Exchange your Mind

"La connaissance ne vaut que si elle est partagée" / "An effective Knowledge is a shared one"

Exchange 2013 and Windows XP SP3 Outlook 2010 enable to connect the first time!!

Posted by Teruin laurent le mai 30, 2014


Today i have to cope with an Authentication Issue when Outlook 2010 running on Windows XP and try to connect to Outlook Anywhere

Outlook 2010 running on Windows 2008 works fine but not on XP. Outlook for the first time and no way to connect

Below is the production environment

Windows XP professionnel version 5.1 2600 service Pack 3 Nu 2600 X86
Outlook 2010 version 14.7015.1000 32 Bit
Exchange 2013 SP1 Us Version
[PS] C:\Windows\system32>Get-OutlookProvider
Name Server CertPrincipalName TTL
—- —— —————– —
EXCH msstd:*.company.com 1
EXPR msstd:*.company.com 1
WEB 1

[PS] C:\Windows\system32>Get-OutlookAnywhere

RunspaceId : 72996687-448d-44fb-bef2-de48ccd0fa32
ServerName : SRVEXC01
SSLOffloading : True
ExternalHostname : oa.company.com
InternalHostname : oa.company.com
ExternalClientAuthenticationMethod : Negotiate
InternalClientAuthenticationMethod : Negotiate
IISAuthenticationMethods : {Basic, Ntlm, Negotiate}
XropUrl :
ExternalClientsRequireSsl : True
InternalClientsRequireSsl : True
MetabasePath : IIS://SRVEXC01.mrsaero.loc/W3SVC/1/ROOT/Rpc
Path : C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\rpc
ExtendedProtectionTokenChecking : None
ExtendedProtectionFlags : {}
ExtendedProtectionSPNList : {}
AdminDisplayVersion : Version 15.0 (Build 847.32)
Server : SRVEXC01
AdminDisplayName :
ExchangeVersion : 0.20 (15.0.0.0)
Name : Rpc (Default Web Site)
DistinguishedName : CN=Rpc (Default Web Site),CN=HTTP,CN=Protocols,CN=SRVEXC01,CN=Servers,CN=Exchang Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=mrsaero,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=mrsaero,DC=loc
Identity : SRVEXC01\Rpc (Default Web Site)
Guid : 47bf7118-1c00-4add-82a0-172958d49f9d
ObjectCategory : mrsaero.loc/Configuration/Schema/ms-Exch-Rpc-Http-Virtual-Directory
ObjectClass : {top, msExchVirtualDirectory, msExchRpcHttpVirtualDirectory}

 

On the worktation XP

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\.    Lmcompatibilitylevel = 3

I decided to change to ntlm

set-outlookanywhere -identity "SRVEXC01\Rpc (Default Web Site)" -InternalClientAuthenticationMethod ntlm -ExternalClientAuthenticationMethod ntlm
set-outlookanywhere -identity "SRVEXC02\Rpc (Default Web Site)" -InternalClientAuthenticationMethod ntlm -ExternalClientAuthenticationMethod ntlm

and restart the rpc client access service … Same Issue

 

I decided to modify the outlook providers by using
Set-outlookProvider –identity WEB – CertPrincipalName msstd:*.company.com

Reboot the server… same Issue..

Trying to change the authentication method on autodiscover….

Set-autodiscovervirtualdirectory -identity "SRVEXC01\Autodiscover (Default Web Site)" -DigestAuthentication $true
Set-autodiscovervirtualdirectory -identity "SRVEXC02\Autodiscover (Default Web Site)" -DigestAuthentication $true

But it is not that

I download a tool fiddler2 to see what URL is accessed byt the Outlook client when autoconfiguration for the first time is made. And I discover that the Autodiscover was based on local client access FQDN. To have a real test I delete each time the profil user on the XP machine and loggin again.

