://hubsite-cas1.mydomain.local/UnifiedMessaging/Service.asmx. The elapsed time was 0 milliseconds.
1011 Error When querying Availability for SPENCERR@theirdomain.org received 5027:
1016 Error [EXPR]-Error when contacting the AS service at https://autodiscover.mydomain.org/ews/exchange.asmx. The elapsed time was 15 milliseconds.
1015 Information [EXPR]-The OAB is not configured for this user.
1014 Information [EXPR]-The UM is not configured for this user.
1017 Success [EXPR]-Successfully contacted the RPC/HTTP service at https://autodiscover.mydomain.org/Rpc. The elapsed time was 0 milliseconds.
1006 Success The Autodiscover service was tested successfully.
1021 Information The following web services generated errors....
2. Test2 checking free busy on a local exchange account
[PS] C:\>Test-OutlookWebServices -Identity troy12n@mydomain.org -TargetAddress caryers@mydomain.org -ClientAccessServer hubsite-cas1 | ft -AutoSize
Id Type Message
-- ---- -------
1003 Information About to test AutoDiscover with the e-mail address troy12n@mydomain.org.
1007 Information Testing server hubsite-cas1.mydomain.local with the published name https://autodiscover.mydomain.org/ews/exchange.asmx & https://autodiscover.mydomain.org/ews/exchange.asmx.
1019 Information Found a valid AutoDiscover service connection point. The AutoDiscover URL on this object is https://hubsite-cas1.mydomain.local/Autodiscover/Autodiscover.xml.
1006 Information The Autodiscover service was contacted at https://hubsite-cas1.mydomain.local/Autodiscover/Autodiscover.xml.
1016 Success [EXCH]-Successfully contacted the AS service at https://autodiscover.mydomain.org/ews/exchange.asmx. The elapsed time was 31 milliseconds.
1015 Success [EXCH]-Successfully contacted the OAB service at https://autodiscover.mydomain.org/ews/exchange.asmx. The elapsed time was 0 milliseconds.
1014 Success [EXCH]-Successfully contacted the UM service at https://hubsite-cas1.mydomain.local/UnifiedMessaging/Service.asmx. The elapsed time was 15 milliseconds.
1016 Success [EXPR]-Successfully contacted the AS service at https://autodiscover.mydomain.org/ews/exchange.asmx. The elapsed time was 140 milliseconds.
1015 Information [EXPR]-The OAB is not configured for this user.
1014 Information [EXPR]-The UM is not configured for this user.
1017 Success [EXPR]-Successfully contacted the RPC/HTTP service at https://autodiscover.mydomain.org/Rpc. The elapsed time was 187 milliseconds.
1006 Success The Autodiscover service was tested successfully.
3. Test3 same check without the -clientaccessserver switch
[PS] C:\>Test-OutlookWebServices -Identity troy12n@mydomain.org -TargetAddress caryers@mydomain.org | ft -AutoSize
Id Type Message
-- ---- -------
1003 Information About to test AutoDiscover with the e-mail address troy12n@mydomain.org.
1006 Information The Autodiscover service was contacted at https://remotesitecas.mydomain.local/Autodiscover/Autodiscover.xml.
1016 Success [EXCH]-Successfully contacted the AS service at https://autodiscover.mydomain.org/ews/exchange.asmx. The elapsed time was 375 milliseconds.
1015 Success [EXCH]-Successfully contacted the OAB service at https://autodiscover.mydomain.org/ews/exchange.asmx. The elapsed time was 0 milliseconds.
1014 Success [EXCH]-Successfully contacted the UM service at https://hubsite-cas1.mydomain.local/UnifiedMessaging/Service.asmx. The elapsed time was 31 milliseconds.
1016 Success [EXPR]-Successfully contacted the AS service at https://autodiscover.mydomain.org/ews/exchange.asmx. The elapsed time was 46 milliseconds.
1015 Information [EXPR]-The OAB is not configured for this user.
1014 Information [EXPR]-The UM is not configured for this user.
1017 Success [EXPR]-Successfully contacted the RPC/HTTP service at https://autodiscover.mydomain.org/Rpc. The elapsed time was 156 milliseconds.
1006 Success The Autodiscover service was tested successfully.
[PS] C:\>Get-AvailabilityAddressSpace
Name AccessMethod
---- ------------
theirdomain.org OrgWideFB
Free Windows Admin Tool Kit Click here and download it now
June 13th, 2011 3:14pm
I just noticed on thing when doing a get-clientaccessserver |fl
Under AutoDiscoverSiteScope, I see HUBSITE, I am expecting this to be REMOTESITE. I did verify in sites and services that the subnets are set up correctly and only in that remote AD site. How does this variable site scope get set???
