Announcement

Collapse
No announcement yet.

Exchange error after domain join

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Exchange error after domain join

    Originally this network consisted of a SBS 2008 server running Exchange 2007 in a workgroup environment. OWA worked externally, internally Outlook on the workgroup workstations connected just fine. Then, they decided to get a second server. A 2008 R2 server was added to the network running Exchange 2010. Both servers are domain controllers and DNS servers. All exchange services and mailboxes were moved onto the new server. The SSL was rekeyed for the new server. The old server’s exchange was assumed just sitting there doing nothing. There was talk on a previous post of mine on this forum that in the event of a failure of the new server this old server would have 2010 installed on it and it could take up operations again. But we never did that. Everything was humming along splendidly.

    They began to add staff and more workstations and they had a frightful moment when a hard drive of a workstation almost died causing user data loss. They were convinced to switch to a domain environment so folder redirection and offline files could insure backups of the user data. The users already had domain credentials, because they were using exchange. But the workstations were not joined to the domain.

    After joining the workstations to the domain the users logged. I explained to them to log on with your “exchange email password” . Once logged in I configured outlook with this new profile and the following error message popped up.

    Information you exchange with this site canoe be viewed or changed by others. However there is a problem with the sites certificate. Then there are two green checks and a red X on the red X it says The name on the security certificate is invalid or does not match the name of the site.

    I did lots of googling and lots of trying stuff to resolve the issue. I rekeyed the SSL cert on godaddy and reinstalled it. I got into the exchange shell and did some commands like “get-ClientAccessServer -Identity "myserver" –AutodiscoverServiceInternalURI htps://blahblah” I checked that mail.domain.com and remote.domain.com point to the correct server etc. Then I got to thinking, I wonder if the old SBS with 2007 Exchange is getting in the way of the newly joined domain PCs and putting up its invalid certificate. But I’m not sure how to test this or even if this theory is valid. I do know that a domain with an SBS has to be the top dog and hold all FSMO roles. All I know is,… outlook worked fine… workstations were moved from workgroup to domain… outlook throws up this error.

    I’m thinking, maybe I should just uninstall exchange 2007. Will that break anything? I mean, After clicking Yes on this error message outlook does continue to function. If I remove 2007, and the outlook clients are using it somehow as a go between, will that then break outlook?

    Any help would be appreciated.

  • #2
    Re: Exchange error after domain join

    Interesting story

    Firstly, please don't do anything to your SBS 2008.

    Follow this KB 940726 (on Exchange 2010) and please report back.

    Cheers
    Last edited by jedi001; 23rd January 2013, 00:06.
    Technical Director
    www.tecguruz.com
    Ex-Microsoft (Exchange Client & Server Infrastructure Team), MCSA, MCSE, MCITP, MCTS & ITIL Foundation certified

    Comment


    • #3
      Re: Exchange error after domain join

      Quick googling on that KB refers to a Microsoft article

      support dot microsoft dot com/kb/940726

      Which seems to be based on 2007 exchange.

      I did try to do this already on the 2010 exchange server, but the command "Set-UMVirtualDirectory" Didn't work. It doesn't seem to be supported on 2010.

      Or are you referring to something else? Please link me if you are.

      Comment


      • #4
        Re: Exchange error after domain join

        Originally posted by ant2ne View Post
        Quick googling on that KB refers to a Microsoft article

        support dot microsoft dot com/kb/940726

        Which seems to be based on 2007 exchange.

        I did try to do this already on the 2010 exchange server, but the command "Set-UMVirtualDirectory" Didn't work. It doesn't seem to be supported on 2010.

        Or are you referring to something else? Please link me if you are.
        Yes the above article is an MS article: http://support.microsoft.com/kb/940726

        The UM command wont work if you don't have the role installed and you are not required to run that.

        If you have already tried the same then it might be the certificate, either the name of the certificate doesn't match or it is expired or doesn't have the private key. This could be anything, I would check which certificate is enabled for IIS on exchange 2010.

