none
outlook can't connect to exchange server

    Question

  • enviroment:

    wind2003 exchange2007

    ad domain:bbb.com(example)

    mail domain:aaa.com(example)

     private ca(in windows2003)  certificate with alternative name:owa.aaa.com,autodiscover.aaa.com,zqsbmail.bbb.com(mail server),zqsbmail(mail server)

    outlook can pass second phase of three phases,during third phase the error encountered ,it indicated the exchange server is not available .but ipad2/iphone can connect to it with exchange setting,and htc mobile can connect with exchange activesync setting.

    the following lines are information about test of outlook autodiscover :

    <?xml version="1.0" encoding="utf-8"?>
    <Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
      <Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">
        <User>
          <DisplayName>gwr/DisplayName>
          <LegacyDN>/o=zqsbs/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=guanweirong</LegacyDN>
          <DeploymentId>b6a3773b-84d1-430d-a48a-6649f512683c</DeploymentId>
        </User>
        <Account>
          <AccountType>email</AccountType>
          <Action>settings</Action>
          <Protocol>
            <Type>EXCH</Type>
            <Server>zqsbmail.bbb.com</Server>
            <ServerDN>/o=zqsbs/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=ZQSBMAIL</ServerDN>
            <ServerVersion>720180F0</ServerVersion>
            <MdbDN>/o=zqsbs/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=ZQSBMAIL/cn=Microsoft Private MDB</MdbDN>
            <PublicFolderServer>zqsbmail.bbb.com</PublicFolderServer>
            <AD>zqsbmail.bbb.com</AD>
            <ASUrl>https://owa.aaa.com/EWS/Exchange.asmx</ASUrl>
            <EwsUrl>https://owa.aaa.com/EWS/Exchange.asmx</EwsUrl>
            <OOFUrl>https://owa.aaa.com/EWS/Exchange.asmx</OOFUrl>
            <UMUrl>https://zqsbmail.bbb.com/UnifiedMessaging/Service.asmx</UMUrl>
            <OABUrl>http://zqsbmail.bbb.com/OAB/2e4d1a4f-4f3a-485c-8875-d719362b15ff/</OABUrl>
          </Protocol>
          <Protocol>
            <Type>EXPR</Type>
            <Server>zqsbmail</Server>
            <ASUrl>https://owa.aaa.com/EWS/Exchange.asmx</ASUrl>
            <EwsUrl>https://owa.aaa.com/EWS/Exchange.asmx</EwsUrl>
            <OOFUrl>https://owa.aaa.com/EWS/Exchange.asmx</OOFUrl>
            <OABUrl>https://owa.aaa.com/OAB/2e4d1a4f-4f3a-485c-8875-d719362b15ff/</OABUrl>
          </Protocol>
          <Protocol>
            <Type>WEB</Type>
            <External>
              <OWAUrl AuthenticationMethod="Fba">http://owa.aaa.com/owa</OWAUrl>
              <Protocol>
                <Type>EXPR</Type>
                <ASUrl>https://owa.aaa.com/EWS/Exchange.asmx</ASUrl>
              </Protocol>
            </External>
            <Internal>
              <OWAUrl AuthenticationMethod="Ntlm, WindowsIntegrated">http://zqsbmail.bbb.com/owa</OWAUrl>
              <Protocol>
                <Type>EXCH</Type>
                <ASUrl>https://owa.aaa.com/EWS/Exchange.asmx</ASUrl>
              </Protocol>
            </Internal>
          </Protocol>
        </Account>
      </Response>
    </Autodiscover>

    any response will be appreciated.sorry for my poor english.

     


    gwl7810


    • Edited by gwl7810 Monday, November 14, 2011 1:16 AM
    Saturday, November 12, 2011 2:11 AM

All replies

  • Hi GWL7810,

    The autodiscover REsult appears to be fine, all the web-based service URLs returned successflly.

    I am not sure what is about "three phases", does it means you are creating new Outlook profile? If yes, please reboot the GC server, add a gateway on the problematic client computer and then try again to see if this works.

    If the issue continues, please provide the following information:

    1. How does the problematic client tries to connect to Exchange server? internally via LAN or external via Outlook Anywhere?
    2. Where did you run the "Test Email Autoconfiguration"? from the problematic client when Outlook is connecting, or from another client that is able to connect? what is the report in Log tab?

    thanks.


    Best Regards Fiona Liao E: v-fiolia@microsoft.com
    Monday, November 14, 2011 2:48 AM
    Moderator
  • thank in advance

    yes ,i am creating a new outlook profile, phase one(establishing network connection ) passed and  phase two passsed but third phase (logon to server)can't pass(it pop up a window with information connecting to guanweirong@aaa.com,  i input username bbb\guanweirong and password, after a while the error raised.)

