Many of us subconsciously assume that "client" means
Outlook, but it's not the only client software (or device) capable of
accessing Exchange Server 2010. Outlook is the most popular, but
there's also Outlook Web App and ActiveSync-enabled devices like
Windows Mobile smartphones and Apple's iPhone. Despite the obvious
differences between these devices, they all rely on the same basic
mechanisms to connect—locating the Client Access server and connecting
to the appropriate interface. They also depend on the health and proper
configuration of network resources, including IP address schemes, site
definitions, and DNS records and zones.
Before troubleshooting the server components, it's a good idea to test the following:
Verify that the client can successfully ping
the Client Access server by both IP and fully qualified domain name. If
the forest includes multiple domains, ping the Client Access server by
short (NetBIOS) name as well so that you can verify that NetBIOS names
are being resolved correctly.
For a mobile device, verify that the device can access Internet-based content by browsing to a known website.
Verify the username and password combination for the mailbox you're attempting to access.
If these tests fail, the problem may not be unique to Exchange.
1. Troubleshooting Autodiscover
The most important initial consideration for Outlook
client connectivity (specifically Outlook 2007 and the upcoming Outlook
2010) is the Autodiscover service.The Autodiscover service generates an XML file with all the appropriate
user settings and sends it to Outlook, which then uses that information
to connect the user to his or her mailbox. But how does Outlook even
know where to find Autodiscover in the first place? Depending on the
client's location (on the corporate network or the Internet), the
client will either check Active Directory for an appropriate record or
look for a specific URL. There are a few different ways to check this,
all of them very useful.
1.1. Internal Clients
Internal clients connect to Active Directory and
check for the service connection point (SCP) records, which are
automatically published as part of the setup process. One easy way to
validate Autodiscover for internal clients is with Outlook 2007 or
2010's Test E-mail AutoConfiguration option. This useful little feature
was introduced in Outlook 2007 and simply goes through the steps for
Autodiscover without making changes to current configuration. To access
this wizard, simply start Outlook, Ctrl+right-click the Outlook icon in
the notification area (system tray), and then select Test E-mail
AutoConfiguration from the context menu. You can see a sample of the
Test E-mail AutoConfiguration tool in Figure 1.
After providing appropriate user credentials and
ensuring that only the check box for Use AutoDiscover is selected,
click Test to begin the configuration check. The AutoConfiguration test
checks for much more than just Autodiscover: it also locates
Availability Service, OOF, Offline Address Book, Unified Messaging,
Outlook Web App, and Exchange Control Panel URLs, making this one of
the most useful client-based configuration tools.
If the AutoConfiguration test fails, the tool will
display an error message. The four most common error codes, along with
root causes, are listed in Table 1.
Table 1. Common AutoConfiguration Error Codes
| Code | Meaning |
|---|
| 0x80072EE7 – ERROR_INTERNET_NAME_NOT_RESOLVED | This error is usually caused by a missing host record for the Autodiscover service in the Domain Naming service. |
| 0X80072F17 – ERROR_INTERNET_SEC_CERT_ERRORS | This
error is usually caused by an incorrect certificate configuration on
the Exchange computer that has the Client Access server role installed. |
| 0X80072EFD – ERROR_INTERNET_CANNOT_CONNECT | This error is usually caused by issues that are related to Domain Naming service. |
| 0X800C820A – E_AC_NO_SUPPORTED_SCHEMES | This error is usually caused by incorrect security settings in Outlook. |
The AutoConfiguration test also works for external
Outlook clients (including those connecting via Outlook Anywhere), so
it's useful for the External Clients scenario listed next.
1.2. External Clients
If external clients can't connect to Exchange, you
may need to ensure that you've configured your environment for external
access for the appropriate clients. Hopefully you've already done this,
but if you haven't, here's what you need to do for an organization
named somorita.com:
To configure the external Autodiscover name for Outlook Anywhere, the appropriate command is Enable-OutlookAnywhere -Server CAS01 -ExternalHostname "mail.somorita.com" -ExternalAuthenticationMethod "Basic" -SSLOffloading:$False.
The equivalent command for Web Service clients is Set-WebServicesVirtualDirectory -identity "CAS01\EWS (Default Web Site)" -externalurl https://mail.somorita.com/EWS/Exchange.asmx -BasicAuthentication:$True. In each case you'll obviously need to substitute your own domain namespace.
The equivalent command for ActiveSync clients is Set-ActiveSyncVirtualDirectory -identity "CAS01\Microsoft-Server-ActiveSync (Default Web Site)" -externalurl https://mail.somorita.com/Microsoft-Server-ActiveSync. In each case, you'll obviously need to substitute your own domain namespace.
The equivalent command for the Offline Address Book is Set-OABVirtualDirectory -identity "CAS01\OAB (Default Web Site)" -externalurlhttps://mail.somorita.com/oab. In each case, you'll obviously need to substitute your own domain namespace.
The Test E-mail AutoConfiguration option in Outlook
2007 and 2010 works for external Autodiscover as well as internal, and
because Autodiscover is a published web address, you can always test it
with a web browser (by navigating to https://somorita.com/autodiscover/autodiscover.xml,
or whatever address you published). For external clients, however,
there's a much better solution available online. In 2008 Microsoft
quietly released the beta of an extremely useful tool called the
Exchange Server Remote Connectivity Analyzer (ExRCA for short), which
simulates a number of connectivity scenarios, including Autodiscover,
Exchange ActiveSync, Outlook Anywhere, and incoming Internet SMTP
email. You can find this tool (shown in Figure 2) at www.testexchangeconnectivity.com.
To use ExRCA, simply browse to www.testexchangeconnectivity.com
and select the appropriate option (in this case we'll choose Exchange
ActiveSync Autodiscover). Because you're providing information to a
third party (in this case, Microsoft), it's a good idea to create a
brand-new test user just for this purpose instead of exposing user
credentials. Once you've provided the appropriate details, click OK to
launch the test; the resulting output should either confirm that all is
well or give you specific feedback on what might be missing. In Figure 3, ExRCA determined that the Autodiscover DNS name was not properly registered for the domain.