        Run this on Exchange management shell for us:

        Get-ExchangeCertificate and then note the thumbprint which has service assigned as "W" i.e IIS.

        Then go to IIS-->Right click Default Web Site-->click Edit Bindings-->Check which certificate is chosen for port 443 and has it got the same common names and thumbprint which we got from the above shell command.

        Please advise the results

        Or share some screen shots if possible of the errors you are receiving.

        Regards
        Technical Director
        www.tecguruz.com
        Ex-Microsoft (Exchange Client & Server Infrastructure Team), MCSA, MCSE, MCITP, MCTS & ITIL Foundation certified

        Comment


        • #5
          Re: Exchange error after domain join

          I can not post URLs or screenshots because I haven't posted enough threads here yet. You can view my screenshot by pointing your browser to...

          mccls dot com/wp-content/uploads/2013/01/exchcert.png

          This is on the 2010 server. Not the SBS. The thumbprints seem to match. And the names looks right.
          Last edited by ant2ne; 23rd January 2013, 18:12.

          Comment


          • #6
            Re: Exchange error after domain join

            Originally posted by ant2ne View Post
            I can not post URLs or screenshots because I haven't posted enough threads here yet. You can view my screenshot by pointing your browser to...

            mccls dot com/wp-content/uploads/2013/01/exchcert.png

            This is on the 2010 server. Not the SBS. The thumbprints seem to match. And the names looks right.
            Ok so SSL looks good. I can get to your IIS page with no certificate alerts. Assuming mail.domain.com is pointing to new Exchange 2010 (on external DNS) and another assumption is that you have SPLIT DNS wherein you have a ZONE called DOMAIN.COM in your internal DNS server which has got the A record called MAIL pointing to exchange 2010 server IP. Correct me if I am wrong please?

            Now if all the assumptions are correct then please show me what you get when we do a TEST-EMAILAutoconfiguration in Outlook 2007 or outlook 2010. please share screenshot as you did previously.

            Regards
            Technical Director
            www.tecguruz.com
            Ex-Microsoft (Exchange Client & Server Infrastructure Team), MCSA, MCSE, MCITP, MCTS & ITIL Foundation certified

            Comment


            • #7
              Re: Exchange error after domain join

              What exactly would you like screenshots of?

              Since you mentioned it, I just checked all the DNS settings, again. I noticed that the zone remote.rls-global.com was pointed to the old server (see link below) so I modified that to point to the new server. I don't know how I missed that the last 3 times I checked it. I have yet to test if that is a fix or not.

              mccls dot com/wp-content/uploads/2013/01/exchdns.png

              Comment


              • #8
                Re: Exchange error after domain join

                Screenshot of TEST-EMAILAutoconfiguration in Outlook 2007 or outlook 2010. Though first test it as you have changed a DNS record, make sure you either restart pc or do ipconfig /flushdns and then test.
                Regards
                Last edited by jedi001; 24th January 2013, 00:30. Reason: Added more info
                Technical Director
                www.tecguruz.com
                Ex-Microsoft (Exchange Client & Server Infrastructure Team), MCSA, MCSE, MCITP, MCTS & ITIL Foundation certified

                Comment


                • #9
                  Re: Exchange error after domain join

                  DNS change made no difference. Here is the screen shot you requested...

                  mccls dot com/wp-content/uploads/2013/01/exchautoconf.png

                  Comment


                  • #10
                    Re: Exchange error after domain join

                    Ok firstly the OAB URL is missing, secondly are you using unified messaging if no then no need for the URL to be set.

