locked
strange behavior RRS feed

  • Question

  • Hi all,

    two way forest trust between company A (domain A)  and company  B (domain B)

    If domain B users use computers of domain A, they logon their domain B credentials and configure outlook profiles.  Everything seems fine but they can not access out of office.

    Still can not configure out why?

    can anyone help?

    Thank you.

    Monday, August 6, 2012 6:32 PM

Answers

  • Ok, I see the whole picture I think.

    You are probably going to have to look at changing the Outlook behavior and using a local xml for autodiscover for those machines that need it

    see:

    some autodiscover fun

    • Marked as answer by SGryzbowski Wednesday, August 8, 2012 8:59 PM
    Wednesday, August 8, 2012 2:39 PM

All replies

  • Out of office depends the autodiscover property also. Try testexchangeconnectivity.com to find if there any certificate issue exists.

    Also test E-mail auto configuration (cntrl+click outlook taskbar icon and select test E-mail auto configuration) to check autodiscover service health


    Regards from www.windowsadmin.info | www.blog.windowsadmin.info

    Monday, August 6, 2012 6:36 PM
  • Thank you for your quick help.

    TWo company has seperate Exchange 2010 servers (which in the seperate forest)

    BTW, if domain B users use domain B computers to use Outlook, they have no problem with Out of office.

    But, if they use computers which join in domain A, they can not access out of office.

    If I use test E-mail auto configuration, I got "autoconfiguration was unable to determine your settings" on computers which do not join in domain B.

    Thank you for your help.


    Monday, August 6, 2012 6:49 PM
  • Thank you for your quick help.

    TWo company has seperate Exchange 2010 servers (which in the seperate forest)

    BTW, if domain B users use domain B computers to use Outlook, they have no problem with Out of office.

    But, if they use computers which join in domain A, they can not access out of office.

    If I use test E-mail auto configuration, I got "autoconfiguration was unable to determine your settings" on computers which do not join in domain B.

    Thank you for your help.



    Is there a valid autodiscover A record in DNS accessible from Domain A?
    Monday, August 6, 2012 6:54 PM
  • >Is there a valid autodiscover A record in DNS accessible from Domain A?

    yes. that's s for domain A exchange servers.

    Domain B users have seperate exchange servers (on different forest).  When they use domain A computers to logon, they have to choose domain B through domain drop down and enter domain B credentials ot logon.

    Thank you.

    Monday, August 6, 2012 7:01 PM
  • >Is there a valid autodiscover A record in DNS accessible from Domain A?

    yes. that's s for domain A exchange servers.

    Domain B users have seperate exchange servers (on different forest).  When they use domain A computers to logon, they have to choose domain B through domain drop down and enter domain B credentials ot logon.

    Thank you.

    Yea, but what about for the Exchange Servers in DomainB? Can the workstations in DomainA correctly resolve the autodiscover record in DNS for the DomainB Exchange Servers? They will use DNS to find the autodiscover records and not the SCP in AD if they are not logged onto the forest that holds the Exchange Servers they are attempting to use.

    Monday, August 6, 2012 7:38 PM
  • Thanks for the hint.

    I am going to check that.

    Monday, August 6, 2012 8:20 PM
  • You need to export the autodiscover config.

    How to Configure the Autodiscover Service for Multiple Forests

    http://technet.microsoft.com/en-us/library/aa996849(EXCHG.80).aspx


    James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com

    Monday, August 6, 2012 10:06 PM
  • You need to export the autodiscover config.

    How to Configure the Autodiscover Service for Multiple Forests

    http://technet.microsoft.com/en-us/library/aa996849(EXCHG.80).aspx


    James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com


    Isnt that for resource forests? In this case, each forest has its own Exchange Org.
    Tuesday, August 7, 2012 12:39 AM
  • Ooops didnt see he had exchange installed in the other forest. Check the event logs theres usually something in the event logs when cross forest free busy or autodiscover fails.

    James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com


    Tuesday, August 7, 2012 1:16 AM
  • There is no autodiscover A record in domain B and we added it in domain B.

    should it fix it?

    Tuesday, August 7, 2012 3:07 PM
  • There is no autodiscover A record in domain B and we added it in domain B.

    should it fix it?

    I thought the DomainB users werent having issues?

    Tuesday, August 7, 2012 3:12 PM
  • the issue is:

    When domain B users use domain A computers to logon, they have to choose domain B through domain drop down and enter domain B credentials ot logon. they can not access out of office.  (the issue)

    BTW, if domain B users use domain B computers to use Outlook, they have no problem with Out of office.

