Activesync Autodiscover not working
-
5 aprilie 2012 09:08My Activesync Autodiscovery is failing (Both in real life, and at testexchangeconnectivity.c
om.
The failure at testexchangeconnectiivty.com is:
Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
Autodiscover settings weren't obtained when the Autodiscover POST request was sent.
Test Steps
ExRCA is attempting to retrieve an XML Autodiscover response from URLhttps://autodiscover.domain.com/Auto for user username.comDiscover/ A utoDiscove r.xml
ExRCA failed to obtain an Autodiscover XML response.
Additional Details
None of the expected XML elements were found in the XML response.
Test-outlookwebservices gives no errors.
Test-activesynconnectivitydoes give an error.
Error : An incorrect HTTP response was received for user domain.internal\username@domainname. com, HTTP code = MovedPermanently.
Further info:
Windows 2008 R2, Exchange 2010 SP1 (Installed as /hosting which may be relevant). There are two CAS using MS NLB - however, I get precisely the same results when the firewall points to either of the CAS directly.
Any ideas?
Toate mesajele
-
5 aprilie 2012 17:07
i would suggest check the setting using this tool and then revert me with the error...
http://www.yusufozturk.info/exchange-server/hosted-exchange-2010-sp1-configuration-tool.html
Thanks
Happiness Always
Jatin
- Editat de 'Jatin' 5 aprilie 2012 17:07
-
10 aprilie 2012 08:55Hi, I had already checked with that tool, sadly nothing pointed out as wrong...
-
10 aprilie 2012 16:34 Have you got any IIS redirects configured? Directing / to /owa for example?
- Propus ca răspuns de Greg Taylor [msft]Microsoft Employee 13 aprilie 2012 19:03
-
11 aprilie 2012 07:45
Have you got any IIS redirects configured? Directing / to /owa for example?
I do, but implemented these after the issue was discovered. I'll remove and recheck. -
11 aprilie 2012 08:59
Greg,
That solved the test-activesync issue - I now get
CasServer LocalSite Scenario Result Latency(MS) Error
--------- --------- -------- ------ ----------- -----
oa2ex005 Default-Fi... Options Success 15.62
oa2ex005 Default-Fi... FolderSync Success 171.86
oa2ex005 Default-Fi... First Sync Success 140.61
oa2ex005 Default-Fi... GetItemEstimate Success 46.87
oa2ex005 Default-Fi... Sync Data Success 78.12
oa2ex005 Default-Fi... Ping Success 5077.67
oa2ex005 Default-Fi... Sync Test Item Success 78.12The ping time looks long but otherwise good.
However, the EXRCA error remains the same. :(
-
11 aprilie 2012 14:00Do you have an ExternalURL configured on the ActiveSync Virtual Directory?
-
11 aprilie 2012 16:03
Yes, https://outlook.domain.com/Microsoft-Server-ActiveSync. When I do get-activesyncvirtualdirectory, the attribute ExternalAuthenticationmethods is (), and WindowsAuthEnabled is False - despite Windows Authentication being enabled in IIS. BasicAuthEnabled is true. Everything else [i]looks[/i] - to my not-very-tutored eye to be correct.
-
11 aprilie 2012 18:40Ok, that looks ok. I think you need to paste an output from a get-mailbox, for a user that fails (is this all users? or just some?) and get-activesyncvirtualdirectory. full list for both.
