Category Archives: Exchange 2007

Out of Office not working – Using Exchange Autodiscover Redirect

Had an interesting one today with a bit of a lesson at the end of the article.

Scenario:

Users are able to connect to Exchange with Outlook, send and receive mails etc. Users are however unable to set up their Out of Office using Outlook but they are able to set it using Outlook WebApp. We have a hybrid Exchange environment with 2010 and 2007 CAS servers. In the back-end we are running an Exchange 2007 CCR Cluster.

Past troubleshooting with regards to Out of Office not working has taught me to check and test autodiscover. I bet that the OAB is also not downloading?
I ran the normal checks such as checking the certificates and running nslookup to see if autodiscover.domain.com redirects to autodiscoverredirect.domain.com asn it did.

My next step was to check IIS as I’ve had a previous issue there. Low and behold I noticed that an ex-admin used his credentials for authentication. This caused issues as the admin’s account has been deleted a few days ago as he left our company. I then created a service account and added the credentials in IIS to ensure that this does not happen again. Users reported that Out of Office is working again.

Below are some screenshots for where I changed the credentials. Note that when I tried opening any settings under the Autodiscoverredirect Webpage in IIS that the error explicitly told me that the account for admin-abc had problems authenticating. The challenge was that I was not too sure where this is supposed to be changed. But here you go:

1. Open IIS on your CAS server and browse to Sites => AutodiscoverRedirect (Or whatever you named it)

Capture1

2. On the right click on “Advanced Settings”

Capture2

3. Click on “Physical Path Credentials” and then set. Add your service account credentials and save.

Capture3

This solved my issue with redirection.

Lesson: No matter how many years of experience admins have, the still seem to take the quick route of using their personal credentials where a service account should be used causing issues for your users and customers. Don’t be a lazy engineer and use the service accounts and remember to document EVERYTHING!

Advertisements

Meeting requests sent to a room mailbox, replaces the Subject, with the Senders name

We received a call today where a meeting request sent to a Room mailbox shows the meeting organiser’s name in the subject line.
This can be rectified by running the following:

Exchange 2010/2013:

Set-CalendarProcessing -identity “meeting room name” -DeleteComments $true -AddOrganizerToSubject $true -DeleteAttachments $true -DeleteSubject $true

Exchange 2007:

set-mailboxcalendarsettings -identity “meeting room name” -deletesubject $false -addorganizertosubject $false

Hope this makes your life a bit easier.


OWA redirect URL error or stating you should use HTTPS when no certs are used

We’ve had an issue where we log on to the OWA URL and the site either gives us a redirect URL error or ask us to use https:// instead of  http:// when we are not using SSL/certs

Eventually we logged into powershell and recreated all the OWA virtual directories. This solved the issue and we could access OWA again.


OoO not working because AutoDiscover does not work



1     First: Always check Certificates and DNS

 

 

1.1 Check if your certificates are configured correctly and if they have expired.

 

Open the Exchange Management Console and run: Get-ExchangeCertificate | fl
Review your certificates and ensure that they have not expired

1.2 Check DNS

 

A good way to test DNS is using NSLOOKUP. Open cmd and type nslookup and hit enter.
(In our case we need to run nslookup to our client’s autodiscover address to test redirection as we user autodiscover redirect.)

 

Type autodiscover.yourdomain.com (or .net etc.) this should return with the redirect address as per below screenshot.

 

 

 

 

 

 

 

  1.3 Additional Tests

 

You should also run the below tests in Outlook and in a Web Browser to test Autodiscover:

 

Outlook:

 

Hold Ctrl and Right click on the Outlook Icon in the task bar. Then choose “Test E-mail AutoConfiguration”.

Within the dialog box type your e-mail Address, password and untick Use Guessmart and Secure Guessmart Authentication. Then click on “Test”

 

 

 

 

  

  

  

  

  

  

  

  

  

  

  

    

The test should be successful with doing a redirect.

You could also test autodiscover using http://testexchangeconnectivity .com but make sure there is no mail in the mailbox and OoO is not on as it will spit out an error.

  

2     IIS Settings

 

We found that the problem we had had nothing to do with DNS or Certs but the tests still failed. While testing the rules on ISA we saw an entry that pointed us to the following location.

 

IIS=>Computer Name=>Websites=>AutoDiscoverRedirect=>AutoDiscover=>AutoDiscover.xml

 

Right Click on AutoDiscover.xml ans untick the following tick box.

 

 

 

This resolved the issue and all AutoDiscover tests where successful. OoO and OAB was working once again.

 

Note: When we restarted IIS we noticed that the tick was back and we had to untick the checkbox again. We are still looking into this.


Renewing TLS Certificate on a Hub Transport Server

I received an event today advising me that the local TLS certificate has expired and needs to be renewed. Here is the event info.

TLS Cert Expired Event

We need to renew this Certificate otherwise mailflow in Exchange 2007 will stop working. To do this open Exchange Management Shell and type the following:
Get-ExchangeCertificate | fl
You will be presented with all the certs installed on the server. You need to now find the cert that has expired. An example of an expired cert is:
AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule, System.Securi
                     ty.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {XXXX01, XXXX01.domainname.local}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=SERVER01
NotAfter           : 2010/12/28 09:33:12 AM
NotBefore          : 2009/12/28 09:33:12 AM
PublicKeySize      : 2048
RootCAType         : Unknown
SerialNumber       : 8E1600C9A48960A64F515084A643CF4D
Services           : SMTP
Status             : Invalid
Subject            : CN=SERVER01
Thumbprint         : 459CA3A8D2CE3A300839D6254ACD4A5642F25185
The easiest way to renew the above certificate is to export the first cmdlet we ran to a text file and then copying the cert. To do that do the following:
  • Get-ExchangeCertificate | fl >c:\cert.txt
  • Now open the cert.txt document that you created with the above command and copy the Thumbprint of the expired cert.
  • Then run Get-ExchangeCertificate -Thumbprint c6289cd8465c99ab249c60f8893jan7d889a4afc | New-ExchangeCertificate where the thumbprint number should be the one you copied from cert.txt. (Just delete the above thumbprint and paste your thumb print in it’s place)
  • Choose yes to overwrite the old certificate. (Before you click yes make sure the thumbprint is the same as the one in cert.txt as you do not want to overwrite a different cert)
  • Run Get-ExchangeCertificate | fl and check the dates and status to see if the new cert was created successfully.

I used the following URL to assist me with renewing the Cert. There are more info on the article regarding 3rd Party Certs etc.

How to setup Autodiscovery on Exchange 2007

This is how to setup Autodiscover for Exchange 2007 after the trusted certs have been setup:

Create an AutoDiscover DNS Record on you DC

– Open t DNS Manager.
– Expand Forward Lookup Zones then expand domain.xx
– Right-click domain.xx and select New Host(A)
– Type autodiscover and the IP Address of the Exchange 2007 server, then click on add.
– Click OK then click Done.

Configure Exchange 2007 Server

– On the Exchange server open Exchange Management Shell
– Type the following:  Set-OutlookProvider –id exch –ssl:$true and press Enter.
– Then type the following: Set-OutlookProvider –id exch –server:servername and then press Enter.


%d bloggers like this: