Outlook 2007 Prompts for Credentials Continually ( although user is connected to Exchange)
-
Thursday, March 12, 2009 2:30 AMHi,
I'm running Exchange 2007 with all required roles running on Server 2008.
I haven't installed any certificates, although I have ordered one from Digicert.
Outlook Anywhere has not been enabled.
Users are able to send and receive email calendars, address books without issue. However they are continually be prompted to enter their credentials.
If they attempt to change their Out of Office settings they get a message saying they are not connected to the server.
I have enabled windows authentication on relevant folders in IIS and disabled Kernel Mode Authentication.
When I test Email AutoConfiguration (Ctrl + Click Outlook Icon System Tray) ticking the Auto Discover box doesn't complete. ONly completing the first step of accessing the xml file by url.
Will a digital certficate resolve this, or is there something else that I need to look at.
Thanks,
Adam
All Replies
-
Thursday, March 12, 2009 6:53 AM
Dear Adam,
Based on my knowledge, When you install Exchange 2007 with the Client Access server or Hub transport server role, a self-signed certificate is created. The self-signed certificate was designed to help secure communications between Exchange 2007 servers inside an organization and also provide a temporary method to encrypt client communications until an alternative certificate is obtained and installed.
From your post, I want to confirm the following information with you:
1. I have enabled windows authentication on relevant folders in IIS and disabled Kernel Mode Authentication. Send the screenshot of it to v-rocwan@microsoft.com for analyze.
2. Make sure you can access the known Autodiscover service addresses:
https://autodiscover.domain.com/autodiscover/autodiscover.xml
or https://domain.com/autodiscover/autodiscover.xml
3. According to the following steps, collect the result of Test E-mail AutoConfiguration:
a) Open Outlook 2007, press Ctrl key and at the same time right click Outlook icon on the Task Bar, select Test E-mail AutoConfiguration option, when the Test E-mail AutoConfiguration dialog box is displayed, your e-mail address is automatically populated.
Note: If you are logged into the domain, the E-mail address field is populated by using the account you’re logged onto the machine with. If you have multiple profiles configured and you’re using one that isn’t your own, you will need to change the e-mail address in this field and enter a password.
b) To test Autodiscover ensure ONLY the Use Autodiscover option is selected. A password does not have to be entered when you are logged into the domain. Your logged in credentials are used. Finally, click on the AutoConfigure button to start the Autodiscover request to the Autodiscover service.
c) After Outlook sends your E-mail Address and credentials to the Autodiscover service the various Results, Log, and XML tabs will show status and results of Autodiscover request.
d) Click Results tab, send the screenshot of it to v-rocwan@microsoft.com for analyze. Click log tab, send the screenshot of it to me for analyze. Click XML tab, send the screenshot of it to me for analyze.
4. Did the problematic computer join into the domain?
5. Do you upgrade to Exchange server 2007 SP1?
6. Does the issue occur after you successfully log into Outlook 2007?
7. On Exchange server 2007, run the following commands and post the result into the forum for analyze.
Get-exchangecertificate | fl *
test-OutlookWebServices -identity:monika@contoso.com | fl
Note:replace monika@contoso.com with real account
Get-WebServicesVirtualDirector | fl
Get-OABVirtualDirectory | fl
Get-UMVirtualDirectory | fl
If anything is unclear, feel free to let me know.
Regards,
Rock Wang
Rock Wang– MSFT -
Thursday, March 12, 2009 11:00 AM
Hi Rock,
Thanks so much for your reply.
1. I have send screens shots requested to the supplied address.
2. I was unable to browse either url substituing domain.com with mydomain.local
3 Screenshots emailed
4 Multiple computers are suffering the same problem. I recently trasistioned our AD from 2003 to 2008 and elavated domain level accordingly.
5 Yes I'm running Exchange 2007 SP1
6 Yes the issue occurs after successfully logging into Outlook 2007
7 Results from commands as requested.
Results from Get-exchangecertificate | fl * sent by email.
****************************************************************************************************************************************
[PS] C:\Windows\System32>test-OutlookWebServices -identity:agilbert@mydomain.com
.au | fl
Id : 1003
Type : Information
Message : About to test AutoDiscover with the e-mail address agilbert@mydomain.
com.au.Id : 1006
Type : Information
Message : The Autodiscover service was contacted at https://Exchange07.headoffice
.mydomain/Autodiscover/Autodiscover.xml.Id : 1016
Type : Success
Message : [EXCH]-Successfully contacted the AS service at https://Exchange07.head
office.mydomain/EWS/Exchange.asmx. The elapsed time was 234 milliseco
nds.Id : 1015
Type : Information
Message : [EXCH]-The OAB is not configured for this user.Id : 1014
Type : Success
Message : [EXCH]-Successfully contacted the UM service at https://Exchange07.head
office.mydomain/UnifiedMessaging/Service.asmx. The elapsed time was 1
5 milliseconds.Id : 1006
Type : Success
Message : The Autodiscover service was tested successfully.
****************************************************************************************************************************************
[PS] C:\Windows\System32>
[PS] C:\Windows\System32>Get-WebServicesVirtualDirector | fl
The term 'Get-WebServicesVirtualDirector' is not recognized as a cmdlet, functi
on, operable program, or script file. Verify the term and try again.
At line:1 char:31
+ Get-WebServicesVirtualDirector <<<< | fl
[PS] C:\Windows\System32>
****************************************************************************************************************************************
PS] C:\Windows\System32>Get-OABVirtualDirectory | fl
Name : OAB (Default Web Site)
PollInterval : 480
OfflineAddressBooks : {}
RequireSSL : False
MetabasePath : IIS://Exchange2007.headoffice.mydomain/W3SVC/1/ROOT
/OAB
Path : C:\Program Files\Microsoft\Exchange Server\Clie
ntAccess\OAB
Server : Exchange2007
InternalUrl : http://Exchange2007.headoffice.mydomain/OAB
InternalAuthenticationMethods : {WindowsIntegrated}
ExternalUrl :
ExternalAuthenticationMethods : {WindowsIntegrated}
AdminDisplayName :
ExchangeVersion : 0.1 (8.0.535.0)
DistinguishedName : CN=OAB (Default Web Site),CN=HTTP,CN=Protocols,
CN=Exchange2007,CN=Servers,CN=Exchange Administrati
ve Group (FYDIBOHF23SPDLT),CN=Administrative Gr
oups,CN=mydomain,CN=Microsoft Exchange,CN=Servi
ces,CN=Configuration,DC=headoffice,DC=mydomain
Identity : Exchange2007\OAB (Default Web Site)
Guid : 1350374d-1b48-40d4-92f5-e405e164d474
ObjectCategory : headoffice.mydomain/Configuration/Schema/ms-Exc
h-OAB-Virtual-Directory
ObjectClass : {top, msExchVirtualDirectory, msExchOABVirtualD
irectory}
WhenChanged : 26/02/2009 8:58:23 AM
WhenCreated : 26/02/2009 8:58:23 AM
OriginatingServer : domaincontroller.headoffice.mydomain
IsValid : True
****************************************************************************************************************************************
[PS] C:\Windows\System32>Get-UMVirtualDirectory | fl
Name : UnifiedMessaging (Default Web Site)
InternalAuthenticationMethods : {Ntlm, WindowsIntegrated}
ExternalAuthenticationMethods : {Ntlm, WindowsIntegrated}
BasicAuthentication : False
DigestAuthentication : False
WindowsAuthentication : True
MetabasePath : IIS://Exchange2007.headoffice.Mydomain/W3SVC/1/ROOT
/UnifiedMessaging
Path : C:\Program Files\Microsoft\Exchange Server\Unif
iedMessaging\WebService
Server : Exchange2007
InternalUrl : https://Exchange2007.headoffice.Mydomain/UnifiedMes
saging/Service.asmx
ExternalUrl :
AdminDisplayName :
ExchangeVersion : 0.1 (8.0.535.0)
DistinguishedName : CN=UnifiedMessaging (Default Web Site),CN=HTTP,
CN=Protocols,CN=Exchange2007,CN=Servers,CN=Exchange
Administrative Group (FYDIBOHF23SPDLT),CN=Admi
nistrative Groups,CN=Mydomain,CN=Microsoft Exch
ange,CN=Services,CN=Configuration,DC=headoffice
,DC=Mydomain
Identity : Exchange2007\UnifiedMessaging (Default Web Site)
Guid : 6c4a1e89-f559-4772-9acc-530e8f8f2eb7
ObjectCategory : headoffice.Mydomain/Configuration/Schema/ms-Exc
h-UM-Virtual-Directory
ObjectClass : {top, msExchVirtualDirectory, msExchUMVirtualDi
rectory}
WhenChanged : 26/02/2009 8:58:27 AM
WhenCreated : 26/02/2009 8:58:27 AM
OriginatingServer : Rodan.headoffice.Mydomain
IsValid : True -
Friday, March 13, 2009 9:44 AM
Dear Adam,
From your post, I know that you can’t access the known Autodiscover service addresses: https://autodiscover.domain.com/autodiscover/autodiscover.xml or https://domain.com/autodiscover/autodiscover.xml.
If these tests fail you must check your internal or external DNS entries to make sure you can get to these URLs. Also, can you ping your domain.com servers from your clients you are trying to connect to?
Also, if you are testing this and the Outlook 2007 client is not logged into the domain, make sure the right hand side of the SMTP e-mail address you are using is accessible from the Internet (that is, email@domain.com).
In additional, please click Results tab on Test E-mail Autoconfiguration screenshot, send the screenshot of it to me.
Rerun the following command and send the result to me:
Get-WebServicesVirtualDirectory | fl
Regards,
Rock Wang
Rock Wang– MSFT -
Friday, March 13, 2009 10:56 AM
Hi Rock,
I think I might be narrowing in on the problem,
Today I was able to access https://autodiscover.domain.com/autodiscover/autodiscover.xml if I disabled the proxy. However I'm still haviing issues with it running.
I have also emailed the screen shots as requested.
****************************************************************************************************************************************
[PS] C:\Windows\System32>Get-UMVirtualDirectory | fl
Name : UnifiedMessaging (Default Web Site)
InternalAuthenticationMethods : {Ntlm, WindowsIntegrated}
ExternalAuthenticationMethods : {Ntlm, WindowsIntegrated}
BasicAuthentication : False
DigestAuthentication : False
WindowsAuthentication : True
MetabasePath : IIS://Exchange2007.headoffice.Mydomain/W3SVC/1/ROOT
/UnifiedMessaging
Path : C:\Program Files\Microsoft\Exchange Server\Unif
iedMessaging\WebService
Server : Exchange2007
InternalUrl : https://Exchange2007.headoffice.Mydomain/UnifiedMes
saging/Service.asmx
ExternalUrl :
AdminDisplayName :
ExchangeVersion : 0.1 (8.0.535.0)
DistinguishedName : CN=UnifiedMessaging (Default Web Site),CN=HTTP,
CN=Protocols,CN=Exchange2007,CN=Servers,CN=Exchange
Administrative Group (FYDIBOHF23SPDLT),CN=Admi
nistrative Groups,CN=Mydomain,CN=Microsoft Exch
ange,CN=Services,CN=Configuration,DC=headoffice
,DC=Mydomain
Identity : Exchange2007\UnifiedMessaging (Default Web Site)
Guid : 6c4a1e89-f559-4772-9acc-530e8f8f2eb7
ObjectCategory : headoffice.Mydomain/Configuration/Schema/ms-Exc
h-UM-Virtual-Directory
ObjectClass : {top, msExchVirtualDirectory, msExchUMVirtualDi
rectory}
WhenChanged : 26/02/2009 8:58:27 AM
WhenCreated : 26/02/2009 8:58:27 AM
OriginatingServer : Rodan.headoffice.Mydomain
IsValid : True
Thanks Adam
-
Saturday, March 14, 2009 5:11 AM
Dear Adam,
Please run Get-WebServicesVirtualDirectory | fl not Get-UMVirtualDirectory | fl, thanks.
Is the Autodiscover virtual directory in the correct application pool (MSExchangeAutodiscoverAppPool)?
Also, rerun Test E-mail AutoConfiguration tool and send the screenshot of Result, Log and XML to me.
On Exchange server, open Event Viewer, navigate to application and right click it, cleanup application log, open EMS and run the following commands:
set-eventloglevel “msexchange autodiscover\core” –level:expert
set-eventloglevel “msexchange autodiscover\provider” –level:expert
set-eventloglevel “msexchange autodiscover\web” –level:expert
After running those commands and reproduce your issue, check the event viewer for logs. Save application log as .evt or .evtx file and send it to me.
Regards,
Rock Wang
Rock Wang– MSFT -
Saturday, March 14, 2009 11:48 PM
Hi Rock,
Results from running Get-WebServicesVirtualDirectory | fl
********************************************************************************************************************************[PS] C:\Windows\System32> Get-WebServicesVirtualDirectory | fl
InternalNLBBypassUrl : https://Exchange2007.headoffice.MyDomain/ews/exchan
ge.asmx
Name : EWS (Default Web Site)
InternalAuthenticationMethods : {Ntlm, WindowsIntegrated, Basic}
ExternalAuthenticationMethods : {Ntlm, WindowsIntegrated, Basic}
BasicAuthentication : True
DigestAuthentication : False
WindowsAuthentication : True
MetabasePath : IIS://Exchange2007.headoffice.MyDomain/W3SVC/1/ROOT
/EWS
Path : C:\Program Files\Microsoft\Exchange Server\Clie
ntAccess\exchweb\EWS
Server : Exchange2007
InternalUrl : https://Exchange2007.headoffice.MyDomain/EWS/Exchan
ge.asmx
ExternalUrl :
AdminDisplayName :
ExchangeVersion : 0.1 (8.0.535.0)
DistinguishedName : CN=EWS (Default Web Site),CN=HTTP,CN=Protocols,
CN=Exchange2007,CN=Servers,CN=Exchange Administrati
ve Group (FYDIBOHF23SPDLT),CN=Administrative Gr
oups,CN=MyDomain,CN=Microsoft Exchange,CN=Servi
ces,CN=Configuration,DC=headoffice,DC=MyDomain
Identity : Exchange2007\EWS (Default Web Site)
Guid : a5f4ccbd-db17-4ac3-bb66-7b36abaff2f0
ObjectCategory : headoffice.MyDomain/Configuration/Schema/ms-Exc
h-Web-Services-Virtual-Directory
ObjectClass : {top, msExchVirtualDirectory, msExchWebServices
VirtualDirectory}
WhenChanged : 26/02/2009 8:58:32 AM
WhenCreated : 26/02/2009 8:58:32 AM
OriginatingServer : DomainController.headoffice.MyDomain
IsValid : True
***********************************************************************************************************************************
I ran the commands below and entered credentails in Outlook. However no events were recorded in Event Viewer. Records did appear when I ussed the urlHttps://autodiscover.mydomain.local/autodiscover/autodiscover.xml. I have emailed the log which corresponds to this event.
I have also emailed screen shots of Email Config Test
Thanks again.
Adam
-
Sunday, March 15, 2009 3:45 AM
Dear Adam,
From your post, I found the following information:
Id : 1015
Type : Information
Message : [EXCH]-The OAB is not configured for this user.
According to the following steps to check whether you associate the Offline Address Book with a particular mailbox store in Exchange 2007, if not, correct it and check the effect.
a) In the Exchange Management Console, expand Server Configuration, and then click Mailbox
b) In the Database Management window, right-click Properties on the mailbox store.
c) Click the Client Settings tab, click Browse, and then click the appropriate offline address book.
d) Click OK two times to finish.
Based on my research, web filtering server can cause the following error, please double check whether there is a web filtering server between CAS and client. If so, disable it and check the effect.
Autodiscover request completed with http status code 404
Regards,
Rock Wang
Rock Wang– MSFT -
Monday, March 16, 2009 9:15 AMHi Rock,
I have completed the steps mentioned in your previous post.
From what I observed I believe the address book is configured.
The Client Settings tab has the Offline Address Book defined as "\Default Offline Address List"
Thanks,
Adam -
Monday, March 16, 2009 9:33 AM
Dear Adam,
Please send the screenshot of Client Settings tab to me for analyze.
Also, did you check whether there is a web filtering server or firewall between CAS and client?
Regards,
Rock Wang
Rock Wang– MSFT -
Monday, March 16, 2009 9:56 AMHI Rock,
Screen shot emailed.
Changes have been made to the proxy which previously were preventing communcatgion.
The Windows firewall has also been disabled.
Thanks,
Adam -
Monday, March 16, 2009 10:14 AM
Dear Adam,
Did the issue that Outlook 2007 Prompts for Credentials Continually still persist?
If so, please rerun Test E-mail AutoConfiguration according to the previous steps and send the screenshots of Results, XML,Log to me.
Thanks.
Regards,
Rock Wang
Rock Wang– MSFT -
Monday, March 16, 2009 10:24 AMHi Rock
Screen shots emailed.
Yes users are still prompted regularly to enter credentials.
Note the XML form of the email test is always blank.
Thanks,
Adam -
Monday, March 16, 2009 12:06 PM
Dear Adam,
1. According to the following steps to enable Outlook logging,
a) Launch Outlook.
b) Select Options from the Tools menu.
c) Select the Other tab.
d) Click the Advanced Options button.
e) Enable the Enable logging (troubleshooting) check box.
f) Click OK. You receive a prompt reporting that logging take effect the next time you restart Outlook.
2. Launch Outlook and Click your Windows Start button. Select Run, Enter %temp%, Click OK. locate the olkdisc.log file and send it to me for analyze.
Note: Leaving the Enable Logging option turned on can affect Outlook’s performance. It is recommended you turn it off when it is not being used.
3. Open IIS manager, navigate to default web site, right click it and select properties, click Web site tab, make sure Enable logging checkbox is selected,
4. Launch Outlook and rerun Test E-mail AutoConfiguration, and send the latest IIS log file to me.
5. When the client machine running Outlook 2007 is logged into the domain and is using the Service Connection Point to locate the Autodiscover URL, you can temporarily change the URL on a Client Access Server to not use HTTPS and temporarily not require HTTPS on the Autodiscover virtual directory in IIS. Taking Network Monitor Traces according to the following steps:
a) Run the following command for a server you know your client uses as a Service Connection Point for Autodiscover. In this example, the clt-e2k7 server is used:
Set-ClientAccessServer clt-e2k7 –AutoDiscoverServiceInternalUri:http://clt-e2k7.fourthcoffee.com/Autodiscover/Autodiscover.xml
Note: you should replace “clt-e2k7” and “clt-e2k7.fourthcoffee.com” with your exact name.
b) On the Client Access Server launch IIS Manager and disable the Require secure channel (SSL) option in the Secure Communications on the Autodiscover virtual directory.
c) Install network monitor on CAS server, and launch it, rerun Test E-mail AutoConfiguration, send the packet to me.
Note: send the IP address of client and CAS to me.
For more information about Network Monitor, please refer to the following article:
How to use Network Monitor to capture network traffic
http://support.microsoft.com/kb/812953/en-us
Regards,
Rock Wang
Rock Wang– MSFT -
Monday, March 16, 2009 9:56 PMHi Rock,
I have sent an email containing the requested files.
Some positive news after running the command "Set-ClientAccessServer clt-e2k7 –AutoDiscoverServiceInternalUri:http://clt-e2k7.fourthcoffee.com/Autodiscover/Autodiscover.xml"
I was able to successfully run the Email Config Test tool. Also users are no longer being prompted to enter their credentials.
The challenge is to get autodisover working with https.
Thanks Again,
Adam -
Tuesday, March 17, 2009 7:28 AM
Dear Adam,
Please let me know the IP address of the CAS server.
Also, let me know the account name when you run Test E-mail AutoConfiguration tool. I didn’t found IP address 192.168.0.144 in IIS log file(u_ex09031620.log).
Based on my research, you try the following method to fix the issue:
1. Open IIS manager, navigate to Default Web Site, click bindings under Action, select https,
2. Click edit, select the right certificate, click View,
3. Click Detail, select Thumbprint, make sure it is D5A832CBD639E8B24881B68B42731216B30F9BBB. If not, select another certificate in steps 2.
4. Click General, make sure the name after Issued to is Belharra.headoffice.centaman. If not, run new-exchangecertificate to generate a new certificate with –domainname “Belharra.headoffice.centaman” and IncludeAutoDiscover parameter.
5. Run the following command to enable the certificate for IIS service.
Enable-ExchangeCertificate -Thumbprint 5113ae0233a72fccb75b1d0198628675333d010e -Services IIS
6. Run the following command to change the URL back to HTTPS.
Set-ClientAccessServer clt-e2k7 –AutoDiscoverServiceInternalUri:https://clt-e2k7.fourthcoffee.com/Autodiscover/Autodiscover.xml
7. On the Client Access Server launch IIS Manager and enable the Require secure channel (SSL) option in the Secure Communications on the Autodiscover virtual directory.
