Hello

we are working on Exchange 2010. Now we decide to disable Mac outlook thus EWS. I did some google and found this post :http://blogs.technet.com/b/matabra/archive/2012/08/23/block-mobile-apps-that-use-exchange-web-services.aspx

It's useful, when i set to single user (set-casmailbox -id  XXXXXX -EWSEnabled: $true -EWSAllowMacOutlook:$False)

But, when i disable it for whole organization, it did't work . (command line: Set-OrganizationConfig -EWSEnabled: $true -EWSAllowMacOutlook:$False) Test user could still receive email via mac outlook.

Any idea? thanks

Go Patriots

We implemented autodiscover for our Exchange 2013 SP1 server and it it almost working properly except for the fact that the settings being pushed to the clients set the server name at the root domain name (i.e. SERVER = domainname.com) instead of the FQDN of the expected server name (i.e. SERVER = server.domainname.com).

The SSL certificate applied to the Exchange Server works fine and has domainname.com, autodiscover.domainname.com and server.domainname.com as acceptable entries

RCA test is finishing successfully and following entries are set into autodiscover.xml file:

<Server>
<Type>MobileSync</Type>
<Url>https://server.domainname.com/Microsoft-Server-ActiveSync</Url>
<Name>https://server.domainname.com/Microsoft-Server-ActiveSync</Name>
</Server>

What should be done in order to have returned server name (on IOS or android) being set to server.domainname.com instead of domainname.com ?

Many thanks for your help.

Cedric

I am experiencing issues that by description match's this KB almost exactly  http://support.microsoft.com/kb/2768774

However my IOS users are on 7.1.2 and we are on Exchange 2010 SP3 RU6. Just wondering if anybody else is seeing this?

I will see this in the active sync logs when it goes wonky and takes over the organizer role.

/Microsoft-Server-ActiveSync/default.easUser=someuser&DeviceId=ApplDLXK18AHF197&DeviceType=iPad&Cmd=MeetingResponse&Log=V141_LdapC1_RpcC19_RpcL78_Pk94416536_Error:ItemNotFound_As:AllowedG_Mbx:_Throttle0_Budget:(A)Conn%3a0%2cHangingConn%3a0%2cAD%3a%24null%2f%24null%2f0%25%2cCAS%3a%24null%2f%24null%2f2%25%2cAB%3a%24null%2f%24null%2f0%25%2cRPC%3a%24null%2f%24null%2f1%25%2cFC%3a1000%2f0%2cPolicy%3aDefaultThrottlingPolicy%5F9929bf1d-9f96-4c0c-a064-f233bf6454f1%2cNorm_

POST/Microsoft-Server-ActiveSync/default.easUser=someuser&DeviceId=ApplDLXK18AHF197&DeviceType=iPad&Cmd=SendMail&Log=V141_LdapC3_LdapL16_RpcC32_RpcL78_Ers1_Pk94416536_Error:UID%3a7E99C04E3E704DF0A94A22C944C294960%2bOrganizerCheck%3aTrue_ClsName:IPM.Schedule.Meeting.Request_MOLk:False_As:AllowedG_Mbx:_Dc:_Throttle0_Budget:(A)Conn%3a0%2cHangingConn%3a0%2cAD%3a%24null%2f%24null%2f0%25%2cCAS%3a%24null%2f%24null%2f4%25%2cAB%3a%24null%2f%24null%2f0%25%2cRPC%3a%24null%2f%24null%2f2%25%2cFC%3a1000%2f0%2cPolicy%3aDefaultThrottlingPolicy%5F9929bf1d-9f96-4c0c-a064-f233bf6454f1%2cNorm

Hey all,

Short version: Our notes fields on contacts is rarely visible in Outlook, but often shows when synced to a device..  Can someone point to something that says how to fix it, or something that says it's not supposed to do so?

Here's the longer version with details...

We use Outlook 2013 and 2010, mailboxes are hosted on our 2013 server and everything is synced via Activesync.  I have a local contacts folder in Outlook that is synced to an iPhone.  If I modify the Notes field for the contact on the iPhone, it never shows up on Outlook.  If I modify it in Outlook, it never shows up on the iPhone.  If I modify it on the iPhone or Outlook, it shows up on an Android.  If I modify it on an Android, it shows up on Outlook and an iPhone.  Here's the kicker...  No matter what I modify it with, it ALWAYS shows up in Outlook Web Access.  

Please keep in mind that I'm referring to a contact in a contact folder in the users' mailbox, NOT a contact from the GAL.  We know the difference.

Can anyone clarify what's happening here?  I've got a user who's driving me nuts about this and she's high enough in the company that this issue will never "go away" without a satisfactory explanation.

--smthng

Hello,

I configured exchange 2013 in my organization. Android, thunderbird and IOS not working with autodiscover.

Windows Phone example Lumia worked with autodiscover correctly.

All needed DNS entry and certificate are uploaded to Exchange.

Test on https://testconnectivity.microsoft.com/  ended successfuly.

Can Android and IOS supported autodiscover.

BR/Lukas

Hello All,

Looking for some suggestions about how to send a wipe (Clear) instruction to mobile device(s) of a user upon termination if they do not go by IT to have access removed 'gently'.

The issue is that while we WANT to wipe the phone we HAVE to remove their network access by disabling their AD account.  There was some discussion internally about whether or not the wipe would work if the AD account is disabled but MS support confirmed that the user does have to authenticate in order to get that wipe command.  

They also mentioned that it can take some time for a password change on the AD account to take effect so you could change the AD password to block the user from accessing the network, send the 'Clear' command and then give it some period of time to see if the user authenticates and the phone is wiped.

This doesn't seem like a good way to do things.  Most people back up their phone data pretty frequently so wiping it might have limited benefit.

Does anyone have a thought on how to achieve both goals - trying to wipe the phone while ensuring that the user cannot access corporate systems through the AD account?  Changing the password for a set period of time MIGHT work but the idea of a process that 'might' work depending on how quickly a password change takes effect seems kludgy at best.  Absent a separate MDM product, anybody have a process that would allow us to wipe the phone without leaving a terminated user active in AD?  We're automating this with an IDM tool so I need something a little more well-defined than 'give it a while and see if it works' ;-)

Hi. We have 2  Server 2012 R2 +Exchange 2013 sp1 servers  which work in DAG. These servers as are CAS servers and database server.

Periodically we observe errors of HTTP 500 at connection through OWA or ActiveSync.
Having started the test on one of servers received such error:

Test-ActiveSyncConnectivity -URL https://e2013a.domain.local/Microsoft-Server-ActiveSync MailboxCredential (get-credential domain\username) | fl

RunspaceId                 : 3565257a-41f0-4cde-9f6d-5fc1c4c829dd

LocalSite                  : Kiev

SecureAccess               : True

VirtualDirectoryName       :

Url                        :

UrlType                    : Unknown

Port                       : 0

ConnectionType             : Plaintext

ClientAccessServerShortName : e2013a

LocalSiteShortName         : Kiev

ClientAccessServer         : e2013a.domain.local

Scenario                   : Options

ScenarioDescription        : Issue an HTTP OPTIONS command to retrieve the Exchange ActiveSync protocol version.

PerformanceCounterName     : DirectPush Latency

Result                     : Failure

Error                      : [System.Net.WebException]: The remote server returned an error: (500) Internal Server Err

                              or.

                             HTTP response headers:

                             request-id: 9db50b60-ccb4-4b86-8aa9-1c9516dcaa8c

                             X-CasErrorCode: DatabaseGuidNotFound

                             X-FailureContext: FrontEnd;500;RGF0YWJhc2VHdWlkTm90Rm91bmQ=;VGhlIGRhdGFiYXNlIHdpdGggSUQgY

                             jYxZThkN2UtODEyOS00Mjk2LWIyN2UtOTY5ZTQ4NGQwZTE0IGNvdWxkbid0IGJlIGZvdW5kLg==;DatabaseGuidN

                             otFound;;

                             X-FEServer: E2013A

                             Content-Length: 0

                             Cache-Control: private

                             Date: Tue, 11 Mar 2014 12:10:47 GMT

                             Server: Microsoft-IIS/8.5

                             X-AspNet-Version: 4.0.30319

                             X-Powered-By: ASP.NET

Where are the instructions to get this configured for Exchange 2013?

I see Microsoft added this functionality back to Exchange Server 2013 in CU5, but I can't find any documentation on how to get this working.

Is it included in the CU5 download notes?  Where is this hidden?

Hi all,

Is Exchange 2013 already support AD RMS for smart phone ? In Exchange 2010, I use GigaTrust or Secure Island.

Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. Krisna Ismayanto | My blogs: Krisna Ismayanto | Twitter:@ikrisna

Hi Guys,

I've setup a test exchange environment which is published via ARR 3.0. It works well. I would now like to start locking it down as it will be on the internet to all addresses

Can I enforce client certificates on the ARR server? I'm unsure if exchange 2013 supports this(we will not be using anything lower than exchange 2013)

Hi 

I have a setup with one CAS server and one Exchange backend server. Serves 4 Domains.

Activesynch is working (both on intranet and internet). owa is working both Networks too.

heres some test data (domain and such stuff have been sanitized contoso.com is the excernal name, contoso is the internal name, casserver is the CAS Server etc.

my autodiscover is on https://mail.contoso.com/autodiscover/autodiscover.xml

any http on autodiscovery.* (my 4 domains) will do a 302 redirect to https://mail.contoso.com/autodiscover/autodiscover.xml

browsing https://mail.contoso.com/autodiscover/autodiscover.XML from intranet or internet yields this response (after providing username and password

<Autodiscover><Response><Error Time="09:32:02.3112517" Id="2271660173"><ErrorCode>600</ErrorCode><Message>Invalid Request</Message><DebugData/></Error></Response></Autodiscover>

Other Things I've done to help showing the configuration: 

1. Test autodiscover configuration: Test-OutlookWebServices -ClientAccessServer "casserver"

[PS] C:\Program Files\Microsoft\Exchange Server\V14\Scripts>Test-OutlookWebServices -ClientAccessServer casserver

RunspaceId : 735fd88b-e9e1-4350-b7d7-c0aca66ebecd
Id         : 1019
Type       : Information
Message    : A valid Autodiscover service connection point was found. The Autodiscover URL on this object is https://casserver.contoso.com/Autodiscover/Autodiscover.xml.

RunspaceId : 735fd88b-e9e1-4350-b7d7-c0aca66ebecd
Id         : 1013
Type       : Error
Message    : When contacting https://casserver.contoso.com/Autodiscover/Autodiscover.xml received the error The remote server returned an error: (404) Not Found.

RunspaceId : 735fd88b-e9e1-4350-b7d7-c0aca66ebecd
Id         : 1023
Type       : Error
Message    : The Autodiscover service couldn't be contacted.

RunspaceId : 735fd88b-e9e1-4350-b7d7-c0aca66ebecd
Id         : 1013
Type       : Error
Message    : When contacting https://casserver.contoso.com/EWS/Exchange.asmx received the error The request failed with HTTP status 404: Not Found.

RunspaceId : 735fd88b-e9e1-4350-b7d7-c0aca66ebecd
Id         : 1025
Type       : Error
Message    : [EXCH] Error contacting the AS service at https://casserver.contoso.com/EWS/Exchange.asmx. Elapsed time was 437 milliseconds.

RunspaceId : 735fd88b-e9e1-4350-b7d7-c0aca66ebecd
Id         : 1013
Type       : Error
Message    : When contacting https://casserver.contoso.com/EWS/Exchange.asmx received the error The remote server returned an error: (404) Not Found.

RunspaceId : 735fd88b-e9e1-4350-b7d7-c0aca66ebecd
Id         : 1027
Type       : Error
Message    : [EXCH] Error contacting the UM service at https://casserver.contoso.com/EWS/Exchange.asmx. Elapsed time was 0 milliseconds.

RunspaceId : 735fd88b-e9e1-4350-b7d7-c0aca66ebecd
Id         : 1013
Type       : Error
Message    : When contacting https://mail.contoso.com/ews/exchange.asmx received the error Client found response content type of '', but expected 'text/xml'.
             The request failed with an empty response.

RunspaceId : 735fd88b-e9e1-4350-b7d7-c0aca66ebecd
Id         : 1025
Type       : Error
Message    : [EXPR] Error contacting the AS service at https://mail.contoso.com/ews/exchange.asmx. Elapsed time was 468 milliseconds.

RunspaceId : 735fd88b-e9e1-4350-b7d7-c0aca66ebecd
Id         : 1026
Type       : Success
Message    : [EXPR] Successfully contacted the UM service at https://mail.contoso.com/ews/exchange.asmx. The elapsed time was 140 milliseconds.

RunspaceId : 735fd88b-e9e1-4350-b7d7-c0aca66ebecd
Id         : 1113
Type       : Error
Message    : When contacting https://casserver.contoso.com/ews/exchange.asmx received the error The request failed with HTTP status 404: Not Found.

RunspaceId : 735fd88b-e9e1-4350-b7d7-c0aca66ebecd
Id         : 1125
Type       : Error
Message    : [Server] Error contacting the AS service at https://casserver.contoso.com/ews/exchange.asmx. Elapsed time was 0 milliseconds.

RunspaceId : 735fd88b-e9e1-4350-b7d7-c0aca66ebecd
Id         : 1113
Type       : Error
Message    : When contacting https://casserver.contoso.com/ews/exchange.asmx received the error The remote server returned an error: (404) Not Found.

RunspaceId : 735fd88b-e9e1-4350-b7d7-c0aca66ebecd
Id         : 1127
Type       : Error
Message    : [Server] Error contacting the UM service at https://casserver.contoso.com/ews/exchange.asmx. Elapsed time was 0 milliseconds.

[PS] C:\Program Files\Microsoft\Exchange Server\V14\Scripts>

2. Ping and browse https://mydomain/autodiscover/autodiscover.xm

Browse https://casserver/autodiscover/autodiscover.XML = 404

ping casserver Works OK

note above about https://mail.contoso.com/autodiscover/autodiscover.XML actually Works.

3. If you are testing from outside, test https://autodiscover.mydomain/autodiscover/autodiscover.xml

See 2

4. Test autodiscover virtual diretories: Get-AutodiscoverVirtualDirectory |FL

[PS] C:\Program Files\Microsoft\Exchange Server\V14\Scripts>Get-AutodiscoverVirtualDirectory |FL

RunspaceId                      : 735fd88b-e9e1-4350-b7d7-c0aca66ebecd
Name                            : Autodiscover (Default Web Site)
InternalAuthenticationMethods   : {Basic, Ntlm, WindowsIntegrated}
ExternalAuthenticationMethods   : {Basic, Ntlm, WindowsIntegrated}
LiveIdSpNegoAuthentication      : False
WSSecurityAuthentication        : False
LiveIdBasicAuthentication       : False
BasicAuthentication             : True
DigestAuthentication            : False
WindowsAuthentication           : True
MetabasePath                    : IIS://casserver.contoso.com/W3SVC/1/ROOT/Autodiscover
Path                            : C:\Program Files\Microsoft\Exchange Server\V14\ClientAccess\Autodiscover
ExtendedProtectionTokenChecking : None
ExtendedProtectionFlags         : {}
ExtendedProtectionSPNList       : {}
Server                          : CASSERVER
InternalUrl                     :
ExternalUrl                     :
AdminDisplayName                :
ExchangeVersion                 : 0.10 (14.0.100.0)
DistinguishedName               : CN=Autodiscover (Default Web Site),CN=HTTP,CN=Protocols,CN=CASSERVER,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=contoso,DC=com
Identity                        : CASSERVER\Autodiscover (Default Web Site)
Guid                            : 9f99c3b7-f63f-474c-899d-72c6d4f5d480
ObjectCategory                  : contoso.com/Configuration/Schema/ms-Exch-Auto-Discover-Virtual-Directory
ObjectClass                     : {top, msExchVirtualDirectory, msExchAutoDiscoverVirtualDirectory}
WhenChanged                     : 29-08-2014 02:45:44
WhenCreated                     : 29-08-2014 02:46:03
WhenChangedUTC                  : 29-08-2014 00:45:44
WhenCreatedUTC                  : 29-08-2014 00:46:03
OrganizationId                  :
OriginatingServer               : adserver.contoso.com
IsValid                         : True

[PS] C:\Program Files\Microsoft\Exchange Server\V14\Scripts>

5. Also Checked my Certificate:

The certificate is a signed UCC / SAN certificate from my own authority it contains the following (sanitized) information:

Certificate:
Identity / Subject:
casserver.contoso.com

SAN
dns=casserver.contoso.com
dns=mail.contoso.com
dns=autodiscover.contoso.com
dns=mail.domain2.com
dns=autodiscover.domain2.com
dns=mail.domain4.com
dns=autodiscover.domain4.com
dns=mail.domain3.com
dns=autodiscover.domain3.com
dns=contoso.com
dns=domain2.com
dns=domain4.com
dns=domain3.com
dns=casserver

6. Tried resetting the Autodiscovery Virtual Directory.

7. Testing on https://testconnectivity.microsoft.com/ (remote Connectivity Analyzer):

Exchange ActiveSync Autodiscover:

<?xml version="1.0" encoding="utf-8"?><testresult status="Error" errorid="734044ef-11c2-4e30-9ee6-450d49e9d92c" contentUrl="" testdescription="Attempting the Autodiscover and Exchange ActiveSync test (if requested)." resultdescription="Testing of Autodiscover for Exchange ActiveSync failed." additionaldetails="" elapsedMilliseconds="22354"><children><testresult status="Error" errorid="734044ef-11c2-4e30-9ee6-450d49e9d92c" contentUrl="" testdescription="Attempting each method of contacting the Autodiscover service." resultdescription="The Autodiscover service couldn't be contacted successfully by any method." additionaldetails="" elapsedMilliseconds="22354"><children><testresult status="Error" errorid="734044ef-11c2-4e30-9ee6-450d49e9d92c" contentUrl="" testdescription="Attempting to test potential Autodiscover URL https://contoso.com:443/Autodiscover/Autodiscover.xml" resultdescription="Testing of this potential Autodiscover URL failed." additionaldetails="" elapsedMilliseconds="17286"><children><testresult status="Success" errorid="00000000-0000-0000-0000-000000000000" contentUrl="" testdescription="Attempting to resolve the host name contoso.com in DNS." resultdescription="The host name resolved successfully." additionaldetails="IP addresses returned: 255.255.255.255" elapsedMilliseconds="332"><children /></testresult><testresult status="Success" errorid="00000000-0000-0000-0000-000000000000" contentUrl="" testdescription="Testing TCP port 443 on host contoso.com to ensure it's listening and open." resultdescription="The port was opened successfully." additionaldetails="" elapsedMilliseconds="293"><children /></testresult><testresult status="Success" errorid="734044ef-11c2-4e30-9ee6-450d49e9d92c" contentUrl="" testdescription="Testing the SSL certificate to make sure it's valid." resultdescription="The certificate passed all validation requirements." additionaldetails="" elapsedMilliseconds="15540"><children><testresult status="Success" errorid="00000000-0000-0000-0000-000000000000" contentUrl="" testdescription="The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server contoso.com on port 443." resultdescription="The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate." additionaldetails="Remote Certificate Subject: CN=casserver.contoso.com, OU=contoso, O=contoso, L=City, S=State, C=US, Issuer: CN=my-ca-autority, DC=contoso, DC=com." elapsedMilliseconds="15517"><children /></testresult><testresult status="Success" errorid="00000000-0000-0000-0000-000000000000" contentUrl="" testdescription="Validating the certificate name." resultdescription="The certificate name was validated successfully." additionaldetails="Host name contoso.com was found in the Certificate Subject Alternative Name entry." elapsedMilliseconds="0"><children /></testresult><testresult status="Success" errorid="00000000-0000-0000-0000-000000000000" contentUrl="" testdescription="Testing the certificate date to confirm the certificate is valid." resultdescription="Date validation passed. The certificate hasn't expired." additionaldetails="The certificate is valid. NotBefore = 8/28/2014 11:15:35 PM, NotAfter = 8/27/2016 11:15:35 PM" elapsedMilliseconds="0"><children /></testresult></children></testresult><testresult status="Success" errorid="00000000-0000-0000-0000-000000000000" contentUrl="" testdescription="Checking the IIS configuration for client certificate authentication." resultdescription="Client certificate authentication wasn't detected." additionaldetails="Accept/Require Client Certificates isn't configured." elapsedMilliseconds="679"><children /></testresult><testresult status="Error" errorid="734044ef-11c2-4e30-9ee6-450d49e9d92c" contentUrl="" testdescription="Attempting to send an Autodiscover POST request to potential Autodiscover URLs." resultdescription="Autodiscover settings weren't obtained when the Autodiscover POST request was sent." additionaldetails="" elapsedMilliseconds="440"><children><testresult status="Error" errorid="12f4b21a-7e8d-4c95-b4a8-f4608e7d73b0" contentUrl="" testdescription="The Microsoft Connectivity Analyzer is attempting to retrieve an XML Autodiscover response from URL https://contoso.com:443/Autodiscover/Autodiscover.xml for user ohm@contoso.com." resultdescription="The Microsoft Connectivity Analyzer failed to obtain an Autodiscover XML response." additionaldetails="A Web exception occurred because an HTTP 404 - NotFound response was received from Unknown.&#xD;&#xA;HTTP Response Headers:&#xD;&#xA;Connection: close&#xD;&#xA;Content-Length: 315&#xD;&#xA;Content-Type: text/html; charset=us-ascii&#xD;&#xA;Date: Fri, 29 Aug 2014 07:46:13 GMT&#xD;&#xA;Server: Microsoft-HTTPAPI/2.0&#xD;&#xA;" elapsedMilliseconds="440"><children /></testresult></children></testresult></children></testresult><testresult status="Error" errorid="734044ef-11c2-4e30-9ee6-450d49e9d92c" contentUrl="" testdescription="Attempting to test potential Autodiscover URL https://autodiscover.contoso.com:443/Autodiscover/Autodiscover.xml" resultdescription="Testing of this potential Autodiscover URL failed." additionaldetails="" elapsedMilliseconds="2303"><children><testresult status="Success" errorid="00000000-0000-0000-0000-000000000000" contentUrl="" testdescription="Attempting to resolve the host name autodiscover.contoso.com in DNS." resultdescription="The host name resolved successfully." additionaldetails="IP addresses returned: 255.255.255.255" elapsedMilliseconds="321"><children /></testresult><testresult status="Success" errorid="00000000-0000-0000-0000-000000000000" contentUrl="" testdescription="Testing TCP port 443 on host autodiscover.contoso.com to ensure it's listening and open." resultdescription="The port was opened successfully." additionaldetails="" elapsedMilliseconds="347"><children /></testresult><testresult status="Success" errorid="734044ef-11c2-4e30-9ee6-450d49e9d92c" contentUrl="" testdescription="Testing the SSL certificate to make sure it's valid." resultdescription="The certificate passed all validation requirements." additionaldetails="" elapsedMilliseconds="505"><children><testresult status="Success" errorid="00000000-0000-0000-0000-000000000000" contentUrl="" testdescription="The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server autodiscover.contoso.com on port 443." resultdescription="The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate." additionaldetails="Remote Certificate Subject: CN=casserver.contoso.com, OU=contoso, O=contoso, L=City, S=State, C=US, Issuer: CN=my-ca-autority, DC=contoso, DC=com." elapsedMilliseconds="483"><children /></testresult><testresult status="Success" errorid="00000000-0000-0000-0000-000000000000" contentUrl="" testdescription="Validating the certificate name." resultdescription="The certificate name was validated successfully." additionaldetails="Host name autodiscover.contoso.com was found in the Certificate Subject Alternative Name entry." elapsedMilliseconds="0"><children /></testresult><testresult status="Success" errorid="00000000-0000-0000-0000-000000000000" contentUrl="" testdescription="Testing the certificate date to confirm the certificate is valid." resultdescription="Date validation passed. The certificate hasn't expired." additionaldetails="The certificate is valid. NotBefore = 8/28/2014 11:15:35 PM, NotAfter = 8/27/2016 11:15:35 PM" elapsedMilliseconds="0"><children /></testresult></children></testresult><testresult status="Success" errorid="00000000-0000-0000-0000-000000000000" contentUrl="" testdescription="Checking the IIS configuration for client certificate authentication." resultdescription="Client certificate authentication wasn't detected." additionaldetails="Accept/Require Client Certificates isn't configured." elapsedMilliseconds="676"><children /></testresult><testresult status="Error" errorid="734044ef-11c2-4e30-9ee6-450d49e9d92c" contentUrl="" testdescription="Attempting to send an Autodiscover POST request to potential Autodiscover URLs." resultdescription="Autodiscover settings weren't obtained when the Autodiscover POST request was sent." additionaldetails="" elapsedMilliseconds="451"><children><testresult status="Error" errorid="12f4b21a-7e8d-4c95-b4a8-f4608e7d73b0" contentUrl="" testdescription="The Microsoft Connectivity Analyzer is attempting to retrieve an XML Autodiscover response from URL https://autodiscover.contoso.com:443/Autodiscover/Autodiscover.xml for user ohm@contoso.com." resultdescription="The Microsoft Connectivity Analyzer failed to obtain an Autodiscover XML response." additionaldetails="A Web exception occurred because an HTTP 404 - NotFound response was received from Unknown.&#xD;&#xA;HTTP Response Headers:&#xD;&#xA;Connection: close&#xD;&#xA;Content-Length: 315&#xD;&#xA;Content-Type: text/html; charset=us-ascii&#xD;&#xA;Date: Fri, 29 Aug 2014 07:46:15 GMT&#xD;&#xA;Server: Microsoft-HTTPAPI/2.0&#xD;&#xA;" elapsedMilliseconds="451"><children /></testresult></children></testresult></children></testresult><testresult status="Error" errorid="734044ef-11c2-4e30-9ee6-450d49e9d92c" contentUrl="" testdescription="Attempting to contact the Autodiscover service using the HTTP redirect method." resultdescription="The attempt to contact Autodiscover using the HTTP Redirect method failed." additionaldetails="" elapsedMilliseconds="2487"><children><testresult status="Success" errorid="00000000-0000-0000-0000-000000000000" contentUrl="" testdescription="Attempting to resolve the host name autodiscover.contoso.com in DNS." resultdescription="The host name resolved successfully." additionaldetails="IP addresses returned: 255.255.255.255" elapsedMilliseconds="8"><children /></testresult><testresult status="Success" errorid="00000000-0000-0000-0000-000000000000" contentUrl="" testdescription="Testing TCP port 80 on host autodiscover.contoso.com to ensure it's listening and open." resultdescription="The port was opened successfully." additionaldetails="" elapsedMilliseconds="161"><children /></testresult><testresult status="Success" errorid="00000000-0000-0000-0000-000000000000" contentUrl="" testdescription="The Microsoft Connectivity Analyzer is checking the host autodiscover.contoso.com for an HTTP redirect to the Autodiscover service." resultdescription="The redirect (HTTP 301/302) response was received successfully." additionaldetails="Redirect URL: https://mail.contoso.com/Autodiscover/Autodiscover.xml&#xD;&#xA;HTTP Response Headers:&#xD;&#xA;Content-Length: 179&#xD;&#xA;Content-Type: text/html; charset=UTF-8&#xD;&#xA;Date: Fri, 29 Aug 2014 07:46:15 GMT&#xD;&#xA;Location: https://mail.contoso.com/Autodiscover/Autodiscover.xml&#xD;&#xA;Server: Microsoft-IIS/7.5&#xD;&#xA;X-Powered-By: ASP.NET&#xD;&#xA;" elapsedMilliseconds="310"><children /></testresult><testresult status="Error" errorid="734044ef-11c2-4e30-9ee6-450d49e9d92c" contentUrl="" testdescription="Attempting to test potential Autodiscover URL https://mail.contoso.com/Autodiscover/Autodiscover.xml" resultdescription="Testing of this potential Autodiscover URL failed." additionaldetails="" elapsedMilliseconds="2006"><children><testresult status="Success" errorid="00000000-0000-0000-0000-000000000000" contentUrl="" testdescription="Attempting to resolve the host name mail.contoso.com in DNS." resultdescription="The host name resolved successfully." additionaldetails="IP addresses returned: 255.255.255.255" elapsedMilliseconds="368"><children /></testresult><testresult status="Success" errorid="00000000-0000-0000-0000-000000000000" contentUrl="" testdescription="Testing TCP port 443 on host mail.contoso.com to ensure it's listening and open." resultdescription="The port was opened successfully." additionaldetails="" elapsedMilliseconds="169"><children /></testresult><testresult status="Success" errorid="734044ef-11c2-4e30-9ee6-450d49e9d92c" contentUrl="" testdescription="Testing the SSL certificate to make sure it's valid." resultdescription="The certificate passed all validation requirements." additionaldetails="" elapsedMilliseconds="354"><children><testresult status="Success" errorid="00000000-0000-0000-0000-000000000000" contentUrl="" testdescription="The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server mail.contoso.com on port 443." resultdescription="The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate." additionaldetails="Remote Certificate Subject: CN=casserver.contoso.com, OU=contoso, O=contoso, L=City, S=State, C=US, Issuer: CN=my-ca-autority, DC=contoso, DC=com." elapsedMilliseconds="329"><children /></testresult><testresult status="Success" errorid="00000000-0000-0000-0000-000000000000" contentUrl="" testdescription="Validating the certificate name." resultdescription="The certificate name was validated successfully." additionaldetails="Host name mail.contoso.com was found in the Certificate Subject Alternative Name entry." elapsedMilliseconds="0"><children /></testresult><testresult status="Success" errorid="00000000-0000-0000-0000-000000000000" contentUrl="" testdescription="Testing the certificate date to confirm the certificate is valid." resultdescription="Date validation passed. The certificate hasn't expired." additionaldetails="The certificate is valid. NotBefore = 8/28/2014 11:15:35 PM, NotAfter = 8/27/2016 11:15:35 PM" elapsedMilliseconds="0"><children /></testresult></children></testresult><testresult status="Success" errorid="00000000-0000-0000-0000-000000000000" contentUrl="" testdescription="Checking the IIS configuration for client certificate authentication." resultdescription="Client certificate authentication wasn't detected." additionaldetails="Accept/Require Client Certificates isn't configured." elapsedMilliseconds="669"><children /></testresult><testresult status="Error" errorid="734044ef-11c2-4e30-9ee6-450d49e9d92c" contentUrl="" testdescription="Attempting to send an Autodiscover POST request to potential Autodiscover URLs." resultdescription="Autodiscover settings weren't obtained when the Autodiscover POST request was sent." additionaldetails="" elapsedMilliseconds="445"><children><testresult status="Error" errorid="a28be452-a4b2-419c-851a-37f441f3120e" contentUrl="" testdescription="The Microsoft Connectivity Analyzer is attempting to retrieve an XML Autodiscover response from URL https://mail.contoso.com/Autodiscover/Autodiscover.xml for user ohm@contoso.com." resultdescription="The Microsoft Connectivity Analyzer failed to obtain an Autodiscover XML response." additionaldetails="An HTTP 500 response was returned from Unknown.&#xD;&#xA;HTTP Response Headers:&#xD;&#xA;Content-Length: 0&#xD;&#xA;Cache-Control: private&#xD;&#xA;Date: Fri, 29 Aug 2014 07:46:18 GMT&#xD;&#xA;Server: Microsoft-IIS/7.5&#xD;&#xA;X-AspNet-Version: 2.0.50727&#xD;&#xA;X-Powered-By: ASP.NET&#xD;&#xA;" elapsedMilliseconds="444"><children /></testresult></children></testresult></children></testresult></children></testresult><testresult status="Error" errorid="734044ef-11c2-4e30-9ee6-450d49e9d92c" contentUrl="" testdescription="Attempting to contact the Autodiscover service using the DNS SRV redirect method." resultdescription="The Microsoft Connectivity Analyzer failed to contact the Autodiscover service using the DNS SRV redirect method." additionaldetails="" elapsedMilliseconds="132"><children><testresult status="Error" errorid="8249cc81-d0ce-43d2-b319-48ceadb1bfe7" contentUrl="http://go.microsoft.com/?linkid=9843849" testdescription="Attempting to locate SRV record _autodiscover._tcp.contoso.com in DNS." resultdescription="The Autodiscover SRV record wasn't found in DNS." additionaldetails="" elapsedMilliseconds="132"><children /></testresult></children></testresult><testresult status="Warning" errorid="c0f75b77-072c-48d5-ab17-eebc99a4b3d9" contentUrl="http://go.microsoft.com/?linkid=9843786" testdescription="Checking if there is an autodiscover CNAME record in DNS for your domain 'contoso.com' for Office 365." resultdescription="Failed to validate autodiscover CNAME record in DNS. If your mailbox isn't in Office 365, you can ignore this warning." additionaldetails="There is no Autodiscover CNAME record for your domain 'contoso.com'." elapsedMilliseconds="145"><children /></testresult></children></testresult></children></testresult>