-
12 aprilie 2012 09:29[PS] C:\Windows\system32>get-activesyncvirtualdirectory | fl *
PSComputerName : oa2ex005.oatoo.internal
RunspaceId : 07f64636-78d7-425f-8b4f-432f0247650d
MobileClientFlags : BadItemReportingEnabled, SendWatsonReport
MobileClientCertificateProvisioningEnabled : False
BadItemReportingEnabled : True
SendWatsonReport : True
MobileClientCertificateAuthorityURL :
MobileClientCertTemplateName :
ActiveSyncServer : https://outlook.oatoo.com/Microsoft-Server-ActiveSync
RemoteDocumentsActionForUnknownServers : Allow
RemoteDocumentsAllowedServers : {}
RemoteDocumentsBlockedServers : {}
RemoteDocumentsInternalDomainSuffixList : {}
MetabasePath : IIS://OA2EX006.oatoo.internal/W3SVC/1/ROOT/Microsoft-Server-ActiveSync
BasicAuthEnabled : True
WindowsAuthEnabled : False
CompressionEnabled : True
ClientCertAuth : Ignore
WebsiteName : Default Web Site
WebSiteSSLEnabled : True
VirtualDirectoryName : Microsoft-Server-ActiveSync
ProxyVdirExtendedProtectionTokenChecking : None
ProxyVdirExtendedProtectionFlags : {}
ProxyVdirExtendedProtectionSPNList : {}
Path :
Server : OA2EX006
InternalUrl : https://outlook.oatoo.com/Microsoft-Server-ActiveSync
InternalAuthenticationMethods : {}
ExternalUrl : https://outlook.oatoo.com/Microsoft-Server-ActiveSync
ExternalAuthenticationMethods : {}
AdminDisplayName :
ExchangeVersion : 0.10 (14.0.100.0)
Name : Microsoft-Server-ActiveSync (Default Web Site)
DistinguishedName : CN=Microsoft-Server-ActiveSync (Default Web Site),CN=HTTP,CN=Protocols,CN=
OA2EX006,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=
Administrative Groups,CN=OATOO,CN=Microsoft Exchange,CN=Services,CN=Config
uration,DC=oatoo,DC=internal
Identity : OA2EX006\Microsoft-Server-ActiveSync (Default Web Site)
Guid : 46ab08fb-0856-4df8-8d22-f35733e2784d
ObjectCategory : oatoo.internal/Configuration/Schema/ms-Exch-Mobile-Virtual-Directory
ObjectClass : {top, msExchVirtualDirectory, msExchMobileVirtualDirectory}
WhenChanged : 4/3/2012 4:53:11 PM
WhenCreated : 3/18/2012 6:12:02 PM
WhenChangedUTC : 4/3/2012 3:53:11 PM
WhenCreatedUTC : 3/18/2012 6:12:02 PM
OrganizationId :
OriginatingServer : OA2DC001.oatoo.internal
IsValid : True
PSComputerName : oa2ex005.oatoo.internal
RunspaceId : 07f64636-78d7-425f-8b4f-432f0247650d
MobileClientFlags : BadItemReportingEnabled, SendWatsonReport
MobileClientCertificateProvisioningEnabled : False
BadItemReportingEnabled : True
SendWatsonReport : True
MobileClientCertificateAuthorityURL :
MobileClientCertTemplateName :
ActiveSyncServer : https://outlook.oatoo.com/Microsoft-Server-ActiveSync
RemoteDocumentsActionForUnknownServers : Allow
RemoteDocumentsAllowedServers : {}
RemoteDocumentsBlockedServers : {}
RemoteDocumentsInternalDomainSuffixList : {}
MetabasePath : IIS://OA2EX005.oatoo.internal/W3SVC/1/ROOT/Microsoft-Server-ActiveSync
BasicAuthEnabled : True
WindowsAuthEnabled : False
CompressionEnabled : True
ClientCertAuth : Ignore
WebsiteName : Default Web Site
WebSiteSSLEnabled : True
VirtualDirectoryName : Microsoft-Server-ActiveSync
ProxyVdirExtendedProtectionTokenChecking : None
ProxyVdirExtendedProtectionFlags : {}
ProxyVdirExtendedProtectionSPNList : {}
Path :
Server : OA2EX005
InternalUrl : https://outlook.oatoo.com/Microsoft-Server-ActiveSync
InternalAuthenticationMethods : {}
ExternalUrl : https://outlook.oatoo.com/Microsoft-Server-ActiveSync
ExternalAuthenticationMethods : {}
AdminDisplayName :
ExchangeVersion : 0.10 (14.0.100.0)
Name : Microsoft-Server-ActiveSync (Default Web Site)
DistinguishedName : CN=Microsoft-Server-ActiveSync (Default Web Site),CN=HTTP,CN=Protocols,CN=
OA2EX005,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=
Administrative Groups,CN=OATOO,CN=Microsoft Exchange,CN=Services,CN=Config
uration,DC=oatoo,DC=internal
Identity : OA2EX005\Microsoft-Server-ActiveSync (Default Web Site)
Guid : b92fbd9b-efb3-421f-a331-81d81c915c81
ObjectCategory : oatoo.internal/Configuration/Schema/ms-Exch-Mobile-Virtual-Directory
ObjectClass : {top, msExchVirtualDirectory, msExchMobileVirtualDirectory}
WhenChanged : 4/3/2012 4:51:04 PM
WhenCreated : 3/18/2012 7:01:18 PM
WhenChangedUTC : 4/3/2012 3:51:04 PM
WhenCreatedUTC : 3/18/2012 7:01:18 PM
OrganizationId :
OriginatingServer : OA2DC001.oatoo.internal
IsValid : False -
12 aprilie 2012 09:59
And...get-mailbox fails. (Activesync fails for all users, but there are very very few - this is a pre-production Exchange infrastructure)
[PS] C:\Windows\system32>get-mailbox nick.smith
The operation couldn't be performed because object 'nick.smith' couldn't be found on 'OA2DC001.oatoo.internal'.
