Outlook anywhere and OOF issue from external internet in Exchange 2007 SP3 (Network Steve Forum)

Outlook anywhere and OOF issue from external internet in Exchange 2007 SP3

Dear All, We have issue in the autodiscovery or Availability Service or (Outlookanywhere\OOF). URL Details: Company Name: Company.com OWA URL : owa.rh-bridge.com Outlook Anywhere : webmail.internaldomain.net I Ran test-outlookwebservices -Identity m.gowda@company.com -ClientAccessServer "CASSERVER1" |fl Id : 1013 Type : Error Message : When contacting https://OWA.RH-bridge.com/Autodiscover/Autodiscover.xml received the error The remote server returned an error: (401) Unauthorized. Id : 1006 Type : Error Message : The Autodiscover service could not be contacted. I try to access the URL https://owa.rh-bridge.com/Autodiscover/Autodiscover.xmlexternally and got the below response. <?xml version="1.0" encoding="utf-8" ?> -<Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006"> -<Response> -<Error Time="08:48:25.1001679" Id="2365811618"> <ErrorCode>600</ErrorCode> <Message>Invalid Request</Message> <DebugData/> </Error> </Response> </Autodiscover> ================================================================================ I Ran Get-WebServicesVirtualDirectory |fl and the external and internal URL part is as below InternalUrl : https://owa.rh-bridge.com/EWS/Exchange.asmx ExternalUrl : https://webmail.corporateroot.net/EWS/Exchange.asmx AdminDisplayName : ================================================================================ I Ran Get-OabVirtualDirectory |fl and the External URL field is empty (Is it related?) Server : CASSERVER1 InternalUrl : http://owa.rh-bridge.com/OAB InternalAuthenticationMethods : {WindowsIntegrated} ExternalUrl : ExternalAuthenticationMethods : {WindowsIntegrated} ========================================================================= I Ran Get-OutlookAnywhere |fl here i suspect the external host name is it correct here.... ServerName : CASSERVER1 SSLOffloading : True ExternalHostname : webmail.corporateroot.net ClientAuthenticationMethod : Ntlm IISAuthenticationMethods : {Ntlm} ================================================================================ I Ran Get-OutlookProvider |fl here I added the msstd:webmail.corporateroot.net now but no change... CertPrincipalName : msstd:webmail.corporateroot.net Server : TTL : 1 AdminDisplayName : ExchangeVersion : 0.1 (8.0.535.0) Name : EXPR DistinguishedName : CN=EXPR,CN=Outlook,CN=AutoDiscover,CN=.........,DC=net Identity : EXPR ========================================================================== MY Qs... 1. Are the URLs used here are proper ? 2. Meaning the OA URL and the external OWA URL are different. Is it ok? 3. Whyy these errors appear in the above tests... 4. When I RUN https://www.testexchangeconnectivity.com/ the Auto discovery URL is pointing tocompany.com and failing. Is it correct. But the Company.com URL is really required to get the Auto discovery to work? Where I am failing. Provide me a solution to the issues I am facing here..... Manju Added: I am not able to ping the OutlookAnywhere URL from internal LAN (webmail.internaldomain.net)

September 10th, 2011 2:17pm

Duplicate post on EXRCA forum. All the errors you're seeing are because you're using an internal CA, Outlook Anywhere (externally) won't and so wont' autodiscover, freebusy, OOF, since it can't make a secure ssl connection.James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com

Free Windows Admin Tool Kit Click here and download it now

September 10th, 2011 2:29pm

What is the solution for this Can you please explain in detail so that I can make changes in production please It is really killing me since last 2 weeks.

September 10th, 2011 2:34pm

You need to get a SAN certificate from a third party CA, network solutions, godaddy etc. Then replace this cert with your internal cert. autodiscover.externaldomain.com owa.rh-bridge.com (for owa and outlookanywhere) CASservername CASservername.internaldomain.com Then use the article below, it shows how to generate the certificate request to send to the third party CA. Once you get the request back then you import it. More on Exchange 2007 and certificates - with real world scenario http://blogs.technet.com/b/exchange/archive/2007/07/02/3403301.aspxJames Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com

Free Windows Admin Tool Kit Click here and download it now

September 10th, 2011 6:10pm

To make it clear here, 1.I dont have the autodiscover.externaldomain.com entry in DNS (internal\External) 2. my OWA URL is owa.rh-bridge.com and Outlook anywhere proxy URL is "msstd:webmail.internaldomain.net" So i think I need to change this URL with owa.rh-bridge.com. is it correct. 3. Remaining are Ok 4.If we have internal CA is there no way to configure the Autodiscover URL to work properly. Manju

September 10th, 2011 11:27pm

On Sun, 11 Sep 2011 03:21:29 +0000, manjurainbow123 wrote: > > >To make it clear here, > >1.I dont have the autodiscover.externaldomain.com entry in DNS (internal\External) > >2. my OWA URL is owa.rh-bridge.com and Outlook anywhere proxy URL is "msstd:webmail.internaldomain.net" > >So i think I need to change this URL with owa.rh-bridge.com. is it correct. What you put into edit box should be the common name of your certificate. The URL you use (https://.....) and the common name (msstd:...) on the cert don't have to be the same. >3. Remaining are Ok > >4.If we have internal CA is there no way to configure the Autodiscover URL to work properly. Yes there is. You put the root CA's certificate into the trusted roots section of each user's certificate store. Once each user or device trusts the issuing CA things will work. --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP

Free Windows Admin Tool Kit Click here and download it now

September 11th, 2011 5:41pm

This topic is archived. No further replies will be accepted.