Announcement

Collapse
No announcement yet.

Outlook 2007 and Exchange 2010SP3 Autodiscover issue

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Outlook 2007 and Exchange 2010SP3 Autodiscover issue

    Hi all,

    We have a typical Exchange 2010SP3 with CAS/HUB/Mailbox roles here.

    Internal users use Outlook 2007 to connect with server by TCP/IP.

    But every time they start Outlook, the system asks for the username/password for autodiscover.domain even when we ticked to "Remember password".

    If we cancel this popup, then we can not see free/busy schedule on the Outlook.

    Please kindly help us to find out the issue.

    Thanks.

  • #2
    Re: Outlook 2007 and Exchange 2010SP3 Autodiscover issue

    You shouldn't be getting prompts for Autodiscover at all.

    There are two issues here.
    1. Why is Outlook going to autodiscover.example.com
    2. Why are you getting prompts.

    First thing to do is check where autodiscover.example.com is pointing. Externally it should be pointing to your Exchange server's external IP address. Internally it can point to no where or to Exchagne server internally.

    However clients that are on the domain shouldn't be using Autodiscover.example.com.

    Therefore check the value of

    get-clientaccessserver | select identity, AutodiscoverServiceInternalURI

    The host name returned should
    a. Resolve internally to Exchange.
    b. Be listed on the SSL certificate installed on the server.

    If either are not true then internal Autodiscover will not work correctly.

    Simon.
    --
    Simon Butler
    Exchange MVP

    Blog: http://blog.sembee.co.uk/
    More Exchange Content: http://exchange.sembee.info/
    Exchange Resources List: http://exbpa.com/
    In the UK? Hire me: http://www.sembee.co.uk/

    Sembee is a registered trademark, used here with permission.

    Comment


    • #3
      Re: Outlook 2007 and Exchange 2010SP3 Autodiscover issue

      Hi Simon,

      I can resolve internally the autodiscover.example.vn pointing to our Exchange 2010 server. And autodiscover.example.vn also is listed in our SSL Certificate.

      ExchangeSvr03: Exchange server 2010SP3;
      PDCSvr: Primary domain Controller for domain example.vn
      Our client is located in another domain: abc.com

      Here is some information from our system:

      Get-ExchangeCertificate | FL:

      AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule , System.Security.AccessControl.CryptoKeyAccessR
      ule}
      CertificateDomains : {ExchangeSvr03.example.vn}
      HasPrivateKey : True
      IsSelfSigned : False
      Issuer : CN=example-ExchangeSvr03-CA, DC=example, DC=vn
      NotAfter : 6/20/2014 2:56:04 AM
      NotBefore : 6/20/2013 2:56:04 AM
      PublicKeySize : 2048
      RootCAType : Registry
      SerialNumber : 61014BBE000000000003
      Services : None
      Status : Valid
      Subject : CN=ExchangeSvr03.example.vn
      Thumbprint : E157EA636EB6523445980F8D6ED382CCDF4DDAFA

      AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule , System.Security.AccessControl.CryptoKeyAccessR
      ule, System.Security.AccessControl.CryptoKeyAccessRule}
      CertificateDomains : {example.vn, ExchangeSvr03.example.vn, mail.example.vn, autodiscover.example.vn}
      HasPrivateKey : True
      IsSelfSigned : False
      Issuer : CN=example-ExchangeSvr03-CA, DC=example, DC=vn
      NotAfter : 6/20/2015 1:39:20 AM
      NotBefore : 6/20/2013 1:39:20 AM
      PublicKeySize : 2048
      RootCAType : Registry
      SerialNumber : 14DA7789000000000002
      Services : IIS, SMTP
      Status : Valid
      Subject : CN=example.vn, OU=IT, O=Company Name, L=Hanoi, S=Hanoi, C=VN
      Thumbprint : DB91965FA74FB66BA53FF2ED90652A979AD95759

      AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule , System.Security.AccessControl.CryptoKeyAccessR
      ule, System.Security.AccessControl.CryptoKeyAccessRule}
      CertificateDomains : {example-ExchangeSvr03-CA}
      HasPrivateKey : True
      IsSelfSigned : True
      Issuer : CN=example-ExchangeSvr03-CA, DC=example, DC=vn
      NotAfter : 6/20/2018 1:44:09 AM
      NotBefore : 6/20/2013 1:34:12 AM
      PublicKeySize : 2048
      RootCAType : Registry
      SerialNumber : 0A0A43413468E19943607F4D67BCB489
      Services : SMTP
      Status : Valid
      Subject : CN=example-ExchangeSvr03-CA, DC=example, DC=vn
      Thumbprint : 2ADAB8151BAC69AD5C83B3082D6A752CCE5185F6

      AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule , System.Security.AccessControl.CryptoKeyAccessR
      ule, System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAcc
      essRule}
      CertificateDomains : {ExchangeSvr03, ExchangeSvr03.example.vn}
      HasPrivateKey : True
      IsSelfSigned : True
      Issuer : CN=ExchangeSvr03
      NotAfter : 6/7/2018 5:04:01 PM
      NotBefore : 6/7/2013 5:04:01 PM
      PublicKeySize : 2048
      RootCAType : None
      SerialNumber : 7E07D0C84B6497844D1D4C4C2B1D4D86
      Services : IMAP, POP, SMTP
      Status : Valid
      Subject : CN=ExchangeSvr03
      Thumbprint : 4B5C78B8A02AFACF901E37F388E4647198E917C4

      Get-AutodiscoverVirtualDirectory –Server ServerName | FL:

      RunspaceId : 128fad89-bf60-41cb-b1d2-196d4b781b97
      Name : Autodiscover (Default Web Site)
      InternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated, WSSecurity}
      ExternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated, WSSecurity}
      LiveIdSpNegoAuthentication : False
      WSSecurityAuthentication : True
      LiveIdBasicAuthentication : False
      BasicAuthentication : True
      DigestAuthentication : False
      WindowsAuthentication : True
      MetabasePath : IIS://ExchangeSvr03.example.vn/W3SVC/1/ROOT/Autodiscover
      Path : C:\Program Files\Microsoft\Exchange Server\V14\ClientAccess\Autodiscover
      ExtendedProtectionTokenChecking : None
      ExtendedProtectionFlags : {}
      ExtendedProtectionSPNList : {}
      Server : ExchangeSvr03
      InternalUrl : hxxps://autodiscover.example.vn/autodiscover/autodiscover.xml
      ExternalUrl :
      AdminDisplayName :
      ExchangeVersion : 0.10 (14.0.100.0)
      DistinguishedName : CN=Autodiscover (Default Web Site),CN=HTTP,CN=Protocols,CN=ExchangeSvr03,CN=Ser vers,C
      N=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=example,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=example,D C=vn
      Identity : ExchangeSvr03\Autodiscover (Default Web Site)
      Guid : 2a44323e-649b-4b2b-838d-cd9316e0b17d
      ObjectCategory : example.vn/Configuration/Schema/ms-Exch-Auto-Discover-Virtual-Directory
      ObjectClass : {top, msExchVirtualDirectory, msExchAutoDiscoverVirtualDirectory}
      WhenChanged : 7/16/2013 11:56:35 AM
      WhenCreated : 6/7/2013 5:08:28 PM
      WhenChangedUTC : 7/16/2013 4:56:35 AM
      WhenCreatedUTC : 6/7/2013 10:08:28 AM
      OrganizationId :
      OriginatingServer : PDCSvr.example.vn
      IsValid : True
      Last edited by kingnachi; 15th August 2013, 11:06.

      Comment


      • #4
        Re: Outlook 2007 and Exchange 2010SP3 Autodiscover issue

        Some more information:
        Here is the CAS role information (Get-ClientAccessServer | FL):

