• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

RE: Discussion About article on Publishing Autodiscover Service

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 General] >> General >> RE: Discussion About article on Publishing Autodiscover Service Page: <<   < prev  1 [2]
Login
Message << Older Topic   Newer Topic >>
RE: Discussion About article on Publishing Autodiscover... - 26.Sep.2008 6:51:35 AM   
Jason Jones

 

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
quote:

ORIGINAL: henning

First off, I just want to say thanks to all you folks out there for writing all those wonderful life saving articles. A special thanks to Tom for his insight and hard work.

Most of the time I have just been lurking around soaking up a lot of knowledge here. This time I'd like to share some frustration regarding Exchange 2007.

These days, when when wildcards certs are getting so cheap, around $500 for a 3 -year GoDaddy cert (seems that I cannot bind to UM service), I cannot understand that Exchange 2007 documents do not more clearly sepecify all prereqs needed to make this work. They even state in an article that your almost "home free" if using one. Of course I ended up struggling with the Autodiscover service not working with Outlook's wizard. If it wasn't for Lewinski's : Set-OutlookProvider -identity EXPR -CertPrincipalName msstd:*.mydomain.com. I would probably still be banging my head against the wall. :)

I do still have some problems:

1 TS running WS 2003 x86 with outlook 2007 SP1 installed works flawlessly, even when user hitting the repair profile (A refresh to autodiscover service is made reading the latest info) A GPO is set telling outlook not to invoke the new profile wizard but to read user's email form AD, all perfect.

1 TS running WS 2008 x64 with the exact same setup, join to the same domain, Outlook 2007 SP1. On this server the wizard aborts on the last stage claiming it cannot connect to exchange, presenting the dialog to enter Exchange server name and an appropiate user name, Exchange FQDN server name is there together with the =SMTP:username@domain.com. Hitting check name gives the same error. If entering the DC/GC name in server field I do get names underlined when hitting check name, but after that still no connect. Checking the autodiscover diagnostic log, everything looks fine: Configuration was generated for user@domain.com.


I would appreciate it, if anyone can shed some light on this

Regarding the KCD auth. I think I've got it working. In addition to Jason Jones comprehensive list the clue is: Make sure the ISA server's computer object in AD has been delegated -> Trust this computer for delegation to specified services only -> use any authentication protocol > service:http computer:yourCAS.fqdn.com

I forgot to mention that I have an equal namespace internally/externally with a split DNS.


Regards
Henning S°ilen
Senior Consultant
Norway


Hi Henning,

Just had chance to retest this with a recent customer deployment and I can confirm that the 'Set-OutlookProvider -identity EXPR -CertPrincipalName msstd:*.mydomain.com' command does in fact fix the issues I have seen with using the Outlook 2007 account setup wizard - hurrah!  

I think that I missed the IIS restart step on the CAS servers last time I was testing, but I added this step this time around.

Thankyou very much for this addtional Exchange setting, as it makes the entire solution completely seamless and I can now use the same solution for customers who use indidivual or wildcard certs on ISA for the autodiscovery listener.

I plan to update my blog with a new addendum to the old article to specifically cover the different steps needed when using a wildcard cert on ISA. I will also add the other elements you mentioned in your blog comments.

The nice thing is that I now fully understand why this addtional Exchange setting is necessary and it all falls into place...

Cheers

JJ 

_____________________________

Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to henning)
Post #: 21

Page:   <<   < prev  1 [2] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 General] >> General >> RE: Discussion About article on Publishing Autodiscover Service Page: <<   < prev  1 [2]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts