So I've finally had a chance to come back and finish off our 2003 to 2007 migration. Last week I uninstalled our old Exchange 2003 cluster and powered off the servers. Since then, people have noticed that out-of-office autoreplies are not being sent, even though the setting is enabled. We tried getting our users to set it through webmail and on their Blackberry devices as well and nothing worked. I did some troubleshooting and decided since we're running CAS and Hub roles on the same server (named MSG01) and the server was known externally as webmail, I needed to get a UC certificate. I obtained one quickly, it now specifies the OWA address, the internal server name, the name mail.mydomain.com, and autodiscover.mydomain.com. I tested OWA using the internal and external addresses - certificate is installed and working properly, no drama. But OOF was still broken. I right-clicked the Outlook tray icon and did a "Test autoconfiguration" and it failed on a few services. I followed the Exchange 2007 Autoconfiguration Service whitepaper here: http://technet.microsoft.com/en-us/library/bb332063(EXCHG.80).aspx for configuring the services, and the last few pages in particular cleared up almost all the problems. However, Out-Of-Office still doesn't work. Furthermore, when I run a Test-OutlookWebServices | fl, I get the following output: [PS] C:\Windows\System32>test-outlookwebservices | fl Id : 1003 Type : Information Message : About to test AutoDiscover with the e-mail address administrator@mydomain.com. Id : 1007 Type : Information Message : Testing server MSG01.mydomain.com with the published name https://msg01.mydomain.com/ews/exchange.asmx & https://webmail.mydomain.com/ews/exchange.asmx. Id : 1019 Type : Information Message : Found a valid AutoDiscover service connection point. The AutoDiscover URL on this object is https://msg01.mydomain.com/autodiscover/autodiscover.xml. Id : 1006 Type : Information Message : The Autodiscover service was contacted at https://msg01.mydomain.com/autodiscover/autodiscover.xml. Id : 1016 Type : Success Message : [EXCH]-Successfully contacted the AS service at https://msg01.mydomain.com/ews/exchange.asmx. The elapsed time was 31 milliseconds. Id : 1015 Type : Success Message : [EXCH]-Successfully contacted the OAB service at https://msg01.mydomain.com/ews/exchange.asmx. The elapsed time was 0 milliseconds. Id : 1014 Type : Success Message : [EXCH]-Successfully contacted the UM service at https://msg01.mydomain.com/unifiedmessaging/service.asmx. The elapsed time was 15 milliseconds. Id : 1013 Type : Error Message : When contacting https://webmail.mydomain.com/ews/exchange.asmx received the error The request failed with HTTP status 401: Unauthorized. Id : 1016 Type : Error Message : [EXPR]-Error when contacting the AS service at https://webmail.mydomain.com/ews/exchange.asmx. The elapsed time was 125 milliseconds. Id : 1015 Type : Success Message : [EXPR]-Successfully contacted the OAB service at https://webmail.mydomain.com/ews/exchange.asmx. The elapsed time was 0 milliseconds. Id : 1014 Type : Success Message : [EXPR]-Successfully contacted the UM service at https://webmail.mydomain.com/unifiedmessaging/service.asmx. The elapsed time was 0 milliseconds. Id : 1017 Type : Success Message : [EXPR]-Successfully contacted the RPC/HTTP service at https://webmail.mydomain.com/Rpc. The elapsed time was 0 milliseconds. Id : 1006 Type : Success Message : The Autodiscover service was tested successfully. Id : 1021 Type : Information Message : The following web services generated errors. As in EXPR Please use the prior output to diagnose and correct the errors. Looking immediately at the Security event log, I see three authentication failures in the same second corresponding with running the command (the log is free from authentication failures aside from these). The authentication failures list the admin account I'm logged in with as the user name, which is a domain/enterprise/full exchange admin (I used it to install Exchange 2007), so I don't think it's a permissions issue. I can run the command over and over again and generate the same trio of 4625's in the Security event log. What appears odd to me is that AS failed with 401: Unauthorized, but OAB to the same address gives no errors, and neither does the UM and RPC/HTTP services connecting using the same external server name. It's just EWS/Autodiscover that generates the error. I'm assuming that authentication failure means there is a configuration issue somewhere, maybe in IIS, and that is the source of my OOF problems. This is the information I have for my Autodiscover virtual directory: [PS] C:\Windows\System32>Get-AutodiscoverVirtualDirectory | fl Name : Autodiscover (Default Web Site) InternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated} ExternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated} BasicAuthentication : True DigestAuthentication : False WindowsAuthentication : True MetabasePath : IIS://MSG01.mydomain.com/W3SVC/1/ROOT/Autodiscove r Path : C:\Program Files\Microsoft\Exchange Server\Clie ntAccess\Autodiscover Server : MSG01 InternalUrl : ExternalUrl : AdminDisplayName : ExchangeVersion : 0.1 (8.0.535.0) DistinguishedName : CN=Autodiscover (Default Web Site),CN=HTTP,CN=P rotocols,CN=MSG01,CN=Servers,CN=Exchange Admini strative Group (FYDIBOHF23SPDLT),CN=Administrat ive Groups,CN=mydomain Industries Ltd,CN=Microsof t Exchange,CN=Services,CN=Configuration,DC=macd on,DC=com Identity : MSG01\Autodiscover (Default Web Site) Guid : 8772130c-4953-44fc-bc34-fe4d598ba04c ObjectCategory : mydomain.com/Configuration/Schema/ms-Exch-Auto-Di scover-Virtual-Directory ObjectClass : {top, msExchVirtualDirectory, msExchAutoDiscove rVirtualDirectory} WhenChanged : 9/9/2009 10:05:26 PM WhenCreated : 9/9/2009 10:05:26 PM OriginatingServer : mydomaingcs.mydomain.com IsValid : True Looking at this, the internalurl and externalurl information is not set. So I run the command: [PS] C:\Windows\System32>Set-AutodiscoverVirtualDirectory -identity "MSG01\Autod iscover (Default Web Site)" -basicauthentication:$True -internalurl https://msg0 1.mydomain.com/autodiscover/autodiscover.xml -externalurl https://webmail.mydomain.c om/autodiscover/autodiscover.xml [PS] C:\Windows\System32>Get-AutodiscoverVirtualDirectory | fl Name : Autodiscover (Default Web Site) InternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated} ExternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated} BasicAuthentication : True DigestAuthentication : False WindowsAuthentication : True MetabasePath : IIS://MSG01.mydomain.com/W3SVC/1/ROOT/Autodiscove r Path : C:\Program Files\Microsoft\Exchange Server\Clie ntAccess\Autodiscover Server : MSG01 InternalUrl : https://msg01.mydomain.com/autodiscover/autodisco ver.xml ExternalUrl : https://webmail.mydomain.com/autodiscover/autodis cover.xml AdminDisplayName : ExchangeVersion : 0.1 (8.0.535.0) DistinguishedName : CN=Autodiscover (Default Web Site),CN=HTTP,CN=P rotocols,CN=MSG01,CN=Servers,CN=Exchange Admini strative Group (FYDIBOHF23SPDLT),CN=Administrat ive Groups,CN=mydomain Industries Ltd,CN=Microsof t Exchange,CN=Services,CN=Configuration,DC=macd on,DC=com Identity : MSG01\Autodiscover (Default Web Site) Guid : 8772130c-4953-44fc-bc34-fe4d598ba04c ObjectCategory : mydomain.com/Configuration/Schema/ms-Exch-Auto-Di scover-Virtual-Directory ObjectClass : {top, msExchVirtualDirectory, msExchAutoDiscove rVirtualDirectory} WhenChanged : 7/24/2010 3:16:10 PM WhenCreated : 9/9/2009 10:05:26 PM OriginatingServer : mydomaingcs.mydomain.com IsValid : True Ok, so now that looks how it should, I think. I run the Test-OutlookWebServices and get the same error. Grrr. Okay, lets check the EWS virtual directory since that is the URL that shows up for whatever reason: [PS] C:\Windows\System32>Get-WebServicesVirtualDirectory | fl InternalNLBBypassUrl : https://msg01.mydomain.com/ews/exchange.asmx Name : EWS (Default Web Site) InternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated} ExternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated} BasicAuthentication : True DigestAuthentication : False WindowsAuthentication : True MetabasePath : IIS://MSG01.mydomain.com/W3SVC/1/ROOT/EWS Path : C:\Program Files\Microsoft\Exchange Server\Clie ntAccess\exchweb\EWS Server : MSG01 InternalUrl : https://msg01.mydomain.com/ews/exchange.asmx ExternalUrl : https://webmail.mydomain.com/ews/exchange.asmx AdminDisplayName : ExchangeVersion : 0.1 (8.0.535.0) DistinguishedName : CN=EWS (Default Web Site),CN=HTTP,CN=Protocols, CN=MSG01,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Group s,CN=mydomain Industries Ltd,CN=Microsoft Exchang e,CN=Services,CN=Configuration,DC=mydomain,DC=com Identity : MSG01\EWS (Default Web Site) Guid : e7be7d58-3cd9-447e-a846-0925838e30ed ObjectCategory : mydomain.com/Configuration/Schema/ms-Exch-Web-Ser vices-Virtual-Directory ObjectClass : {top, msExchVirtualDirectory, msExchWebServices VirtualDirectory} WhenChanged : 7/23/2010 3:42:02 PM WhenCreated : 9/9/2009 10:05:33 PM OriginatingServer : mydomaingcs.mydomain.com IsValid : True ...And that looks the way it's supposed to from my perspective. I'm sort of at my limits as far ____ understanding the Autodiscover service here, hopefully someone can shed a bit more light on this for me, why am I seeing 401: Unauthorized and corresponding authentication failures when trying to run the Test-OutlookWebServices command, and is this why my OOF is broken? Thanks!

Does it work if you are external to the network? Can you Ctrl-RightClick on the Outlook icon in the systray and select Test Email AutoConfiguration and post the results? You can uncheck the two Guessmart check boxes. Tim Harrington - Catapult Systems - http://HowDoUC.blogspot.com

I configured Outlook for Outlook Anywhere functionality and pointed it at my OWA address, Outlook Anywhere worked, but trying the autodiscover service failed - it couldn't resolve the name autodiscover.mydomain.com externally. I added the IP address for my OWA site in my hosts file with the name autodiscover.mydomain.com and it was able to resolve the address and autoconfiguration worked properly. The addresses under Exchange RPC and Exchange HTTP are all correct, Availability Service, OOF URL, OAB URL, and UM addresses are listed correctly for internal and external users. Here is the XML output from the Test Email Autoconfiguration when connected using Outlook Anywhere: <?xml version="1.0" encoding="utf-8"?> <Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006"> <Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a"> <User> <DisplayName>Mike B</DisplayName> <LegacyDN>/O=mydomain Industries Ltd./OU=mydomain/cn=Recipients/cn=MB</LegacyDN> <DeploymentId>85ae2fd3-0f2e-4174-9ff1-bef6cebdb5df</DeploymentId> </User> <Account> <AccountType>email</AccountType> <Action>settings</Action> <Protocol> <Type>EXCH</Type> <Server>EXCH01.mydomain.com</Server> <ServerDN>/o=mydomain Industries Ltd./ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=EXCH01</ServerDN> <ServerVersion>720280B0</ServerVersion> <MdbDN>/o=mydomain Industries Ltd./ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=EXCH01/cn=Microsoft Private MDB</MdbDN> <PublicFolderServer>EXCH01.mydomain.com</PublicFolderServer> <AD>DC01.mydomain.com</AD> <ASUrl>https://msg01.mydomain.com/ews/exchange.asmx</ASUrl> <EwsUrl>https://msg01.mydomain.com/ews/exchange.asmx</EwsUrl> <OOFUrl>https://msg01.mydomain.com/ews/exchange.asmx</OOFUrl> <UMUrl>https://msg01.mydomain.com/unifiedmessaging/service.asmx</UMUrl> <OABUrl>https://msg01.mydomain.com/oab/b7c25ace-d1a0-4814-a8af-8c45ab588e67/</OABUrl> </Protocol> <Protocol> <Type>EXPR</Type> <Server>webmail.mydomain.com</Server> <SSL>On</SSL> <AuthPackage>Basic</AuthPackage> <ASUrl>https://webmail.mydomain.com/ews/exchange.asmx</ASUrl> <EwsUrl>https://webmail.mydomain.com/ews/exchange.asmx</EwsUrl> <OOFUrl>https://webmail.mydomain.com/ews/exchange.asmx</OOFUrl> <UMUrl>https://webmail.mydomain.com/unifiedmessaging/service.asmx</UMUrl> <OABUrl>https://webmail.mydomain.com/oab/b7c25ace-d1a0-4814-a8af-8c45ab588e67/</OABUrl> </Protocol> <Protocol> <Type>WEB</Type> <External> <OWAUrl AuthenticationMethod="Fba">https://webmail.mydomain.com/owa</OWAUrl> <Protocol> <Type>EXPR</Type> <ASUrl>https://webmail.mydomain.com/ews/exchange.asmx</ASUrl> </Protocol> </External> <Internal> <OWAUrl AuthenticationMethod="Basic, Fba">https://msg01.mydomain.com/owa</OWAUrl> <Protocol> <Type>EXCH</Type> <ASUrl>https://msg01.mydomain.com/ews/exchange.asmx</ASUrl> </Protocol> </Internal> </Protocol> </Account> </Response> </Autodiscover> So all of this works, but I still get the same errors running Test-OutlookWebServices and OOF still doesn't work...

So is everything working if you are external to the network, using Outlook anywhere (sorry, it was unclear)? Can you add the autodiscover to your external DNS and run the test from https://www.testexchangeconnectivity.com/Default.aspx Check out this link, describes why you are seeing the 401 error when running the test from your CAS server: http://www.exchange-genie.com/2007/07/401-error-when-attempting-test-outlookwebservices/Tim Harrington - Catapult Systems - http://HowDoUC.blogspot.com

No, the original problem still persists. After all the changes, Outlook Anywhere (previously not enabled) is now working, but that wasn't really a problem since we weren't using it. OOF is still broken. If I set it from OWA externally or from a mailbox through Outlook internally or Outlook Anywhere externally, it does not send out autoreplies to anyone. When I run the tests for Exchange Web Services I get this for OOF results: Setting and retrieving user OOF settings Successfully set and retrieved user OOF settings Which means it appears to be working. But I can enable and disable OOF just fine and the status shows up fine in Outlook and OWA. The problem is that the messages themselves aren't being sent. I do not have an external record for Autodiscover to point to my OWA server so am manually specifying the server address, but I can't see how having the record would differ in terms of results (we never planned to use Outlook Anywhere so never bothered to create a record for Autodiscover even though our UC certificate supports it). I will look into it. I've followed through all the information in that Exchange-Genie link when I originally started investigating the issue, unfortunately it hasn't helped too much - whenever I found something that looked like it might point to the issue I was unable to find something wrong.

