Re: issues with Out of Office (Exchange Server 2007 SP1....Outlook 2007 SP1)

Michael,

Here are the results of the internal URL:

I enter the following in IE: https://server.mydomain.org/ewa/exchange.asmx
I am prompted for credentials (with the standard Basic Authentication popup)
and upon entering credentials I am redirected to:

https://server.mydomain.org/ews/Services.wsdl


I have done this on the Exchange Server and on a workstation (all
workstations are joined to the domain) and on a server in the domain - using
different credentials (administrator and other 'normal' user accounts). All
results are the same.

Here are the results from the External URL:

Upon entering the external URL in IE:
https://mail.mydomain.org/ews/exchanges.asmx I am, again, prompted for
credentials with the standard Basic Authentication popup. I enter
credentials in the format Domain\username with password. I am then
redirected to:

https://mail.mydomain.org/ews/Services.wsdl

Again, this is entered into IE while outside the network (sitting at home on
my laptop....not joined to the domain). Additionally, I did this several
times, using different sets of credentials (administrator and 'normal' user
accounts).

Now, sitting on the EXCH2007 box itself results in an error (the http error
401.1). This is with the host record 'mail' pointing to the internal IP
Address. I am going to change it to the Public IP Address and see what
happens! Hold on....

Okay...with the host record 'mail' pointing to the internal IP Address of
the Exchange Server I understand why I am getting theI am getting the HTTP
error. I enter the credentials and am prompted again and then again and
then I get the error message (HTTP 401.1). So, I changed it the Public IP
Address and get the same thing. But, only when running this test on the
EXCH2007 box. From other machines (all joined to the domain) I am prompted
for credentials and then am redirected to the /Services.wsdl page.

So, when I run the test-outlookwebservices | fl on the EXCH2007 box it is
exactly this test that is failing with:

ID: 1013
Type: Error
Message: when contacting https://mail.mydomain.org/ewa/exchange.asmx
received the error The Request failed with HTTP Status 401: Unathorized

ID: 1016
Trpe: Error
Message: [EXPR]-Error when contacting the AS Service at
https://mail.mydomain.org/ews/exchange.asmx. The elapsed time was 108
milliseconds.

All other tests complete successfully.

Does this make any sense?

I am scratching my head on this......obviously I am missing something....but
where?!?!?!?

Thanks,

Cary


"Michael Dragone" <newsgroup@xxxxxxxxxxxxxx> wrote in message
news:eOw47N2GJHA.1304@xxxxxxxxxxxxxxxxxxxxxxx
Hmm. This IS interesting!

Have you already tried hitting up
https://server.mydomain.org/EWS/Exchange.asmx and
https://mail.mydomain.org/EWS/Exchange.asmx from Internet Explorer?

"Cary Shultz" <cshultz@xxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:efcQJpxGJHA.4296@xxxxxxxxxxxxxxxxxxxxxxx
Michael,

No worries. I used to be an MVP for AD and would answer a ton of
questions....

Getting the facts turned around happens sometimes, especially in a post
with as much verbiage as mine!

Anyway, I thought of that situation as well. Not the case,
unfortunately. Pretty much no one in this environment has access to
anyone's mailbox [neither to the full mailbox nor to part of the mailbox
(read: Calendar or Contact, for example)]. So, Joe logs on to the WINXP
SP3 box as Joe and opens up Joe's Mailbox. Sally logs on to the WINXP
SP3 box as Sally and open's up Sally' mailbox. Everyone has his/her own
computer and their is no 'roaming'....in either sense of that word. And,
on top of that, no one has access to anyone else's mailbox.

And, the MX Record is indeed only in the Public DNS (IX WebHosting -
would not suggest that anyone use them...can not do .txt records (read:
SPF) and can not do SRV records). That Public MX record - which points
to the Public WAN IP Address - is indeed 'mail'. That has worked just
swell since I set it up last year. I simply set up - in the Internal
Forward Lookup Zone - that Host record 'mail' and then pointed it -
initiall - to that same Public IP Address as the MX Record. Simply
because the internal domain domain (mydomain.org) is the same as the
public domain name (mydomain.org) and the internal users could not
resolve 'mail.mydomain.org'. This did not resolve the issues. So, at
your suggestion, I changed the internal Host 'mail' to point to the
internal IP Address of the Exchange 2007 Server (just one box). Still, no
love!

Also, Internet Explorer is not misconfigured (Proxy Settings) and there
is no ISA or anything like this involved. Funny thing is...when these
machines were put in place (read: the new Dell workstations running MS
Office 2007) the MS Outlook configured the profile automagically. It
pulled the user's name and the mailbox and there it was! Hey, about the
only thing that I have not done is look at the local machine and check
out to log file...see what is *not* going on there! I may just do that
still....

Anyway, I am pretty much throwing in the towel on this one and going to
call MS-PSS because I have spent a ton of time on this. Way more time
than I should have (but I love a good challenge!).

I will let you know what the problem was once we figure it out.

I wonder if we have this issue at any other clients. Several of our
clients have EXCH2007 (I set up all bt two of them) and are not starting
to move to MS Office 2007.

Mike, Thanks for your persistence on this. It is starting to get a
little frustrating. But, like I said, I like a good challenge. I am
just running out of time (from a buiness perspective...not from a
technical perspective).

Thanks,

Cary



.

Relevant Pages

  • Forcing authentication with a specific DC
    ... authenticates with the firewall through this site. ... is no direct internet access anywhere but in Site A. ... credentials are wrong and to enter new ones. ... but the Citrix server is still ...
    (microsoft.public.win2000.security)
  • RE: Login from Internet
    ... \par - You would like to know how to prevent a user not log on the site from Internet if he didn't input his domain credential. ... \par Microsoft Online Partner Support ... \par Subject: Login from Internet ... they get prompted for their credentials again. ...
    (microsoft.public.sharepoint.portalserver)
  • Re: A little help (kerberos, netbios, and SPN... oh my!)
    ... internet explorer see's the fqdn as a non trusted internet site and ... try adding the fqdn as a trusted site, ... should allow the credentials to be passed. ... this will result in a login prompt, the only problem is they must ...
    (microsoft.public.inetserver.iis.security)
  • Limiting Consultants access via PPTP while allowing ISA web proxy
    ... They all have NT Domain User accounts, which is how they get authenticated ... Works perfectly except now we need to allow them Internet access via the web ... domain before ISA will let them out. ... credentials as expected. ...
    (microsoft.public.isa.vpn)
  • RE: Email send/receive size question - little confused!
    ... an individual user's mailbox but yet for some reason they still couldn't go ... > Thank you for posting in the SBS newsgroup. ... > For Connector setting, the settings for each connector control the maximum ... >>Internet email limit to probably 10MB. ...
    (microsoft.public.windows.server.sbs)
Quantcast