So I decided to modify the configuration with this cmdlet

get-clientaccessserver | set-clientaccessServer -AutoDiscoverServiceInternalUri https://autodiscover.company.com/Autodiscover/Autodiscover.xml

so now buy using Fiddler acting as as proxy I can see that outlook use the autodiscover FQDN wich is a Load Balanced VIP. But…. Same issue . The worse is when Fiddler is open it works when I close fiddler outlook have an authentication issue


 


A this time no authentication is possible !

 

 

 

 


 

Posted in Exchange 2013 Issues | 1 Comment »

Exchange 2013 ASP.NET : Event ID: 1309 An unhandled exception has occurred

Posted by Teruin laurent le mai 28, 2014


Hi Today suddenly all user cannot connect anymore to OWA . The issue is that the account is correct and the password too.

When I try to open a session I’ve got this in the event log

 

Posted in Non classé | Leave a Comment »

Exchange 2013 The Microsoft Exchange Transport Service Entered the stopped State Event 12025 106 2937 7010 1309

Posted by Teruin laurent le mai 27, 2014


HI all

Today I have to cope with the behavior after a simple reboot on two Mailbox servers. After searching on the net event etc. I decide to open a case.

 

 

Log Name: Application
Source: MSExchangeTransport
Date: 5/27/2014 5:14:24 PM
Event ID: 12025
Task Category: TransportService
Level: Warning
Keywords: Classic
User: N/A
Computer: SrvExc02.mrsaero.loc
Description: Transport service is disconnecting performance counters with process lifetime from their old process.

Event Xml:<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"&gt;
<System>
<Provider Name="MSExchangeTransport" />
<EventID Qualifiers="32772">12025</EventID>
<Level>3</Level>
<Task>12</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2014-05-27T15:14:24.000000000Z" />
<EventRecordID>1378075</EventRecordID>
<Channel>Application</Channel>
<Computer>SrvExc02.mrsaero.loc</Computer>
<Security />
</System>
<EventData>
</EventData>
</Event>

Posted in Non classé | Leave a Comment »

Exchange 2013: ASP.NET 4.0.30319.0 MapiExceptionIllegalCrossServerConnection [SOLVED]

Posted by Teruin laurent le mai 19, 2014


HI all

After fixing the ASPnet Error to give the possibility to my customer to use ECP and OWA (see old post). The Asp.net continue to fault as you can see.
We don’t have any explanation and no more time to spend to fix what I consider as a bug.

Regards
Laurent Teruin

Log Name: Application
Source: ASP.NET 4.0.30319.0
Date: 4/30/2014 8:39:05 AM
Event ID: 1309
Task Category: Web Event
Level: Warning
Exception information:
Exception type: MapiExceptionIllegalCrossServerConnection
Exception message: MapiExceptionIllegalCrossServerConnection: Monitoring mailbox [] with application ID [Client=OWA] is not allowed to make cross-server calls from [SRVEXC01.xxxx.loc] to [SRVEXC02.xxx.loc] at Microsoft.Mapi.CrossServerDiagnostics.BlockCrossServerCall(ExRpcConnectionInfo connectionInfo, String mailboxDescription)

[ MAY 19 ] Deleting the Health User in AD! Restart the Microsoft Exchange Health Manager Service and the mailbox are recreated and no more event!

 

 

Posted in EXCHANGE 2013, Exchange 2013 Issues | Leave a Comment »

Lync 2013 Client : Certificat error when starting a PowerPoint presentation & sorry we ran into a problem displaying the presentation

Posted by Teruin laurent le mai 16, 2014


Hello All

I ve got an issue today when i try to launch a Powerpoint presentation the Lync 2013 client display that there is an certificate error . It is important to take in account that the used workstation is a non-domain joined workstation running windows 8.1 who approve the Internal Ca.


So I immediately check these points

  • From the workstation where the Lync client is executed I can use correctly from the browser the discovery url without any certificate Issue! (https://officeWebapp01.company.xxx/Hosting/discovery)
  • The discovery url is equal to the discovery url that I have declared in the topology.
  • On the Lync FE server I observe the event ID 41032 on the Lync server. So Lync discover the officewebapp server

  • The OfficeWebApp Farm is correctly configured and running

  • The certificate is well positioned on the website and have the correct friendly name which correspond in the farm definition ("office")

  • Everybody approve the internal CA. My workstation too
  • The Officewebapp and the lync server are on the same Vlan
  • I can ping and telnet from my workstation the IIS of Owapp on 443 .

So What is wrong ?

My certificate on the Officewebapp01 is a San. Hummm …

  1. Let remove it and just put a non San certificate
  2. If you use IIS "create certificate request" to make a certificate request, the program don’t put a friendly name in the request … (Windows 2012 Server US version) so you will not be able to link the certificate to the OfficeWebFarm. You can use the MMC Certificat Snapin. If you do this, don’t forget that the Country field only accept two letters. If you put USA or France you will get an error from the Internal Ca who will precise that the subject name is incorrect!. Or Create domain certificate which is easiest.
  3. I created the new certificate binded it to IIS Website for 443 and use set-officewebfarm –certificatename to reprecise the certificate friendly name.
  4. Restart the server and test again
  5. From the Lync Worsktation I could open without any certificate issue the discovery url so now check with Lync 2013 client

  6. Restarting the Lync 2013 client version 15.0.4615.1000. And same issue! Hummm weird !!!!! let inspect the Lync 2013 client logs

  7. Form the log side I can see that my client use the correct url

  8. And in the log I found this: The certificate presented by the WAC Server or Proxy could not be validated."; hummmm Why why why why.. I don’t know ;-)


  9. I decided to modify the iE settings and clear the certificate check close Lync client and restart.

  10. So now the issue is quite different. We are in progress ;-) the error message is very helpful no?

  11. Let’s check the Owapp server Log. For information it is running on windows 2012 standard server with 8 Go of ram and one vcpu (Vmware) and I can observe that
    not really helpful I think. But this appear at each time I try to start the Powerpoint presentation. Let return to the Lync 2013 client
  12. I tried to use a Lync 2010 client on a domain joined workstation (running windows Xp) and… the PowerPoint Prestation works !!!! what is wrong in my kingdom???? It should not be a server side issue? Well let check the owapp version

  13. When typing the error message "sorry we ran into a problem displaying the presentation" I found this link:
    http://blogs.technet.com/b/rischwen/archive/2013/12/03/lync-2013-wac-powerpoint-sharing-broken-windows-8-1-ie11.aspx. Which is .. resolved nice! .
  14. Installing this patch on OWAPP server

  15. Now the Officewebapp run this version
    But the problem is still the same….

 

 

 


 

Posted in 2- LYNC-2013, Lync 2013-Office Web APP | Leave a Comment »

Kemp Exchange 2013 : Comment ça balance ???

Posted by Teruin laurent le mai 14, 2014


Bonjour à tous !

Nous organisons un webinar sur le thème de la répartition de charge autour des solutions Kemp. Les sujets abordés tirés d’infrastructures déployées évoqueront les problématiques spécifiques à l’environnement exchange et les conséquences de la mise en place de répartiteur de charges. Une formation en 50 Minutes !

Venez nombreux !

Pour vous inscrire :
https://www2.gotomeeting.com/register/125981218

Posted in Non classé | Leave a Comment »

Kemp : Mise à jour sécurité pour les HLB

Posted by Teruin laurent le mai 7, 2014



Bonjour à tous

Nos amis de Kemp technologies viennent de publier une mise à jour de leurs firmware pour contrer la menace Heart bleed. A passer rapidement donc

http://forums.kemptechnologies.com/index.php?p=/discussion/20730/heartbleed-vulnerability-patch-available/p1

Cordialement
Laurent Teruin

 

 


 

Posted in EXCHANGE 2013, Lync 2013 - Reverse Proxy | Leave a Comment »

Exchange 2013: Microsoft Connectivity analyzer : weird!

