In the last part of this two part series we covered the importance of understanding your DNS domain naming and indeed the correct configuration for your SSL SAN based certificate. We also covered how you can get your SSL certificate issued and indeed how you can install it on your Client Access Server ready for the final configuration steps.

In this part I would like to go through those steps, give you an overview of how you can connect Outlook 2007 / 2003 to OA and some troubleshooting steps which can be used if you hit any problems.

Configuring the Client Access Server for OA (and OWA, and OAB):

Now this is perhaps the most important bit and requires the most concentration – please follow these instructions very carefully.

It is here where the understanding of your Internal and External domains is paramount, and indeed knowing where to use the relevant SAN names which you had placed on your SSL certificate.

All URLS which are used here must point via DNS (either internally or externally) at your Client Access Server.

For the purposes of this article the following is the make up of my URL structure (you will note that all of the following were added to my Example SAN Certificate discussed in the previous section:

Internal URLS:

  • flangemanifold.local – used as the root lookup for the Autodiscover Service
  • autodiscover.flangemanifold.local – used as the Autodiscover DNS domain
  • owa.flangemanifold.local – is used for both Internal OWA, OAB Download and the Web Services URL
  • FM-EXCAS-01 – NetBIOS name of the Client Access Server

External URLS:

  • flangemanifold.com – used as the root domain lookup for the Autodiscover Services
  • autodiscover.flangemanifold.com

Configuring the Autodiscover Virtual Directory:

From the Exchange Management Shell on your Client Access Server type in the following commands:

Set-AutodiscoverVirtualDirectory -id “FM-EXCAS-01\autodiscover (Default Web Site)” -InternalUrl https://owa.root.flangemanifold.local/autodiscover/autodiscover.xml

Set-AutodiscoverVirtualDirectory -id “FM-EXCAS-01\autodiscover (Default Web Site)” –ExternalUrl https://owa.flangemanifold.com/autodiscover/autodiscover.xml

See below:

clip_image001

When you have completed the above you need to ensure that the Authentication Settings are correct on the Auto Discover virtual Directory in order to do this type in the following commands:

Set-AutodiscoverVirtualDirectory -id “FM-EXCAS-01\autodiscover (Default Web Site)” –BasicAuthentication:$True

Set-AutodiscoverVirtualDirectory -id “FM-EXCAS-01\autodiscover (Default Web Site)” –DigestAuthentication:$False

Set-AutodiscoverVirtualDirectory -id “FM-EXCAS-01\autodiscover (Default Web Site)” –WindowsAuthentication:$True

Configuring the Webservices Virtual Directory:

Again from the Exchange Management Shell on your CAS type in the following command:

Set-WebServicesVirtualDirectory –id “FM-EXCAS-01\EWS (Default Web Site)” –internalURL “https://owa.root.flangemanifold.local/EWS/Exchange.asmx –externalURLhttps://owa.flangemanifold.com/EWS/Exchange.asmx

See below:

clip_image002

Again ensure that your authentication settings are correct by running the following commands:

Set-WebServicesVirtualDirectory –id “FM-EXCAS-01\EWS (Default Web Site)” -BasicAuthentication:$True

Set-WebServicesVirtualDirectory –id “FM-EXCAS-01\EWS (Default Web Site)” -DigestAuthentication:$False

Set-WebServicesVirtualDirectory –id “FM-EXCAS-01\EWS (Default Web Site)” -WindowsAuthentication:$True

Configure the Client Access Server Autodiscover InternalURI:

From the Exchange Management Shell on your CAS run the following command:

Set-ClientAccessServer –id fm-excas-01 –AutodiscoverServiceinternalUrihttps://autodiscover.root.flangemanifold.local

Configure the OAB Virtual Directory:

From the Exchange Management Shell on your CAS run the following command:

Set-OABVirtualdirectory –id “FM-EXCAS-01\oab (Default Web Site)” –internalURLhttps://owa.root.flangemanifold.local/oab  –externalURL https://owa.flangemanifold.com/oab

See below:

clip_image003

Enable Outlook Anywhere:

Yes – this is it, the final part of configuration (hopefully), from the From the Exchange Management Shell on your CAS run the following command:

Enable-OutlookAnywhere –Server FM-EXCAS-01 –ExternalHostname owa.flangemanifold.com –clientAuthenticationMethod:Basic –IISAuthenticationMethods Basic –SSLOffloading:$False

See below:

clip_image004

You might be presented with a warning message (as per above) letting you know that your settings might not take affect for 15 minutes. Given the configuration changes that we have made – I recommend that you allow for an Active Directory replication to take place and then REBOOT your CAS.

Configuring Outlook 2007 to connect (these steps can also be used for Outlook 2003):

Open the Outlook 2007 Mail Control panel and create a new profile (or edit the existing profile that you have) when you get the Exchange Server and Mailbox Screen provide the details of your MAILBOX Server (not the external DNS name of the CAS).

See below:

clip_image005

Click on the “More Settings” button and from the dialog that appears tick the “Connect to Microsoft Exchange using HTTP” and then click on the “Exchange Proxy Settings” button.

See Below:

clip_image006

From the dialog that now appears in the “Connection Settings” provide the External URL to your client Access Server (we configured it as OWA.FLANGEMANIFOLD.COM) – ensure that the proxy authentication is set to “Basic Authentication” and that the FAST and SLOW tick boxes are ticked.

See Below:

clip_image007

Troubleshooting:

If you perform a search on the Internet for Outlook Anywhere – or Autodiscover you will find lots and lots of avid discussion about issues that can occur.

As I have mentioned previously, a lot of these issues can be traced back to either incorrect DNS configuration between the internal and external URLS – but the most common that I have found and seen is because of the SSL certificate not containing all of the required SAN’s.

If you get a problem – the first stop should be to review your URLS and your SSL configuration.

Failing that (e.g. you are sure that everything checks out) there are a number of troubleshooting tools available to you:

Client Access Server:

If you are experiencing issues with OA – jump onto your Client Access Server, open an Exchange Management Shell and type in the following command:

Test-OutlookwebServices | fl

If things are working correctly you should see an Output which looks like the following:

clip_image008

If the command reports Warnings or Errors then you should take note of the ID’s and the messages and look them up – again I most of the Errors and Warnings are generated from incorrect configuration on the SLL certificate or in DNS – but because of the sheer number of items that can be reported you will need to work on a case by case basis.

Tools from Outlook:

Outlook has some really good inbuilt tools for troubleshooting problems with OA and Autodiscover – the first and most commonly known is accessed by holding down the CTRL key and RIGHT CLICKING on the Outlook Icon in the System Tray which produces the following menu:

clip_image009

Choose the “Test E-Mail AutoConfiguration” option which will present you with the following dialog:

clip_image010

Provide your E-Mail address ensure that all of the Authentication options are chosen and then click on the “Test” button.

From the “Results” and “Log” Window you should be able to see where things are not working or issues are occurring.

Given the above it is possible for the Test E-Mail Configuration tool to report that there are no problems where there still are, so, for the eventuality there is a little known feature (or perhaps well known depending on if you have used it a lot!) which turns on full client logging.

In order to enable Client Logging in Outlook go to [ Tools –> Options ] and from the dialog box that appears choose the “Other” tab:

clip_image011

From the General Section click on the “Advanced Options” button and from the dialog that appears chose the “Enable Logging (troubleshooting)” OK out of the dialog boxes and then restart Outlook.

See below:

clip_image012

When you have opened Outlook again – perform the action which is causing errors (for example trying to set the Out of Office or Download the Offline Address Book) – which will error.

Then go to [ Start –> Run and type in %temp% ] – this will open up the Temp folder for your machine.

Within the Temp folder there should be a file called “Olkdisc.log” – open this file it will entries which look like the following:

For Configurations with Problems:

Thread    Tick Count    Date/Time    Description
2844    8185296    07/02/09 22:05:42    Autodiscover to
https://flangemanifold.com/autodiscover/autodiscover.xml starting
2844    8186078    07/02/09 22:05:43    Autodiscover to
https://flangemanifold.com/autodiscover/autodiscover.xml FAILED (0x800C8203)
2844    8186078    07/02/09 22:05:43    Autodiscover to
https://autodiscover.flangemanifold.com/autodiscover/autodiscover.xml starting
2844    8186125    07/02/09 22:05:43    Autodiscover to
https://autodiscover.flangemanifold.com/autodiscover/autodiscover.xml FAILED (0x800C8203)
2844    8186125    07/02/09 22:05:43    Local autodiscover for flangemanifold.com starting
2844    8186125    07/02/09 22:05:43    Local autodiscover for flangemanifold.com FAILED (0x8004010F)
2844    8186125    07/02/09 22:05:43    Redirect check to
http://autodiscover.flangemanifold.com/autodiscover/autodiscover.xml starting
2844    8186156    07/02/09 22:05:43    Redirect check to
http://autodiscover.flangemanifold.com/autodiscover/autodiscover.xml FAILED (0x80072EE7)
2844    8186171    07/02/09 22:05:43    Srv Record lookup for flangemanifold.com starting
2844    8186187    07/02/09 22:05:43    Srv Record lookup for flangemanifold.com FAILED (0x8004010F)

If you are seeing errors in the log – make a note of them and use Google to troubleshoot – for information the error above was caused by the Users Primary SMTP address being different to the autodiscover domain (by default Outlook’s Autodiscover process will begin its lookup via the domain stipulated by the users Primary SMTP)

You can change how Outlook behaves by following the article here:

http://community.exchangeprovip.com/forums/thread/4610.aspx

For Configurations which work:

Thread    Tick Count    Date/Time    Description
3288    9117781    07/02/09 22:21:15    Autodiscover to
https://flangemanifold.com/autodiscover/autodiscover.xml starting
3288    9118109    07/02/09 22:21:15    Autodiscover to
https://flangemanifold.com/autodiscover/autodiscover.xml FAILED (0x800C8203)
3288    9118109    07/02/09 22:21:15    Autodiscover to
https://autodiscover.flangemanifold.com/autodiscover/autodiscover.xml starting
3288    9120531    07/02/09 22:21:17    Autodiscover XML Received
—BEGIN XML—
<?xml version=”1.0″ encoding=”utf-8″?>

Here the file will continue with the rest of the Autodiscover XML file from your Client Access Server.

Conclusion:

Well that pretty much wraps up my walk though on Outlook Anywhere – I hope that you find it useful. Admittedly it does not cover every single configuration scenario – and indeed needs to be adapted to support situations where, for example NLB is being used on the Client Access Servers (Which is recommended) but that is not a huge problem to work out (just remember that all DNS addresses need to point at the published NLB IP Address).

But, it should give you a good grounding in the hands on steps to get a successful OA and Autodiscover configuration working.