none
Проблемка поcле обновления Exchange 2013 CU15 RRS feed

  • Вопрос

  • Доброго Времени суток! Подскажите пожалуйста, после обновления с cu7 до cu15 возник вопрос. через owa заходит, через толстого клиента не снаружи не внутри новую конфигурацию(пользователя) не могу зарегистрировать(первые две галки проходит, пароль не спрашивает, сертификат не подцепляет, и на третьей пишет "отсутствует подключение к серверу") Старые настроенные клиенты работают нормально, почта без проблем ходит. Может autodiscover не отрабатывает?

    А еще в событиях iis было такое: Процесс, обслуживающий пул приложений "MSExchangeAutodiscoverAppPool", обнаружил неустранимую ошибку связи со службой активации Windows. Идентификатор процесса "3176". Поле данных содержит номер ошибки.  и  Процесс, обслуживающий пул приложений "MSExchangeOWAAppPool", обнаружил неустранимую ошибку связи со службой активации Windows. Идентификатор процесса "3588". Поле данных содержит номер ошибки. Может еще из-за об дефаултывания iis после обновления?

    Пожалуйста помогите разобраться?

    1 февраля 2017 г. 6:16

Ответы

Все ответы

  • Открываете сайт aka.ms/rca, проверяете ответ автодискавера снаружи, скачиваете клиента, проверяете запрос внутри.

    Проверяете как настроены ссылки

    Set-ClientAccessServer -Identity "MBX-01" -AutoDiscoverServiceInternalUri "https://mbx01.contoso.com/autodiscover/autodiscover.xml" -AutoDiscoverSiteScope "Mail"
    

    Возможно, что Вы используете просто Outlook без обновлений, поэтому он не работает.

    1 февраля 2017 г. 10:57
  • Вот что имеем в наличии, здесь https://mx.k******.local/autodiscover/autodiscover.xml поменять на ****.com?

    Get-ClientAccessServer -Identity mail.contoso.com | Format-List

    RunspaceId                                   : a5cf1729-d786-4c07-b9a1-c54c494d644a
    Name                                           : MX
    Fqdn                                              : MX.k******.local
    ClientAccessArray                             :
    OutlookAnywhereEnabled               : True
    AutoDiscoverServiceCN                    : MX
    AutoDiscoverServiceClassName         : ms-Exchange-AutoDiscover-Service
    AutoDiscoverServiceInternalUri         : https://mx.k******.local/autodiscover/autodiscover.xml
    AutoDiscoverServiceGuid                  : 77378f46-2c66-4aa9-a6a6-3e7a48b19596
    AutoDiscoverSiteScope                    : {Default-First-Site-Name}
    AlternateServiceAccountConfiguration :
    IsOutOfService                             : False
    Identity                                       : MX
    IsValid                                        : True
    ExchangeVersion                      : 0.1 (8.0.535.0)
    DistinguishedName                    : CN=MX,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=k******,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=k*****,DC=local
    Guid                                          : 9c105efa-08b0-4800-a5d9-d940a9725335
    ObjectCategory                        : k******.local/Configuration/Schema/ms-Exch-Exchange-Server
    ObjectClass                              : {top, server, msExchExchangeServer}
    WhenChanged                          : 01.02.2017 16:27:20
    WhenCreated                           : 16.10.2014 18:42:38
    WhenChangedUTC                   : 01.02.2017 13:27:20
    WhenCreatedUTC                     : 16.10.2014 14:42:38
    OrganizationId                          :
    Id                                              : MX
    OriginatingServer                      : dc02.k******.local
    ObjectState                               : Unchanged


    • Изменено GarAlbert 3 февраля 2017 г. 5:35
    2 февраля 2017 г. 5:27
  • еще заметил что если через outlook, в адресе сервера указывать mx.k*****.local  и в дополнительном подключении через прокси указывать mx.K*****.com, то подключается и имя сервера меняет на c175137a-ab01-4f71-b093-657554f1b044@k*****.com

    я так понимаю все упирается в autodiskover? то есть он неправильно настроен?

    сейчас еще скину результат rca, теста с автодескавери

    2 февраля 2017 г. 5:34
  • Да, поменяйте.
    2 февраля 2017 г. 5:41
  • Поменял!

    еще проверял

    get-owavirtualdirectory | ft name, *ExternalURL*, *InternalURL*

    get-ecpvirtualdirectory | ft name, *ExternalURL*, *InternalURL*

    get-oabvirtualdirectory | ft name, *ExternalURL*, *InternalURL*

    get-ewsvirtualdirectory | ft name, *ExternalURL*, *InternalURL*

    get-ecpvirtualdirectory | ft name, *ExternalURL*, *InternalURL*

    там везде сходится externak  и unternal везде mx.k*****.comно

    вот еще проверил get-MAPIvirtualdirectory | ft name, *ExternalURL*, *InternalURL*

    там - mapi (Default Web Site)   https://mx.k*****.com/mapi    https://mx.k*****.local/mapi

    это нормально?

    2 февраля 2017 г. 6:04

  • там - mapi (Default Web Site)   https://mx.k*****.com/mapi    https://mx.k*****.local/mapi

    это нормально?

    Делайте по аналогии с остальными.
    2 февраля 2017 г. 6:40
  • Attempting the Autodiscover and Exchange ActiveSync test (if requested).
    Testing of Autodiscover for Exchange ActiveSync failed.
       Additional Details
      Test Steps
         Attempting each method of contacting the Autodiscover service.
         The Autodiscover service couldn't be contacted successfully by any method.
            Additional Details
            Test Steps
               Attempting to test potential Autodiscover URL https://k*****.com:443/Autodiscover/Autodiscover.xml
               Testing of this potential Autodiscover URL failed.
                   Additional Details
                   Test Steps
                      Attempting to resolve the host name k*****.com in DNS.
                      The host name resolved successfully.
                         Additional Details
                         IP addresses returned: 78.4*.2**.1**
                         Elapsed Time: 137 ms.
                     Testing TCP port 443 on host kamges.com to ensure it's listening and open.
                     The port was opened successfully.
                        Additional Details
                        Elapsed Time: 304 ms.
                     Testing the SSL certificate to make sure it's valid.
                     The SSL certificate failed one or more certificate validation checks.
                         Additional Details
                         Test Steps
                           The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server k*****.com on port 443.
                           The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
                               Additional Details
                               Remote Certificate Subject: CN=at.t******n.org, Issuer: CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US.
                               Elapsed Time: 203 ms.
                            Validating the certificate name.
                            Certificate name validation failed.
                               Additional Details
                               Host name k*****.com doesn't match any name found on the server certificate CN=at.t*******n.org.
                               Elapsed Time: 0 ms.
    Attempting to test potential Autodiscover URL https://autodiscover.k*****.com:443/Autodiscover/Autodiscover.xml
    Testing of this potential Autodiscover URL failed.
        Additional Details
        Test Steps
             Attempting to resolve the host name autodiscover.k*****.com in DNS.
             The host name resolved successfully.
                 Additional Details
             Testing TCP port 443 on host autodiscover.k*****.com to ensure it's listening and open.
             The port was opened successfully.
                 Additional Details
             Testing the SSL certificate to make sure it's valid.
             The certificate passed all validation requirements.
                Additional Details
                Test Steps
                   The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server autodiscover.kamges.com on port 443.
                   The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.

                       Additional Details


                       Remote Certificate Subject: CN=mx.k*****.com, OU=COMODO SSL Unified Communications, OU=Domain Control Validated, Issuer: CN=COMODO RSA Domain                Validation     Secure Server CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB.
                        Elapsed Time: 254 ms.