Posted by Teruin laurent le avril 30, 2014


HI All

Today i would like to be certain that my new exchange 2013 infrastructure is well configured. So I started deep checks on all services. From outside I started a new outlook 2013 client, validate the correct auto configuration of Outlook RpcOverHttps. (Outlook Anywhere). Checked the Webservices, the OOF, the Oab the synchronization process etc.. Etc..

All works well. So because I would like to be sure a 100% I used the Microsoft Connectivity Analyzers and with the same account I’ve got this result. Grrr. Could I have a bad result when all functionality are working perfectly? I prefer that than the contrary. ;-). I tried with my corporate hybrid 0365 account. Another issue! but all works fine with outlook with this account too!

 

Well to be certain I used a pure O365 account and the result is ….. LOL ! . Well conclusion: how can I trust this tools!

Posted in EXCHANGE 2013, Exchange 2013 Issues | Leave a Comment »

Exchange 2013: ASP.NET 4.0.30319.0 MapiExceptionIllegalCrossServerConnection

Posted by Teruin laurent le avril 30, 2014


HI all

After fixing the ASPnet Error to give the possibility to my customer to use ECP and OWA (see old post). The Asp.net continue to fault as you can see.
We don’t have any explanation and no more time to spend to fix what I consider as a bug.

Regards
Laurent Teruin

Log Name: Application
Source: ASP.NET 4.0.30319.0
Date: 4/30/2014 8:39:05 AM
Event ID: 1309
Task Category: Web Event
Level: Warning
Exception information:
Exception type: MapiExceptionIllegalCrossServerConnection
Exception message: MapiExceptionIllegalCrossServerConnection: Monitoring mailbox [] with application ID [Client=OWA] is not allowed to make cross-server calls from [SRVEXC01.xxxx.loc] to [SRVEXC02.xxx.loc] at Microsoft.Mapi.CrossServerDiagnostics.BlockCrossServerCall(ExRpcConnectionInfo connectionInfo, String mailboxDescription)

Posted in EXCHANGE 2013, Exchange 2013 Issues | Leave a Comment »

Outlook 2013: OOF no traffic from External (through Kemp) [SOLVED]

Posted by Teruin laurent le avril 24, 2014


HI all

This morning i have to cope with a strange Behavior With outlook 2013. From outside Outlook refuse to connect to OOF Web services.

Well the A record exist the port is listening but the weird behavior is that outlook don’t try to connect to OOF. I use Wireshark to capture all the frames and I can’t see any tentative from my workstation to address the expected public address of the published Webservices. I can see the traffic of RpcOverHttp but absolutely no oof traffic which is published on another IP Address.


The Outlook reaction is very fast to display that OOF is not accessible… Weird. I don’t think for the moment that it is a web services configuration problem.

I try to use another profile to another account (Office 365) and OOF Works.

I have supposed that Outlook 2013 verify when he start if he can access to EWS.

Well after searching and searching I find a tools who records all URL accessed by your workstation. (Proximotron) by using it and indicate in the IE the proxy as localhost 8080. I was able to see what Url is accessed by the Outlook. And in my big surprise. The outlook use from external the internal URL address of Webservices. Intexweb.xxx.aero should be extexweb.xxx.aero.


Don’t ask me why. When I check the autoconfiguration option with Outlook client the result are these one which is not correct.


But when I ask to the Ews configuration internally I can see that the configuration is correct


I decided to change the internal value of these InternalUrl and set the same as external and yes it works.

So Kemp is not in fault. The real question is why the internal urls is used instead of external while using HTTP connection !!

Regards
Laurent Teruin

 

Posted in EXCHANGE 2013, Exchange 2013 Issues | Leave a Comment »

 
Suivre

Recevez les nouvelles publications par mail.

Rejoignez 224 autres abonnés