    Thank you.

    Tuesday, August 7, 2012 3:15 PM
  • the issue is:

    When domain B users use domain A computers to logon, they have to choose domain B through domain drop down and enter domain B credentials ot logon. they can not access out of office.  (the issue)

    BTW, if domain B users use domain B computers to use Outlook, they have no problem with Out of office.

    Thank you.

    OK, well see if the DNS entry works. I have to admit Im getting confused on which machines work on what forest  :)

    Bottom Line, on the workstations that arent getting OOF, ensure they can contact and access a valid autodiscover record. For those not domain-joined to the Exchange forest machines, Outlook uses this process to find it, so ensure one of those URLs is accessible for those machines where its failing:

    Depending on whether you've configured the Autodiscover service on a separate site, the Autodiscover service URL will be either https://<smtp-address-domain></smtp-address-domain>/autodiscover/autodiscover.xml or https://autodiscover.<smtp-address-domain></smtp-address-domain>/autodiscover/autodiscover.xml, where ://<smtp-address-domain></smtp-address-domain> is the primary SMTP domain address. For example, if the user's e-mail address is tony@contoso.com, the primary SMTP domain address is contoso.com.

    Understanding the Autodiscover Service

    Tuesday, August 7, 2012 4:53 PM
  • Hi A_D_,

    >OK, well see if the DNS entry works.

    I added autodiscover A record and it did not help.

    >BTW, let me explain more and sorry about the confusion.

    before merge, company A (domain A) has primary email domain companyab.com; company b(domain B) has primary email domain companyb.com

    company A  and company B merged and two way forest trust between them and also both company users have the same primary email address domain which is companyab.com; both company have exchange installed and work fine

    Now, the decision is made that comany B (domain B) will be migrated to company A (domain A) and the migration has not started; since company B is going to change everyone's computer and we thought it's better to join a computer in the domain A and it means no migration for workstations is needed.  But, from our test so far, company B users can not access out of office in outlook after using computers of domain A.

    Did I make it clear?  sorry.

    What else can I try?

    Thank you.

    Tuesday, August 7, 2012 6:09 PM
  • Ok, So lets start with the basics.

    You said above :

    If I use test E-mail auto configuration, I got "autoconfiguration was unable to determine your settings" on computers which do not join in domain B.

    When that fails, what is logged under the "Log" tab? Anything?

    Tuesday, August 7, 2012 6:37 PM
  • >When that fails, what is logged under the "Log" tab? Anything?

    Yes. autodiscover failed.  It was looking for autodiscover in the email domain companyab.com which hosts in domain A since the shared primary email address for company B users is companyab.com.  but, company B has seperate Exchange forest and with email domain companyb.com and autodiscover in domain B. 

    Is there a way to make it work?

    Thank you for your continuing support.


    • Edited by SGryzbowski Tuesday, August 7, 2012 7:03 PM
    Tuesday, August 7, 2012 7:02 PM
  • >When that fails, what is logged under the "Log" tab? Anything?

    Yes. autodiscover failed.  It was looking for autodiscover in the email domain companyab.com which hosts in domain A since the shared primary email address for company B users is companyab.com.  but, company B has seperate Exchange forest and with email domain companyb.com and autodiscover in domain B. 

    Is there a way to make it work?

    Thank you for your continuing support.



    Can you post the exact logs entries and what URLs its trying? Change only the domain names
    Tuesday, August 7, 2012 7:06 PM
  • >Can you post the exact logs entries and what URLs its trying? Change only the domain names

    it's looking for companyab.com autodiscover which is the shared primary email domain

    see the imaged below

    Is there a way to get this work since company B users' primary email address is companyab.com also?

    Thank you.

    Wednesday, August 8, 2012 2:04 PM
  • So that URL its trying to connect to. Why is it failing? Can you create a record for that in their DNS?

    Wednesday, August 8, 2012 2:17 PM
  • >Can you create a record for that in their DNS?

    yes, I did.  still?  company B has different autodiscover URL which is autodiscover.companyb.com

    now, company B users with shared email address companyab.com and how did they look for companyb.com autodiscover record?

    BTW, I even created companyab.com in company B DNS servers and add A records there

    can companyab.com autodiscover be referred to companyb autodiscover??

    This is not resource forest and just two seperate forests.

    Thank you.


    • Edited by SGryzbowski Wednesday, August 8, 2012 2:30 PM
    Wednesday, August 8, 2012 2:26 PM
  • Ok, I see the whole picture I think.