+ CategoryInfo : NotSpecified: (:) [Get-Mailbox], ManagementObjectNotFoundException
+ FullyQualifiedErrorId : B1EA85E4,Microsoft.Exchange.Management.RecipientTasks.GetMailbox
[PS] C:\Windows\system32>get-mailbox nick.smith -domaincontroller oa2dc002.oatoo.internal
The operation couldn't be performed because object 'nick.smith' couldn't be found on 'OA2DC002.oatoo.internal'.
+ CategoryInfo : NotSpecified: (:) [Get-Mailbox], ManagementObjectNotFoundException
+ FullyQualifiedErrorId : 21DAB173,Microsoft.Exchange.Management.RecipientTasks.GetMailbox
[PS] C:\Windows\system32>get-mailbox
Name Alias ServerName ProhibitSendQuota
---- ----- ---------- -----------------
Office Anyplace oa oa2ex003 unlimited
DiscoverySearchMailbox... DiscoverySearchMa... oa2ex003 50 GB (53,687,091,200 bytes)
[PS] C:\Windows\system32>get-mailboxdatabase
Name Server Recovery ReplicationType
---- ------ -------- ---------------
database01 OA2EX004 False Remote
[PS] C:\Windows\system32>get-mailbox -database database01
Name Alias ServerName ProhibitSendQuota
---- ----- ---------- -----------------
Office Anyplace oa oa2ex003 unlimited
DiscoverySearchMailbox... DiscoverySearchMa... oa2ex003 50 GB (53,687,091,200 bytes)
Administrator Administrator oa2ex004 9.668 GB (10,380,902,400 bytes)
DiscoverySearchMailbox... DiscoverySearchMa... oa2ex004 50 GB (53,687,091,200 bytes)
Nick Smith nick.smith oa2ex004 9.668 GB (10,380,902,400 bytes)
Ryan French ryan.french oa2ex004 9.668 GB (10,380,902,400 bytes)
Simon Stanger simon.stanger oa2ex003 9.668 GB (10,380,902,400 bytes)I have run EXBPA and it found no AD errors, or any critical ones.
As a possible aside, I'm slightly confused as to why simon.stanger shows as being on oa2ex003 - the only Mounted database is on OA2EX004, with a healthy copy on OA2EX003.
- Editat de nphsmith 12 aprilie 2012 10:02
-
12 aprilie 2012 16:32
Is this Exchange installed using the /hosting switch? If so, you need to specify an organization for a get-mailbox
Get-Mailbox -Organization "OrgNameHere" Nick.Smith
How did you create these users? Did you move them around OU's within AD after creation?
-
12 aprilie 2012 19:34
Ah, stupid me - it is installed using /hosting. I created them through the /ecp panel. I haven't moved them at all.
[PS] C:\Windows\system32>get-mailbox -organization "webactive" nick.smith | fl *
PSComputerName : oa2ex003.oatoo.internal
RunspaceId : 8cfd9c19-8243-460e-8184-fb7ba639a0bf
Database : database01
UseDatabaseRetentionDefaults : True
RetainDeletedItemsUntilBackup : False
DeliverToMailboxAndForward : False
LitigationHoldEnabled : False
SingleItemRecoveryEnabled : False
RetentionHoldEnabled : False
EndDateForRetentionHold :
StartDateForRetentionHold :
RetentionComment :
RetentionUrl :
LitigationHoldDate :
LitigationHoldOwner :
ManagedFolderMailboxPolicy :
RetentionPolicy : Webactive\DefaultRetentionPolicy
CalendarRepairDisabled : False
ExchangeGuid : 69fb7c6a-f912-4391-9715-c43a71f8d4d5
ExchangeSecurityDescriptor : System.Security.AccessControl.RawSecurityDescriptor
ExchangeUserAccountControl : None
MessageTrackingReadStatusEnabled : True
ExternalOofOptions : External
ForwardingAddress :
ForwardingSmtpAddress :
RetainDeletedItemsFor : 14.00:00:00
IsMailboxEnabled : True
Languages : {en-GB}
OfflineAddressBook :
ProhibitSendQuota : 9.668 GB (10,380,902,400 bytes)
ProhibitSendReceiveQuota : 10 GB (10,737,418,240 bytes)
RecoverableItemsQuota : 30 GB (32,212,254,720 bytes)
RecoverableItemsWarningQuota : 20 GB (21,474,836,480 bytes)
DowngradeHighPriorityMessagesEnabled : False
ProtocolSettings : {RemotePowerShell§1, MAPI§1§0§§§0§§§, IMAP4§1§1§§§§§§§5§0§§0, POP3§1§1§§§§§§§5
§0§§0, Emws§0, ECP§1, HTTP§1§1§§§§§§, OWA§1}
RecipientLimits : 5000
IsResource : False
IsLinked : False
IsShared : False
LinkedMasterAccount :
ResourceCapacity :
ResourceCustom : {}
ResourceType :
SamAccountName : nick.smith
SCLDeleteThreshold :
SCLDeleteEnabled :
SCLRejectThreshold :
SCLRejectEnabled :
SCLQuarantineThreshold :
SCLQuarantineEnabled :
SCLJunkThreshold :
SCLJunkEnabled :
AntispamBypassEnabled : False
ServerLegacyDN : /o=OATOO/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/c
n=Servers/cn=OA2EX004
ServerName : oa2ex004
UseDatabaseQuotaDefaults : False
IssueWarningQuota : 9 GB (9,663,676,416 bytes)
RulesQuota : 64 KB (65,536 bytes)
Office :
UserPrincipalName : nick.smith@oatoo.com
UMEnabled : False
MaxSafeSenders :
MaxBlockedSenders :
ReconciliationId :
WindowsLiveID :
ThrottlingPolicy :
RoleAssignmentPolicy : Webactive\Default Role Assignment Policy
SharingPolicy : Webactive\Default Sharing Policy
RemoteAccountPolicy :
MailboxPlan : oatoo.internal/Microsoft Exchange Hosted Organizations/Webactive/DefaultMailbo
xPlan-76ce4834-5dd3-4592-b089-b68ea938d43b
ArchiveDatabase :
ArchiveGuid : 00000000-0000-0000-0000-000000000000
ArchiveName : {}
ArchiveQuota : 50 GB (53,687,091,200 bytes)
ArchiveWarningQuota : 45 GB (48,318,382,080 bytes)
ArchiveDomain :
ArchiveStatus : None
RemoteRecipientType : None
DisabledArchiveDatabase :
DisabledArchiveGuid : 00000000-0000-0000-0000-000000000000
QueryBaseDNRestrictionEnabled : False
MailboxMoveTargetMDB :
MailboxMoveSourceMDB :
MailboxMoveFlags : None
MailboxMoveRemoteHostName :
MailboxMoveBatchName :
MailboxMoveStatus : None
IsPersonToPersonTextMessagingEnabled : False
IsMachineToPersonTextMessagingEnabled : True
UserSMimeCertificate : {}
UserCertificate : {}
CalendarVersionStoreDisabled : False
ImmutableId :
PersistedCapabilities : {}
SKUAssigned : False
AuditEnabled : False
AuditLogAgeLimit : 90.00:00:00
AuditAdmin : {Update, Move, MoveToDeletedItems, SoftDelete, HardDelete, FolderBind, SendAs,
SendOnBehalf, Create}
AuditDelegate : {Update, SoftDelete, HardDelete, SendAs, Create}
AuditOwner : {}
WhenMailboxCreated : 12/03/2012 14:43:29
UsageLocation :
Extensions : {}
HasPicture : False
HasSpokenName : False
AcceptMessagesOnlyFrom : {}
AcceptMessagesOnlyFromDLMembers : {}
AcceptMessagesOnlyFromSendersOrMembers : {}
AddressListMembership : {Webactive\Offline Global Address List, Webactive\All Users, Webactive\Mailbox
es(VLV), Webactive\All Mailboxes(VLV), Webactive\All Recipients(VLV), Webactiv
e\Default Global Address List}
Alias : nick.smith
ArbitrationMailbox :
BypassModerationFromSendersOrMembers : {}
OrganizationalUnit : oatoo.internal/Microsoft Exchange Hosted Organizations/Webactive
CustomAttribute1 :
CustomAttribute10 :
CustomAttribute11 :
CustomAttribute12 :
CustomAttribute13 :
CustomAttribute14 :
CustomAttribute15 :
CustomAttribute2 :
CustomAttribute3 :
CustomAttribute4 :
CustomAttribute5 :
CustomAttribute6 :
CustomAttribute7 :
CustomAttribute8 :
CustomAttribute9 :
DisplayName : Nick Smith
EmailAddresses : {SMTP:nick.smith@oatoo.com}
GrantSendOnBehalfTo : {}
ExternalDirectoryObjectId :
HiddenFromAddressListsEnabled : False
LastExchangeChangedTime :
LegacyExchangeDN : /o=OATOO/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=N
ick Smithea6
MaxSendSize : 1 GB (1,073,741,824 bytes)
MaxReceiveSize : 1 GB (1,073,741,824 bytes)