More information, I decided to look into the Audit Failures in the Security Event Log a bit further. I noticed there were some additional errors in the System Event Log similar to this: The program w3wp.exe, with the assigned process ID 1380, could not authenticate locally by using the target name HTTP/webmail.mydomain.com. The target name used is not valid. A target name should refer to one of the local computer names, for example, the DNS host name. So I did a setspn -a http/webmail.mydomain.com msg01 Now the webmail address shows up in the SPN list. When I run Test-OutlookWebServices, I no longer get any Audit Failures in the Security Event Log, and the output from that command has changed: [PS] C:\Windows\System32>test-outlookwebservices -identity mymailbox | fl Id : 1003 Type : Information Message : About to test AutoDiscover with the e-mail address Mymailbox@mydomain.co m. Id : 1006 Type : Information Message : The Autodiscover service was contacted at https://msg01.mydomain.com/au todiscover/autodiscover.xml. Id : 1016 Type : Success Message : [EXCH]-Successfully contacted the AS service at https://msg01.mydomain. com/ews/exchange.asmx. The elapsed time was 312 milliseconds. Id : 1015 Type : Success Message : [EXCH]-Successfully contacted the OAB service at https://msg01.mydomain .com/ews/exchange.asmx. The elapsed time was 0 milliseconds. Id : 1014 Type : Success Message : [EXCH]-Successfully contacted the UM service at https://msg01.mydomain. com/unifiedmessaging/service.asmx. The elapsed time was 15 millisecon ds. Id : 1016 Type : Success Message : [EXPR]-Successfully contacted the AS service at https://webmail.mydomai n.com/ews/exchange.asmx. The elapsed time was 46 milliseconds. Id : 1015 Type : Success Message : [EXPR]-Successfully contacted the OAB service at https://webmail.mydomai on.com/ews/exchange.asmx. The elapsed time was 0 milliseconds. Id : 1014 Type : Success Message : [EXPR]-Successfully contacted the UM service at https://webmail.mydomai n.com/unifiedmessaging/service.asmx. The elapsed time was 0 milliseco nds. Id : 1013 Type : Error Message : When contacting https://webmail.mydomain.com/Rpc received the error The server committed a protocol violation. Section=ResponseStatusLine Id : 1017 Type : Error Message : [EXPR]-Error when contacting the RPC/HTTP service at https://webmail. mydomain.com/Rpc. The elapsed time was 0 milliseconds. Id : 1006 Type : Success Message : The Autodiscover service was tested successfully. Id : 1021 Type : Information Message : The following web services generated errors. Contacting server in EXPR Please use the prior output to diagnose and correct the errors. Now it looks like a problem with the RPC/HTTP service, and OOF still doesn't work at all. Now, I have an internal Alias record which redirects webmail.mydomain.com to msg01.mydomain.com. That way users can use a shortcut on their desktop to get to webmail regardless if their internal or external. Do I need to remove this record to ensure DNS isn't a factor here? Not really sure how this all relates, but it would appear to me anyways that the "external" addresses aren't actually being resolved externally, they're just being handled by internal DNS.

Scratch that, it LOOKED good until I realised I had the local IP address for webmail.mydomain.com in my hosts file. As soon as I removed it, Test-OutlookWebServices failed on ALL external requests. Not sure if it needs to be pointing at the local address or not, but I'm thinking I'll have to bite the bullet on this one and call MS support... :(

When OOF does not work for me then there are two things I look at first: 1. Ensure that the FQDN of the CAS server is in the bypass proxy exclusion list in IE. 2. When you execute the "Test Email Autoconfiguration" via the Outlook icon on the clients machine look at the log tab and see what errors you see there and work from there. BTW, the Offline Address Book should also not be working if you try to download it.

I am having a similar issue - did you ever resolve this - what was the fix? Thanks

Hi, I had same issue tried all above steps no use ...finally re install CAS role ....now everything working fine only you need to update license key...Just one hour work JThanks, GJ

Hi, I had same issue tried all above steps no use ...finally re install CAS role ....now everything working fine only you need to update license key...Just one hour work JThanks, GJ