It was brought to my attention that autodiscover was not behaving correctly externally. I ran it through Microsoft's Exchange connectivity tester @ http://www.testexchangeconnectivity.com/ and received the following output:
To resolve this first simple part I just went into the EMS and gave it an ExternalURL via:
Get-AutodiscoverVirtualDirectory | set-AutodiscoverVirtualDirectory -ExternalUrl https://autodiscover.domain.com/Autodiscover/Autodiscover.xml
I now received this error:
"Failed to ping RPC Endpoint 6004 (NSPI Proxy Interface)"
..and also RPC_S_SERVER_UNAVAILABLE error (0x6ba) was thrown by the RPC Runtime
Most curious about an RPC error at this level. Perhaps a connection between the Hub/Cas and MBX server or MBX server and AD/DCs/GCs? The environment was not 2008, nor was it using IPv6.
The following is what fixed my issue:
Using the configurations here I was able to remedy the situation. Basically what happened was that it could not use DSPROXY via HTTP, and it is a known issue. The fix is to:
1. Changes for Mailbox servers..
a. create a DWORD called "Do Not Refer HTTP to DSProxy" at HKLM\System\CCS\Services\MSExchangeSA\Parameters\ and the value set to 1. This will, as it spells out, stop it from trying to use DSProxy when using HTTP.
b. HKLM\System\CCS\Services\MSExchangeSA \Parameters key "NSPI Target Server" to the FQDN of the domain controller that you would like used for profile creation.
2. Changes for Client Access Servers..
a. Ensure that the "PeriodicPollingMinutes" key at HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeServiceHost\RpcHttpConfigurator\ is set to zero. This will ensure that the system won't continue to over write our settings every 15 minutes.
3. b. Also modify "ValidPorts" at HKLM\Software\Microsoft\RPC\RPCProxy such that it lists the DCs which can be accessed via port 6004. An example of this would be:
domaincontroller.domain.com:6004;domaincontroller2.domain.com:6004
4. Changes for all Global Catalog (GC) servers..
a. Be sure that there is an REG_MULTI_SZ entry created named NSPI interface protocol sequences at HKLM\System\CurrentControlSet\Services\NTDS\Parameters\ and the value set to "ncacn_http:6004"
Testing autodiscover/Outlook anywhere now yields the following output in the connectivity tester:
You can double check these settings by configuring a profile in Outlook, then Ctrl+RightClicking the outlook icon on the system tray, and running "Test E-Mail Autoconfiguration."
For the full explanation I highly recommend reading the official blog post by Siddhartha Mathu at:
Good read!
13 comments:
I confirm that this post fixed my problem. The only thing is that I had to reboot the Mailbox server after the registry entries were input for them to take effect.
Great post. It corrected my problem. Thank you!
Many Thanks for this Post. My Problems habe gone away!
That can be caused by a few things. Often times it will be authentication, or the loopback. Usually the latter.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
Create a new DWORD Value called DisableLoopbackCheck
Set the Value to 1 then reboot the CAS server
plzzz help me...i did everything but still i have same issue... its keep asking password... i did wht u mention here... but still textexchangeconnectivity cant ping RPC:
ttempting to ping RPC proxy webmail.abnigroup.com.
RPC Proxy can't be pinged.
Additional Details
A Web exception occurred because an HTTP 440 - 440 response was received from Unknown.
Must have missed this comment. Feel free to drop me some details on my e-mail if you happen to still be having the issue.
thx it really worked magic
started working only after restarting the server
Colin
You are the man! Thanks, worked like a charm for me too.
Really good explanation - fixed the issue first time after a reboot.
Had been baffled by this for hours before i cam across this blog - Excellent!!
RPC endpoint config together with timeout setting solved my problem! Thanks, very valuable post!
Dude you are the man !!!!!!!!! It took us 2 days to have the system working again after a server crash (array destroyed). Thank you very much, posts like yours change people lives
It really works. I appreciate very much
Thank you for posting this great article it helped a lot in a time of need
Post a Comment