ModeratedBy : {}
ModerationEnabled : False
PoliciesIncluded : {97b3962a-b535-4928-9345-bc0a01410987, {26491cfc-9e50-4857-861b-0cb8df22b5d7}}
PoliciesExcluded : {}
EmailAddressPolicyEnabled : True
PrimarySmtpAddress : nick.smith@oatoo.com
RecipientType : UserMailbox
RecipientTypeDetails : UserMailbox
RejectMessagesFrom : {}
RejectMessagesFromDLMembers : {}
RejectMessagesFromSendersOrMembers : {}
RequireSenderAuthenticationEnabled : False
SimpleDisplayName :
SendModerationNotifications : Always
UMDtmfMap : {emailAddress:642576484, lastNameFirstName:642576484, firstNameLastName:642576
484}
WindowsEmailAddress : nick.smith@oatoo.com
MailTip :
MailTipTranslations : {}
PartnerObjectId : 00000000-0000-0000-0000-000000000000
IsValid : True
ExchangeVersion : 0.10 (14.0.100.0)
Name : Nick Smith
DistinguishedName : CN=Nick Smith,OU=Webactive,OU=Microsoft Exchange Hosted Organizations,DC=oatoo
,DC=internal
Identity : oatoo.internal/Microsoft Exchange Hosted Organizations/Webactive/Nick Smith
Guid : 9009ce6a-4da3-4e00-a71a-98862463a844
ObjectCategory : oatoo.internal/Configuration/Schema/Person
ObjectClass : {top, person, organizationalPerson, user}
WhenChanged : 04/04/2012 15:30:04
WhenCreated : 12/03/2012 14:43:29
WhenChangedUTC : 04/04/2012 14:30:04
WhenCreatedUTC : 12/03/2012 14:43:29
OrganizationId : oatoo.internal/Microsoft Exchange Hosted Organizations/Webactive - oatoo.inter
nal/Configuration/Services/Microsoft Exchange/ConfigurationUnits/Webactive/Con
figuration
OriginatingServer : OA2DC002.oatoo.internal
-
12 aprilie 2012 21:04Ok, so that looks ok. Can you run a get-casmailbox for the same user?
-
13 aprilie 2012 07:26
[PS] C:\Windows\system32>get-casmailbox -organization "webactive" nick.smith
Name ActiveSyncEnabled OWAEnabled PopEnabled ImapEnabled MapiEnabled
---- ----------------- ---------- ---------- ----------- -----------
Nick Smith True True True True True
[PS] C:\Windows\system32>get-casmailbox -organization "webactive" nick.smith | fl *
PSComputerName : oa2ex005.oatoo.internal
RunspaceId : 27d36070-2def-4c89-ac6f-8ca31bbf5691
EmailAddresses : {SMTP:nick.smith@oatoo.com}
LegacyExchangeDN : /o=OATOO/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=Nick
Smithea6
LinkedMasterAccount :
PrimarySmtpAddress : nick.smith@oatoo.com
SamAccountName : nick.smith
ServerLegacyDN : /o=OATOO/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Se
rvers/cn=OA2EX004
ServerName : oa2ex004
DisplayName : Nick Smith
ActiveSyncAllowedDeviceIDs : {}
ActiveSyncBlockedDeviceIDs : {}
ActiveSyncMailboxPolicy : Webactive\Default
ActiveSyncMailboxPolicyIsDefaulted : True
ActiveSyncDebugLogging :
ActiveSyncEnabled : True
HasActiveSyncDevicePartnership : True
ExternalImapSettings :
InternalImapSettings :
ExternalPopSettings :
InternalPopSettings :
ExternalSmtpSettings :
InternalSmtpSettings :
OwaMailboxPolicy : Webactive\OwaMailboxPolicy-Default
OWAEnabled : True
ECPEnabled : True
EmwsEnabled : False
PopEnabled : True
PopUseProtocolDefaults : True
PopMessagesRetrievalMimeFormat : BestBodyFormat
PopEnableExactRFC822Size : False
PopSuppressReadReceipt : False
ImapEnabled : True
ImapUseProtocolDefaults : True
ImapMessagesRetrievalMimeFormat : BestBodyFormat
ImapEnableExactRFC822Size : False
ImapSuppressReadReceipt : False
MAPIEnabled : True
MAPIBlockOutlookNonCachedMode : False
MAPIBlockOutlookVersions :
MAPIBlockOutlookRpcHttp : False
EwsEnabled : True
EwsAllowOutlook :
EwsAllowMacOutlook :
EwsAllowEntourage :
EwsApplicationAccessPolicy :
EwsAllowList :
EwsBlockList :
ShowGalAsDefaultView : True
IsValid : True
ExchangeVersion : 0.10 (14.0.100.0)
Name : Nick Smith
DistinguishedName : CN=Nick Smith,OU=Webactive,OU=Microsoft Exchange Hosted Organizations,DC=oatoo,DC=
internal
Identity : oatoo.internal/Microsoft Exchange Hosted Organizations/Webactive/Nick Smith
Guid : 9009ce6a-4da3-4e00-a71a-98862463a844
ObjectCategory : oatoo.internal/Configuration/Schema/Person
ObjectClass : {top, person, organizationalPerson, user}
WhenChanged : 4/4/2012 3:30:04 PM
WhenCreated : 3/12/2012 2:43:29 PM
WhenChangedUTC : 4/4/2012 2:30:04 PM
WhenCreatedUTC : 3/12/2012 2:43:29 PM
OrganizationId : oatoo.internal/Microsoft Exchange Hosted Organizations/Webactive - oatoo.internal/
Configuration/Services/Microsoft Exchange/ConfigurationUnits/Webactive/Configurati
on
OriginatingServer : OA2DC002.oatoo.internal
[PS] C:\Windows\system32> -
13 aprilie 2012 16:49
Looks ok too. So is this affecting all users? Looking at your activesync VDir properties it's showing IsValid as False on OA2EX005.
Do you have any other issues with this machine? Any errors in the application event log? If this is just test environment, could you try a remove-activesyncvirtualdirectory on that box, and re-create it.
-
13 aprilie 2012 18:18I can remove and recreate, but it's a new-therefore-should-be-clean environment, and the issue seems to affect both the cas in the nlb group. I'll try forwarding the http/s traffic direct to oa2ex006 and see if I get same result.
-
13 aprilie 2012 18:33Good idea. let me know. in a greenfield like this, it really should just work.
-
13 aprilie 2012 18:53
Ooookayy. So, I pointed the firewall at oa2ex006, Autodiscovery worked. I pointed it at oa2ex005, to my surprise Autodiscover worked. Pointed it back at the NLB, Autodiscovery worked!
I swear I have made no changes since removing the Redirect on Wednesday, and definitely rechecked autodiscover since. The only thing that makes any sense is that last night was patch night, and a reboot happened.
So...happiness that it is working, but still complete puzzlement as to why it wasn't.
I am going to run another couple of tests, assuming all is good, I will put the redirect back on and review.
-
13 aprilie 2012 18:54And many many thanks for all your patient help.
-
13 aprilie 2012 19:03No problem. Glad it's working now. Be careful with the redirect piece.
-
16 aprilie 2012 10:29
Aaaannnnd. It's stopped working. Only changes I have made are reboots on the Mailbox servers.
But... If I run "Exchange Web Services synchronization, notification, availability, and Automatic Replies (OOF)", it passes succesfully, including Autodiscovery!
Autodiscover also works if I do Outlook Anywhere testing, though this fails with:
[i]Testing the Name Service Provider Interface (NSPI) on the Exchange Mailbox server.
An error occurred while testing the NSPI RPC endpoint.
Test Steps
Attempting to ping RPC endpoint 6004 (NSPI Proxy Interface) on server OA2EX003.oatoo.internal.
The attempt to ping the endpoint failed.
Tell me more about this issue and how to resolve it
Additional Details
The RPC_S_SERVER_UNAVAILABLE error (0x6ba) was thrown by the RPC Runtime process.
[/i]
Following the http://technet.microsoft.com/en-us/library/db543644-c252-47ee-a70b-4f60770083dc.aspx article:
- Cannot see any failures in DNS resolution
-ValidPorts should not be relevant in 2010, and in any case looks correct
-IP V6 is disabled on Mailbox servers and CAS servers.