                    Validating the certificate name.
                    The certificate name was validated successfully.
                         Additional Details
                         Host name autodiscover.k*****.com was found in the Certificate Subject Alternative Name entry.
                         Elapsed Time: 0 ms.
                    Certificate trust is being validated.
                    The certificate is trusted and all certificates are present in the chain.
                        Test Steps
                              The Microsoft Connectivity Analyzer is attempting to build certificate chains for certificate CN=mx.k*****.com, OU=COMODO SSL Unified      Communications, OU=Domain Control Validated.
                              One or more certificate chains were constructed successfully.
                                   Additional Details
                                   A total of 2 chains were built. The highest quality chain ends in root certificate CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB.
                                   Elapsed Time: 13 ms.
                            Analyzing the certificate chains for compatibility problems with versions of Windows.
                            Potential compatibility problems were identified with some versions of Windows.
                                   Additional Details
                                   The Microsoft Connectivity Analyzer can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the "Update Root Certificates" feature isn't enabled.
                                   Elapsed Time: 7 ms.
                     Testing the certificate date to confirm the certificate is valid.
                     Date validation passed. The certificate hasn't expired.
                          Additional Details
                          The certificate is valid. NotBefore = 2/1/2016 12:00:00 AM, NotAfter = 5/1/2017 11:59:59 PM
                          Elapsed Time: 0 ms.
              Checking the IIS configuration for client certificate authentication.
              Client certificate authentication wasn't detected.
                   Additional Details
                   Accept/Require Client Certificates isn't configured.
                   Elapsed Time: 327 ms.
    Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
    Autodiscover settings weren't obtained when the Autodiscover POST request was sent.
          Additional Details
          Test Steps
                  The Microsoft Connectivity Analyzer is attempting to retrieve an XML Autodiscover response from URL https://autodiscover.k*****.com:443/Autodiscover/Autodiscover.xml for user G*rAl**rt@k*****.com.
                  The Autodiscover XML response was successfully retrieved.
                  Additional Details
                  An HTTPS redirect was received in response to the Autodiscover request. The redirect URL is https://mx.k*****.com/owa/Autodiscover.xml.
                  HTTP Response Headers:
                  request-id: a1704135-8b93-4858-8cad-15ffcd51dd2d
                  X-CalculatedBETarget: mx.k*****.local
                  X-DiagInfo: MX
                  X-BEServer: MX
                  Cache-Control: private
                  Content-Type: text/html; charset=UTF-8
                  Location: https://mx.k*****.com/owa/Autodiscover.xml
                  Set-Cookie: ClientId=GDELQ9WTRUMERDT0JA; expires=Fri, 02-Feb-2018 06:16:17 GMT; path=/; HttpOnly,X-BackEndCookie=S- 1-5-21-2745295883-67500181-1468220690-4102=u56Lnp2ejJqByMibnp7JmpvSz86dxtLLm5rP0p7Hy8zSxprKzs+Zyciaz87JgYHNz87I0s/M0s/Lq8/Jxc7Jxc7I; expires=Sat,  04-Mar-2017 06:16:17 GMT; path=/Autodiscover; secure; HttpOnly
                  Server: Microsoft-IIS/8.5
                  X-AspNet-Version: 4.0.30319
                  Persistent-Auth: true
                  X-Powered-By: ASP.NET
                  X-FEServer: MX
                  Date: Thu, 02 Feb 2017 06:16:17 GMT
                  Content-Length: 233
                  Elapsed Time: 644 ms.
    Attempting to test potential Autodiscover URL https://mx.k*****.com/owa/Autodiscover.xml
    Testing of this potential Autodiscover URL failed.
          Additional Details
          Test Steps
             Attempting to resolve the host name mx.k*****.com in DNS.
             The host name resolved successfully.
                 Additional Details
             Testing TCP port 443 on host mx.k*****.com to ensure it's listening and open.
             The port was opened successfully.
                 Additional Details
             Testing the SSL certificate to make sure it's valid.
             The certificate passed all validation requirements.
                 Additional Details
                 Test Steps
                         The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server mx.kamges.com on port 443.
                         The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
                               Additional Details
                               Remote Certificate Subject: CN=mx.k*****.com, OU=COMODO SSL Unified Communications, OU=Domain Control Validated, Issuer: CN=COMODO RSA Domain Validation Secure Server CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB.
                               Elapsed Time: 268 ms.
                         Validating the certificate name.
                         The certificate name was validated successfully.
                               Additional Details
                               Host name mx.k*****.com was found in the Certificate Subject Common name.
                               Elapsed Time: 0 ms.
                         Certificate trust is being validated.
                         The certificate is trusted and all certificates are present in the chain.
                               Test Steps