    You are probably going to have to look at changing the Outlook behavior and using a local xml for autodiscover for those machines that need it

    see:

    some autodiscover fun

    • Marked as answer by SGryzbowski Wednesday, August 8, 2012 8:59 PM
    Wednesday, August 8, 2012 2:39 PM
  • It did the trick and You are the true MVP.

    Thanks again for your time and support.

    Wednesday, August 8, 2012 8:59 PM
  • It appears that you still need to export the autodiscover config, doesn't apply to just resource forests.

    Deployment Considerations for the Autodiscover Service
    http://technet.microsoft.com/en-us/library/aa997633(v=exchg.80).aspx
    In the multiple trusted forest scenario, the user accounts and Microsoft Exchange are deployed in multiple forests. Exchange 2007 features such as the Availability service and Unified Messaging rely on the Autodiscover service to access them across forests. In this scenario, the Autodiscover service must be available to users across multiple trusted forests. This scenario resembles the resource forest scenario, except that the Autodiscover SCP object must be configured in all forests. To configure the Autodiscover SCP object in the multiple forest topology, run the Export-AutoDiscoveryConfig cmdlet from each forest that has the Autodiscover service against each target forest where Microsoft Exchange is deployed. For more information, see How to Configure the Autodiscover Service for Multiple Forests.

     


    James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com

    Saturday, August 11, 2012 10:51 PM
  • It appears that you still need to export the autodiscover config, doesn't apply to just resource forests.

    Deployment Considerations for the Autodiscover Service
    http://technet.microsoft.com/en-us/library/aa997633(v=exchg.80).aspx
    In the multiple trusted forest scenario, the user accounts and Microsoft Exchange are deployed in multiple forests. Exchange 2007 features such as the Availability service and Unified Messaging rely on the Autodiscover service to access them across forests. In this scenario, the Autodiscover service must be available to users across multiple trusted forests. This scenario resembles the resource forest scenario, except that the Autodiscover SCP object must be configured in all forests. To configure the Autodiscover SCP object in the multiple forest topology, run the Export-AutoDiscoveryConfig cmdlet from each forest that has the Autodiscover service against each target forest where Microsoft Exchange is deployed. For more information, see How to Configure the Autodiscover Service for Multiple Forests.


    James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com

    Yea, but that assumes one Exchange org,  :)

    Sunday, August 12, 2012 1:54 AM
  • Hmmm maybe I'm misunderstanding I interpret as in each target that has exchange deployed (exh org spans 1 forest) you export the scp to each other.

    "To configure the Autodiscover SCP object in the multiple forest topology, run the Export-AutoDiscoveryConfig cmdlet from each forest that has the Autodiscover service against each target forest where Microsoft Exchange is deployed"


    James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com

    Sunday, August 12, 2012 5:11 PM
  • Hmmm maybe I'm misunderstanding I interpret as in each target that has exchange deployed (exh org spans 1 forest) you export the scp to each other.

    "To configure the Autodiscover SCP object in the multiple forest topology, run the Export-AutoDiscoveryConfig cmdlet from each forest that has the Autodiscover service against each target forest where Microsoft Exchange is deployed"


    James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com


    I wonder how OUtlook would handle that in this case since both forests have the same SMTP suffix.
    Monday, August 13, 2012 12:36 PM
  • For cross forest free busy with smtp name space sharing you definitely needed to add secondary proxies @domin1.local and @domain2.local. The free busy was done using the targetaddress which was set to these secondary addresses. However for autodiscover I never tested the issue in this thread having domainA user log into domainB computer. The link below seems to confirm that the targetaddress is still used for cross forest autodiscover, the link is in the context for office 365 migration but probably think that is a generic overall statement.

    The target address is responsible for forwarding mail to the target platform during coexistence (MX record pointed to on-premise Exchange server during coexistence), but the target address is also used for autodiscover

    http://blogs.technet.com/b/mhass/archive/2010/06/16/autodiscover-using-targetaddress.aspx


    James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com


    That assumes a target address exists  :)

    P.S. Personally, I like the method of using the xml and distribute to Outlook clients. Easy to manage, and easy to undo. I imagine the methods you are referring to could be used as well however, just not as clean IMO.

    Monday, August 13, 2012 2:18 PM
  • Yeah you're right I missed the requirement that this was a shared smtp namespace which is why I deleted the post :)


    James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com

    Monday, August 13, 2012 2:53 PM