8. Run iisreset /noforce and rerun Test E-mail AutoConfiguration tool, check the effect. Let me know the result.
Regards,
Rock Wang
Rock Wang– MSFT -
Tuesday, March 17, 2009 9:52 AM
Hi Rock,
I ran the config tool using my email credentials from 192.168.0.144. Notcied that I couldn't see any records in the log. The CAS server is 192.168.0.65.
After making the requested changed the Test Email Auto Config tool failed.
Syntax to create the new key includeded in email
Thanks Adam -
Wednesday, March 18, 2009 12:01 PM
Dear Adam,
1. Can you access the following URL on your CAS server?
https://belharra.headoffice.central/autodiscover/autodiscover.xml
2. On Exchange server, run the following command and send the txt file to me:
Get-exchangecertificate | fl * >c:\certificate.txt
Get-ClientAccessServer | fl >c:\cas.txt
3. On the domain controller, install adsiedit.msc tool which located in Windows server 2003 setup CD-ROM \setup\tool folder and open it, navigate to the following location:
DC=<domain>, CN=Configuration, CN=Services, CN=Microsoft Exchange, CN=<Organization>, CN=Administrative Groups, CN=Exchange Administrative Group, CN=Servers, CN=<CAS Name>, CN=Protocols, CN=Autodiscover, CN=<CAS Name>
4. Right click CAS Name and select properties, click attribute editor, select serviceBindingInformation and keyword, send the screenshots of them to me for analyze.
For more information about autodiscover, please refer to the following article:
White Paper: Exchange 2007 Autodiscover Service
http://technet.microsoft.com/en-us/library/bb332063.aspx
Rock Wang
Rock Wang– MSFT -
Thursday, March 19, 2009 8:37 AM
Hi Rock,
Yes I'm able to browse to
However after I click continue after getting the certificate warning, I get the following message
HTTP Error 403.7 - Forbidden
The page you are attempting to access requires your browser to have a Secure Sockets Layer (SSL) client certificate that the Web server recognizes.From Clients I'm now getting
403 - Forbidden: Access is denied.
I was unable to locate CN=Configuration in adsiedit.msc. I have included a screen shot in the email along with the files requested.
Thanks Adam -
Thursday, March 19, 2009 12:03 PM
Dear Adam,
I was unable to locate CN=Configuration in adsiedit.msc. I have included a screen shot in the email along with the files requested.
Please check the following steps:
1. Right click ADSIEDIT.MSC, click connect to,
2. Select Configuration under select a well known Naming Context;
3. Click OK,
4. Check the effect.
Also, please try to delete autodiscover virtual directory and recreate it, check the effect.
If the issue still persists, try to reinstall IIS, and then reinstall CAS role, check the effect.
How to Delete the Default Autodiscover Service Virtual Directory
http://technet.microsoft.com/en-us/library/aa995958.aspx
How to Create a New Autodiscover Service Virtual Directory
http://technet.microsoft.com/en-us/library/aa996418.aspx
How to remove and to reinstall IIS on a computer that is running Exchange Server
http://support.microsoft.com/default.aspx?scid=kb;EN-US;320202
Rock Wang
Rock Wang– MSFT -
Friday, March 20, 2009 2:05 AM
Hi Rock,
I have sorted the problem accessing https://autodiscover.headoffice.central/autodiscover/autodiscover.xml.
I'm still not having any luck with adsiedit.msc.
In "Connection Point" I check radio button "Select a well known Name Context."
From the drop down list I select "Default Name Context" then OK.
I'm unable to see the option CN=Configuration displayed. (Screen Shots emailed)
I have also added a new SSL certificate. Files also included with email.
** When I attempted to delete the Auto Discovery I got the error below (Note I'm able to browse the url)
[PS] C:\Windows\System32>Remove-AutodiscoverVirtualDirectory -Identity "Belharr
\autodiscover(autodiscover.Headoffice.Central)"
Remove-AutodiscoverVirtualDirectory : The operation could not be performed beca
use object 'DomainController\autodiscover(autodiscover.Headoffice.Central)' could not
be found on domain controller 'Rodan.headoffice.Central'.
At line:1 char:36
+ Remove-AutodiscoverVirtualDirectory <<<< -Identity "DomainController\autodiscover(au
todiscover.Headoffice.Central)"Not sure if this is part of the problem or a syntax errror. I'm not sure why it is looking to the DC for (autodiscover.Headoffice.Central)
Thanks,
Adam -
Friday, March 20, 2009 12:34 PM
Dear Adam,
Please send the screenshot of the result to me when you access the following URL:
https://belharra.headoffice.central/autodiscover/autodiscover.xml
From your certificate.txt, I found the following information:
CertificateDomains : {Belharra, headoffice.centaman, autodiscover.headoffice. centaman, belharra.headoffice.centaman, mail.centaman.com.au, autodiscover.centaman.com.au}
NotAfter : 20/03/2010 8:35:40 AM
NotBefore : 20/03/2009 8:35:40 AM
Subject : CN=Belharra, OU=Information Technology, O=CENTAMAN SYSTE
MS PTY LTD, L=CROWS NEST, S=NSW, C=AU
You didn’t include entaman.com.au in CertificateDomains parameter. Please try to perform the following steps to fix the issue:
1. Run the following command to create a certificate request file,
New-ExchangeCertificate -generaterequest –subjectname "OU=Information Technology, O=CENTAMAN SYSTEMS PTY LTD, L=CROWS NEST, S=NSW, C=AU,cn=mail.centaman.com.au " -domainname mail.centaman.com.au, belharra, centaman.com.au, autodiscover.centaman.com.au -PrivateKeyExportable $true -path c:\certrequest_cas01.txt
2. Sent the certificate request to a public CA or internal CA to get a certificate file.
3. Run the following command to import the certificate and enable it for IIS
Import-ExchangeCertificate -Path c:\certificates\newcert.p7b | Enable-ExchangeCertificate -Services IIS
4. Check the effect.
For adsiedit.msc issue, You can right click Default naming context, select settings, under Select a well known Name Context, select Configuration not Default naming context. Check the effect.
Note: You should perform the step above on your domain controller.
For how to delete AutodiscoverVirtualDirectory, please perform the following steps:
1. Run the following command to obtain the identity of Autodiscover Virtual Directory;
get-autodiscovervirtualdirectory –server cas_name | fl
note: you should replace cas_name with your exact CAS server name.
2. Then run Remove-AutodiscoverVirtualDirectory –Identity <you get from step 1>;
3. Check the effect.
Also, I have provide some basic information about autodiscover for you. It can help you to better understand how autodiscover works.
White Paper: Exchange 2007 Autodiscover Service
http://technet.microsoft.com/en-us/library/bb332063.aspx
If anything is unclear, feel free to let me know.
Regards,
Rock Wang
Rock Wang– MSFT- Proposed As Answer by LRMCP Friday, July 24, 2009 7:55 AM
-
Saturday, March 21, 2009 9:05 PMHi Rock,
Screen shots emailed.
Thanks
Adam -
Monday, March 23, 2009 11:28 AM
Hi Adam,
From your screenshots, they are ok.
Did you try my aforementioned suggestion? Please let me know the result.
If anything is unclear, feel free to let me know.
Regards,
Rock Wang
Rock Wang– MSFT- Marked As Answer by Agilbert2003 Tuesday, March 24, 2009 9:51 AM
-
Tuesday, March 24, 2009 9:52 AMThanks very much Rock for all your assistance the problem has been resolved.
Terrific work.
Thanks,
Adam -
Friday, July 24, 2009 8:23 AMHi,
I found that this thread is helpful and Thanks for that. I encountered the same issue in outlook 2007 while still using the self-signed SSL, I just wanna confirm if the New Exchange Certificate request covers only for One Forest with Multiple Subdomains? This means that do i have to include the subdomains in creating an Exchange Certificate? Example: mail.rootdomain.com,rootdomain.com.loc,dc1.subdomain1.rootdomain.com.loc.
My Exchange Org is installed only in the Root Domain, and there is no Exchange installed in the sub-domains.
Thanks in advance for replies.
Regards,
LRMCP
.png)