[PS] C:\>Get-ClientAccessServer -Identity remotesitecas |fl
Name : remotesitecas
OutlookAnywhereEnabled : False
AutoDiscoverServiceCN : remotesitecas
AutoDiscoverServiceClassName : ms-Exchange-AutoDiscover-Service
AutoDiscoverServiceInternalUri : https://remotesitecas.mydomain.local/Autodiscover/Autodiscover.xml
AutoDiscoverServiceGuid : 77378f46-2c66-4aa9-a6a6-3e7a48b19596
AutoDiscoverSiteScope :
{HUBSITE}
IsValid : True
OriginatingServer : HUBSITE-DC3.mydomain.local
ExchangeVersion : 0.1 (8.0.535.0)
DistinguishedName : CN=remotesitecas,CN=Servers,CN=Exchange localministrative Group (FYDIBOHF23SPDLT),CN=localministrative Groups,CN=mydomain,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=mydomain,DC=local
Identity : remotesitecas
Guid : 6e55449c-268f-4a96-b24b-632fd09d4822
ObjectCategory : mydomain.ocal/Configuration/Schema/ms-Exch-Exchange-Server
ObjectClass : {top, server, msExchExchangeServer}
WhenChanged : 6/7/2011 6:32:22 PM
WhenCreated : 3/9/2009 3:24:09 PM
June 13th, 2011 4:41pm
I see I can do a set-clientaccessserver -id "servername" -autodiscoversitescope "remotesite" to manually set this, but I am curious to see how this got changed or populated with this info. Any danger in changing, also I assume I have to bounce IIS.
Set-ClientAccessServer -Identity "ServerName" -AutodiscoverServiceInternalURI "https://internalsitename/autodiscover/autodiscover.xml" AutodiscoverSiteScope "SiteName"
Free Windows Admin Tool Kit Click here and download it now
June 13th, 2011 4:46pm
Anyone have any suggestions>?
June 15th, 2011 10:44am
Sounds like autodiscover URI differences.
If you have multiple CAS servers then you need to ensure that they are all returning the same information in the site.
Check get-clientaccessserver for the value of autodiscoverserviceinternaluri.
In my view the value should be the same for all servers in the AD site, if you are using a Site Scope. If you aren't, then the same value across all CAS servers. Correct it. It should match one of the host names on your certificate to ensure there are no
errors from the clients.
Simon.
Simon Butler, Exchange MVP
Blog |
Exchange Resources | In the UK?
Hire Me.
Free Windows Admin Tool Kit Click here and download it now
June 15th, 2011 12:09pm
here is the results, names changed to protect the innocent:
[PS] C:\>Get-ClientAccessServer | ft name, autodiscoverserviceinternaluri
Name
AutoDiscoverServiceInternalUri
----
------------------------------
hubsite-CAS1
https://hubsite-cas1.mydomain.local/Autodiscover/Autodiscover.xml
hubsite-CAS2
https://hubsite-cas2.mydomain.local/Autodiscover/Autodiscover.xml
remotesite1-CAS1
https://remotesite1-cas1.mydomain.local/Autodiscover/Autodiscover.xml
remotesite1-CAS2
https://remotesite1-cas2.mydomain.local/Autodiscover/Autodiscover.xml
remotesite2-cas
https://remotesite2-cas.mydomain.local/Autodiscover/Autodiscover.xml
When you say site scope, I was under the impression that was enabled by default, how can I verify these settings. When you do a get-clientaccessserver, under AutoDiscoverSiteScope, 1 of my CAS servers has the "scope" set to my hub site AD site, the other
2 have their local AD site set. When I do a "get-ADSite", I do not have any "Hub Site" set, but I was under the impression this setting was for mail routing, not autodiscover.
You are recommending setting the internaluri to something like https://autodiscover.mydomain.local/autodiscover/autodiscover.xml ??
That is doable, but would require me to regenerate certs, as my hubsites I dont think have the subject alternate names of autodisover on them.
I appreciate you getting back to me.
June 15th, 2011 1:28pm
Since there are several AD sites, it’s recommended to use site affinity for the Autodiscover service for intranet-based traffic. To use site affinity, you specify
which Active Directory sites are preferred for clients to connect to a particular Autodiscover service instance. Specifying which Active Directory sites are preferred is also known as configuring site scope.
For more information, please refer to the following article:
http://technet.microsoft.com/en-us/library/bb332063(EXCHG.80).aspx
Thanks.
Novak
Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
June 16th, 2011 10:25pm