I am moving this blog to WordPress. This is the first part of moving my focus and developing an Adelaide Exchange Server and Directory Services User Group in the near future.
Please update your favourites to point to messagingguy.wordpress.com
I’ll continue to replicate content on here for the next few months
Client had an issue after I migrated them from Exchange 2007 to Exchange 2010 where users on Outlook 2007 were being prompted for authentication. Mail flow would work for the user but they were being prompted for authentication from the autodiscover url.
The fix for the was as follows
Set-ClientAccessServer -Identity CASSERVER -AutodiscoverServiceInternalUrihttps://url.domain.com/autodiscover/autodiscover.xml
Set-WebServicesVirtualDirectory -Identity " CASSERVER \EWS (Default Web Site)" -InternalUrl https://url.domain.com/ews/exchange.asmx
Set-OABVirtualDirectory -Identity " CASSERVER \oab (Default Web Site)" -InternalUrl https://url.domain.com/oab
Set-UMVirtualDirectory -Identity " CASSERVER \unifiedmessaging (Default Web Site)" -InternalUrl https://url.domain.com/unifiedmessaging/service.asmx
The final thing to do is to make sure if you are using a proxy server make sure there is an exception in the proxy list for the url of the autodiscover service
Had an issue today at a clients site where they needed another OWA virtual directory for their SharePoint portal. So I created a new Web Site, added an additional IP address to the existing NIC. I then went into the bindings of the Default Web Site and set it to one of the addresses and then set the other site to the other address. Seems simple enough.
I then opened up the EMS and got this error
“Connecting to remote server failed with the following error message: The WinRM client cannot process the request. It cannot determine the content type of the HTTP response from the destination computer. The content type is absent or invalid. For more information, see the about_Remote_Troubleshooting Help topic.”
After making sure time was all good between the CAS and the DC I figured out that setting the web site that contained the PowerShell virtual directory to use All Unassigned as it’s binding resolved the issue.
Here is something that came up at a client site today
EXC01 (2k7 CAS/HT) has an Internal Relay receive connector with allowed relay from x.x.x.0/24 – among others
EXC02 (2k10 CAS/HT) is getting errors when trying to route mail to the 2k7 server “451 4.4.0 Primary target IP address responded with: "451 5.7.3 Cannot achieve Exchange Server authentication." Attempted failover to alternate host, but that did not succeed. Either there are no alternate hosts, or delivery failed to all alternate hosts”
What needs to be done is to take the new HT out of the relay list.
Why?
Well the way that I set up my relay connectors
AuthMechanism : Tls, ExternalAuthoritative
PermissionGroups : ExchangeServers
So the problem is the ExchangeServers Permission group that screws it all up. The relay connector see new HT as an Exchange server and so it used the relay connected not the default connector. This starts TLS but when the new HT initiates Integrated authenticated it fails because the relay connector does not have that as an Auth method.
This is the same as what is available online here, always nice to have the offline version on you especially when your at a site you cant get ‘net access and are in a bit of a bind.
Excellent article on this issue in Exchange 2010 and points out why sysprep and unique SID’s are so important
By default Outlook 2003 does not encrypt traffic between itself and the Exchange server it connects to.
With the introduction of Exchange 2010 RPC traffic between the Exchange server and Outlook must be encrypted by default.
To get around this with Outlook 2003 clients you must either use Group Policy to enable RPC encryption or disable the requirement for encryption on all Exchange 2010 CAS servers. To do this run the following common in the EMS.
Set-RpcClientAccess –Server CAS1 –EncryptionRequired $False
Without making one of these changes Outlook 2003 clients will not be able to connect to the Exchange 2010 CAS.
Posts
All Comments