     1、the problematic client tries to connect to Exchange server externally via Outlook Anywhere

    2、run the "Test Email Autoconfiguration"  from the problematic client when Outlook is connecting

          how to export the results in log tab?

     

    any response will be appreciated.sorry for my poor english.

     

     

     


    gwl7810
    • Edited by gwl7810 Monday, November 14, 2011 4:20 AM
    Monday, November 14, 2011 4:19 AM
  • Hi,

     

    Thanks for your update and clarification. It is fine for your English, I can understand it. J

     

    The external Outlook clients might failed to logon to Server when we try to configure the Outlook profile automatically. This might be caused by various factors.

     

    I would suggest you verify the certificate name first, and make sure the domain listed in Issue To field equals to your email RPC proxy external url.

     

    Meanwhile, run the test below to collect more information:

     

    1.    Please run the online test tool at: https://www.testexchangeconnectivity.com/, select “Outlook Anywhere (RPC over HTTP) and post the test result. It will help us verify if the Outlook Anywhere is setup correctly.

     

    2.    Verify the IIS log and the application log on the RCP proxy server (your internet facing CAS server), copy and paste the errors occurring at the logon failed.

     

    Thanks.


    Best Regards Fiona Liao E: v-fiolia@microsoft.com
    Monday, November 14, 2011 6:51 AM
    Moderator
  • thank in advance

    I deployed it with private ca, Can i test it at https://www.testexchangeconnectivity.com/?

    I can't pass the check.

    I generated certificate request and import it with the following commands :

    New-ExchangeCertificate -GenerateRequest -Path d:\cert_request.csr -SubjectName "c=CN, o=zqsbs, ou=IT, cn=owa.aaa.com" -DomainName: autodiscover.aaa.com,zqsbmail.aaa.com,zqsbmail.bbb.com,zqsbmail,owa.aaa.com  -KeySize 1024 -PrivateKeyExportable: $true

    :autodiscover.aaa.com for autodiscover service,zqsbmail.bbb.com\zqsbmail\zqsbmail.aaa.com for mail server;

    owa.aaa.com for all external url;(bbb.com is AD domain and aaa.com is mail domain)

    Import-ExchangeCertificate -Path C:\setup\certnew.p7b

    Get-ExchangeCertificate

    Enable-ExchangeCertificate -Thumbprint 9E6B4C8BDAE835F6283DC548B81FCC55B3DADA8E -services IIS, POP, IMAP, SMTP

    I will review the iis log and application logs;

    sorry for my poor english.

    any response will be appreciated.


    gwl7810
    Monday, November 14, 2011 7:28 AM
  • There should be a option to "ignore certificates" when doing the tests on https://www.testexchangeconnectivity.com/

    Check that box and try again

    Post the result in here



    Jonas Andersson | Microsoft Community Contributor Award 2011 | MCITP: EMA 2007/2010 | Blog: http://www.testlabs.se/blog | Follow me on twitter: jonand82
    Monday, November 14, 2011 3:25 PM
  • thank for your prompt response,i did the outlook connectivity tests(outlook autodiscover) at https://www.testexchangeconnectivity.com/, there is a option to "ignore ssl" ,the test indicate that Connectivity Test Successful ,following is complete results,i superseded some senstive info.

     

    ExRCA is attempting to test Autodiscover for guanweirong@aaa.com.

    Autodiscover was tested successfully.

    Test Steps

    Attempting each method of contacting the Autodiscover service.

    The Autodiscover service was tested successfully.

    Test Steps

    Attempting to test potential Autodiscover URL https://aaa.com/AutoDiscover/AutoDiscover.xml

    Testing of this potential Autodiscover URL failed.

    Test Steps

    Attempting to test potential Autodiscover URL https://autodiscover.aaa.com/AutoDiscover/AutoDiscover.xml

    Testing of the Autodiscover URL was successful.

    Test Steps

    Attempting to resolve the host name autodiscover.aaa.com in DNS.

    The host name resolved successfully.

    Additional Details

    IP addresses returned: 210.2.28.6

    Testing TCP port 443 on host autodiscover.aaa.com to ensure it's listening and open.

    The port was opened successfully.
    Testing the SSL certificate to make sure it's valid.

    The certificate passed all validation requirements.

    Test Steps

    ExRCA is attempting to obtain the SSL certificate from remote server autodiscover.aaa.com on port 443.

    ExRCA successfully obtained the remote SSL certificate.

