Help Assigning Services to Certificate
- Hi all, new to exchange command Shell, and need a little assistance,
I am experiancing the issue that is all over this and many other sites with the "Out of Office" not working, i have followed all the guides and checked all my setting are correct, under IIS, Checking the Autodiscover url etc and the only thing i can see tht is differnt is that when i run
Get-ExchangeCertificate it lists 8 different certificated, ok, soi check the first one with
Get-ExchangeCertificate -id NUMBERHERE |fl
adn i notice that under my services the following are enabled IMAP, POP SMTP
shouldn't IIS be in there????
in the other Certificates i have IIS is in there, so does it need to be in the first one?
the funny thing is that OOF works in Web (like everyone else) but if i install 2003 client, OOF works, but not with 2007 client...
little help.....
All Replies
- You only want IIS enabled to 1. You can't have more than one certificate assigned to the Default Website. And clean up your certificates. You don't need all the certs there. Pick 1 cert if possible, get all the FQDNs on there, and then assign your services to that cert. Then start configuring services that now use IIS such as OAB, EWS (which includes OOF), Etc.... I go through a list of these services and how to configure them in my article here:
http://www.shudnow.net/2008/11/18/autodiscover-dns-certificates-and-what-you-need-to-know/
MVP | MCSE:M | MCITP: Enterprise Messaging Administrator | MCTS: OCS + Voice Specialization | http://www.shudnow.net- Unproposed As Answer byOutaCtrl Monday, November 09, 2009 10:52 PM
- Proposed As Answer byJames-LuoMSFT, ModeratorThursday, November 05, 2009 4:35 AM
- Thanks for you help, unfortunalty i was hired for SQL, this is just something i got for free. lucky me.
I guess i will look into why there are a few certificates first, if i start removing things and no one can get emails i will loose my job, and no im not exaggerating.
one questions thou, when i run
get-OutlookProvider i get this
Name server certPricipalName TTL
---- ------ ---------------- ---
EXCH 1
EXPR 1
WEB 1
There is nothing under Server,,,,, is this maybe why OOF is not working.? - No, the settings are correct. it's nothing to do with OOF
- Any further update?
- No, still havent got it working yet, however, now when i open outlook 2007 for the first time on a new pc, it automatically fills in the account details.
it didn't do that before. so its a step...
Still just plugging away, i think i have read every artical i can find to get the OOF to work, but its still a no go. Explanation: For outlook 2007, availability service on the CAS is used to set and retrieve OOF settings; for outlook 2003, relevant MAPI interfaces is used to set and retrieve OOF settings
Please ensure that single user won’t use both outlook 2003 and outlook 2007 to configure the OOF, which would cause unexpected behavior
Check info:
1. Is this a pure exchange 2007 environment?
2. What’s the symptom about this OOF issue? Is there any error window when attempting to configure the OOF? Is there any error event in the application log on the CAS server?
3. Are the problematic users all internal MAPI users?
4. Is the “Free / Busy” information working normally?
5. Please try to browse autodiscovery virtual directory [https://FQDNOfCas/Autodiscover/Autodiscover.xml], see if you can get expected error 600 in the xml page
6. Please check “AutodiscoverServiceInternal URL” in AD database by using ADSI Editor, that’s also the key point you shall check
a. Run ADSI Editor [Start->Run->adsiedit.msc]
b. Expand “Configuration”->”CN=Configuration,DC=domain,DC=com”->”CN=Services”->”CN=Microsoft Exchange”->”CN=Orgname”->”CN=Administrative Groups”->”CN=Exchange Administrative Group”->”CN=Servers”->”CN=CASRoleName”->”CN=Protocols”->”CN=Autodiscover”->right-click ”CN=CASRoleName” and choose “Properties”->select “servicebindinginformation” attribute and click “Edit” button
c. The attribute shall be like: “https://FQDN/Autodiscover/Autodiscover.xml”
7. Please check the output of the cmdlets below on the CAS server
a. Get-ClientAccessServer -Identity CAS_Server_Name | FL [Check AutoDiscoverServiceInternalUri’s value]
It should be: https://FQDN/Autodiscover/Autodiscover.xml
b. Get-webservicesvirtualdirectory | FL [Check InternalUrl’s value]
It should be: https:// FQDN /EWS/Exchange.asmx
c. Test-OutlookWebServices –identity AliasOfProblematicUser [Check if there’s error]
8. Please check if “Enable HTTP Keep-Alives” is checked properly in the IIS [6.0 | 7.0]
9. Increase diagnostic level for the following category, and then reproduce the issue, see if there’s any error event in the application
Set-EventLogLevel -Identity "MSExchangeMailboxAssistants\OOF Assistant" -Level High
10. Please run ExBPA against the exchange server for health check.
Resources:
Legacy client and Out of Office (OOF) interoperability
Your Out of Office settings cannot be displayed...what's wrong
Out of Office Assistant settings cannot be displayed for Outlook 2007 clients
- Edited byJames-LuoMSFT, ModeratorThursday, November 05, 2009 9:11 AMmodify
1. Yes its exchange 2007 on a 64 bit 2003 server. All clients have 2007 installed. No one is using 2003 client, i only installed that once to see if it worked, and it did.
2. The issue is that when i try to open OOF i get the error
“ Your out of Office setting can not be displayed, because the server is currently unavailable, try again later”3. All Users are experiencing the issue, no exceptions, however, staff can set OOF via webmail.
4. No, when using scheduling assistant you cannot see when other users are busy/free for meeting etc.
5. Yes i get a 600 error, however, first i get the “There is a problem with this website's security certificate error.
6. The AutodiscoverServiceInternal URL is correct,
7. a. Is correct
b. Is correct
c. No errors are returned.8. Enable HTTP Keep-Alives is already selected.
9. I ran the command, then cleared the event log, attemped to run OOF on two separate PCs, received “ Your out of Office setting can not be displayed, because the server is currently unavailable, try again later” but nothing was logged in the event logs on the server about it, i have nothing filtered in the event logs.
10. Ran the Test, but it only pointed out that my event log size was a little small, and that my NIC drivers were 2 years old.
- ok, thanks for he help lads, but its still unresolved, i will try another forum,
thanks for trying.
