Test-OutlookWebServices & Certificate Error
Hi,
I am deploying Exchange 2010. I have requested a SAN certificate for various SANs (sync.test.com, mail.test.com etc). I chose not to include the CAS (EXCHCAS) server name on the certificate.
I have set all my external/internal URLs to mail.test.com, sync.test.com etc. so there is no reference to EXCHCAS in any of my URLs. A records have been created accordingly.
Anyway, to test everything is working thus far I ran the Test-OutlookWebServices cmdlet.
The results look positive except for one (highlighted in bold):
RunspaceId : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx
Id : 1019
Type : Information
Message : A valid Autodiscover service connection point was found. The Autodiscover URL on this object is https://outlookautodiscover.test.com/autodiscover/autodiscover.xml.
RunspaceId : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx
Id : 1006
Type : Information
Message : Contacted the Autodiscover service at https://outlookautodiscover.test.com/autodiscover/autodiscover.xml.
RunspaceId : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx
Id : 1016
Type : Information
Message : [EXCH] The AS is configured for this user in the Autodiscover response received from https://outlookautodiscover.test.com/autodiscover/autodiscover.xml.
RunspaceId : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx
Id : 1015
Type : Information
Message : [EXCH] The OAB is configured for this user in the Autodiscover response received from https://outlookautodiscover.test.com/autodiscover/autodiscover.xml.
RunspaceId : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx
Id : 1014
Type : Information
Message : [EXCH] The UM is configured for this user in the Autodiscover response received from https://outlookautodiscover.test.com/autodiscover/autodiscover.xml.
RunspaceId : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx
Id : 1016
Type : Information
Message : [EXPR] The AS is configured for this user in the Autodiscover response received from https://outlookautodiscover.test.com/autodiscover/autodiscover.xml.
RunspaceId : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx
Id : 1015
Type : Information
Message : [EXPR] The OAB is configured for this user in the Autodiscover response received from https://outlookautodiscover.test.com/autodiscover/autodiscover.xml.
RunspaceId : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx
Id : 1014
Type : Information
Message : [EXPR] The UM is configured for this user in the Autodiscover response received from https://outlookautodiscover.test.com/autodiscover/autodiscover.xml.
RunspaceId : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx
Id : 1022
Type : Success
Message : Autodiscover was tested successfully.
RunspaceId : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx
Id : 1104
Type : Error
Message : The certificate for the URL https://EXCHCAS.test.com/autodiscover/autodiscover.xml is incorrect. For SSL to work, the certificate needs to have a subject of EXCHCAS.test.com, instead the subject found is mail.test.com. Consider correcting service discovery, or installing a correct SSL certificate.
RunspaceId : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx
Id : 1106
Type : Information
Message : Contacted the Autodiscover service at https://EXCHCAS.test.com:443/autodiscover/autodiscover.xml.
RunspaceId : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx
Id : 1116
Type : Information
Message : [EXCH] The AS is configured for this user in the Autodiscover response received from https://EXCHCAS.test.com:443/autodiscover/autodiscover.xml.
RunspaceId : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx
Id : 1115
Type : Information
Message : [EXCH] The OAB is configured for this user in the Autodiscover response received from https://EXCHCAS.test.com:443/autodiscover/autodiscover.xml.
RunspaceId : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx
Id : 1114
Type : Information
Message : [EXCH] The UM is configured for this user in the Autodiscover response received from https://EXCHCAS.test.com:443/autodiscover/autodiscover.xml.
RunspaceId : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx
Id : 1116
Type : Information
Message : [EXPR] The AS is configured for this user in the Autodiscover response received from https://EXCHCAS.test.com:443/autodiscover/autodiscover.xml.
RunspaceId : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx
Id : 1115
Type : Information
Message : [EXPR] The OAB is configured for this user in the Autodiscover response received from https://EXCHCAS.test.com:443/autodiscover/autodiscover.xml.
RunspaceId : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx
Id : 1114
Type : Information
Message : [EXPR] The UM is configured for this user in the Autodiscover response received from https://EXCHCAS.test.com:443/autodiscover/autodiscover.xml.
RunspaceId : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx
Id : 1122
Type : Success
Message : Autodiscover was tested successfully.
RunspaceId : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx
Id : 1024
Type : Success
Message : [EXCH] Successfully contacted the AS service at https://mail.test.com/ews/exchange.asmx. The elapsed time was 312 milliseconds.
RunspaceId : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx
Id : 1026
Type : Success
Message : [EXCH] Successfully contacted the UM service at https://mail.test.com/ews/exchange.asmx. The elapsed time was 15 milliseconds.
RunspaceId : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx
Id : 1124
Type : Success
Message : [Server] Successfully contacted the AS service at https://EXCHCAS.test.com/ews/exchange.asmx. The elapsed time was 171 milliseconds.
RunspaceId : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx
Id : 1126
Type : Success
Message : [Server] Successfully contacted the UM service at https://EXCHCAS.test.com/ews/exchange.
asmx. The elapsed time was 15 milliseconds.
I have two questions:
1. Should I be worried about this error as for the most part the autodiscover tests seem to have been successful according to the output above?
2. Why does the test have several references to EXCHCAS at all - I have changed all my URLs to not include this servername so why is it getting tested.
October 21st, 2011 7:29am
If you had changed all of the URLs then you wouldn't get any errors.
Therefore you have missed at least one. If you have only been changing URLs in EMC then you have missed some.
The main ones that are missed are the AutodiscoverInternalServiceURI value on get-clientaccessserver and possibly the Exchange Web Services URL.
Although personally I would have included the internal CAS server in the list of URLs that were on the certificate.
Simon.Simon Butler, Exchange MVP
Blog |
Exchange Resources | In the UK?
Hire Me.
Free Windows Admin Tool Kit Click here and download it now
October 21st, 2011 7:10pm
If you had changed all of the URLs then you wouldn't get any errors.
Therefore you have missed at least one. If you have only been changing URLs in EMC then you have missed some.
The main ones that are missed are the AutodiscoverInternalServiceURI value on get-clientaccessserver and possibly the Exchange Web Services URL.
Although personally I would have included the internal CAS server in the list of URLs that were on the certificate.
Simon.Simon Butler, Exchange MVP
Blog |
Exchange Resources | In the UK?
Hire Me.
October 21st, 2011 7:18pm
Hi,
I've definitely changed all the URLs. it seems that the servername is still contacted though. it might be hardcoded in Exchange?
Free Windows Admin Tool Kit Click here and download it now
October 22nd, 2011 10:28am
Hi,
I've definitely changed all the URLs. it seems that the servername is still contacted though. it might be hardcoded in Exchange?
October 22nd, 2011 10:30am
Did you change the AutodiscoverInternalServiceURI ? This is where the internal clients will discover autodiscover via the SCP.
I believe the test is testing both internal/external points. I would double check the AutodiscoverInternalServiceURI
http://technet.microsoft.com/en-us/library/bb124251.aspx
Sukh
Free Windows Admin Tool Kit Click here and download it now
October 22nd, 2011 3:41pm
Did you change the AutodiscoverInternalServiceURI ? This is where the internal clients will discover autodiscover via the SCP.
I believe the test is testing both internal/external points. I would double check the AutodiscoverInternalServiceURI
http://technet.microsoft.com/en-us/library/bb124251.aspx
Sukh
October 22nd, 2011 3:43pm
Hi,
Yes...I have already changed the AutodiscoverInternalServiceURI
Additionally I have changed the external URL for Autodiscover...I have left the Internal URL blank. These are the three attributes assigned to Autodiscover. I'll change the internal URL one too and check it.
What is the difference between AutodiscoverInternalServeicURI and InternalURL?
Free Windows Admin Tool Kit Click here and download it now
October 23rd, 2011 3:10pm
Hi,
Yes...I have already changed the AutodiscoverInternalServiceURI
Additionally I have changed the external URL for Autodiscover...I have left the Internal URL blank. These are the three attributes assigned to Autodiscover. I'll change the internal URL one too and check it.
What is the difference between AutodiscoverInternalServeicURI and InternalURL?
October 23rd, 2011 3:11pm
The AutoDiscoverServiceInternalUri parameter specifies the internal URL of the Autodiscover service which Outlook clients will use in the forest.
The Internal URL's are used for things like OWA, ActiveSync, EWS etc...also for used for proxying/redirection.Sukh
Free Windows Admin Tool Kit Click here and download it now
October 23rd, 2011 4:27pm
The AutoDiscoverServiceInternalUri parameter specifies the internal URL of the Autodiscover service which Outlook clients will use in the forest.
The Internal URL's are used for things like OWA, ActiveSync, EWS etc...also for used for proxying/redirection.Sukh
October 23rd, 2011 4:28pm
yes...however this is also an internal URL attribute for Autodiscover i.e. NOT the
AutoDiscoverServiceInternalUri attribute
Free Windows Admin Tool Kit Click here and download it now
October 24th, 2011 4:04am
yes...however this is also an internal URL attribute for Autodiscover i.e. NOT the
AutoDiscoverServiceInternalUri attribute
October 24th, 2011 4:05am
yes...however this is also an internal URL attribute for Autodiscover i.e. NOT the
AutoDiscoverServiceInternalUri attribute
Sorry dont understand what you mean here?Sukh
Free Windows Admin Tool Kit Click here and download it now
October 24th, 2011 5:50am
yes...however this is also an internal URL attribute for Autodiscover i.e. NOT the
AutoDiscoverServiceInternalUri attribute
Sorry dont understand what you mean here?Sukh
October 24th, 2011 5:51am
The AutoDiscoverServiceInternalUri attribute is set using:
Set-ClientAccessServer
1. The AutoDiscoverServiceInternalUri parameter specifies the
internal URL of the Autodiscover service.
However, there is also a Set-AutoDiscoverVirtualDirectory cmdlet.
There are two relevant attributes to be set here i.e.
2. ExternalUrl
This parameter specifies the URL used to connect to the virtual directory from outside the network firewall.
3. InternalUrl
This parameter specifies the URL used to connect to the virtual directory from inside the network firewall.
From what I gather 1 and 3 are actually different parameters?
Essentially, I want all my clients to point to the same URL whether external or internal. This URL is
https://outlookautodiscover.test.com/autodiscover/autodiscover.xml
So I assume I set it in all 3 settings (as otherwise, for some reason the servername still gets returns in some of the tests, as opposed to the URL I have specified).
Free Windows Admin Tool Kit Click here and download it now
October 24th, 2011 6:49am
The AutoDiscoverServiceInternalUri attribute is set using:
Set-ClientAccessServer
1. The AutoDiscoverServiceInternalUri parameter specifies the
internal URL of the Autodiscover service.
However, there is also a Set-AutoDiscoverVirtualDirectory cmdlet.
There are two relevant attributes to be set here i.e.
2. ExternalUrl
This parameter specifies the URL used to connect to the virtual directory from outside the network firewall.
3. InternalUrl
This parameter specifies the URL used to connect to the virtual directory from inside the network firewall.
From what I gather 1 and 3 are actually different parameters?
Essentially, I want all my clients to point to the same URL whether external or internal. This URL is
https://outlookautodiscover.test.com/autodiscover/autodiscover.xml
So I assume I set it in all 3 settings (as otherwise, for some reason the servername still gets returns in some of the tests, as opposed to the URL I have specified).
October 24th, 2011 6:50am
No. If you check the current config for the autodiscover vDIR you will see that that attribute is not populated because for the SCP, the
AutoDiscoverServiceInternalUri will be used. You shouldn't have to specify the internal URL for on the autodisciver vDIR for internal clients.Sukh
Free Windows Admin Tool Kit Click here and download it now
October 24th, 2011 8:28am
No. If you check the current config for the autodiscover vDIR you will see that that attribute is not populated because for the SCP, the
AutoDiscoverServiceInternalUri will be used. You shouldn't have to specify the internal URL for on the autodisciver vDIR for internal clients.Sukh
October 24th, 2011 8:29am
Yes...this is what I thought.
So as it stands I have set both AutodiscoverServiceInternalURI and
ExternalURL to
https://outlookautodiscover.test.com/autodiscover/autodiscover.xml
I have left InternalURL blank.
I rerun the test and still, it returns (in some cases) a reference to the server instead of my chosen URL
Free Windows Admin Tool Kit Click here and download it now
October 24th, 2011 8:59am
Yes...this is what I thought.