        RunspaceId : 128fad89-bf60-41cb-b1d2-196d4b781b97
        Name : ExchangeSvr03
        Fqdn : ExchangeSvr03.example.vn
        OutlookAnywhereEnabled : False
        AutoDiscoverServiceCN : ExchangeSvr03
        AutoDiscoverServiceClassName : ms-Exchange-AutoDiscover-Service
        AutoDiscoverServiceInternalUri : hxxps://ExchangeSvr03.example.vn/Autodiscover/Autodiscover.xml
        AutoDiscoverServiceGuid : 77378f46-2c66-4aa9-a6a6-3e7a48b19596
        AutoDiscoverSiteScope : {Default-First-Site-Name}
        AlternateServiceAccountConfiguration :
        IrmLogEnabled : True
        IrmLogMaxAge : 30.00:00:00
        IrmLogMaxDirectorySize : 250 MB (262,144,000 bytes)
        IrmLogMaxFileSize : 10 MB (10,485,760 bytes)
        IrmLogPath : C:\Program Files\Microsoft\Exchange Server\V14\Logging\IRMLogs
        IsOutOfService : False
        MigrationLogLoggingLevel : Information
        MigrationLogFilePath :
        MigrationLogMaxAge : 180.00:00:00
        MigrationLogMaxDirectorySize : 10 GB (10,737,418,240 bytes)
        MigrationLogMaxFileSize : 100 MB (104,857,600 bytes)
        IsValid : True
        ExchangeVersion : 0.1 (8.0.535.0)
        DistinguishedName : CN=ExchangeSvr03,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),C
        N=Administrative Groups,CN=example,CN=Microsoft Exchange,CN=Services,CN=Conf
        iguration,DC=example,DC=vn
        Identity : ExchangeSvr03
        Guid : 43601d21-c213-40af-a930-d1a09838b62e
        ObjectCategory : example.vn/Configuration/Schema/ms-Exch-Exchange-Server
        ObjectClass : {top, server, msExchExchangeServer}
        WhenChanged : 7/18/2013 5:04:59 PM
        WhenCreated : 6/7/2013 5:01:59 PM
        WhenChangedUTC : 7/18/2013 10:04:59 AM
        WhenCreatedUTC : 6/7/2013 10:01:59 AM
        OrganizationId :
        OriginatingServer : PDCSvr.example.vn

        Finally is the EWS information (Get-WebServicesVirtualDirectory –Server PDCSvr | FL):


        RunspaceId : 128fad89-bf60-41cb-b1d2-196d4b781b97
        CertificateAuthentication :
        InternalNLBBypassUrl : hxxps://ExchangeSvr03.example.vn/ews/exchange.asmx
        GzipLevel : High
        MRSProxyEnabled : False
        MRSProxyMaxConnections : 100
        Name : EWS (Default Web Site)
        InternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated, WSSecurity}
        ExternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated, WSSecurity}
        LiveIdSpNegoAuthentication : False
        WSSecurityAuthentication : True
        LiveIdBasicAuthentication : False
        BasicAuthentication : True
        DigestAuthentication : False
        WindowsAuthentication : True
        MetabasePath : IIS://ExchangeSvr03.example.vn/W3SVC/1/ROOT/EWS
        Path : C:\Program Files\Microsoft\Exchange Server\V14\ClientAccess\exchweb\EWS
        ExtendedProtectionTokenChecking : None
        ExtendedProtectionFlags : {}
        ExtendedProtectionSPNList : {}
        Server : ExchangeSvr03
        InternalUrl : hxxps://ExchangeSvr03.example.vn/EWS/Exchange.asmx
        ExternalUrl : hxxps://mail.example.vn/ews/exchange.asmx
        AdminDisplayName :
        ExchangeVersion : 0.10 (14.0.100.0)
        DistinguishedName : CN=EWS (Default Web Site),CN=HTTP,CN=Protocols,CN=ExchangeSvr03,CN=Ser vers,CN=Exchang
        e Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=example,CN=M
        icrosoft Exchange,CN=Services,CN=Configuration,DC=example,D C=vn
        Identity : ExchangeSvr03\EWS (Default Web Site)
        Guid : 29708aa2-2858-42a7-bb97-569fd01d1d35
        ObjectCategory : example.vn/Configuration/Schema/ms-Exch-Web-Services-Virtual-Directory
        ObjectClass : {top, msExchVirtualDirectory, msExchWebServicesVirtualDirectory}
        WhenChanged : 6/7/2013 5:08:39 PM
        WhenCreated : 6/7/2013 5:08:37 PM
        WhenChangedUTC : 6/7/2013 10:08:39 AM
        WhenCreatedUTC : 6/7/2013 10:08:37 AM
        OrganizationId :
        OriginatingServer : PDCSvr.example.vn
        IsValid : True

        Comment


        • #5
          Re: Outlook 2007 and Exchange 2010SP3 Autodiscover issue

          You wasted your time setting the URL on the autodiscover virtual directory. That isn't used by any clients.
          The address they use is set on the clientaccess server

          get-clientaccessserver | select identity, autodiscoverserviceinternalURI

          The host name in that URL must resolve to Exchange and be in your SSL certificate. If not then you will get prompts and problems.

          Simon.
          --
          Simon Butler
          Exchange MVP

          Blog: http://blog.sembee.co.uk/
          More Exchange Content: http://exchange.sembee.info/
          Exchange Resources List: http://exbpa.com/
          In the UK? Hire me: http://www.sembee.co.uk/

          Sembee is a registered trademark, used here with permission.

          Comment


          • #6
            Re: Outlook 2007 and Exchange 2010SP3 Autodiscover issue

            Hi Sembee,

            Thanks so much for your reply.

            I copy also here the information that you suggested me to investigate:

            [PS] C:\Windows\system32>get-clientaccessserver | select identity, autodiscoverserviceinternalURI

            Identity AutoDiscoverServiceInternalUri
            -------- ------------------------------
            ExchangeSvr03 hxxps://ExchangeSvr03.example.vn/Autodiscover/Autodiscover.xml

            C:\Users\exchangeclient>nslookup
            Default Server: DNSSvr.vnlife.com
            Address: 10.10.10.1

            > mail.example.vn
            Server: DNSSvr.vnlife.com
            Address: 10.10.10.1

            Name: mail.example.vn
            Address: 10.10.10.2

            > ExchangeSvr03.example.vn
            Server: DNSSvr.vnlife.com
            Address: 10.10.10.1

            Name: ExchangeSvr03.example.vn
            Address: 10.10.10.2

            C:\Users\exchangeclient>ping mail.example.vn

            Pinging mail.example.vn [10.10.10.2] with 32 bytes of data:
            Reply from 10.10.10.2: bytes=32 time=3ms TTL=127
            Reply from 10.10.10.2: bytes=32 time=1ms TTL=127
            Reply from 10.10.10.2: bytes=32 time=1ms TTL=127
            Reply from 10.10.10.2: bytes=32 time=1ms TTL=127

            Ping statistics for 10.10.10.2:
            Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
            Approximate round trip times in milli-seconds:
            Minimum = 1ms, Maximum = 3ms, Average = 1ms

            C:\Users\exchangeclient>ping ExchangeSvr03.example.vn

            Pinging ExchangeSvr03.example.vn [10.10.10.2] with 32 bytes of data:
            Reply from 10.10.10.2: bytes=32 time=1ms TTL=127
            Reply from 10.10.10.2: bytes=32 time=1ms TTL=127
            Reply from 10.10.10.2: bytes=32 time=1ms TTL=127
            Reply from 10.10.10.2: bytes=32 time=1ms TTL=127

            Ping statistics for 10.10.10.2:
            Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
            Approximate round trip times in milli-seconds:
            Minimum = 1ms, Maximum = 1ms, Average = 1ms

            The Autodiscover test works fine with Outlook, so I don't know which configuration that I missed .

            Please kindly help me to verify.

            Thanks.

            Comment


            • #7
              Re: Outlook 2007 and Exchange 2010SP3 Autodiscover issue

              Does hxxps://ExchangeSvr03.example.vn appear in your SSL certificate as one of the additional names?

              Simon.
              --
              Simon Butler
              Exchange MVP

              Blog: http://blog.sembee.co.uk/
              More Exchange Content: http://exchange.sembee.info/
              Exchange Resources List: http://exbpa.com/
              In the UK? Hire me: http://www.sembee.co.uk/

              Sembee is a registered trademark, used here with permission.

              Comment


              • #8
                Re: Outlook 2007 and Exchange 2010SP3 Autodiscover issue

                Hi Sembee,

                ExchangeSvr03.example.vn, autodiscover.example.vn, mail.example.vn and example.vn are included in SAN field of our self-signed certificate.

                Here is the output of "Get-ExchangeCertificate | FL" command:

                AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule , System.Security.AccessControl.CryptoKeyAccessR
                ule}
                CertificateDomains : {ExchangeSvr03.example.vn}
                HasPrivateKey : True
                IsSelfSigned : False
                Issuer : CN=example-ExchangeSvr03-CA, DC=example, DC=vn
                NotAfter : 6/20/2014 2:56:04 AM
                NotBefore : 6/20/2013 2:56:04 AM
                PublicKeySize : 2048
                RootCAType : Registry
                SerialNumber : 61014BBE000000000003
                Services : None
                Status : Valid
                Subject : CN=ExchangeSvr03.example.vn
                Thumbprint : E157EA636EB6523445980F8D6ED382CCDF4DDAFA

                AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule , System.Security.AccessControl.CryptoKeyAccessR
                ule, System.Security.AccessControl.CryptoKeyAccessRule}
                CertificateDomains : {example.vn, ExchangeSvr03.example.vn, mail.example.vn, autodiscover.example.vn}
                HasPrivateKey : True
                IsSelfSigned : False
                Issuer : CN=example-ExchangeSvr03-CA, DC=example, DC=vn
                NotAfter : 6/20/2015 1:39:20 AM
                NotBefore : 6/20/2013 1:39:20 AM
                PublicKeySize : 2048
                RootCAType : Registry
                SerialNumber : 14DA7789000000000002
                Services : IIS, SMTP
                Status : Valid
                Subject : CN=example.vn, OU=IT, O=Company Name, L=Hanoi, S=Hanoi, C=VN
                Thumbprint : DB91965FA74FB66BA53FF2ED90652A979AD95759

                AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule , System.Security.AccessControl.CryptoKeyAccessR
                ule, System.Security.AccessControl.CryptoKeyAccessRule}
                CertificateDomains : {example-ExchangeSvr03-CA}
                HasPrivateKey : True
                IsSelfSigned : True
                Issuer : CN=example-ExchangeSvr03-CA, DC=example, DC=vn
                NotAfter : 6/20/2018 1:44:09 AM
                NotBefore : 6/20/2013 1:34:12 AM
                PublicKeySize : 2048
                RootCAType : Registry
                SerialNumber : 0A0A43413468E19943607F4D67BCB489
                Services : SMTP
                Status : Valid
                Subject : CN=example-ExchangeSvr03-CA, DC=example, DC=vn
                Thumbprint : 2ADAB8151BAC69AD5C83B3082D6A752CCE5185F6

                AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule , System.Security.AccessControl.CryptoKeyAccessR
                ule, System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAcc
                essRule}
                CertificateDomains : {ExchangeSvr03, ExchangeSvr03.example.vn}
                HasPrivateKey : True
                IsSelfSigned : True
                Issuer : CN=ExchangeSvr03
                NotAfter : 6/7/2018 5:04:01 PM
                NotBefore : 6/7/2013 5:04:01 PM
                PublicKeySize : 2048
                RootCAType : None
                SerialNumber : 7E07D0C84B6497844D1D4C4C2B1D4D86
                Services : IMAP, POP, SMTP
                Status : Valid
                Subject : CN=ExchangeSvr03
                Thumbprint : 4B5C78B8A02AFACF901E37F388E4647198E917C4

                Comment


                • #9
                  Re: Outlook 2007 and Exchange 2010SP3 Autodiscover issue

                  Originally posted by kingnachi View Post

                  ... our self-signed certificate.
                  That is your problem.
                  Outlook doesn't cope well with self signed certificates and if you have the server exposed to the internet then you shouldn't be using one. Use a trusted certificate - $60/year and the problems will stop.

                  Simon.
                  --
                  Simon Butler
                  Exchange MVP

                  Blog: http://blog.sembee.co.uk/
                  More Exchange Content: http://exchange.sembee.info/
                  Exchange Resources List: http://exbpa.com/
                  In the UK? Hire me: http://www.sembee.co.uk/

                  Sembee is a registered trademark, used here with permission.

                  Comment


                  • #10
                    Re: Outlook 2007 and Exchange 2010SP3 Autodiscover issue

                    Hi Sembee,

                    Thanks for your suggestion.

                    We use Web mail for Internet access and Outlook for our internal client.

                    Are there any problem with our self signed certificate?

                    Are there any way to fix this self signed certificate issue?

                    Comment


                    • #11
                      Re: Outlook 2007 and Exchange 2010SP3 Autodiscover issue

                      Buy a certificate.
                      If you are using the server over the internet then you should not be using a self signed certificate. Telling users to ignore SSL warnings is not really very wise. That exposes them to phishing attacks and the like.

                      Simon.
                      --
                      Simon Butler
                      Exchange MVP

                      Blog: http://blog.sembee.co.uk/
                      More Exchange Content: http://exchange.sembee.info/
                      Exchange Resources List: http://exbpa.com/
                      In the UK? Hire me: http://www.sembee.co.uk/

                      Sembee is a registered trademark, used here with permission.

                      Comment

                      Working...
                      X