Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Autodiscover problems Exchange 2007

Status
Not open for further replies.
Yorkshireman2

Yorkshireman2

Programmer
Jan 21, 2005
154
CA
thread1582-1410346 is closed but sounds similar to my problem.
I installed exchange 2007 in December 2009 and finally got it up and running. (I have no experience at mail servers at all). Everything is on one server (the old primary server died last year)
This one is w2k3 enterprise edition R2 64 bit,and is primary DC,Mail server,etc. etc.

I have seen many errors in event viewer and problems since the beginning but no time to look at them until now (The boss now needs calendar busy-time to show up).

1. In Outloook 2007 I get the 0x8004010F error (object cannot be found) which I think is due to the OAB not downloading. (Outlook 2003 clients do not get this error)

2. Using the Test E-mail AutoConfiguration tool,I get only
"Autoconfiguration was unable to determine your settings".

3. I found the ISS Manager and I see the Default Web Site.
under that,the Autodiscover entry has 5 files but the autodiscover.xml has no meaningful information inside which is relevant to our server.....

<?xml version="1.0" encoding="utf-8" ?>
- <Autodiscover xmlns="- <Response>
- <Error Time="14:41:22.3199521" Id="1191019360">
<ErrorCode>600</ErrorCode>
<Message>Invalid Request</Message>
<DebugData />
</Error>
</Response>
</Autodiscover>

** Is this normal??


4. In event viewer I see errors from MSExchangeTransport, saying :
Event Type: Warning
Event Source: MSExchangeTransport
Event Category: TransportService
Event ID: 12023
Date: 4/20/2010
Time: 11:11:29 AM
User: N/A
Computer: <our server name>
Description:
Microsoft Exchange could not load the certificate with thumbprint of BC3D7E5C85BAB9EB0C726BDFCF97D420067A837B from the personal store on the local computer. This certificate was configured for authentication with other Exchange servers. Mail flow to other Exchange servers could be affected by this error. If the certificate with this thumbprint still exists in the personal store, run Enable-ExchangeCertificate BC3D7E5C85BAB9EB0C726BDFCF97D420067A837B -Services SMTP to resolve the issue. If the certificate does not exist in the personal store, restore it from backup by using the Import-ExchangeCertificate cmdlet, or create a new certificate for the FQDN or the server enabled for SMTP by running the following command: New-ExchangeCertificate -DomainName serverfqdn -Services SMTP. Meanwhile, the certificate with thumbprint D66AD4F0E8CB978B8D7F151B4B07D8297FC07D99 is being used.

For more information, see Help and Support Center at -----------------------------

I tried following the link but Microsoft goes off in all directions and I can't follow or understand it.

I don't know where to find these 'certificates' or what they do, or even if I really need them.
I did find that when trying to set up outlook web access,that:
whereas our old server used to allow web access by typing in mail.domainName.com and it then switched the browser url to https automatically, on this server I couldn't connect by https; I had to set it up to use http because it mentioned something about SSL and certificates.
At least web access using /owa works now.

Presumably our old server had these certificates for itself but I have no idea what to do about it.
(A new router we just bought keeps rejecting login too, saying it can't find a trusted certificate.)

5. Event viewer also keeps showing:

Event Type: Error
Event Source: NETLOGON
Event Category: None
Event ID: 5774
Date: 4/20/2010
Time: 1:40:25 PM
User: N/A
Computer: <serverName>
Description:
The dynamic registration of the DNS record '32ca0a35-a901-4867-b5f2-7f627b775c94._msdcs.DOMAIN.COM. 600 IN CNAME serverName.DOMAIN.COM.' failed on the following DNS server:

DNS server IP address: <ip address of our ISP provider(i.e. the external IP address which resolves to our domain>
Returned Response Code (RCODE): 5
Returned Status Code: 9017

For computers and users to locate this domain controller, this record must be registered in DNS.

USER ACTION
Determine what might have caused this failure, resolve the problem, and initiate registration of the DNS records by the domain controller. To determine what might have caused this failure, run DCDiag.exe. You can find this program on the Windows Server 2003 installation CD in Support\Tools\support.cab. To learn more about DCDiag.exe, see Help and Support Center. To initiate registration of the DNS records by this domain controller, run 'nltest.exe /dsregdns' from the command prompt on the domain controller or restart Net Logon service. Nltest.exe is available in the Microsoft Windows Server Resource Kit CD.
Or, you can manually add this record to DNS, but it is not recommended.

ADDITIONAL DATA
Error Value: DNS bad key.

For more information, see Help and Support Center at Data:
0000: 05 00 ..
------------------

Other events come up similar to this but with different DNS records:
'ForestDnsZones.DOMAIN.com. 600 IN A 192.168.0.X' failed on the following DNS server:

DNS server IP address: <ISP's external IP address for our domain>
--------------------
and...
'DomainDnsZones.DOMAIN.com. 600 IN A 192.168.0.x' --------------------
and...

The dynamic registration of the DNS record 'gc._msdcs.DOMAIN.COM. 600 IN A 192.168.0.X'
-----------
and..
The dynamic registration of the DNS record 'DOMAIN.COM. 600

------------
and...
The dynamic registration of the DNS record '_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.DOMAIN.com. 600 IN SRV 0 100 389 serverName.DOMAIN.COM.
-----------
and...
The dynamic registration of the DNS record '_ldap._tcp.ForestDnsZones.DOMAIN.com. 600 IN SRV 0 100 389 serverName.DOMAIN.COM

and more.

6. Now my boss says his busy times do not show up when someone tries to set up a meeting in their own Outlook calandar (its blank from what he showed me).
I am not familiar with this either.


Overall I get the feeling this is all due to one problem (maybe two) but I don't know where to start.
Most discussions in this forum use jargon I do not know,so that's no help to me. Our IT man died last year and I was put in charge of all this (as well as al lthe other jobs I do here).

Please does somebody know how tosolve my problem and can you stepme through it?

Thank you.








Yorkshireman2
 
Sort by date Sort by votes
You should retain a consultant to give your server a proper review. There's a lot going on there that might be a tad too much to try and resolve in just one message thread.

You should resolve the OAB issue first. The autodiscover is less important at this point. The OAB is what cached users see as the Global Address List (GAL).

The autodiscover issue could be just a URL issue. Do you get a certificate error when using Outlook 2007?

For the certificate issue, open the Exchange Management Shell and paste the following:
Code: 
Enable-ExchangeCertificate BC3D7E5C85BAB9EB0C726BDFCF97D420067A837B -Services SMTP,IIS
then type
Code: 
IISRESET
and see if HTTPS is working. It might not because I don't have enough info to say whether that's the right cert, nor do you mention if HTTPS is bound on the server. But it should help the eventlog error go away.

But a consultant is worth the money.

Pat Richard MVP
Plan for performance, and capacity takes care of itself. Plan for capacity, and suffer poor performance.
 
Upvote 0 Downvote
Hi ,
thanks for replying.
I tried the certificate command but it couldn't find the certificate.

OAB- I tried researching OAB problems for hours some time ago and gave up.
My boss will likely not pay for a consultant-it's a small business and we do all the jobs ouselves that need doing (or don't if we can't).
It's a shame- I would like to learn but there's never any time here.

I did try a powershell command to test availability but it was impossible to read because the text was cut of on the right side. even when I widen the window, the printout just starts further to the right and still cuts off.

It seemed to say it found an autodiscover entry but then the next lines said it couldn't connect to https: etc.
That's strange because when I couldn't get OWA to work originally with https, I set it the internal and external urls to http: and then it worked.
So why is the autodiscover test trying https?





Yorkshireman2
 
Upvote 0 Downvote
Is your old Exchange server still online somewhere? It sounds like certificates and some other things were not properly migrated to the new server. Do you have a way of bringing the old server back online long enough to do that?

I may be able to donate an hour of time for you this week if you wanted me to connect and implement a few quick things. It would be less tedious than trying to sort out this sort of mess on a forum.

Dave Shackelford MVP
ThirdTier.net
TrainSignal.com
 
Upvote 0 Downvote
I'll vouch for Dave's integrity. I know him personally, an he's a fellow MVP. If he's willing to do that, take the offer. Quick, before he changes his mind! :)

Pat Richard MVP
Plan for performance, and capacity takes care of itself. Plan for capacity, and suffer poor performance.
 
Upvote 0 Downvote
Dave,

A very nice offer, thank you.
The old server is running at the moment but it had to be taken off the domain and set as a workgroup, on another's advice; it seems it was interfering with promoting this one to primary DC and also with installing exchange 2007.
The old one runs windows 2000 SBS and had exchange 2000.
After rebuilding it, I and another tried re-installing exchange 2000 but attempts at restoring the information stores failed. So the boss gave up and bought exchange 2007 to install on the current server.
I searched on the old server for anything called *.crt and found only some of these certificates with the old server name on- presumably they are no good for the new server- different name.

Or are there other certificates hidden somewhere?

If you would like to try and help tomorrow let me know; it will depend on if I am given time to look at it too, so I will have to decide tomorrow and confirm.

Thanks,
Chris


Yorkshireman2
 
Upvote 0 Downvote
Hi Dave,
It seems you didn't get time after that last post, as you didn't reply to this thread since then.

I am going away on business until May 17th so I will visit this thread again then.

Yorkshireman2
 
Upvote 0 Downvote
Sorry I didn't get back to you. The certificates wouldn't be hidden somewhere else. You will probably want to purchase a cert from GoDaddy. They are very cheap, under $20\year for a single-name cert. We'll want to get a multi-name cert for your server to make sure that Autodiscover can be easily configured. Maybe when you get back I can help you generate and install that certificate.

Dave Shackelford MVP
ThirdTier.net
TrainSignal.com
 
Upvote 0 Downvote
Hi Dave,
Now it's me who must apologise for not getting back to you.
I have been away from the office more than I have been here this year. Just came back from a trade show in England.

May I politely ask if you are willing to try this again?
If so, please let me know how you want to proceed.

p.s. Using outlook web access (OWA) our staff can set the out of office assistant but using Outlook 2007 within our own building/network we can't.
From what I can tell (or guess)this problem and no free/busy time data and no offline address book in outlook 2007 all seems to be tied up with the lack of a certificate.

I also found when I tried to set up a new Sonicwall firewall/router on our WAN connection it complained about unsafe connection and no valid certificate found.


Yorkshireman2
 
Upvote 0 Downvote
I just saw this reply-I have Skype running now.
We may have to set up a definite time because although I'm from England I am in Canada -> 6 hours behind the UK.
I am at work from about 8:30am to 5pm usually, so that will be 2:30pm to 11pm in UK time!
I really appreciate your willingness to help.



Yorkshireman2
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

PatrickRoggers
  • Locked
  • Helpful tip
Safest Way to Import PST file into Exchange Online
Replies
0
Views
1K
PatrickRoggers
PatrickRoggers
T
  • Locked
  • Question
How to use third party mail security gateway to scan internal/inter-domain mails in Exchange On-Premise?
Replies
3
Views
1K
DrB0b
DrB0b
ComputersUnlimited
  • Locked
  • Question
Migrating to Exchange 2019
Replies
0
Views
1K
ComputersUnlimited
ComputersUnlimited
Brent Fletcher
  • Locked
  • Question
Exchange rule to remove &quot;✉&quot; icon when it appears in a subject title from a supplier
Replies
0
Views
1K
Brent Fletcher
Brent Fletcher
stanlyn
  • Locked
  • Question
How to do Certificates on MultiDomain Exchange with Least Cost
Replies
1
Views
1K
Wesaf
Wesaf

Part and Inventory Search

Sponsor

Back
Top