                    Can please run

                    Get-oabvirtualdirectory | fl *url*

                    And share the result please.
                    Last edited by jedi001; 25th January 2013, 23:31. Reason: Typo
                    Technical Director
                    www.tecguruz.com
                    Ex-Microsoft (Exchange Client & Server Infrastructure Team), MCSA, MCSE, MCITP, MCTS & ITIL Foundation certified

                    Comment


                    • #11
                      Re: Exchange error after domain join

                      Code:
                      [PS] C:\Windows\system32>Get-oabvirtualdirectory | fl *url*
                      
                      
                      InternalUrl : https://sites/OAB
                      ExternalUrl :
                      
                      InternalUrl : https://mail.rls-global.com/oab
                      ExternalUrl : https://mail.rls-global.com/OAB
                      Thinkin internal URL should be rlsserver2.rls.local. Right?

                      Comment


                      • #12
                        Re: Exchange error after domain join

                        Till mail.domain.com is pointing to right exchange server internally and it's there as one of the DNs names in the certificate then it's fine. I see that there is another OAB URL which might be for the other server, to confirm the same please run the previous command without the *url* in it and share the result please, can see that outlook is not able to pick the OAB URL which is the clue I think, can you please check which server the OAB generation server, you can find this in EMC-organisation-mailbox- offline address book tab, please make sure that generation server is the new server and disrribution mechanism is both public & web. Let me know the results
                        Technical Director
                        www.tecguruz.com
                        Ex-Microsoft (Exchange Client & Server Infrastructure Team), MCSA, MCSE, MCITP, MCTS & ITIL Foundation certified

                        Comment


                        • #13
                          Re: Exchange error after domain join

                          please review...

                          mccls dot com/wp-content/uploads/2013/01/exchdefoffadd.png

                          Generation server IS NOT the new server. Shall I create a new offline address book?

                          Code:
                          [PS] C:\Windows\system32>Get-oabvirtualdirectory | fl
                          
                          RunspaceId                      : e4c1f128-f75a-40b7-b715-4821757a5306
                          Name                            : OAB (SBS Web Applications)
                          PollInterval                    : 30
                          OfflineAddressBooks             : {\Default Offline Address Book}
                          RequireSSL                      : True
                          BasicAuthentication             : True
                          WindowsAuthentication           : True
                          MetabasePath                    : IIS://RLSSERVER.rls.local/W3SVC/3/ROOT/OAB
                          Path                            : C:\Program Files\Microsoft\Exchange Server\ClientAccess\OAB
                          ExtendedProtectionTokenChecking : None
                          ExtendedProtectionFlags         : {}
                          ExtendedProtectionSPNList       : {}
                          Server                          : RLSSERVER
                          InternalUrl                     : https://sites/OAB
                          InternalAuthenticationMethods   : {Basic, WindowsIntegrated}
                          ExternalUrl                     :
                          ExternalAuthenticationMethods   : {Basic, WindowsIntegrated}
                          AdminDisplayName                :
                          ExchangeVersion                 : 0.1 (8.0.535.0)
                          DistinguishedName               : CN=OAB (SBS Web Applications),CN=HTTP,CN=Protocols,CN=RLSSERVER,CN=Servers,CN=Exchang
                                                            e Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=First Organizati
                                                            on,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=rls,DC=local
                          Identity                        : RLSSERVER\OAB (SBS Web Applications)
                          Guid                            : 90263dea-8124-4a6c-b44c-c63693ef089a
                          ObjectCategory                  : rls.local/Configuration/Schema/ms-Exch-OAB-Virtual-Directory
                          ObjectClass                     : {top, msExchVirtualDirectory, msExchOABVirtualDirectory}
                          WhenChanged                     : 5/21/2009 12:06:09 PM
                          WhenCreated                     : 5/21/2009 12:06:09 PM
                          WhenChangedUTC                  : 5/21/2009 5:06:09 PM
                          WhenCreatedUTC                  : 5/21/2009 5:06:09 PM
                          OrganizationId                  :
                          OriginatingServer               : RLSSERVER.rls.local
                          IsValid                         : True
                          
                          RunspaceId                      : e4c1f128-f75a-40b7-b715-4821757a5306
                          Name                            : OAB (Default Web Site)
                          PollInterval                    : 480
                          OfflineAddressBooks             : {}
                          RequireSSL                      : False
                          BasicAuthentication             : False
                          WindowsAuthentication           : True
                          MetabasePath                    : IIS://RLSSERVER2.rls.local/W3SVC/1/ROOT/OAB
                          Path                            : D:\Program Files\Microsoft\Exchange Server\V14\ClientAccess\OAB
                          ExtendedProtectionTokenChecking : None
                          ExtendedProtectionFlags         : {}
                          ExtendedProtectionSPNList       : {}
                          Server                          : RLSSERVER2
                          InternalUrl                     : https://mail.rls-global.com/oab
                          InternalAuthenticationMethods   : {WindowsIntegrated}
                          ExternalUrl                     : https://mail.rls-global.com/OAB
                          ExternalAuthenticationMethods   : {WindowsIntegrated}
                          AdminDisplayName                :
                          ExchangeVersion                 : 0.10 (14.0.100.0)
                          DistinguishedName               : CN=OAB (Default Web Site),CN=HTTP,CN=Protocols,CN=RLSSERVER2,CN=Servers,CN=Exchange A
                                                            dministrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=First Organization,
                                                            CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=rls,DC=local
                          Identity                        : RLSSERVER2\OAB (Default Web Site)
                          Guid                            : b2a9d272-bbb5-4a95-9bc5-9e10eddb6402
                          ObjectCategory                  : rls.local/Configuration/Schema/ms-Exch-OAB-Virtual-Directory
                          ObjectClass                     : {top, msExchVirtualDirectory, msExchOABVirtualDirectory}
                          WhenChanged                     : 1/19/2013 1:52:03 PM
                          WhenCreated                     : 10/21/2012 10:17:41 AM
                          WhenChangedUTC                  : 1/19/2013 7:52:03 PM
                          WhenCreatedUTC                  : 10/21/2012 3:17:41 PM
                          OrganizationId                  :
                          OriginatingServer               : RLSSERVER.rls.local
                          IsValid                         : True
                          The part that says
                          InternalUrl : https://sites/OAB
                          Doesn't look right to me.
                          Last edited by ant2ne; 29th January 2013, 23:54.

                          Comment


                          • #14
                            Re: Exchange error after domain join

                            Originally posted by ant2ne View Post
                            please review...

                            mccls dot com/wp-content/uploads/2013/01/exchdefoffadd.png

                            Generation server IS NOT the new server. Shall I create a new offline address book?

                            Code:
                            [PS] C:\Windows\system32>Get-oabvirtualdirectory | fl
                             
                            RunspaceId                      : e4c1f128-f75a-40b7-b715-4821757a5306
                            Name                            : OAB (SBS Web Applications)
                            PollInterval                    : 30
                            OfflineAddressBooks             : {\Default Offline Address Book}
                            RequireSSL                      : True
                            BasicAuthentication             : True
                            WindowsAuthentication           : True
                            MetabasePath                    : IIS://RLSSERVER.rls.local/W3SVC/3/ROOT/OAB
                            Path                            : C:\Program Files\Microsoft\Exchange Server\ClientAccess\OAB
                            ExtendedProtectionTokenChecking : None
                            ExtendedProtectionFlags         : {}
                            ExtendedProtectionSPNList       : {}
                            Server                          : RLSSERVER
                            InternalUrl                     : https://sites/OAB
                            InternalAuthenticationMethods   : {Basic, WindowsIntegrated}
                            ExternalUrl                     :
                            ExternalAuthenticationMethods   : {Basic, WindowsIntegrated}
                            AdminDisplayName                :
                            ExchangeVersion                 : 0.1 (8.0.535.0)
                            DistinguishedName               : CN=OAB (SBS Web Applications),CN=HTTP,CN=Protocols,CN=RLSSERVER,CN=Servers,CN=Exchang
                                                              e Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=First Organizati
                                                              on,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=rls,DC=local
                            Identity                        : RLSSERVER\OAB (SBS Web Applications)
                            Guid                            : 90263dea-8124-4a6c-b44c-c63693ef089a
                            ObjectCategory                  : rls.local/Configuration/Schema/ms-Exch-OAB-Virtual-Directory
                            ObjectClass                     : {top, msExchVirtualDirectory, msExchOABVirtualDirectory}
                            WhenChanged                     : 5/21/2009 12:06:09 PM
                            WhenCreated                     : 5/21/2009 12:06:09 PM
                            WhenChangedUTC                  : 5/21/2009 5:06:09 PM
                            WhenCreatedUTC                  : 5/21/2009 5:06:09 PM
                            OrganizationId                  :
                            OriginatingServer               : RLSSERVER.rls.local
                            IsValid                         : True
                             