So as it stands I have set both AutodiscoverServiceInternalURI and
ExternalURL to
https://outlookautodiscover.test.com/autodiscover/autodiscover.xml
I have left InternalURL blank.
I rerun the test and still, it returns (in some cases) a reference to the server instead of my chosen URL
October 24th, 2011 9:01am
Can post just the server reference from your test?Sukh
Free Windows Admin Tool Kit Click here and download it now
October 24th, 2011 9:10am
Can post just the server reference from your test?Sukh
October 24th, 2011 9:11am
See below...(EXCHCAS is the name of the server)
The server reference is returned several times (funnily enough it is successful in each of these cases even though the server isn't included in the certificate - the only error is the first message highlighted in bold).
RunspaceId : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx
Id : 1104
Type : Error
Message : The certificate for the URL https://EXCHCAS.test.com/autodiscover/autodiscover.xml is incorrect. For SSL to work, the certificate needs to have a subject of EXCHCAS.test.com, instead the subject found is mail.test.com. Consider
correcting service discovery, or installing a correct SSL certificate.
RunspaceId : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx
Id : 1106
Type : Information
Message : Contacted the Autodiscover service at https://EXCHCAS.test.com:443/autodiscover/autodiscover.xml.
RunspaceId : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx
Id : 1116
Type : Information
Message : [EXCH] The AS is configured for this user in the Autodiscover response received from https://EXCHCAS.test.com:443/autodiscover/autodiscover.xml.
RunspaceId : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx
Id : 1115
Type : Information
Message : [EXCH] The OAB is configured for this user in the Autodiscover response received from https://EXCHCAS.test.com:443/autodiscover/autodiscover.xml.
RunspaceId : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx
Id : 1114
Type : Information
Message : [EXCH] The UM is configured for this user in the Autodiscover response received from https://EXCHCAS.test.com:443/autodiscover/autodiscover.xml.
RunspaceId : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx
Id : 1116
Type : Information
Message : [EXPR] The AS is configured for this user in the Autodiscover response received from https://EXCHCAS.test.com:443/autodiscover/autodiscover.xml.
RunspaceId : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx
Id : 1115
Type : Information
Message : [EXPR] The OAB is configured for this user in the Autodiscover response received from https://EXCHCAS.test.com:443/autodiscover/autodiscover.xml.
RunspaceId : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx
Id : 1114
Type : Information
Message : [EXPR] The UM is configured for this user in the Autodiscover response received from https://EXCHCAS.test.com:443/autodiscover/autodiscover.xml.
RunspaceId : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx
Id : 1122
Type : Success
Message : Autodiscover was tested successfully.
RunspaceId : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx
Id : 1024
Type : Success
Message : [EXCH] Successfully contacted the AS service at https://mail.test.com/ews/exchange.asmx. The elapsed time was 312 milliseconds.
RunspaceId : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx
Id : 1026
Type : Success
Message : [EXCH] Successfully contacted the UM service at https://mail.test.com/ews/exchange.asmx. The elapsed time was 15 milliseconds.
RunspaceId : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx
Id : 1124
Type : Success
Message : [Server] Successfully contacted the AS service at https://EXCHCAS.test.com/ews/exchange.asmx. The elapsed time was 171 milliseconds.
RunspaceId : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx
Id : 1126
Type : Success
Message : [Server] Successfully contacted the UM service at https://EXCHCAS.test.com/ews/exchange.
asmx. The elapsed time was 15 milliseconds.
Could it be due to the default self signed certificates created during Exchange installation?
Free Windows Admin Tool Kit Click here and download it now
October 24th, 2011 10:07am
See below...(EXCHCAS is the name of the server)
The server reference is returned several times (funnily enough it is successful in each of these cases even though the server isn't included in the certificate - the only error is the first message highlighted in bold).
RunspaceId : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx
Id : 1104
Type : Error
Message : The certificate for the URL https://EXCHCAS.test.com/autodiscover/autodiscover.xml is incorrect. For SSL to work, the certificate needs to have a subject of EXCHCAS.test.com, instead the subject found is mail.test.com. Consider
correcting service discovery, or installing a correct SSL certificate.
