Category Archives: Autodiscover

AutodiscoverServiceInternalURI in Exchange 2013

In Exchange 2013 when we run the below can see AutoDiscoverServiceInternalUri

Get-ClientAccessServer | fl AutoDiscoverServiceInternalUri

Normally this should be something like below:

AutoDiscoverServiceInternalUrihttps://autodiscover.domain.com/Autodiscover/Autodiscover.xmlJump

Don’t touch the Autodiscover virtual directory for changing external and internal URI leave it as such.

Their values will be empty and can be checked by running the below command
Get-AutoDiscoverVirtualDirectory -Server servername | fl *url*

Actually there is no ExternalUri we need to specify.
Internally (so when the clients are on the domain and can see the domain) they will query the domain for that value and resolve to it.

Externally the clients go through a pre-set number of URLs:

https://example.com/Autodiscover/Autodiscover.xml Jump

https://Autodiscover.example.com/Autodiscover/Autodiscover.xml Jump

Then DNS SRV records and finally a redirect.

Therefore for Autodiscover to work correctly externally you need to have one of those URLs resolve and be on the SSL certificate – the most common method is to use Autodiscover.example.com as an additional URL on the UC certificate

Troubleshooting Outlook Connectivity issues for all users in Exchange 2013

In this article i will list down few common steps that can be checked during troubleshooting outlook connectivity issues  in Exchange 2013 SP1 and later.

First step is that we need to identify whether it is happening for few users, or all users or its just one user and troubleshoot accordingly. In this blog we will discuss about troubleshooting Outlook connectivity issues for all users in Exchange 2013 environment .

1) Ensure that all Microsoft Exchange Services which  is  set to automatic are up and running.Especially the Microsoft Exchange RPC Client Access service must be started which is more involved in Outlook Connectivity issues.

2) Check in the application log for any throttling events in both CAS server as well as mailbox server.

3) If it  is a new Exchange 2013 setup ensure Host A record for Mail ,Webmail and Auto discover on internal DNS is created correctly.

4) Ensure that the new Exchange Certificate is created and assigned to the IIS service. If you have SSL make sure that the SSL certificate is assigned to the virtual directory.

5) Ensure that autodiscover internal url,ews internal url,oab internal url are set correctly.

6) Check the authentication methods in the IIS for the RPC .If you have enabled mapihttpenabled protocol  then check the mapi virtual directory. It can be Basic, NTLM, Negotiate on both the virtual directories and negotiate authentication is enabled by default in Exchange 2013.

You can use the below command to check the authentication method for mapi virtual directory if you have enabled mapihttpenabled  protocol.

Get-MapivirtualDirectory | fl

Below is the output and check the iis authentication method and internal authentication column.

ol4

 

Also you can check if you have enabled mapihttpenabled by running the below command

Get-organizationalconfig | fl Mapi*

ol6

Analyzing this part is very important.If your organization is using mapihttpenabled protocol then we need to enable this option. There are also few other settings that needs to be configured for using this protocol.For enabling mapihttpenabled protocol refer microsoft blog

http://technet.microsoft.com/en-us/library/dn635177(v=exchg.150).aspx

This value should be set to false if you have  not configured mapihttpenabled in your organization else end users will face trouble in connecting through Outlook . Run the below command to disable mapihttpenabled feature.

Set-OrganizationConfig -MapiHttpEnabled $False

7) Also it could be problem if the outlook providers were not set correctly.

Below is an example of setting up outlook providers .

First we need to run the below command  to check the value of outlook provider

Get-OutlookProvider

 

ol1

In our case since  the outlook provider is not set we get the values to be null.

Run the below commands to set the outlook provider name

Set-OutlookProvider -Server exchange2013CAS EXCH -CertPrincipalName msstd:exchangequery.com
Set-OutlookProvider -Server exchange2013CAS EXPR -CertPrincipalName msstd:exchangequery.com

 

ol2

Note:

Make sure that the certprincipal name that you are entering matches the name of the autodiscover that you have given in the SAN certificate and internal DNS.

Below will be the output if the outlook providers are set.

ol3

 

Though Outlook providers is not required as it is changes the autodiscover settings to global level from server level .But problems might arise if the outlook providers were not set correctly and autodiscover settings are not configured correctly.So its always better to check the values of outlook provider during troubleshooting these kind of scenarios and there is no harm in setting these values.

Get and easy and secured access to your online private work space and catch up with latest emails and essential documents with office 365 on your preferred device(PC/Mac/android/iOS) on your remotely accessible virtual desktop from CloudDesktopOnline.com with 24*7 top-notch support services from Apps4Rent.com.

Sathish Veerapandian

MVP – Office Servers & Services

Things to consider before configuring Autodiscover in Exchange 2010/2013 coexistence scenarios

Based on my experience I have collected few guidelines before configuring autodiscover in Exchange 2010/2013 coexistence.

First and the foremost step that i would recommend is

Follow the steps from Exchange server deployment guide which is pretty simple and straightforward.

http://technet.microsoft.com/en-us/exdeploy2013/Checklist?state=2284-W-DQBEAgAAQAAICQEAAQAAAA~~

We need to consider below things before we proceed with the full fledged operation of autodiscover in Exchange 2010/2013 coexistence.

First we need to decide on using which internal and external url’s in Exchange 2013.

The following Steps needs to be configured in this order:
Configure Exchange 2013 external URLs.
Configure Exchange 2013 internal URLs.
Enable and configure Outlook Anywhere in Legacy i.e, (Exchange 2010 & 2013).
Configure service connection point,Change SCP of Exchange 2010 CAS VIP to Exchange 2013 CAS VIP.
Configure DNS records.
DNS entries should be pointed to Exchange 2013 CAS from Exchange 2010 CAS.

Note: To allow your Exchange 2013 Client Access server to redirect connections to your Exchange 2010 

servers, you must enable and configure Outlook anywhere on all of the Exchange 2010 servers.
You can probably run Get-Outlookanywhere on both Exchange 2010 and 2013 and see all the
internal and external url’s assigned and configured accordingly.

Note: We need to have legacy url for legacy users if they want to access outlook anywhere externally.

For Outlook Anywhere
Change authentication on Exchange 2010 CAS server client auth method to NTLM

Run the following commands on Exchange 2013 server to set outlook anywhere settings

Set-outlookanywhere -InternalHostname “hostname” -identity
“serverRpc (Default Web Site)”-InternalClientAuthenticationMethod ntlm -internalclientsrequiressl $True
Set-outlookanywhere –externalHostname “hostname “ –identity
“serverRpc (Default Web Site)” -ExternalClientAuthenticationMethod ntlm -externalclientsrequiressl $true
Set-outlookanywhere -iisauthenticationmethods basic,ntlm,negotiate -identity “Rpc (Default Web Site)”

Imp Note : Exchange 2013 supports Negotiate for Outlook Anywhere HTTP authentication,
this option should only be used when all the servers in the environment are running Exchange 2013.

To configure certificate based authentication we need to ensure following things

1. Please check if Certificate Mapping Authentication is installed on the server
2. Go to IIS manager and check if Active Directory Client Certificate Authentication is enabled.
3. Check if required Client certificate is enabled on ActiveSync VD. If not, enable it.
4. Check if basic authentication is disabled on ActiveSync VD. If not, disable it.
5. Check if the ClientCertificateMappingAuth is set true.

Apply a new certificate with all the required site names included in Exchange 2013 CAS.

For OWA –
Enable FBA authentication + windows Integrated authentication on OWA VD on exchange 2010 CAS server.
Users with mailboxes still on 2010 will be connecting to CAS 2013 and then proxy to CAS 2010.

Feel free to post your comments if any other things that needs to be taken into consideration .
Cheers

%d bloggers like this: