Outlook anywhere and OOF issue from external internet in Exchange 2007 SP3
Dear All,
We have issue in the autodiscovery or Availability Service or (Outlookanywhere\OOF).
URL Details:
Company Name: Company.com
OWA URL : owa.rh-bridge.com
Outlook Anywhere : webmail.internaldomain.net
I Ran test-outlookwebservices -Identity m.gowda@company.com -ClientAccessServer "CASSERVER1" |fl
Id : 1013
Type : Error
Message : When contacting https://OWA.RH-bridge.com/Autodiscover/Autodiscover.xml received the error The remote server returned an error: (401) Unauthorized.
Id : 1006
Type : Error
Message : The Autodiscover service could not be contacted.
I try to access the URL https://owa.rh-bridge.com/Autodiscover/Autodiscover.xmlexternally and got the below response.
<?xml version="1.0" encoding="utf-8" ?>
-<Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
-<Response>
-<Error Time="08:48:25.1001679"
Id="2365811618">
<ErrorCode>600</ErrorCode>
<Message>Invalid Request</Message>
<DebugData/>
</Error>
</Response>
</Autodiscover>
================================================================================
I Ran Get-WebServicesVirtualDirectory |fl and the external and internal URL part is as below
InternalUrl : https://owa.rh-bridge.com/EWS/Exchange.asmx
ExternalUrl : https://webmail.corporateroot.net/EWS/Exchange.asmx
AdminDisplayName :
================================================================================
I Ran Get-OabVirtualDirectory |fl and the External URL field is empty (Is it related?)
Server : CASSERVER1
InternalUrl : http://owa.rh-bridge.com/OAB
InternalAuthenticationMethods : {WindowsIntegrated}
ExternalUrl :
ExternalAuthenticationMethods : {WindowsIntegrated}
=========================================================================
I Ran Get-OutlookAnywhere |fl here i suspect the external host name is it correct here....
ServerName : CASSERVER1
SSLOffloading : True
ExternalHostname : webmail.corporateroot.net
ClientAuthenticationMethod : Ntlm
IISAuthenticationMethods : {Ntlm}
================================================================================
I Ran Get-OutlookProvider |fl here I added the msstd:webmail.corporateroot.net now but no change...
CertPrincipalName : msstd:webmail.corporateroot.net
Server :
TTL : 1
AdminDisplayName :
ExchangeVersion : 0.1 (8.0.535.0)
Name : EXPR
DistinguishedName : CN=EXPR,CN=Outlook,CN=AutoDiscover,CN=.........,DC=net
Identity : EXPR
==========================================================================
MY Qs...
1. Are the URLs used here are proper ?
2. Meaning the OA URL and the external OWA URL are different. Is it ok?
3. Whyy these errors appear in the above tests...
4. When I RUN https://www.testexchangeconnectivity.com/ the Auto discovery URL is pointing tocompany.com
and failing. Is it correct.
But the Company.com URL is really required to get the Auto discovery to work? Where I am failing.
Provide me a solution to the issues I am facing here.....
Manju
Added:
I am not able to ping the OutlookAnywhere URL from internal LAN (webmail.internaldomain.net)
September 10th, 2011 2:17pm
Duplicate post on EXRCA forum. All the errors you're seeing are because you're using an internal CA, Outlook Anywhere (externally) won't and so wont' autodiscover, freebusy, OOF, since it can't make a secure ssl connection.James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com
Free Windows Admin Tool Kit Click here and download it now
September 10th, 2011 2:29pm
What is the solution for this
Can you please explain in detail so that I can make changes in production please
It is really killing me since last 2 weeks.
September 10th, 2011 2:34pm
You need to get a SAN certificate from a third party CA, network solutions, godaddy etc. Then replace this cert with your internal cert.
autodiscover.externaldomain.com
owa.rh-bridge.com (for owa and outlookanywhere)
CASservername
CASservername.internaldomain.com
Then use the article below, it shows how to generate the certificate request to send to the third party CA. Once you get the request back then you import it.
More on Exchange 2007 and certificates - with real world scenario
http://blogs.technet.com/b/exchange/archive/2007/07/02/3403301.aspxJames Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com
Free Windows Admin Tool Kit Click here and download it now
September 10th, 2011 6:10pm
To make it clear here,
1.I dont have the autodiscover.externaldomain.com entry in DNS (internal\External)
2. my OWA URL is owa.rh-bridge.com
and Outlook anywhere proxy URL is "msstd:webmail.internaldomain.net"
So i think I need to change this URL with owa.rh-bridge.com. is it correct.
3. Remaining are Ok
4.If we have internal CA is there no way to configure the Autodiscover URL to work properly.
Manju
September 10th, 2011 11:27pm
On Sun, 11 Sep 2011 03:21:29 +0000, manjurainbow123 wrote:
>
>
>To make it clear here,
>
>1.I dont have the autodiscover.externaldomain.com entry in DNS (internal\External)
>
>2. my OWA URL is owa.rh-bridge.com and Outlook anywhere proxy URL is "msstd:webmail.internaldomain.net"
>
>So i think I need to change this URL with owa.rh-bridge.com. is it correct.
What you put into edit box should be the common name of your
certificate. The URL you use (https://.....) and the common name
(msstd:...) on the cert don't have to be the same.
>3. Remaining are Ok
>
>4.If we have internal CA is there no way to configure the Autodiscover URL to work properly.
Yes there is. You put the root CA's certificate into the trusted roots
section of each user's certificate store. Once each user or device
trusts the issuing CA things will work.
---
Rich Matheisen
MCSE+I, Exchange MVP
--- Rich Matheisen MCSE+I, Exchange MVP
Free Windows Admin Tool Kit Click here and download it now
September 11th, 2011 5:41pm
On Sun, 11 Sep 2011 03:21:29 +0000, manjurainbow123 wrote:
>
>
>To make it clear here,
>
>1.I dont have the autodiscover.externaldomain.com entry in DNS (internal\External)
>
>2. my OWA URL is owa.rh-bridge.com and Outlook anywhere proxy URL is "msstd:webmail.internaldomain.net"
>
>So i think I need to change this URL with owa.rh-bridge.com. is it correct.
What you put into edit box should be the common name of your
certificate. The URL you use (https://.....) and the common name
(msstd:...) on the cert don't have to be the same.
>3. Remaining are Ok
>
>4.If we have internal CA is there no way to configure the Autodiscover URL to work properly.
Yes there is. You put the root CA's certificate into the trusted roots
section of each user's certificate store. Once each user or device
trusts the issuing CA things will work.
---
Rich Matheisen
MCSE+I, Exchange MVP
--- Rich Matheisen MCSE+I, Exchange MVP
September 11th, 2011 5:41pm