                                    The Microsoft Connectivity Analyzer is attempting to build certificate chains for certificate CN=mx.k*****.com, OU=COMODO SSL Unified Communications, OU=Domain Control Validated.
                                   One or more certificate chains were constructed successfully.
                                       Additional Details
                                       A total of 2 chains were built. The highest quality chain ends in root certificate CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB.
                                       Elapsed Time: 15 ms.
                                   Analyzing the certificate chains for compatibility problems with versions of Windows.
                                   Potential compatibility problems were identified with some versions of Windows.
                                       Additional Details
                                       The Microsoft Connectivity Analyzer can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the "Update Root Certificates" feature isn't enabled.
                                       Elapsed Time: 8 ms.
                          Testing the certificate date to confirm the certificate is valid.
                          Date validation passed. The certificate hasn't expired.
                                 Additional Details
                                      The certificate is valid. NotBefore = 2/1/2016 12:00:00 AM, NotAfter = 5/1/2017 11:59:59 PM
                                      Elapsed Time: 0 ms.
            Checking the IIS configuration for client certificate authentication.
            Client certificate authentication wasn't detected.
                 Additional Details
            Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
            Autodiscover settings weren't obtained when the Autodiscover POST request was sent.
                Additional Details
                Test Steps
                        The Microsoft Connectivity Analyzer is attempting to retrieve an XML Autodiscover response from URL https://mx.k*****.com/owa/Autodiscover.xml for user G*rAl****t@k*****.com.
                        The Microsoft Connectivity Analyzer failed to obtain an Autodiscover XML response.
                             Additional Details
                             A Web exception occurred because an HTTP 440 - 440 response was received from Unknown.
                             HTTP Response Headers:
                             request-id: a99e089d-2ec5-4fb2-8182-d041ba66fdb2
                             X-FEServer: MX
                             Connection: close
                             Content-Length: 154
                             Content-Type: text/html; charset=utf-8
                             Date: Thu, 02 Feb 2017 06:16:18 GMT
                             Set-Cookie: ClientId=S9HYTQEXEHVOXAYJBFQ; expires=Fri, 02-Feb-2018 06:16:18 GMT; path=/; HttpOnly
                             Server: Microsoft-IIS/8.5
                             X-Powered-By: ASP.NET
                             Elapsed Time: 251 ms.
    Attempting to contact the Autodiscover service using the HTTP redirect method.
    The attempt to contact Autodiscover using the HTTP Redirect method failed.
           Additional Details
           Test Steps
                Attempting to resolve the host name autodiscover.k*****.com in DNS.
                The host name resolved successfully.
                    Additional Details
                    IP addresses returned: 217.3*.2**.1**
                    Elapsed Time: 10 ms.
                Testing TCP port 80 on host autodiscover.k*****.com to ensure it's listening and open.
                The port was opened successfully.
                   Additional Details
                The Microsoft Connectivity Analyzer is checking the host autodiscover.k*****.com for an HTTP redirect to the Autodiscover service.
                The Microsoft Connectivity Analyzer failed to get an HTTP redirect response for Autodiscover.
                     Additional Details
                          An HTTP 401 Unauthorized response was received from the remote Unknown server. This is usually the result of an incorrect username or password. If you are attempting to log onto an Office 365 service, ensure you are using your full User Principal Name (UPN).
                          HTTP Response Headers:
                          request-id: 929335b2-8023-44ad-a346-75f353a12a35
                          X-SOAP-Enabled: True
                          X-WSSecurity-Enabled: True
                          X-WSSecurity-For: None
                          X-OAuth-Enabled: True
                          Cache-Control: private
                          Set-Cookie: ClientId=EJHRGZBUCXDYJFLNNNA; expires=Fri, 02-Feb-2018 06:16:19 GMT; path=/; HttpOnly
                          Server: Microsoft-IIS/8.5
                          WWW-Authenticate: Negotiate,NTLM,Basic realm="autodiscover.k*****.com"
                          X-Powered-By: ASP.NET
                          X-FEServer: MX
                          Date: Thu, 02 Feb 2017 06:16:18 GMT
                          Content-Length: 0
                          Elapsed Time: 151 ms.
    Attempting to contact the Autodiscover service using the DNS SRV redirect method.
    The Microsoft Connectivity Analyzer failed to contact the Autodiscover service using the DNS SRV redirect method.
          Additional Details
          Test Steps
               Attempting to locate SRV record _autodiscover._tcp.k*****.com in DNS.
               The Autodiscover SRV record wasn't found in DNS.
                      Additional Details
    Checking if there is an autodiscover CNAME record in DNS for your domain 'k*****.com' for Office 365.
    Failed to validate autodiscover CNAME record in DNS. If your mailbox isn't in Office 365, you can ignore this warning.
           Additional Details