RunspaceId : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx
Id : 1106
Type : Information
Message : Contacted the Autodiscover service at https://EXCHCAS.test.com:443/autodiscover/autodiscover.xml.
RunspaceId : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx
Id : 1116
Type : Information
Message : [EXCH] The AS is configured for this user in the Autodiscover response received from https://EXCHCAS.test.com:443/autodiscover/autodiscover.xml.
RunspaceId : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx
Id : 1115
Type : Information
Message : [EXCH] The OAB is configured for this user in the Autodiscover response received from https://EXCHCAS.test.com:443/autodiscover/autodiscover.xml.
RunspaceId : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx
Id : 1114
Type : Information
Message : [EXCH] The UM is configured for this user in the Autodiscover response received from https://EXCHCAS.test.com:443/autodiscover/autodiscover.xml.
RunspaceId : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx
Id : 1116
Type : Information
Message : [EXPR] The AS is configured for this user in the Autodiscover response received from https://EXCHCAS.test.com:443/autodiscover/autodiscover.xml.
RunspaceId : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx
Id : 1115
Type : Information
Message : [EXPR] The OAB is configured for this user in the Autodiscover response received from https://EXCHCAS.test.com:443/autodiscover/autodiscover.xml.
RunspaceId : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx
Id : 1114
Type : Information
Message : [EXPR] The UM is configured for this user in the Autodiscover response received from https://EXCHCAS.test.com:443/autodiscover/autodiscover.xml.
RunspaceId : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx
Id : 1122
Type : Success
Message : Autodiscover was tested successfully.
RunspaceId : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx
Id : 1024
Type : Success
Message : [EXCH] Successfully contacted the AS service at https://mail.test.com/ews/exchange.asmx. The elapsed time was 312 milliseconds.
RunspaceId : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx
Id : 1026
Type : Success
Message : [EXCH] Successfully contacted the UM service at https://mail.test.com/ews/exchange.asmx. The elapsed time was 15 milliseconds.
RunspaceId : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx
Id : 1124
Type : Success
Message : [Server] Successfully contacted the AS service at https://EXCHCAS.test.com/ews/exchange.asmx. The elapsed time was 171 milliseconds.
RunspaceId : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx
Id : 1126
Type : Success
Message : [Server] Successfully contacted the UM service at https://EXCHCAS.test.com/ews/exchange.
asmx. The elapsed time was 15 milliseconds.
Could it be due to the default self signed certificates created during Exchange installation?
October 24th, 2011 10:08am
what have you set for the AutoDiscoverServiceInternalUri ?
have you tried to set using the FQDN of the CAS server (internal name)
Also, if you have more that 1 CAS server, is the test results the same on each server?Sukh
Free Windows Admin Tool Kit Click here and download it now
October 24th, 2011 10:25am
what have you set for the AutoDiscoverServiceInternalUri ?
have you tried to set using the FQDN of the CAS server (internal name)
Also, if you have more that 1 CAS server, is the test results the same on each server?Sukh
October 24th, 2011 10:26am
I've set the AutoDiscoverInternalURI to:
https://outlookautodiscover.test.com/autodiscover/autodiscover.xml
This seems to work as the first set of test results are successful when using this URL.
If I set this to the FQDN of the CAS server, it complains that the certificate doesn't have this servername included as a Subjest Alternative Name - this is correct. I only want to use my chosen URL i.e. outlookautodiscover. I don't want to use the servername.
Test results are the same on each server i.e. except they return the servername depending on which server I run the command on. (e.g. EXCHCAS or EXCHCAS2)
I also set up an internal DNS record outlookautodiscover pointing to the CAS VIP.
I haven't fully configured external access yet i.e. TMG and external DNS records - perhaps this is defaulting the external URL to use the default (servername) instead?
Free Windows Admin Tool Kit Click here and download it now
October 24th, 2011 11:30am
I've set the AutoDiscoverInternalURI to:
https://outlookautodiscover.test.com/autodiscover/autodiscover.xml
This seems to work as the first set of test results are successful when using this URL.
