Having problems with Autodiscovery Service
Hi,
I'm having problems to get working Autodiscovery Service from outside the corporate network.
The Scenario is the following:
Exchange 2010 Server with all roles being published through TMG.
From outside the network all is working nicely, except the autoconfiguration of Outlook 2007.
OWA is working fine, and Outlook Anywhere (manually configured) also works great. Certificates are correctly configured, and no error is reported when i use the "Test Autoconfiguration" from outlook
If i use the Test-OutlookWebServices PS command from the server (the server can resolve all the possible fqdn) the result is the following (in bold the error):
[PS] C:\Windows\system32>Test-OutlookWebServices |fl
RunspaceId : ec215358-e3db-442a-a75e-c6c328486277
Id : 1019
Type : Information
Message : A valid Autodiscover service connection point was found. The Autodiscover URL on this object is
https://tueris.cgnexd.cgn/autodiscover/autodiscover.xml.
RunspaceId : ec215358-e3db-442a-a75e-c6c328486277
Id : 1006
Type : Information
Message : Contacted the Autodiscover service at https://tueris.cgnexd.cgn/autodiscover/autodiscover.xml.
RunspaceId : ec215358-e3db-442a-a75e-c6c328486277
Id : 1016
Type : Information
Message : [EXCH] The AS is configured for this user in the AutoDiscover response received from
https://tueris.cgnexd.cgn/autodiscover/autodiscover.xml.
RunspaceId : ec215358-e3db-442a-a75e-c6c328486277
Id : 1015
Type : Information
Message : [EXCH] The OAB is configured for this user in the AutoDiscover response received from
https://tueris.cgnexd.cgn/autodiscover/autodiscover.xml.
RunspaceId : ec215358-e3db-442a-a75e-c6c328486277
Id : 1014
Type : Information
Message : [EXCH] The UM is configured for this user in the AutoDiscover response received from
https://tueris.cgnexd.cgn/autodiscover/autodiscover.xml.
RunspaceId : ec215358-e3db-442a-a75e-c6c328486277
Id : 1016
Type : Information
Message : [EXPR] The AS is configured for this user in the AutoDiscover response received from
https://tueris.cgnexd.cgn/autodiscover/autodiscover.xml.
RunspaceId : ec215358-e3db-442a-a75e-c6c328486277
Id : 1015
Type : Information
Message : [EXPR] The OAB is configured for this user in the AutoDiscover response received from
https://tueris.cgnexd.cgn/autodiscover/autodiscover.xml.
RunspaceId : ec215358-e3db-442a-a75e-c6c328486277
Id : 1014
Type : Information
Message : [EXPR] The UM is configured for this user in the AutoDiscover response received from
https://tueris.cgnexd.cgn/autodiscover/autodiscover.xml.
RunspaceId : ec215358-e3db-442a-a75e-c6c328486277
Id : 1022
Type : Success
Message : Autodiscover was tested successfully.
RunspaceId : ec215358-e3db-442a-a75e-c6c328486277
Id : 1024
Type : Success
Message : [EXCH] Successfully contacted the AS service at
https://tueris.cgnexd.cgn/EWS/Exchange.asmx. The elapsed time was 62 milliseconds.
RunspaceId : ec215358-e3db-442a-a75e-c6c328486277
Id : 1026
Type : Success
Message : [EXCH] Successfully contacted the UM service at
https://tueris.cgnexd.cgn/EWS/Exchange.asmx. The elapsed time was 15 milliseconds.
RunspaceId : ec215358-e3db-442a-a75e-c6c328486277
Id : 1013
Type : Error
Message : When contacting https://desowa.mydomain.org/EWS/Exchange.asmx received the error The request failed with an empty response.
RunspaceId : ec215358-e3db-442a-a75e-c6c328486277
Id : 1025
Type : Error
Message : [EXPR] Error contacting the AS service at https://desowa.mydomain.org/EWS/Exchange.asmx. Elapsed time was 0 milliseconds.
RunspaceId : ec215358-e3db-442a-a75e-c6c328486277
Id : 1026
Type : Success
Message : [EXPR] Successfully contacted the UM service at
https://desowa.mydomain.org/EWS/Exchange.asmx. The elapsed time was 15 milliseconds.
RunspaceId : ec215358-e3db-442a-a75e-c6c328486277
Id : 1124
Type : Success
Message : [Server] Successfully contacted the AS service at
https://tueris.cgnexd.cgn/ews/exchange.asmx. The elapsed time was 343 milliseconds.
RunspaceId : ec215358-e3db-442a-a75e-c6c328486277
Id : 1126
Type : Success
Message : [Server] Successfully contacted the UM service at
https://tueris.cgnexd.cgn/ews/exchange.asmx. The elapsed time was 31 milliseconds.
RunspaceId : ec215358-e3db-442a-a75e-c6c328486277
Id : 1028
Type : Success
Message : [EXPR] Successfully contacted the RPC/HTTP service at
https://desowa.mydomain.org/rpc. The elapsed time was 0 milliseconds.
RunspaceId : ec215358-e3db-442a-a75e-c6c328486277
Id : 1128
Type : Success
Message : [EXPR] Successfully contacted the RPC/HTTP service at
https://tueris.cgnexd.cgn/rpc. The elapsed time was 0 milliseconds.
Can anybody help me? I have been looking many blogs and resources and all seems correct in my configuration.
Thanks in Advance,
Monguitronik
April 26th, 2010 6:01pm
Hi,
It seems to me a cert issue and this
desowa.mydomain.org
may
not be inculded into the cert as Subject Alternative Name (SAN), the cert which you are using on your exch server.
Are u using self signed certificate ? And can u post the result of this EMS command
get-exchangeCertificate
| FL *Domain*
RegardsLaeeq Qazi|Team Lead(Exchange + Sharepoint + BES + DynamicsCRM)
www.HostingController.com
Free Windows Admin Tool Kit Click here and download it now
April 26th, 2010 6:29pm
Nope, that name is not on the Exchange Server certificate. On the exchange Server certificate I only have the internal names. All the external names are on the certificates that publish through TMG.
This is the result of the get-exchangecertificate:
CertificateDomains : {owa.cgnexd.cgn, tueris.cgnexd.cgn, tueris} <-- this is the exchange certificate
CertificateDomains : {desowa.mydomain.org, autodiscover.mydomain.org, mydomain.org} <-- request made for the TMG certificates (not installed in Exchange Server)
CertificateDomains : {TUERIS, TUERIS.cgnexd.cgn}
Thanks a lot!
Regards,Monguitronik
April 27th, 2010 10:38am
I finally find the solution...
It was a problem with the TMG rules. When Outlook tries to contact, TMG presents a forms based authentication, that Outlook can't understand.
I changed the rule, so now it presents and html basic authentication and all works fine.
Another option is to have two listeners, one for owa and another for Outlook Anywhere, but this requires more IPs. It's a more secure manner, but in my environment is not needed.
Kind Regards,Monguitronik
Free Windows Admin Tool Kit Click here and download it now
April 27th, 2010 12:44pm
Dear Sir,
Could you tell me where is the location to change the rule.$$ Gary Yuan. http://yuanwenshin.spaces.live.com why0412.blogspot.com
June 18th, 2010 5:47am