    • Изменено GarAlbert 2 февраля 2017 г. 7:12
    2 февраля 2017 г. 6:46
  • А Вы редирект часом не настраивали? Очень похоже.
    2 февраля 2017 г. 7:05
  • да-да как раз после обновления, редирект в iss юзали, что то там?

    2 февраля 2017 г. 7:30
  • Там ваша проблема, а мы тут просто косметику наводили, оказывается.

    Вы бы про редирект сразу бы и написали, чего скрываться-то. Отменяйте его и нормально все будет.

    2 февраля 2017 г. 7:38
  • юзали и потом поставили обратно по аналогии как было до обновления, а вот как было после обновления. может где-то галки не допоставил или лишнии. там еше в редиректе была какаято длинная такая ссылка, поставил просто https://mx.k*****.com/owa/
    2 февраля 2017 г. 7:39
  • Всего две ссылки в библиотеке нужно внимательно изучить и выполнить требуемые шаги. Это если Вы хотите его использовать.

    https://technet.microsoft.com/ru-ru/library/aa998359(v=exchg.150).aspx

    https://support.microsoft.com/ru-ru/help/975341/how-to-configure-exchange-to-redirect-owa-http-requests-to-https-requests-in-iis-7

    Сейчас просто снимите галки редиректа со всех директорий, и проверьте настройки для директорий по умолчанию. Проверьте работу автодискавера. Подожглось, ура, закрываем тему, и дальше уже решайте когда будете конфигурировать редирект.

    Много изменений сразу- зло.

    • Помечено в качестве ответа GarAlbert 2 февраля 2017 г. 11:06
    2 февраля 2017 г. 7:51
  • Благодарствую, сейчас пойду пробовать!!!)))
    2 февраля 2017 г. 8:00

  • Много изменений сразу- зло.

    И умалчивать о них зло не меньшее))

    Уводит на ложный след.

    2 февраля 2017 г. 8:04
  • Неистово плюсую!
    2 февраля 2017 г. 8:12
  • Спасибо огромное Дмитрий, действительно малость лишнего было. Теперь отрабатывает. Куда мне лайкнуть, чтоб вам премию дали? ))))))
    2 февраля 2017 г. 10:54
  • Просто пометьте ответ, который помог, чтобы его могли легко найти другие участники форума с подобной проблемой.

    И приходите к нам еще ;)

    2 февраля 2017 г. 11:02