If I set this to the FQDN of the CAS server, it complains that the certificate doesn't have this servername included as a Subjest Alternative Name - this is correct. I only want to use my chosen URL i.e. outlookautodiscover. I don't want to use the servername.
Test results are the same on each server i.e. except they return the servername depending on which server I run the command on. (e.g. EXCHCAS or EXCHCAS2)
I also set up an internal DNS record outlookautodiscover pointing to the CAS VIP.
I haven't fully configured external access yet i.e. TMG and external DNS records - perhaps this is defaulting the external URL to use the default (servername) instead?
October 24th, 2011 11:31am
What does Get-ExchangeCertificate | fl show?Sukh
Free Windows Admin Tool Kit Click here and download it now
October 24th, 2011 6:25pm
What does Get-ExchangeCertificate | fl show?Sukh
October 24th, 2011 6:27pm
The cmdlet outcome indicates there is a URL
https://EXCHCAS.test.com/autodiscover/autodiscover.xml
has certificate mismatch issue, and I would suggest you run the cmdltes below:
Get-ClientAccessService |FL
Get-ExchangeCertificate |FL
The first cmdlets helps verify if all CAS server has setup AutodiscoverInternalServiceURI value; and the second cmdlet helps veriy what certificate is binding with IIS service.
Hope it is helpful.
Fiona
Free Windows Admin Tool Kit Click here and download it now
October 25th, 2011 4:19am
Hi...
Get-ExchangeCertificate shows that I have 3 certificates.
One i the certificate I rquested from my vendor - it contains the
outlookautodiscover.test.com subject alternative name as expected. The tests are sucessful here. This certificate has IIS assigned to it. There is no servername (EXCHCAS) assigned to this certificate.
The other two certificates were generated by default upon installation of Exchange. These certificates contain the name of the server i.e. EXCHCAS. These certificates (by default) have SMTP, POP and IMAP assigned to them.
So...the error seems to lie with the two certificates which I didn't create i.e. the default ones containing servername. If I assign IIS to these certificates the test will now work, but I don;t want to do this, as IIS should be assigned only to my vendor-supplied
certificate.
Should I just delete these default certificates and rely solely on my vendor-suplied certificate? Or will I just leave them in place as they won't be used anyway so shouldn;t cause any issues.
I don't want to ever use EXCHCAS.test.com/autodiscover/autodiscover.xml and it looks like the only place this gets referenced from is the default certificate.
October 25th, 2011 6:19am
If you have assigned the 3rd party certifricate to IIS then it shouldnt matter with the self signed certs. You can remove the sefl signed cert if you wish or you can not assing to IIS.
If you leave the cert, is shouldnt cause issues.Sukh
Free Windows Admin Tool Kit Click here and download it now
October 25th, 2011 6:39am
If you have assigned the 3rd party certifricate to IIS then it shouldnt matter with the self signed certs. You can remove the sefl signed cert if you wish or you can not assing to IIS.
If you leave the cert, is shouldnt cause issues.Sukh
October 25th, 2011 6:40am
This is what I thought. it was just that the Test-OutlookWebservices caused an error for that one single test i.e. EXCHCAS.test.com/autodiscover/autodiscover.xml - a URL I don't wish to use anyway.
So hopefully, all will be will in the real-world tests from the clients themselves.
I will let you know how I get on
Free Windows Admin Tool Kit Click here and download it now
October 25th, 2011 6:51am
This is what I thought. it was just that the Test-OutlookWebservices caused an error for that one single test i.e. EXCHCAS.test.com/autodiscover/autodiscover.xml - a URL I don't wish to use anyway.
So hopefully, all will be will in the real-world tests from the clients themselves.
I will let you know how I get on
October 25th, 2011 6:52am
The cmdlet outcome indicates there is a URL
https://EXCHCAS.test.com/autodiscover/autodiscover.xml
has certificate mismatch issue, and I would suggest you run the cmdltes below:
Get-ClientAccessService |FL
Get-ExchangeCertificate |FL
The first cmdlets helps verify if all CAS server has setup AutodiscoverInternalServiceURI value; and the second cmdlet helps veriy what certificate is binding with IIS service.
Hope it is helpful.
Fiona
Free Windows Admin Tool Kit Click here and download it now
October 25th, 2011 11:18am