                            RunspaceId                      : e4c1f128-f75a-40b7-b715-4821757a5306
                            Name                            : OAB (Default Web Site)
                            PollInterval                    : 480
                            OfflineAddressBooks             : {}
                            RequireSSL                      : False
                            BasicAuthentication             : False
                            WindowsAuthentication           : True
                            MetabasePath                    : IIS://RLSSERVER2.rls.local/W3SVC/1/ROOT/OAB
                            Path                            : D:\Program Files\Microsoft\Exchange Server\V14\ClientAccess\OAB
                            ExtendedProtectionTokenChecking : None
                            ExtendedProtectionFlags         : {}
                            ExtendedProtectionSPNList       : {}
                            Server                          : RLSSERVER2
                            InternalUrl                     : https://mail.rls-global.com/oab
                            InternalAuthenticationMethods   : {WindowsIntegrated}
                            ExternalUrl                     : https://mail.rls-global.com/OAB
                            ExternalAuthenticationMethods   : {WindowsIntegrated}
                            AdminDisplayName                :
                            ExchangeVersion                 : 0.10 (14.0.100.0)
                            DistinguishedName               : CN=OAB (Default Web Site),CN=HTTP,CN=Protocols,CN=RLSSERVER2,CN=Servers,CN=Exchange A
                                                              dministrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=First Organization,
                                                              CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=rls,DC=local
                            Identity                        : RLSSERVER2\OAB (Default Web Site)
                            Guid                            : b2a9d272-bbb5-4a95-9bc5-9e10eddb6402
                            ObjectCategory                  : rls.local/Configuration/Schema/ms-Exch-OAB-Virtual-Directory
                            ObjectClass                     : {top, msExchVirtualDirectory, msExchOABVirtualDirectory}
                            WhenChanged                     : 1/19/2013 1:52:03 PM
                            WhenCreated                     : 10/21/2012 10:17:41 AM
                            WhenChangedUTC                  : 1/19/2013 7:52:03 PM
                            WhenCreatedUTC                  : 10/21/2012 3:17:41 PM
                            OrganizationId                  :
                            OriginatingServer               : RLSSERVER.rls.local
                            IsValid                         : True
                            The part that says

                            Doesn't look right to me.
                            I believe that RLSSERVER2 is the new server as it has got the internal/external URLs set correctly, I think your problem is GENERATION server, please change it to RLSSERVER2 and that should fix your issue as clients are still looking at the old server for OAB.

                            Let us know how it goes, i am pretty certain that this should fix it, otherwise we will look at other options which can be checked. Please do award points if you think my posts have helped you in fixing the issue.

                            Regards
                            Last edited by jedi001; 30th January 2013, 10:51. Reason: typo
                            Technical Director
                            www.tecguruz.com
                            Ex-Microsoft (Exchange Client & Server Infrastructure Team), MCSA, MCSE, MCITP, MCTS & ITIL Foundation certified

                            Comment


                            • #15
                              Re: Exchange error after domain join

                              please review

                              mccls dot com/wp-content/uploads/2013/01/exchdefoffadd2.png

                              After making these changes the error still pops up. So maybe I didn't do it right. Or so I need to restart some services?

                              Comment

                              Working...
                              X