    Additional Details

    Validating the certificate name.

    The certificate name was validated successfully.

    Additional Details

    Testing the certificate date to confirm the certificate is valid.

    Date validation passed. The certificate hasn't expired.

    Additional Details

    Checking the IIS configuration for client certificate authentication.

    Client certificate authentication wasn't detected.

    Additional Details

    Accept/Require Client Certificates isn't configured.

    Attempting to send an Autodiscover POST request to potential Autodiscover URLs.

    ExRCA successfully retrieved Autodiscover settings by sending an Autodiscover POST.

    Test Steps

    ExRCA is attempting to retrieve an XML Autodiscover response from URL https://autodiscover.aaa.com/AutoDiscover/AutoDiscover.xml for user guanweirong@aaa.com.

    The Autodiscover XML response was successfully retrieved.

    Additional Details

    Autodiscover Account Settings
    XML response:
    <?xml version="1.0"?>
    <Autodiscover xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
     <Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">
     <User>
     <DisplayName>guanweirong</DisplayName>
     <LegacyDN>/o=zqsbs/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=guanweirong</LegacyDN>
     <DeploymentId>b6a3773b-84d1-430d-a48a-6649f512683c</DeploymentId>
     </User>
     <Account>
     <AccountType>email</AccountType>
     <Action>settings</Action>
     <Protocol>
     <Type>EXCH</Type>
     <Server>zqsbmail.bbb.com</Server>
     <ServerDN>/o=zqsbs/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=ZQSBMAIL</ServerDN>
     <ServerVersion>720180F0</ServerVersion>
     <MdbDN>/o=zqsbs/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=ZQSBMAIL/cn=Microsoft Private MDB</MdbDN>
     <ASUrl>https://owa.aaa.com/EWS/Exchange.asmx</ASUrl>
     <OOFUrl>https://owa.aaa.com/EWS/Exchange.asmx</OOFUrl>
     <OABUrl>http://zqsbmail.bbb.com/OAB/2e4d1a4f-4f3a-485c-8875-d719362b15ff/</OABUrl>
     <UMUrl>https://zqsbmail.bbb.com/UnifiedMessaging/Service.asmx</UMUrl>
     <Port>0</Port>
     <DirectoryPort>0</DirectoryPort>
     <ReferralPort>0</ReferralPort>
     <PublicFolderServer>zqsbmail.bbb.com</PublicFolderServer>
     <AD>zqsbmail.bbb.com</AD>
     <EwsUrl>https://owa.aaa.com/EWS/Exchange.asmx</EwsUrl>
     </Protocol>
     <Protocol>
     <Type>EXPR</Type>
     <Server>zqsbmail</Server>
     <ASUrl>https://owa.aaa.com/EWS/Exchange.asmx</ASUrl>
     <OOFUrl>https://owa.aaa.com/EWS/Exchange.asmx</OOFUrl>
     <OABUrl>https://owa.aaa.com/OAB/2e4d1a4f-4f3a-485c-8875-d719362b15ff/</OABUrl>
     <Port>0</Port>
     <DirectoryPort>0</DirectoryPort>
     <ReferralPort>0</ReferralPort>
     <EwsUrl>https://owa.aaa.com/EWS/Exchange.asmx</EwsUrl>
     </Protocol>
     <Protocol>
     <Type>WEB</Type>
     <Port>0</Port>
     <DirectoryPort>0</DirectoryPort>
     <ReferralPort>0</ReferralPort>
     <External>
     <OWAUrl AuthenticationMethod="Fba">http://owa.aaa.com/owa</OWAUrl>
     <Protocol>
     <Type>EXPR</Type>
     <ASUrl>https://owa.aaa.com/EWS/Exchange.asmx</ASUrl>
     </Protocol>
     </External>
     <Internal>
     <OWAUrl AuthenticationMethod="Ntlm, WindowsIntegrated">http://zqsbmail.bbb.com/owa</OWAUrl>
     <Protocol>
     <Type>EXCH</Type>
     <ASUrl>https://owa.aaa.com/EWS/Exchange.asmx</ASUrl>
     </Protocol>
     </Internal>
     </Protocol>
     </Account>
     </Response>
    </Autodiscover>


    gwl7810

    • Edited by gwl7810 Tuesday, November 15, 2011 1:50 AM
    Tuesday, November 15, 2011 1:39 AM
  • Thanks for your update.

    The certificate request appears fine, but a enterprise certificate might not work in Outlook Anywhere. Besides, the report appreas to be Autodiscover test but not the Outlook Anywhere test. Anyway, we recommend that you obtain a certificate from a Windows PKI or a trusted commercial third party if you will be using Outlook Anywhere.

