Sunday, March 27, 2011

How to setup Outlook Autodiscover and Outlook Anywhere from LAN and Internet (with two certificates) on Exchange 2010 in a single server scenario


Ever wondered how will you configure outlook autodiscover and outlook anywhere in the simplest scenario. I am assuming that you are running a single server hosting all roles and CAS is also published on the Internet for access to emails from Internet.


You need two certificates, one each for autodiscover and the other for mail. You also need two external IP address pointing to two internal IP addresses. The external IP addresses should point to and


  • Remove the auto discover Virtual Directory (VD) from the default site.

Remove-AutodiscoverVirtualDirectory -Identity "SERVERNAME\autodiscover (Default Web Site)"

  • Create a new website in IIS. You can name the website as autodiscover
  • Create the autodiscover VD in this new website

New-AutodiscoverVirtualDirectory -Websitename Autodiscover -BasicAuthentication:$true -WindowsAuthentication:$true

  • Enable outlook anywhere on the server

Enable-OutlookAnywhere -Server SERVERNAME -ExternalHostname "" -DefaultAuthenticationMethod "Basic" -SSLOffloading:$False

  • