Jeg har forgæves søgt hjælp via experts-exchange.com ift. exchange/outlook-udfordringer jeg står i, i kølvandet på at have migreret min virksomheds exchange 2003 -> exchange 2007 (via denne how-to).
Der er sat en autodiscover-record op hos ekstern dns og internt (vi har split-DNS).
Vi bruger et wildcard-certifikat som kom til at fungere efter at have fulgt denne vejledning.
Der er noget der ikke er sat korrekt op, og jeg tror at kernen i de problemer jeg har, er relateret til autodiscover fordi E-mail AutoConfiguration fejler (se sidst i tråden).
Problemer/symptomer i Outlook:
Nogen der kunne fristes med titlen 'Årets helt'?
Alle problemer er nu løst i et ryk...
IIS -> Autodiscover webservice --> SSL-settings --> accept ændres til ignore.
Vi har nogle kunder med Small Business Server 2008. Én kundes SBS-server vi aktuelt er igang med at sætte op havde samme symptomer, og fordi vi selv samtidig har migreret vores interne Exchange 2003 til 2007 har jeg stjålet nogle IIS-settings fra den.
Grunden til at denne ændring fra ignore til accept er foretaget hos kunden er en tilbagevendende logon-popup, som jf denne side fordrede denne ændring.
Normal 0 21 false false false DA X-NONE X-NONE MicrosoftInternetExplorer4
Citat fra linket:
“I had an issue similar to this. Win2k3 Ex07. All of my Outlook 2007
users were getting prompted over and over for the username and
password. It wasn't checking the certificate that they had installed
via internet explorer. To fix the problem, I opened IIS on the
Exchange server and checked the following directories under the
default website (the root site(default web site), oab, autodiscover).
Under the directory security tab, click Edit in the Secure
Communications section. I had the require SSL checked and the 128bit
encryption, but under Client Certificates, it was set to ignore. Once
I changed that to Accept for each of the folders, stopped and started
IIS, I stopped being prompted all the time for credentials. Hopefully
this will help someone in the future.”
Vores problem er således løst, men nu har vores kunde en Pest eller Kolera - situation (og da vi er deres IT-leverandør har vi en Pest eller Kolera-situation). Enten virker out-of-office eller også slipper de for pop-op beskeder.
Tak for hjælpen Peter.
Hej Anders
Det kunne godt være et permission problem på dit Autodiscover VDIR.
Prøv at kør følgende kommando via EMS: test-outlookwebservices
Peter Schmidt Microsoft MVP - IIS | Microsoft Certified Master: Exchange 2007 MCITP | MCSE: M+S+I | Blog: www.msdigest.net | DK UC BG: www.colabora.dk
Jeg kørte test-outlookwebservices | Select-Object type, message | format-list da det klumper sig så man ikke kan se output af message:
test-outlookwebservices | Select-Object type, message | format-listType : InformationMessage : About to test AutoDiscover with the e-mail address Administrator@domain.dk.Type : InformationMessage : Testing server Server.domain.dk with the published name https://Server.domain.dk/EWS/Exchange.asmx & .Type : InformationMessage : Found a valid AutoDiscover service connection point. The AutoDiscoverURL on this object is https://Server.domain.dk/Autodiscover/Autodiscover.xml.Type : InformationMessage : The Autodiscover service was contacted at https://Server.domain.dk/Autodiscover/Autodiscover.xml.Type : SuccessMessage : [EXCH]-Successfully contacted the AS service at https://Server.domain.dk/EWS/Exchange.asmx. The elapsed time was 218 milliseconds.Type : SuccessMessage : [EXCH]-Successfully contacted the OAB service at https://Server.domain.dk/EWS/Exchange.asmx. The elapsed time was 0 milliseconds.Type : SuccessMessage : [EXCH]-Successfully contacted the UM service at https://Server.domain.dk/UnifiedMessaging/Service.asmx. The elapsed time was 15 milliseconds.Type : InformationMessage : [EXPR]-The AS is not configured for this user.Type : SuccessMessage : [EXPR]-Successfully contacted the OAB service at . The elapsed time was 0 milliseconds.Type : InformationMessage : [EXPR]-The UM is not configured for this user.Type : SuccessMessage : [EXPR]-Successfully contacted the RPC/HTTP service at https://mail.domain.dk/Rpc. The elapsed time was 15 milliseconds.Type : SuccessMessage : The Autodiscover service was tested successfully.
Det ser jo fint ud, ingen fejl der.
Din DNS er på plads, så autodiscover virker ude fra ikke sandt, i så fald så prøv at lave en Outlook Autodiscover test herfra: https://www.testexchangeconnectivity.com/
Det kan også være external URL configuration på din CAS sites som autodiscover, OWA osv. - men har du kun én CAS server, bør det ikke være nødvendigt.
Hvis jeg vælger testen 'Outlook Autodiscover' på testexchangeconnectivity.com prøver scriptet først med https://domain.dk... som fejler, hvilket er forventet, og så forsøger den med https://autodiscover.domain.dk... og så er der flueben hele vejen ned i resultatet. Den genkender også exchange-serverens navn. Alligevel kan jeg ikke sætte Outlook anywhere op uden at have enablet VPN-forbindelsen først.Jeg kender ikke til opsætning af external URL configuration (er ikke stødt på at jeg skulle sætte det op under migreringen), men der er kun den ene exchange-server i organisationen efter demote af den pensionerende exchange-2003. Den varetager således alle exchange-roller, og ja - så er der kun én CAS server.
EDIT:
Den sidste test - Outlook Anywhere (RPC over HTTP) - giver en fejl i sidste linje - jeg ved ikke om det betyder noget:
Testing RPC/HTTP connectivity RPC/HTTP test failed Test Steps Attempting to test Autodiscover for username@domain.dk Successfully tested Autodiscover Test Steps Attempting each method of contacting the AutoDiscover Service The AutoDiscover Service was successfully tested. Test Steps Attempting to test potential AutoDiscover URL https://domain.dk/AutoDiscover/AutoDiscover.xml Failed testing this potential AutoDiscover URL Test Steps Attempting to resolve the host name domain.dk in DNS. Host successfully resolved Additional Details IP(s) returned: <ip-adresse> Testing TCP Port 443 on host domain.dk to ensure it is listening and open. The specified port is either blocked, not listening, or not producing the expected response. Tell me more about this issue and how to resolve it Additional Details A network error occurred while communicating with remote hostException Details:Message: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond <ip-adresse>:443Type: System.Net.Sockets.SocketExceptionStack Trace:at System.Net.Sockets.TcpClient.Connect(String hostname, Int32 port)at Microsoft.Exchange.Tools.ExRca.Tests.TcpPortTest.PerformTestReally() Attempting to test potential AutoDiscover URL https://autodiscover.domain.dk/AutoDiscover/AutoDiscover.xml Testing AutoDiscover URL succeeded Test Steps Attempting to resolve the host name autodiscover.domain.dk in DNS. Host successfully resolved Additional Details IP(s) returned: <ip-adresse> Testing TCP Port 443 on host autodiscover.domain.dk to ensure it is listening and open. The port was opened successfully. Testing SSL Certificate for validity. The certificate passed all validation requirements. Test Steps Validating certificate name Successfully validated the certificate name Additional Details Found hostname autodiscover.domain.dk is a Wildcard Certificate match for Common name: *.domain.dk Validating certificate trust Certificate is trusted and all certificates are present in chain Additional Details The Certificate chain has be validated up to a trusted root. Root = OU=Equifax Secure Certificate Authority, O=Equifax, C=US Testing certificate date to ensure validity Date Validation passed. The certificate is not expired. Additional Details Certificate is valid: NotBefore = 12/29/2009 9:37:17 PM, NotAfter = 1/1/2012 1:53:20 AM" Attempting to send AutoDiscover POST request to potential autodiscover URLs. Successfully Retrieved AutoDiscover Settings by sending AutoDiscover POST. Test Steps Attempting to Retrieve XML AutoDiscover Response from url https://autodiscover.domain.dk/AutoDiscover/AutoDiscover.xml for user username@domain.dk Successfully Retrieved AutoDiscover XML Response Additional Details AutoDiscover Account SettingsXML Response:<?xml version="1.0"?><Autodiscover xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006"><Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a"><User><DisplayName>Anders Præstegaard</DisplayName><LegacyDN>/o=domain/ou=First Administrative Group/cn=Recipients/cn=username</LegacyDN><DeploymentId>068bcf6d-bfc9-41a4-b071-79f942446f77</DeploymentId></User><Account><AccountType>email</AccountType><Action>settings</Action><Protocol><Type>EXCH</Type><Server>Server.domain.dk</Server><ServerDN>/o=domain/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=Server</ServerDN><ServerVersion>720280B0</ServerVersion><MdbDN>/o=domain/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=Server/cn=Microsoft Private MDB</MdbDN><ASUrl>https://Server.domain.dk/EWS/Exchange.asmx</ASUrl><OOFUrl>https://Server.domain.dk/EWS/Exchange.asmx</OOFUrl><OABUrl>https://Server.domain.dk/OAB/b2d8af92-291b-423e-9f25-ab8eb1bd94bb/</OABUrl><UMUrl>https://Server.domain.dk/UnifiedMessaging/Service.asmx</UMUrl><Port>0</Port><DirectoryPort>0</DirectoryPort><ReferralPort>0</ReferralPort><PublicFolderServer>Server.domain.dk</PublicFolderServer><AD>domainvDC.domain.dk</AD><EwsUrl>https://Server.domain.dk/EWS/Exchange.asmx</EwsUrl></Protocol><Protocol><Type>EXPR</Type><Server>mail.domain.dk</Server><OABUrl>https://mail.domain.dk/OAB/b2d8af92-291b-423e-9f25-ab8eb1bd94bb/</OABUrl><Port>0</Port><DirectoryPort>0</DirectoryPort><ReferralPort>0</ReferralPort><SSL>On</SSL><AuthPackage>Basic</AuthPackage><CertPrincipalName>msstd:*.domain.dk</CertPrincipalName></Protocol><Protocol><Type>WEB</Type><Port>0</Port><DirectoryPort>0</DirectoryPort><ReferralPort>0</ReferralPort><External><OWAUrl AuthenticationMethod="Fba">https://mail.domain.dk/owa</OWAUrl></External><Internal><OWAUrl AuthenticationMethod="Basic, Fba">https://mail.domain.dk/owa</OWAUrl><Protocol><Type>EXCH</Type><ASUrl>https://Server.domain.dk/EWS/Exchange.asmx</ASUrl></Protocol></Internal></Protocol></Account></Response></Autodiscover> Validating Autodiscover Settings for Outlook Anywhere Outlook Anywhere Autodiscover Settings validated Attempting to resolve the host name mail.domain.dk in DNS. Host successfully resolved Additional Details IP(s) returned: 62.243.150.28 Testing TCP Port 443 on host mail.domain.dk to ensure it is listening and open. The port was opened successfully. Testing SSL Certificate for validity. The certificate passed all validation requirements. Test Steps Validating certificate name Successfully validated the certificate name Additional Details Found hostname mail.domain.dk is a Wildcard Certificate match for Common name: *.domain.dk Validating certificate trust Certificate is trusted and all certificates are present in chain Additional Details The Certificate chain has be validated up to a trusted root. Root = OU=Equifax Secure Certificate Authority, O=Equifax, C=US Testing certificate date to ensure validity Date Validation passed. The certificate is not expired. Additional Details Certificate is valid: NotBefore = 12/29/2009 9:37:17 PM, NotAfter = 1/1/2012 1:53:20 AM" Testing Http Authentication Methods for URL https://mail.domain.dk/rpc/rpcproxy.dll Http Authentication Methods are correct Additional Details Found all expected authentication methods and no disallowed methods. Methods Found: Basic Testing SSL mutual authentication with RPC Proxy server Successfully verified Mutual Authentication Additional Details Certificate common name *.domain.dk matches msstd:*.domain.dk Attempting to Ping RPC Proxy mail.domain.dk Pinged RPC Proxy successfully Additional Details Completed with HTTP status 200 - OK Attempting to ping RPC Endpoint 6001 (Exchange Information Store) on server Server.domain.dk Pinged Endpoint successfully Additional Details RPC Status Ok (0) returned in 640 ms. Testing NSPI Interface on Exchange Mailbox Server An error occurred while testing the NSPI Interface. Test Steps Attempting to ping RPC Endpoint 6004 (NSPI Proxy Interface) on server Server.domain.dk Failed to ping Endpoint Tell me more about this issue and how to resolve it Additional Details Tell me more about this issue and how to resolve it Additional Details RPC_S_SERVER_UNAVAILABLE error (0x6ba) was thrown by the RPC Runtime
Jeg har løst den sidste der:
http://www.buit.org/2008/01/04/outlook-anywhere-is-broken-on-ipv6-in-windows-server-2008/
IPv6 er disablet på servere (2008) og det kræver tilsyneladende en ændring af hostfilen fordi Exchange 2007 på en windows 2008 forsøger at kommunikere med sig selv gennem IPv6.
Jeg ser lige, hvad det kommer til at betyde og så vender jeg tilbage.
Jeg kan nu etablere Outlook Anywhere-forbindelse ude fra uden at VPN.Både Internt og eksternt fra kan jeg stadig ikke bruge Ikke-tilstede-assistenten/der kommer en fejl:Outlook 2010 beta):"Your automatic reply settings cannot be displayed because the server is currently unavailable. try again later." (Outlook 2007): "Your Out of Office settings cannot be displayed, because the server is currently unavailable. Try again later."Kalenderproblemerne er der stadig.E-mail AutoConfiguration fejler stadig med:Results-tabAutoconfiguration has started, this may take up to a minuteAutoconfiguration was unable to determine your settings!Log-tabAttempting URL https://<ExServername>.domain.dk/autodiscover/autodiscover.xml found through SCPAutodiscover to https://<ExServername>.domain.dk/autodiscover/autodiscover.xml startingAutodiscover to https://<ExServername>.domain.dk/autodiscover/autodiscover.xml FAILED (0X80072F0C)Autodiscover to https://domain.dk/autodiscover/autodiscover.xml startingAutodiscover to https://domain.dk/autodiscover/autodiscover.xml FAILED (0x800C8203)Autodiscover to https://autodiscover.domain.dk/autodiscover/autodiscover.xml startingAutodiscover to https://autodiscover.domain.dk/autodiscover/autodiscover.xml FAILED (0x800C8203)Local autodiscover for domain.dk startinglocal autodiscover for domain.dk FAILED (0x8004010F)Redirect check to http://autodiscover.domain.com/autodiscover/autodiscover.xml startingSrv Record lookup for http://autodiscover.domain.com/autodiscover/autodiscover.xml FAILED (0x80072EE7)Srv Record lookup for domain.dk startingSrv Record lookup for domain.dk FAILED (0x8004010F)
Hej Peter,
Et par hurtige spørgsmål. Er det som du har ændret her hvor vidt serveren modtager klientens certifikat?
Anvender i klient certifikater til godkendelse ?
Har i en ISA foran exchange miljøet og bruger du Forms Based Authentication, Basic, eller NTLM godkendelse på hvilke services?
-Sole
MvhSole ViktorInfrastruktur konsulentMCSE 2000/2003, MCP SBS2003, Symantec Technical Specialist
Jeg har skrevet et par blog indlæg angående typiske Exchange 2007 problemer. http://www.sole.dk/category/exchange-2007 kan være noget af det kan bruges som inspiration.
Din fejl med Windows 2008 server og RPC fejlen er beskrevet. Derudover er det normalt at få fejl med logon prompts der kommer igen og igen, hvis der er konflikter med godkendelsesmetoden konfigureret på Exchange miljøet og evt. Firewall indstillinger. Et tip kan være at prøve at skifte alt til basic authentication i både ISA og Exchange - er typisk lettere at få til at virke, end NTLM.
Hej Sole Viktor.
Tak for din kommentar...
Snakker du til Peter eller snakker du til mig (der oprettede tråden)?
Hvis det er mig, så har vi ikke nogen ISA-server foran, og samtidig forsvandt problemet hos kunden. Der findes i øvrigt en rigtig god artikel på experts-exchange der har været mig til hjælp.
Tak for linket du skrev - det er noteret til senere.
Vh Anders
Hej Anders,
Den var til dig, så kun bunden af den post jeg svarede på, der stod tak for hjælpen Peter. :P sorry
Men dvs. problemet er løst? Super!
Jeps - geden blev barberet