    If it is not convenient, make sure the existing enterprise certificate is installed and trusted by your external client computer.


    Best Regards Fiona Liao E: v-fiolia@microsoft.com
    Tuesday, November 15, 2011 2:13 AM
    Moderator
  • I have installed  the ca certificate which based on windows pki,when i explore the https://autodiscover.aaa.com/autodiscover/,it indicate the certificate is ok;

     thank for your prompt response


    gwl7810

    • Edited by gwl7810 Tuesday, November 15, 2011 2:46 AM
    Tuesday, November 15, 2011 2:43 AM
  • So the ise is resolved? then you can mark the answer for the post which you feel helpful.

    Thanks.


    Best Regards Fiona Liao E: v-fiolia@microsoft.com
    Tuesday, November 15, 2011 6:29 AM
    Moderator
  • I mean that the installation of ca certiface had been done before i asked for help.

    thank for your prompt response


    gwl7810

    • Edited by gwl7810 Tuesday, November 15, 2011 6:43 AM
    Tuesday, November 15, 2011 6:42 AM
  • It's weird,a windows will popup when phase three of creation of a profile (logon to server),the value of microsoft exchange server text is zqsbmail.bbb.com,i change it to zqsbmail than everything is ok.

    I review the setting of email account and find the setting of proxy server as following:

    connecting to my proxy server using the following url :

    https://zqsbmail (i thank it would be owa.aaa.com),

    the value of next input text is msstd:zqsbmail.

    sorry for my poor english,thank for your prompt response.


    gwl7810

    • Edited by gwl7810 Tuesday, November 15, 2011 7:06 AM
    Tuesday, November 15, 2011 6:59 AM
  • Are you using the same New-ExchangeCertificate cmdlet to request the CA certificate? I test your cmdlet in my local lab and the “Issue to” value shows owa.aaa.com instead of zqsbmail.

    cert

     

    So could you run the cmdlets below and get information for me?

     

    Get-outlookanywhere “servername\Rpc (Default Web Site)” |FL >c:\OA.txt

    Get-clientaccessserver | fl >c:\cas.txt

    Get-ExchangeCertificate |fl >c:\certlog.txt

    Test-OutlookWebServices | fl >c:\test.txt

    Get-OutlookProvider |FL certprincipalname

     

    Thanks.


    Best Regards Fiona Liao E: v-fiolia@microsoft.com
    Tuesday, November 15, 2011 7:29 AM
    Moderator
  • Thank you very much.

    Can i mail it to v-fiolia@microsoft.com?

    thanks


    gwl7810
    Tuesday, November 15, 2011 7:50 AM
  • Sure. if you don't mind I will remove the real domain name and post our discussion/analysis in this thread.


    Best Regards Fiona Liao E: v-fiolia@microsoft.com
    Tuesday, November 15, 2011 7:56 AM
    Moderator
  • yes ,it is the same as above.  the “Issue to” value shows owa.aaa.com instead of zqsbmail

    thanks



    gwl7810

    • Edited by gwl7810 Tuesday, November 15, 2011 8:08 AM
    Tuesday, November 15, 2011 8:08 AM
  • By default, the Certificate principal name is null and the value next to "connecting to my proxy server using xxx" in Outlook profile represent the "Issue To" value of the certificate. Now it shows zqsbmail so I am suspecting the CAS server configuration might be incorrect.
    Best Regards Fiona Liao E: v-fiolia@microsoft.com
    Tuesday, November 15, 2011 8:12 AM
    Moderator
  • Hi Gwl7810,

     

    Thanks for updating the data. The Exchange related configuration appears to be fine except the Outlook provider. The server attribute is setup and might cause the Autodiscover service provide incorrect configuration inforation to Outlook clients.

     

    Refer to: 

    http://technet.microsoft.com/en-us/library/cc411324(EXCHG.80).aspx

     

    Based on the curreint situation, please run cmdlet below, remove the existing Outlook profile and try again:

     

    Set-OutlookProvider ExPR-Server $null

    Set-OutlookProvider EXCH -Server $null

     

    Hope it is helpful.


    Best Regards Fiona Liao E: v-fiolia@microsoft.com
    Wednesday, November 16, 2011 7:02 AM
    Moderator
  • Sure. if you don't mind I will remove the real domain name and post our discussion/analysis in this thread.


    Best Regards Fiona Liao E: v-fiolia@microsoft.com

    I don't mind,you are welcome
    gwl7810
    Wednesday, November 16, 2011 7:06 AM