8. Testing Autodiscover from Exchange Client (intranet):

SMTP=me@contoso.com
Attempting URL https://casserver.contoso.com/Autodiscover/Autodiscover.xml Found Through SCP
Autodiscover to https://casserver.contoso.com/Autodiscover/Autodiscover.xml starting
GetLastError=0;httpStatus=404.
... more errors...
Redirect Check to http:/autodiscover.contoso.com/Autodiscover/Autodiscover.xml starting
(recieves redirect)
Autodiscover to https://mail.contoso.com/Autodiscover/Autodiscover.xml starting
GetLastError=0;httpStatus=500.
..SRV Attempt..
.Fails.
End of tests.

(sorry for lack of details in this test) - the tests done by Outlook has to be transcribed by hand :-(

I hope anyone out there can help me resolve my issue.

Regards,

Henrik

I will try and make this question as clear as I can-

We recently switched from an on-prem Exchange to Exchange online. Previously, the only three ways of accessing our email was VPN, ActiveSync and webmail. However, it now appears that any user can use any device that accepts an Exchange email account and start getting their emails. I understand this is the idea of cloud email, but as a HIPAA organization, this presents a serious security risk. My question is this-how can I track how users access email? I know I can limit things based on IP(http://technet.microsoft.com/en-us/library/hh526961(v=ws.10).aspx), but then it would work if they had a VPN connection and we allow certain users to access our servers using their home PC if they use a VPN connection. But now they do not need that. 

Is there any way to track what devices and users are accessing our hosted Exchange environment, or is this just the nature of hosted email?

Hi, getting error below and I'm sure its to do with Time Out on Load Balancing, anyone confirm as don't want to mess around with IIS...

Currently timeout is set to 5mins on LB...

Thanks!

In preparation for enabling the default Quarantine action of new ActiveSync devices I white-listed all existing devices by adding them to the AllowedActiveSyncDeviceID attribute of each users respective mailbox.

After I enabled the quarantine and set the administrative email several quarantine approval emails were sent to the admin email specified for devices on the allowed list for the mailbox.  However it doesn't appear that users were actually quarantined.

If I run the following command I get devices returned as being quarantined:

Get-ActiveSyncDevice | where-object {$_.DeviceAccessstate -contains "quarantined"}

If I run THIS command which should be querying the same attribute but using the -Filter I get no results:

Get-ActiveSyncDevice -Filter "DeviceAccessState -eq 'quarantined'" -ResultSize Unlimited.  If I use this same command filtering for "Allowed" it returns all devices that have been allowed.

On top of this I have several users who have had all their devices added to the ActiveSyncAllowedDeviceID attribute on their mailbox but if I look at their mailbox through ECP one or more of those allowed devices are still marked as Quarantined and it won't let me allow them - it just sits there with "Allow Device - Pending".  Yet it doesn't appear they are actually quarantined as I've had no reports of them unable to access their mailbox on their device.

Can anyone suggest why those two commands are returning different results when they are querying the same attribute?

And also, why some devices are still appearing as quarantined through ECP even though they don't seem to be through PowerShell nor will they allow me to allow them through ECP?

Thanks

Hello,

I am currently migrating from Exchange 2010 to Exchange 2013 (CU5) and am encountering problems with the proxying of ActiveSync from 2013 to 2010.

Users who still have a mailbox on Exchange 2010 will receive an error that the server cannot be reached on their iPhones. We are using Client Certificate-based Authentication, which is working fine for users that have a mailbox on Exchange 2013.

We are using self-signed certificates and have made sure the root cert and client cert are on the phones with the iPhone Configuration Utility.
The iPhones are connecting to the Exchange 2013 CAS Servers from the Internet via a NAT rule on the firewall, which was used for the 2010 CAS servers before. We only changed the destination IP. It is not working on the LAN either.

All other Exchange services work fine. OWA via Exchange 2013 is running smoothly for users who are still on Exchange 2010.

I hope anyone can shed some light on this issue for me. I will gladly supply any further information needed.

Regards,
Arjan.

Hi, we are trying to figure out how we can get users to authenticate using certificates via a NetScaler.

Is this done using kerberos / KCD? And what are the requirements/steps on Exchange and NetScaler?

It seems that the domain, lets say its contoso.com is not the same as the primary entry on the certificate with is a name of the realm in active directory. (not sure what it means).

Is this doable in any way or must the certificate match the domainname/upn?

Hi,

We currently have 2 servers on with Exchange 2010 and one with 2013 in a Coexistence config, so far most things seem to work except Activesync.

The problem arises when I try to connect a new device to an account with a mailbox on the new server, I can see that the device gets neglected with the following error in IIS logs SAMSUNG-GT-I9300/101.403 - 401 1 1326 265 

My current settings on the respective server can be summarized to the following:

2010 CAS:

InternalUrl                                : https://webmail.mydomainname.com/Microsoft-Server-ActiveSync

ExternalUrl    

BasicAuthEnabled                           : True
WindowsAuthEnabled                         : False

2013 CAS

InternalUrl                                : https://webmail.mydomainname.com/Microsoft-Server-ActiveSync

ExternalUrl     : https://webmail.mydomainname.com/Microsoft-Server-ActiveSync

BasicAuthEnabled                           : True
WindowsAuthEnabled                         : False

Owa is working properly for all mailboxes and outlook is working almost perfect, except that the users need to fill in credentials once after mailboxes have been migrated to the 2013 server (NTLM is configured for both internal and external clients) and CAS 2010 have basic and NTLM under IISAuthenticationMethods) 

I have run both the Exchange Activesync and Exchange activeync autodiscover tests witht the ExRCA and both test succeds and I can see succesfull connection attempts in the IIS log.

I would really appreciate some troubleshooting tips and tricks,

BRgds 

Cris