locked
Exchange 2010 EWS Virtual Directory

    Question

  • Hi,

    We are on Exchange 2010 Version 14.02.0298.004.

    Out of Office is not functiong from Outlook 2007. URL's,DNS,Firewall seems to be all ok. OOF works from OWA.

    I checked on browsing EWS Virtual Directory. https://domain/EWS/Exchange.asmx

    It shows an XML. I am wondering if it is normal to show the following at the OOF section

    wsdl:operation name="GetUserOofSettings">
    <soap:operation soapAction="http://schemas.microsoft.com/exchange/services/2006/messages/GetUserOofSettings"/>

    <wsdl:input>

    Why pointing to microsoft.com/exchange...

    Thank you.

    Tuesday, June 19, 2012 2:52 AM

Answers

  • Sweet Success. I had to do the following to get Autodiscover working.

    1. Added local server name on the SSL SN.

    2. In the IIS Autodiscover authentication choose: Anonymous,Basic and Windows [most important]

    3. Exported the new SSL on ISA

    4. Added local server SN on ISA



    • Marked as answer by sydmas Friday, June 22, 2012 5:39 AM
    Friday, June 22, 2012 5:39 AM

All replies

  • Hi,
    Yes that is normal and has to do with the scripiting (EWS) Managed API.


    Seems to me that you have problems with Autodiscover, so run Test-OutlookWebServices in EMS and EXRCA to test your settings.


    Martina Miskovic

    Tuesday, June 19, 2012 4:34 AM
  • Thanks Martina,

    Yes, i do have autodiscover problem. Does the below error with Proxy make sense? Is it the local proxy server?

    RunspaceId : f278dbb6-6950-4ab4-a85c-f7a26486a1b8
    Id         : 1113
    Type       : Error
    Message    : When contacting https://hfgex2k10prime.domain.local/ews/exchange.asmx received the error The remote server r
                 eturned an error: (407) Proxy Authentication Required.

    EXRCA shows the following error:

    Attempting to send an Autodiscover POST request to potential Autodiscover URLs.

     

    Autodiscover settings weren't obtained when the Autodiscover POST request was sent.

     

    Test Steps

     

    ExRCA is attempting to retrieve an XML Autodiscover response from URL https://autodiscover.domain.com/AutoDiscover/AutoDiscover.xml for user user@domain.com.

     

    ExRCA failed to obtain an Autodiscover XML response.

     

    Additional Details

     

    An HTTP 500 response was returned from Unknown.

    Thanks for your help.

    Tuesday, June 19, 2012 5:59 AM
  • Hi,
    Ok, so you have  proxy server on your network.
    You should make sure that the traffic to your CAS Servers is bypassed by the proxy server.

    On the server, use netsh winhttp
    Example: netsh winhttp set proxy proxy-server="http=yourproxy:81" bypass-list="*.domain.local"

    See this: http://support.microsoft.com/kb/979694

    For your clients:
    Do uncheck "Automatic detect settings" and check "Bypass proxy server for local addresses" in IE (Connection Tab | LAN Settings)
    Also, add your domain to the Local Intranet zone as *.domain.local


    Martina Miskovic

    • Proposed as answer by Terence Yu Wednesday, June 20, 2012 2:27 AM
    Tuesday, June 19, 2012 6:25 AM
  • Hi Martina,

    We have a Websense proxy server. I have configured it to bypass local traffic. Unchecked Automatic detect settings. Unfortunately, that did not help. I am still stuck.

    Wednesday, June 20, 2012 4:01 AM
  • Hi,
    Did you add your domain to the local intranet zone?

    Martina Miskovic

    Wednesday, June 20, 2012 4:46 AM
  • Hi Martina,

    Following your previous advise helped me to remove the Proxy error. I have the following output after running Test-Outlookwebservcies. Hope you can help again.

    Is it the SSL being an issue? I thought it would work without the server local in it. I have created split dns to get off the client error.

