Problems with Autodiscover, Out of Office, Free Busy, OWA and Outlook Anywhere


One of the most common issues I see has to do with certificates, so to start out we need to understand some things about certificates.

Certificates are used to encrypt traffic between exchange servers and clients.

There are 3 things that need to be true for a certificate to be valid.

  1. The name used to access the resource needs match the certificate exactly.
    Example: If I connect to say owa with mail.mydomain.com then the certificate needs to also have mail.mydomain.com on it in either the subject or the subject alternate name field. clip_image002
  2. The Certificate time must be valid
  3. The issuing Certificate Authority must be trusted by the client. (It needs to exist in the “Trusted Root Certificate Authorities)

clip_image004

Now that we have some VERY basic info about certificates.

The issues I see constantly are: Autodiscover, Out of Office, Free Busy and Outlook Anywhere miss-configuration.

Reasons:

  1. Not using a trusted certificate
    • Solution: use a 3rd party cert provider
  2. The certificate name does not match the DNS name\s
    • Solution: create a new cert request containing all the names used to access the server. Minimum of
      1. Autodiscover.domain.com
      2. <ExternalName>.domain.com
      3. <InternalName>.domain.local (if using for internal systems also)

Example of a correct cert request:

  •  
    • New-ExchangeCertificate -GenerateRequest -SubjectName “C=US, O=Org Name, CN=mail.domain.com” -domainname mail.domain.com, autodiscover.domain.com, servername, servername.domain.local -FriendlyName mail.domain.com -privatekeyexportable:$true -path c:\cert_myserver.txt

Example of Cert import

  •  
    • Import-ExchangeCertificate –Path “C:\CertificateFile.cer” | Enable-ExchangeCertificate -Services pop, smtp, iis, imap  (2007 Example)
    • Import-ExchangeCertificate -FileData ([Byte[]]$(Get-Content -Path c:\certificates\newcert.cer -Encoding Byte -ReadCount 0)) | Enable-ExchangeCertificate -Services SMTP   (2010 Example)
  1. External URLs not defined correctly
  2. Can’t resolve Fully qualified domain names (FQDN)

           Should look like this

         image

  1. SCP Record does not contain the correct value
    1. Test from outlook:
      1. Hold CTRL and Click the outlook Icon in the system tray image and select “Test Email Auto Configuration”image
      2. Uncheck guess smart and click Test
    2. check SCP value returned
      1. If you get info on the results tab then autodiscover is working
      2. If not look at the Log tab and look at the URL that is returned

              image

  1.  
    1. Test the URL (Type it into Internet explorer) if its not change SCP to a valid URL
      1. Run ADSIEDIT and view the “Service Binding Information” to verify the correct value

                     image

2. Set the SCP allong with the internal URL: Set-ClientAccessServer CASServerName -AutoDiscoverServiceInternalUri https://mail.domain.local/Autodiscover/Autodiscover.xml

3 thoughts on “Problems with Autodiscover, Out of Office, Free Busy, OWA and Outlook Anywhere

  1. Pingback: Most Common Exchange issues « Troubleshooting Exchange

  2. Pingback: Publish Exchange 2010 with TMG (Forefront Threat Management Gateway) « Troubleshooting Exchange

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s