Posts Tagged ‘sbs 2008’

I’ve been meaning to write this post for a while now but somehow never found the time to do it.

When migrating from SBS2008 to SBS2011 I have come across this issue a number of times now and each time I seem to get caught up in the moment and try to find another way of resolving this issue.

Lot’s of posts about this being a 3rd party connector that has been setup for a photocopier or mail service of some sort etc etc.  None of which is correct.

It’s plain and simple, this is a foreign connector in SBS 2008, and contrary to other posts, it does seem to be there by default, I have checked vanilla SBS 2008 installs and those that have been migrated. I even installed a fresh SBS 2008 in to a virtual machine and it was there too.

This can be confirmed by launching the Exchange Management Shell and running Get-ForeignConnector and if you want more details run Get-ForeignConnector | fl

It’s also part of the Migration guide from SBS 2008 to SBS 2008.

It’s purpose…to receive email addressed to companyweb.  If you check the Exchange Management Console on an SBS 2008 server you will see it listed under Organisation Configuration > Hub Transport > Remote Domains you will see the Windows SBS Company Web Domain.  This is the matching address space.

The purpose…to drop any emails destined for companyweb to a folder ready for pickup by Sharepoint.  By Default this will be C:\Inetpub\mailroot\drop

This functionality is not available in SBS 2011 (or isn’t as far as I can tell) therefore before migration you will need to remove the foreign connector.

To do this, run the following command Remove-ForeignConnector –Identity “Windows SBS Company Web Connector SERVER2008” and then select Y at the confirmation prompt.

Accepted Domain

There are 3 types of accepted domain in Exchange.  These are:

  • Authoritative Domain –  This is used when the recipients are configured within the Exchange organisation, for example configuring users within your organisation with an additional e-mail address
  • Internal Relay– This is used when you share contacts across different mail systems.  When this type of accepted domain is configured Exchange Server will receive the mail if there is no mailbox for that address in the Exchange Organisation it will forward it to another server for delivery.  This is often refered to as a Shared SMTP Namespace
  • External Relay – This is used when the Exchange Organisation is responsible for receiving the email but then simply forwards the mail on to another system.  In this scenario there would be no mailboxes within the Exchange Organisation for this domain

The most common request is how to configure Exchange Server to receive and deliver mail for an additional domain name.  This could be because of a company merger, a change in name or you could simply be hosting multiple domains within a single Exchange Organisation. For this you would use an Authoritative Domain.

Authoritative Domain

To configure an authoritative domain we can either use the Exchange Management Console or the Exchange Management Shell.  This guide will use the Exchange Management Console.

Using the Exchange Management Console navigate to Organisation Configuration > Hub Transport > Accepted Domain.  In the action pane on the right hand side select New Accepted Domain.  This will start the wizard that will allow you to configure Exchange for a new domain.

Enter a name for your accepted domain. It doesn’t make any difference what this is but make sure you use a name that will allow you to identify it easily later.  If you have a large number it can be quite difficult to identify them.  Then in the accepted domain field, enter the domain name for which you want Exchange Server to accept mail from.  Click Next.

You will then be presented with a screen confirming your entries on the previous screen as below.  Click Finish

Internal or External Relay

 Once you have created an Internal or External Relay domain you need to configure a Send Connector so that Exchange knows where to route the emails for this domain.

To do this, using the Exchange Management Console navigate to Organisation Configuration > Hub Transport and in the Action pane on the right hand side select New Send Connector.  This will start the wizard that will allow you to configure your new connector.

Give the connector a name.  Again it doesn’t make any difference what this is but make it something that will allow you to identify the connector later should you need to.  From the drop down list of intended uses select Custom.  Click Next

On the screen above click the Add button and enter the domain name that you wish to be forwarded to another server, you can choose to click the box that includes all subdomains or not for example if you had a domain that was mail2.gkvirtualdomain.co.uk and you wanted this to go to the same place then check the box.  My personal preference would be to setup a separate send connector for this purpose rather than include it in this one.  Click OK and then Next.

On the next screen either enter the IP address of the system that you want to send the email to or the Fully Qualified Domain Name (FQDN).  Click OK and then Next.

The screen above is where you would enter any authentication that is required to connect to the other system.  This is dependent on the system you will be sending mail to.  Make your required choices and click Next.

On the Source Server screen you click the Add button and select from the list a server in your organisation that has the Hub Transport role or select an Edge Subscription.  Click Next.

The screen above just confirms the information you have entered in the previous screens, review this here and if necessary use the Back button to make any changes.  Once you are happy with the details click the New button.

On the final screen you receive confirmation of the Exchange Management Shell command that has been executed and if it’s been successful or not.  As with all wizards in Exchange 2007 & Exchange 2010 these completion screens can assist you in getting to grips with the Management Shell commands as it displays the full command that is used.  Click on the Finish button to close the Wizard.

E-mail address Policy

If you have configured an Authoritative Domain or an Internal Domain then you may want to automatically generate e-mail addresses for new and existing contacts.  I tend to use the Company field under the Organisation tab and simply enter the domain name that I want that user to belong to as illustrated in the picture below.  The one thing to note here is that if you are specifying a non-standard e-mail address and therefore need to modify the e-mail address policy before it is applied to your users do not enter any criteria here until you have done that as the policies do not remove e-mail addresses, it simply adds an additional ones.

You then need to configure an e-mail address policy to do this in Exchange Management Console navigate to Organisation Configuration > Hub transport and in the action pane on the right hand side select New e-mail address policy.  This will start the wizard to create a new policy.

Give the policy a name. As before it doesn’t matter what this name is but make sure it’s something that will allow you to easily identify the policy later if needed.  Click Next.

On the Conditions screen this is where you need to define the criteria for the recipients that will receive the new policy.  If you want the policy to apply to all recipients then do not define anything here.  If you are using the company field like I do then enter the criteria as displayed above.  Click Next

On the E-Mail Addresses screen you need to define what e-mail address will be used by this domain.  Select one of the default settings (if there is not one in the list that matches your requirements we can modify it later) then click the Browse button to select the domain you created earlier as an accepted domain.  NOTE if the domain isn’t listed then Exchange does not see it as an accepted domain.  Once you have selected the domain click OK.  Once back at the main wizard right click on the e-mail address it will allow you to edit the format of the address allowing you to define your own local part of the address.  The fields you require can be found here: http://support.microsoft.com/kb/285136

On the Schedule screen, select when you would like the schedule to run.  This process does not stop any services but if you have a large amount of users it could take some time to apply and may cause a slight degradation of service.  Click Next.

Check the details in the confirmation screen and if you are happy with it click New.  If there are any changes to be made click Back.

The final page of the wizard will confirm the Exchange Management Shell commands that have run and will advise if the creation of the policy and application to the recipients was successful. Click Finish to complete the Wizard.

DNS Configuration

The final part is the DNS Configuration.  You need to configure the MX record for the new domain to use the A record that matches your rDNS (PTR) record.  This is the only think that needs to be changed.  As your Exchange server will connect to recipient SMTP services using the same IP address regardless of what domain you are sending from you only need 1 rDNS record.  The DNS configuration for Exchange is explained in more detail in my post here: https://demazter.wordpress.com/2010/02/09/exchange-dns-configuration/

If your simply here to find out if this is possible then take it from me the answer is most definitely NO! Well not if you want a “proper” SBS installation anyway.  I tried this virtually with a clean installation of Windows 2000 and ALL updates, so it was a completely vanilla installation with nothing else that could possibly interfere.  So if that’s all you needed then you are done.  If you want to find out what I went through then read on.

Just to re-iterate It did not work, and I tried it 13 times!!!  Please DO NOT follow the steps in this Blog without reading the whole process first!

There are other blogs out there that will tell you that you have to do the SBS2008 installation manually if you want this to succeed.  I was able to get SBS 2008 to join to the domain, transfer all the FSMO roles and it seemed to have a working installation of Exchange 2007 (although because I was doing this virtually and my main aim was to see if I could actually complete the migration I didn’t thoroughly test Exchange) none of the other features that make moving to SBS2008 worthwhile were available.

Sure I had the option of running through the SBS Repair guide and performing all the tasks one by one to repair each and every function of SBS2008 but is it worth it? How long do we think that might have taken?  And would it have ever worked properly once it was done?

Warning Signs!

I should have known from the start when I couldn’t even use Windows 2000 to create the answerfile required to put the SBS2008 installation into Migration mode that I was off to a bad start.  But being as stubborn as I am I persisted, using my Windows 7 host to create the answer by running the SBSAFG.EXE from the SBS DVD.

So I preped my 2000 domain by raising it’s functionality to Native Mode and then run sourcetool.exe from the SBS DVD, the AD preparation ran through OK as I would have expected but it failed to launch the answerfile tool.  Warning sign number 2!!

So I now had my answerfile and I have booted my new VM with the SBS DVD and the answerfile, all seems to go well, it detects the answerfile (as I would expect) runs through the wizard, right up until the last screen when the wizard stops responding and you get the usual would you like to search for a solution online dialogue box.  On I think it was attempt 10 I did try this but it didn’t do me any good!

That was just the beginning!

After the crashed out SBS Migration wizard we are presented with a SBS2008 desktop.  The server isn’t a Domain Controller, no Sharepoint configured; Exchange appears to be installed and looks like it is configurable using the Exchange Management Console.  IIS hasn’t been configured as per an SBS installation, OWA doesn’t work.  And I also cannot get into the SBS Console.

First things first, regardless of all the “broken” items if SBS needs to be a Domain Controller and it MUST hold all 5 FSMO roles along with the Global Catalog role.  To achieve this we need to run DCPROMO.  Select advanced mode and check to install DNS during installation.  You can try this or you can take it from me that it will fail and move on to the next step.

DCPROMO will fail without some intervention.  To make it work run DCPROMO only this time once you have clicked advanced mode and moved to the next screen do the following:

  • Start > Run > CMD <click OK>
  • type CD\WINDOWS\SYSTEM32 <press ENTER>
  • type COPY NTDS.DIT SBSNTDS.DIT <press ENTER>
  • make sure you get “1 file copied”
  • type EXIT <press ENTER>

Now you can complete the DCPROMO wizard.  Once finished and the server has been restarted log back in and transfer the 5 FSMO roles as per: http://support.microsoft.com/kb/324801

You will also need to make the server a Global Catalog server.  To do this open Active Directory Sites and Services, expand the SBS2008 Servername and right click on NTDS Settings, check the box to make it a Global Catalog.

That was the easy bit!!

Now we need to get into the nitty gritty.  If you launch Active Directory Users and Computers you will notice that we are missing the SBS specific Organisation Unit MyBusiness and all its sub OU’s

If you open Group Policy Management Console you will notice that none of the SBS Specific Group Policies exist.

You will also find if you try to run the SBS Console (where EVERYTHING in SBS should be configured) it will also fail to launch.

To repair the SBS Console got Start > Control Panel > Programs and Features, select Small Business Server and click Change.  On the dialog box select Repair (you will need the 2nd SBS DVD)

You will then need to run through each procedure in the SBS Repair Guide which can be found here: http://technet.microsoft.com/en-us/library/dd430085(WS.10).aspx 

Is it worth it??

My opinion NO! Because when you have done this which could take a day or two will it work as it should? I don’t know because after 2 days and 13 failed migration attempts (and believe me I tried everything I could think of, even a repair install of SBS2008 of the top of the failed migration) I decided it wasn’t even worth contemplating.

The way to complete the migration is to either do an in-place upgrade of your Windows 2000 Domain Controller to Windows 2003 or if you would rather not do this install a temporary Windows 2003 or Windows 2008 Server and make this a Domain Controller.

This will allow you to demote the Windows 2000 server, leave your domain in tact and then migrate from Windows 2003 to SBS2008 as per my guide here: https://demazter.wordpress.com/2010/02/12/migrate-windows-2003-with-exchange-to-small-business-server-2008/

This guide is intended for migrating Windows 2003 Standard with Exchange 2003 to Windows Small Business Server 2008.

You will need the following:

Before we can start the migration process there are a few things we need to do on the Windows 2003 server.

  1. First and foremost make sure you have a SYSTEM STATE backup.  This can be done with the built in Backup tools or a 3rd party product, but this needs to be done PRIOR to any of the following steps and is probably the most important step of the whole process.
  2. If the Windows 2003 server has more than 1 Network card then all apart from the LAN connection will need to be disabled.
  3. The assumption is that this is a single server scenario and DHCP/DNS are also installed on the server you are migrating from.  Therefore please ensure that the Windows 2003 server has got ONLY it’s own IP address configured in the TCP/IP properties of the network card.  There should be no external DNS servers listed here.
  4. The gateway should be the LAN IP address of your router.
  5. If you have made any changes to the above configuration it’s best to restart the server so that DNS is updated and all the services are bound to the correct adapter.
  6. Perform all available Microsoft Updates.  Windows 2003 should at a minimum have Service Pack 2 installed along with Service Pack 2 for Exchange 2003.  When you run Windows Update check the link across the top of the screen for Microsoft Update this will ensure you receive updates for all products.

Prepare the 2003 Server

Raise the domain Functional Level of the  Windows 2003 Domain.  In Active Directory Users and Computers, right click on the domain and select Raise Domain Functional Level. This needs to be set to Windows Server 2003. If it is not already then you will have the option to change it.

Raise the Forest Functional Level of Windows 2003 Forest.  In Active Directory Domains and Trusts right click Active Directory Domains and Trusts and select Raise Forest Functional Level.  This needs to be set to Windows Server 2003. Again if it’s not already you will have the option to change it.

Using Exchange System Manager right click at the top of the tree where it says Organisation Name (Exchange) and check that the Exchange Functional level is set to Native Mode (no pre-Exchange 2000 servers)

Once that’s done run the Exchange Best Practice Analyzer.  The test you need to run is the Exchange 2007 readiness check.  This scan will tell you if there is anything that needs to be resolved prior to the installation of Exchange 2007 which is performed as part of the Small Business Server 2008 install.

Prepare Active Directory

The first step of preparing for the installation of SBS2008 is to run sourcetool.exe.  This will prepare the forest and domain and change Exchange from Mixed mode to Native mode (Exchange 2007 will not install if it’s not in Native mode).

Insert the SBS DVD into the Windows 2003 Server (if you copy the sourcetool.exe to the Windows 2003 server make sure you copy the whole tools folder) and then from the tools folder run the sourcetool.exe.

The first thing you will be asked is to confirm you have a FULL backup, I cannot stress this enough this is where all the changes to your Active Directory start happening, so even if you took one at the start of this process, take another one now!

So check the box and click Next and the tool will run through and perform the required updates.

Once done you will be presented with a screen that tells you it has successfully prepared the server for migration and you will have the option to create an Answerfile.  I say ‘option’ because it will let you close the wizard without creating one, but if you don’t have an Answerfile you cannot put the SBS2008 installation into Migration Mode.