    I have purchased UC SSL from Comodo. It had 3 SN on it. 
    1)domain.com
    2)outlook.domain.com
    3)autodiscover.domain.com


    RunspaceId : b79b58a1-a027-4a8c-8b7c-940fdab446bc
    Id         : 1019
    Type       : Information
    Message    : A valid Autodiscover service connection point was found. The Autodiscover URL on this object is https://HF
                 GEX2K10PRIME.domain.local/Autodiscover/Autodiscover.xml.

    RunspaceId : b79b58a1-a027-4a8c-8b7c-940fdab446bc
    Id         : 1004
    Type       : Error
    Message    : The certificate for the URL https://hfgex2k10prime.domain.local/Autodiscover/Autodiscover.xml is incorrect.
                 For SSL to work, the certificate needs to have a subject of hfgex2k10prime.domain.local, but the subject tha
                 t was found is domain.com. Consider correcting service discovery, or installing a correct SSL certificate.

    RunspaceId : b79b58a1-a027-4a8c-8b7c-940fdab446bc
    Id         : 1013
    Type       : Error
    Message    : When contacting https://HFGEX2K10PRIME.domain.local/Autodiscover/Autodiscover.xml received the error The rem
                 ote server returned an error: (500) Internal Server Error.

    RunspaceId : b79b58a1-a027-4a8c-8b7c-940fdab446bc
    Id         : 1023
    Type       : Error
    Message    : The Autodiscover service couldn't be contacted.

    RunspaceId : b79b58a1-a027-4a8c-8b7c-940fdab446bc
    Id         : 1024
    Type       : Success
    Message    : [EXCH] Successfully contacted the AS service at https://hfgex2k10prime.domain.local/EWS/Exchange.asmx. The e
                 lapsed time was 750 milliseconds.

    RunspaceId : b79b58a1-a027-4a8c-8b7c-940fdab446bc
    Id         : 1026
    Type       : Success
    Message    : [EXCH] Successfully contacted the UM service at https://hfgex2k10prime.domain.local/EWS/Exchange.asmx. The e
                 lapsed time was 62 milliseconds.

    RunspaceId : b79b58a1-a027-4a8c-8b7c-940fdab446bc
    Id         : 1024
    Type       : Success
    Message    : [EXPR] Successfully contacted the AS service at https://outlook.domain.com/ews/exchange.asmx. The elapsed ti
                 me was 109 milliseconds.

    RunspaceId : b79b58a1-a027-4a8c-8b7c-940fdab446bc
    Id         : 1026
    Type       : Success
    Message    : [EXPR] Successfully contacted the UM service at https://outlook.domain.com/ews/exchange.asmx. The elapsed ti
                 me was 62 milliseconds.

    RunspaceId : b79b58a1-a027-4a8c-8b7c-940fdab446bc
    Id         : 1124
    Type       : Success
    Message    : [Server] Successfully contacted the AS service at https://hfgex2k10prime.domain.local/ews/exchange.asmx. The
                  elapsed time was 312 milliseconds.

    RunspaceId : b79b58a1-a027-4a8c-8b7c-940fdab446bc
    Id         : 1126
    Type       : Success
    Message    : [Server] Successfully contacted the UM service at https://hfgex2k10prime.domain.local/ews/exchange.asmx. The
                  elapsed time was 859 milliseconds.

    Wednesday, June 20, 2012 5:33 AM
  • Hi,
    When the server FQDN is not added to the certificate, the setting for  AutoDiscoverServiceInternalUri must be changed.

    Exampel: Set-ClientAccessServer HFGEX2K10PRIME -AutoDiscoverServiceInternalUri https://outlook.domain.com\Autodiscover/Autodiscover.xml

    Martina Miskovic

    Wednesday, June 20, 2012 5:40 AM
  • I have purchased UC SSL from Comodo. It had 3 SN on it. 
    1)domain.com
    2)outlook.domain.com
    3)autodiscover.domain.com

    One more thing to add...

    If you can, consider getting a new certificate where outlook.domain.com is on top common/subject name and the first SAN Name.
    Cause if you don't XP Clients (if you have that) will have problems with Outlook Anywhere if you don't configure Outlook provider.
    Example: Set-outlookprovider EXPR -CertPrincipalName msstd:domain.com

    Martina Miskovic

    Wednesday, June 20, 2012 5:47 AM
  • Hi,
    When the server FQDN is not added to the certificate, the setting for  AutoDiscoverServiceInternalUri must be changed.

    Exampel: Set-ClientAccessServer HFGEX2K10PRIME -AutoDiscoverServiceInternalUri https://outlook.domain.com\Autodiscover/Autodiscover.xml

    Martina Miskovic

    Thanks Martina. Following is the error after changing the Uri

    RunspaceId : b79b58a1-a027-4a8c-8b7c-940fdab446bc
    Id         : 1019
    Type       : Information
    Message    : A valid Autodiscover service connection point was found. The Autodiscover URL on this object is https://outlook.domain.com/Autodiscover/Autodiscover.xml.

    RunspaceId : b79b58a1-a027-4a8c-8b7c-940fdab446bc
    Id         : 1013
    Type       : Error
    Message    : When contacting https://outlook.domain.com/Autodiscover/Autodiscover.xml received the error The remote serve
                 r returned an error: (500) Internal Server Error.

    RunspaceId : b79b58a1-a027-4a8c-8b7c-940fdab446bc
    Id         : 1023
    Type       : Error
    Message    : The Autodiscover service couldn't be contacted.

    Wednesday, June 20, 2012 6:19 AM
  • I have purchased UC SSL from Comodo. It had 3 SN on it. 
    1)domain.com
    2)outlook.domain.com
    3)autodiscover.domain.com

    One more thing to add...

    If you can, consider getting a new certificate where outlook.domain.com is on top common/subject name and the first SAN Name.
    Cause if you don't XP Clients (if you have that) will have problems with Outlook Anywhere if you don't configure Outlook provider.
    Example: Set-outlookprovider EXPR -CertPrincipalName msstd:domain.com

    Martina Miskovic

    Modifying the uri for autodiscovery returned with 500 error. I have quoted.

    I may revoke the certificate and get a new one. Should it look like below:

    1)outlook.domain.com
    2)autodiscover.domain.com
    3)hfgex2k10prime.domain.local

    Wednesday, June 20, 2012 6:23 AM
  • Modifying the uri for autodiscovery returned with 500 error. I have quoted.

    I may revoke the certificate and get a new one. Should it look like below:

    1)outlook.domain.com
    2)autodiscover.domain.com
    3)hfgex2k10prime.domain.local

    That is what I would go for, but as you said before, it's not necessary to add the server fqdn to the certificate, but if it's not included it's important that all internalUrls is changed to a name that is.

    Is outlook.domain.com pointing to the server IP in your internal DNS?


    Martina Miskovic

    Wednesday, June 20, 2012 6:30 AM
  • Yes. I have split dns where i got an A record for outlook.domain.com pointing to local IP. I also have outlook as A record on my local dns pointing to the same local IP.
    Wednesday, June 20, 2012 7:05 AM
  • Hi Martina,

    I am getting the following error. Hope someone can point me to the right direction.

    RunspaceId : d5aae75e-674a-4f81-abc7-2ff4a56b72f2
    Id         : 1019
    Type       : Information
    Message    : A valid Autodiscover service connection point was found. The Autodiscover URL on this object is https://ou
                 tlook.domain.com/Autodiscover/Autodiscover.xml.

    RunspaceId : d5aae75e-674a-4f81-abc7-2ff4a56b72f2
    Id         : 1013
    Type       : Error
    Message    : When contacting https://outlook.domain.com/Autodiscover/Autodiscover.xml received the error The remote serve
                 r returned an error: (401) Unauthorized.

    RunspaceId : d5aae75e-674a-4f81-abc7-2ff4a56b72f2
    Id         : 1023
    Type       : Error
    Message    : The Autodiscover service couldn't be contacted.

    Thursday, June 21, 2012 7:01 AM
  • Sweet Success. I had to do the following to get Autodiscover working.

    1. Added local server name on the SSL SN.

    2. In the IIS Autodiscover authentication choose: Anonymous,Basic and Windows [most important]

    3. Exported the new SSL on ISA

    4. Added local server SN on ISA



    • Marked as answer by sydmas Friday, June 22, 2012 5:39 AM
    Friday, June 22, 2012 5:39 AM