- netstat -a shows that it is [i]not[/i] listening on 6004:
Proto Local Address Foreign Address State
TCP 0.0.0.0:80 OA2EX003:0 LISTENING
TCP 0.0.0.0:135 OA2EX003:0 LISTENING
TCP 0.0.0.0:443 OA2EX003:0 LISTENING
TCP 0.0.0.0:445 OA2EX003:0 LISTENING
TCP 0.0.0.0:593 OA2EX003:0 LISTENING
TCP 0.0.0.0:3343 OA2EX003:0 LISTENING
TCP 0.0.0.0:3389 OA2EX003:0 LISTENING
TCP 0.0.0.0:6001 OA2EX003:0 LISTENING
TCP 0.0.0.0:6005 OA2EX003:0 LISTENING
TCP 0.0.0.0:6006 OA2EX003:0 LISTENING
TCP 0.0.0.0:6007 OA2EX003:0 LISTENING
TCP 0.0.0.0:6008 OA2EX003:0 LISTENING
TCP 0.0.0.0:6009 OA2EX003:0 LISTENING
TCP 0.0.0.0:6010 OA2EX003:0 LISTENING
TCP 0.0.0.0:6053 OA2EX003:0 LISTENINGI have no idea if this is connected, obviously.
-
16 aprilie 2012 14:28Is the Microsoft Exchange Address Book Service running?
- Propus ca răspuns de steve siyavayaMicrosoft Community Contributor 16 aprilie 2012 15:33
- Anulare propunere ca răspuns de steve siyavayaMicrosoft Community Contributor 16 aprilie 2012 15:41
-
16 aprilie 2012 15:27
Address Book was not running on one of the Cas. Service Host Service was not running on either of the Mailbox - started these and Outlook over RPC tests fine - thanks. I'll put that one down to not seeing woods for trees:).
Activesync Autodiscover continues to fail, however. Is it worth my simply recreating the Virtual Directories? If so, which ones?
- Editat de nphsmith 16 aprilie 2012 15:27
-
16 aprilie 2012 15:40I think you need to go back to testing each of the CAS again individually and try to figure out if one, or both, have the issue.
-
16 aprilie 2012 15:51Ok, will do that this evening. Thanks again for ongoing help.
-
16 aprilie 2012 15:57In fact found time before catching train home. It is failing with both CAS.
-
16 aprilie 2012 16:01Only thing in the event logs is the Address Book service timing out after last restart.
-
16 aprilie 2012 16:08
What event was it? Why would it be timing out?
Check both CAS's activesync virtual directories. OA2EX005 reported as invalid last time, does it still? If so, remove- it and re-create it.
Any other events being logged? If things are timing out, could DNS be the issue?
-
16 aprilie 2012 19:34
Event 7009 - A timeout was reached (30000 milliseconds) while waiting for the Microsoft Exchange Address Book service to connect.
That was during/after a reboot this morning.
I've removed and recreated the OA2EX005 activesync VD, it still gives IsValid as False.
The only oddness with DNS is that if I ping from oa2ex005 to oa2ex006, it pings to the nic I am using for LB, and viceversa. The default web-site uses * rather than a specified IP number.
Edit: resolved the DNS issue.
- Editat de nphsmith 16 aprilie 2012 19:42
-
16 aprilie 2012 20:29Did you put the IIS redirect back in? What errors do you get from an activesync test? We're going in circles. Something isn't right. Try turning up event logging for the activesync and autodiscover components using set-eventloglevel (http://technet.microsoft.com/en-us/library/aa998905.aspx)
-
16 aprilie 2012 20:39One more question, can your CAS servers resolve the outlook.oatoo.com fqdn?
-
16 aprilie 2012 20:59
Yes, they resolve it to the NLB IP.
Having upped the logging, I *do* get another error in the log, but not sure quite how informative it is:
Time:21:55:25.2876775, Id:2027028260, Error Response with the ErrCode:"1", Message:"No external URL is available to access this mailbox with Exchange ActiveSync. Your Exchange server configuration needs to be adjusted to allow access.", DebugData:"UserMailbox" was generated for EMailAddress:"nick.smith@oatoo.com", LegacyDN:"" by "Microsoft.Exchange.Autodiscover.Providers.MobileSync.MobileSyncProvider, Microsoft.Exchange.Autodiscover, Version=14.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35".
-
16 aprilie 2012 21:01
"No external URL is available to access this mailbox with Exchange ActiveSync"
Can you check the externalURL is populated on both the servers, and make sure there is an AD site set up in AD Sites and Services.
-
16 aprilie 2012 21:18
Using get-activesyncvirtualdirectory | fl * I get
ExternalURL https://outlook.oatoo.com/Microsoft-Server-Activesync for both servers
The site is simply Default-Site-First-Name.
Annoyingly, the guy at the end of this thread:
http://forums.msexchange.org/m_1800544806/mpage_1/key_/tm.htm#1800544806
Say he has a solution, but not what it is. :(. I've mailed him, may get a response....
- Editat de nphsmith 16 aprilie 2012 21:54
-
16 aprilie 2012 21:59
-
16 aprilie 2012 22:10
Have you defined the subnet in AD Sites and Services? And associated it to the Default-Site etc site? Add a subnet, containing the servers, restart AD topology service on both Exchange servers.
When you do a testconnectivity.com now, what error do you get in the XML?
-
17 aprilie 2012 03:27
Subnet now defined, same error:
Attempting to send an Autodiscover POST request to potential Autodiscover URLs. Autodiscover settings weren't obtained when the Autodiscover POST request was sent. 
Test Steps 
ExRCA is attempting to retrieve an XML Autodiscover response from URL https://autodiscover.oatoo.com/AutoDiscover/AutoDiscover.xml for user nick.smith@oatoo.com. ExRCA failed to obtain an Autodiscover XML response. Additional Details None of the expected XML elements were found in the XML response.
In Windows event log, error remains:
Time:04:25:25.6068418, Id:2027028260, Error Response with the ErrCode:"1", Message:"No external URL is available to access this mailbox with Exchange ActiveSync. Your Exchange server configuration needs to be adjusted to allow access.", DebugData:"UserMailbox" was generated for EMailAddress:"nick.smith@oatoo.com", LegacyDN:"" by "Microsoft.Exchange.Autodiscover.Providers.MobileSync.MobileSyncProvider, Microsoft.Exchange.Autodiscover, Version=14.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35".
-
17 aprilie 2012 03:33
Looking further down the testconnectivity.com, I get this unauthorized response (I have not setup HttP redirect, so this may be a complete red herring).
Attempting to contact the Autodiscover service using the HTTP redirect method. The attempt to contact Autodiscover using the HTTP Redirect method failed. Test Steps 
Attempting to resolve the host name autodiscover.oatoo.com in DNS. The host name resolved successfully. 
Additional Details Testing TCP port 80 on host autodiscover.oatoo.com to ensure it's listening and open. The port was opened successfully. ExRCA is checking the host autodiscover.oatoo.com for an HTTP redirect to the Autodiscover service. ExRCA failed to get an HTTP redirect response for Autodiscover. Additional Details An HTTP 401 Unauthorized response was received from the remote Unknown server. This is usually the result of an incorrect username or password. If you are attempting to log onto an Office 365 service, ensure you are using your full User Principal Name (UPN). -
17 aprilie 2012 04:18Can you try running nltest /dsgetsite on your CAS? Something is mixed up, if you have only two CAS, one AD site, something is hokey.
-
17 aprilie 2012 07:55
C:\Users\oa>nltest /dsgetsite
Default-First-Site-Name
The command completed successfully
Same result on both CAS- Editat de nphsmith 17 aprilie 2012 07:55
-
17 aprilie 2012 13:37
Done a DCdiag querying both DCs, both errored with:
Starting test: KccEvent
Starting test: SystemLog
The event log Directory Service on server OA2DC002.oatoo.internal
could not be queried, error 0x6ba "The RPC server is unavailable."
The event log System on server OA2DC002.oatoo.internal could not be
queried, error 0x6ba "The RPC server is unavailable." Starting test: DFSREvent
The event log DFS Replication on server OA2DC002.oatoo.internal could
not be queried, error 0x6ba "The RPC server is unavailable. Edit: Which means nothing, according to: http://support.microsoft.com/kb/2512643. D*ng.- Editat de nphsmith 17 aprilie 2012 13:49
-
17 aprilie 2012 16:03
I'm all out of ideas for the moment. I would suggest you open a support incident, as we'll need to do some tracing and analysis of your environment, and this isn't the best way to do that. Or if this is a test lab, rebuild it.
One last idea, as it occurrs to me, did you happen to forcibly remove any servers at any point? Have issues installing and removing any servers from this org?
-
17 aprilie 2012 17:48
Yes, but only one of the Transport servers; I created a new server because it felt like it had problems, but having learnt a bit more, I think it likley it was just Powershell syntax issues/ignorance.
Thanks again for all your time. I'll open a case on Thursday (away tomorrow).
Nick
-
27 septembrie 2012 13:02
Did you manage to solve this problem?
.png)