 

The message at the top of the screen indicates that the utility “Cannot prepare the Source server for migration” this is normal.  It is because it cannot execute WindowsServer2003-KB943494-x86-ENU.exe.  The screen indicates the location of the log file.  To confirm this is why it has failed open the log file and look for the entry:

     Current version: 5.2.3790.131072
     Service pack version = 2
     Running D:\tools\KB943494\WindowsServer2003-KB943494-x86-ENU.exe /quiet /norestart
     Package returned: 1603 (0x643)
     ProgressPage: Task Finished.  Succcess=False

I have highlighted the link to create an Answerfile because the very first SBS migration I did I missed it.  It doesn’t jump out at you and make itself obvious that it’s a link.  Perhaps this should have been a button to press?  Click the link and then fill the form in as below

The important sections of the Answerfile are:

  1. Installation Type, make sure you select Migration from Existing Server (join existing domain) otherwise it won’t!
  2. I personally like to uncheck “Run unattended” so that I can see what is going on
  3. Select the Time Zone you will be using.  IMPORTANT if the time and timezones of both servers don’t match then the migration may fail.
  4. Source and Destination Server information.  The destination server information is what will be set during installation and during the DCPROMO process so use the actual name the server will have.

Once you have filled in the required information scroll right to the end and click Save As.  This will create an SBSAnswerfile.xml file that will be used during the installation of SBS2008.  Copy this file to a USB pen drive or a floppy drive.

Small Business Server 2008 Installation

To install SBS2008 if your server has 2 network cards, make sure that one of them is disabled in the BIOS. If you don’t, this can cause communication problems with the 2 servers.  I have seen some have problems and others that don’t but personally I would rather be safe than sorry.

Set your boot device priority so that it’s First DVD/CDROM Drive and Second Hard Disk.  The important thing to make sure is it’s not going to try and boot from either the floppy drive or the USB drive.  Insert your disk/drive with the Answerfile on and boot from the SBS2008 DVD.

Follow the instructions to install SBS, it’s fairly self explanatory.  The installation will expand files and then reboot.  After the second reboot it will check for the Answerfile, either on the local storage, floppy drive or USB drive.  If it successfully finds one you will see this screen.

At this stage you will again be prompted to confirm you have a good backup and can then continue.  On the remaining screens confirm the information is correct for the new server and the existing server.  You will then receive the expanding files screen.

This section of the installation can take anything from 45 minutes to 2 hours.  A lot of that time it will look as if it hasn’t moved.  Whatever you do do not think it has failed and turn it off.  If it has failed it will tell you.  Once this section has finished the server will again reboot.  And the screen we all hope to see is this one.

 

You now have a Windows 2003 Domain Controller with Exchange 2003 installed and an SBS2008 server with Exchange 2007 installed.  The next step is the data migration from Exchange 2003 to Exchange 2007.

Data Migration

So that we can remove Exchange 2003 from the older server we need to migrate the user mailboxes and Public Folders to Exchange 2007, this would normally be done as part of the Migrate to SBS wizard but as the source server is not SBS we are not able to do this.

To move the mailboxes launch Microsoft Exchange Management Console and navigate to Recipient Configuration > Mailboxes.  You will see that all the mailboxes that reside on the Exchange 2003 server will be listed as a Legacy Mailbox.  Right click on the mailbox and select Move Mailbox.  Follow the wizard to move the mailboxes to the SBS2008 server.  You can bulk select all the users and the move wizard will then work through them 4 at a time.  This can take a while depending on how many users you have and how big their mailboxes are.

To move public folders on the Exchange 2003 server launch Exchange System Manager.  Navigate to Administrative Groups > First Administrative Group (or if you Exchange 2003 admin group has a different name select this one) > Servers > servername (your Exchange 2003 Server) > First Storage Group  > Public Folder Store (servername).  Right Click on Public Folder Store and select Move All Replicas select the SBS2008 server and click OK.  Once you have allowed to for the public folders to replicate right click the Public Folder Store in Exchange System Manager and select Delete.  A dialogue box will pop up informing you that this store is the default store for one or more Mailbox Stores, click OK to this dialogue and then select the SBS2008 server from the list and click OK.  Click OK to confirm the delete.

If the store has not finished replicating (as we are on Exchange 2003 Service Pack 2) you will not be able to delete the store.

Rehome the Offline Address book.  In Exchange System Manager on the 2003 server navigate to Recipients > Offline Address Lists and for each address list right click and select properties.  Click the Browse button next to Offline Address list server and enter the name of the SBS2008 server. Click OK.  Do this for each Offline Address List

If you use Recipient Policies that are Manage Mailbox policies then these will need to be removed and likewise if you have Recipient Policies that are used for both e-mail address definition and mailbox management the settings defined under Mailbox Manager Settings will need to be removed.  You DO NOT need to remove your e-mail address policies.

Using Exchange System Manager, navigate to Administrative Groups and right click on Exchange Administrative Group (FYDIBOHFSPDLT) and select New, then Public Folder Container.  Then under First Administrative Group, expand Folders and drag and drop the Public Folders container from First Administrative Group to the folder you have just created under Exchange Administrative Group (FYDIBOHFSPDLT).

The Recipient Update Service is not used in Exchange 2007 and is therefore not required so can be removed.  To do this you will need to use ADSI Edit.  This can be done by clicking Start > Run > mmc <click OK> Under File select Add/Remove Snap-in > Click Add and select ADSI Edit and click Add, then close and OK.  Right click on the ADSI Edit and select Connect to from the drop down under Select a well known Naming Context select Configuration and click OK

Expand Configuration > Services > Microsoft Exchange > Organisation Name > Address List Container > Recipient Update Services right click on Recipient Update Service (Enterprise Configuration) and select Delete.  There may also be a Recipient Update Service (ORGNAME) this also needs to be deleted.  Only delete the Recipient Update Service entries under the container DO NOT DELETE THE CONTAINER ITSELF OR ANY OTHER ENTRIES

The final step in preparation for uninstalling Exchange Server 2003 is to delete the routing group connectors that would have been created as part of the installation.  I have highlighted them in the image below.  Simply right click on each connector and select delete.

Remove Exchange Server 2003

Now that you have transferred all the mailboxes, public folders and offline address lists, it’s time to remove Exchange Server 2003.  To do this go to Start > Control Panel > Add/Remove Programs. From the list, select Microsoft Exchange and click Change/Remove.  When the Exchange wizard opens click Next and then from the Action drop down select remove.

Demote the Windows 2003 Server

Now that Exchange Server 2003 has been removed it’s time to demote the Windows 2003 server so that it’s no longer a domain controller.  This is not an essential part of the process and if the server is going spare and you have the license it’s always worth having a second domain controller on your network.

If you do decide to remove the domain controller then the following will need to be done:

  1. Confirm the Windows 2003 server is not a Global Catalog server.  Open Active Directory Sites and Services navigate to Sites > Default-First-Site-Name > Servers > {name of 2003 Server} and then right click on NTDS Settings select properties and then uncheck the box for Global Catalog
  2. From a command prompt run NETDOM QUERY FSMO to check that all 5 FSMO roles are now with the SBS2008 server.  This should have been done during the installation process of SBS2008 but it’s always good to check
  3. Run DCPROMO. DO NOT select the option for “This Server is the last domain controller in the domain”

SBS Console Wizards

Once you have completed the migration and removed Exchange Server 2003 then you can continue through the SBS Console and complete the following wizards:

  1. Connect to the internet
  2. Set up your Internet Address
  3. Configure a Smart Host for Internet e-mail
  4. Add a trusted certificate (if you need a 3rd party SSL Certificate I would recommend buying a SAN/UCC certificate from http://www.exchangecertificates.com)

When running the Set up your Internet Address wizard it may fail. The reason for this is that some of the system Public folders are Mail Enabled by default.  To ensure that the wizard will run successfully in the Exchange Management Console navigate to Toolbox and double click on Public Folder Management Console.  On my System the folders highlighted below were mail enabled, by simply right clicking on them and selecting Mail Disable will then allow the Internet Address wizard to complete successfully

 

Tidy Up

There are a few other steps that need to be performed to make it a “proper” SBS 2008 setup.  The users and computer accounts need to be moved in Active Directory Users and Computers.  By default in a non Small Business Server environment all your users will be created in Active Directory User and Computers under the Users container for SBS they need to be located in the MyBusiness > Users > SBSUsers container.  You can simply drag and drop them into the correct location.

The Computer accounts should be moved from their default location in Active Directory Users and Computers, which is the Computers container to the MyBusiness > Computers > SBSComputers.

These 2 moves will ensure that the SBS Group Policies are applied to these computers/users and that they receive the correct permissions.

Users will also not appear in the SBS Console, this can be rectified by running the process explained here: http://blogs.technet.com/sbs/archive/2008/09/22/why-are-some-of-my-users-not-displaying-in-the-sbs-console.aspx under How do I use the “Change user rols for user accounts” wizard section.

Further Reading

How to remove the last legacy Exchange Server (already detailed above but here is the technet article): http://technet.microsoft.com/en-us/library/bb288905(EXCHG.80).aspx

For purchasing SSL Certificates please visit: http://www.exchangecertificates.com

There have been a lot of questions recently regarding Outlook prompting for a username and password whilst using Exchange 2007. There are a few reasons why this would happen and I will try to cover the most common ones here.

Exchange 2007 Service Pack

There was an issue with repeated password prompts that was resolved by installing Rollup 9 for Exchange 2007 SP1, however I would recommend that you should now be using Exchange 2007 SP2 since it has been around since August 2009: http://www.microsoft.com/downloads/details.aspx?FamilyID=4C4BD2A3-5E50-42B0-8BBB-2CC9AFE3216A&displaylang=en

If you are in an Small Business Server 2008 environment and not yet using Exchange 2007 Rollup 9 you can also install SP2 for Exchange 2007 with the aid of the Installation Tool, available here: http://support.microsoft.com/default.aspx?scid=kb;EN-US;974271

Autodiscover

If that doesn’t fix the repeated prompt for password then it could be down to the autodiscover if your using Outlook 2007 then you must configure autodiscover correctly. There are many articles out there that cover the correct way to configure autodiscover, one of the better ones I have found is this one: http://www.exchange-genie.com/2007/07/exchange-2007-autodiscover-service-part-1/

However the part that most people are missing is the autodiscover.domainname.com (where domainname.com) is the part after the @ in your e-mail address. Newer versions of outlook will look for this for OAB download, free/busy information, Out of Office etc etc. If it’s not there then outlook will continually give user prompts. To accompany this you must have an SSL Certificate that contains the autodiscover.domainname.com URL (whilst you can configure ways around this, it really isn’t worth all the hastle). So purchasing an SAN/UCC Certificate with the following names in is a must for Exchange 2007 and Exchange 2010:

  • autodiscover.domainname.com
  • owa.domainname.com (the URL used for Outlook Web Access)
  • servername.domainname.local (the internal FQDN of your Exchange Server)
  • SERVERNAME (NETBIOS Name of your Server)

If you have not yet purchased an SSL Certificate I can recommend http://www.exchangecertificates.com/ as a cost effective product that is fully supported.

You must also have the coresponding autodiscover.domainname.com and owa.domainname.com A records configured in your external DNS

Kernel authentication Mode

If you have all the above configured and you are still experiencing problems then the following procedure will more than likely fix it for you. It has been working a lot for me lately and also for people asking questions on Experts Exchange.

In Internet Information Services (IIS) Manager locate the Exchange virtual directories, if you are using Small Business Server 2008 these will be under the SBS Web Applications website, if your not using SBS then they will be under the Default Website.

The virtual Directories you are looking for are:

  1. Autodiscover
  2. EWS
  3. RPC
  4. OAB

In turn highlight each of these virtual directories and double click the Authentication icon on the right hand side. Right click on Windows Authentication and select Advanced Settings. Place a check box in the box for Enable kernel-mode authentication. Do this for each virtual directory listed above.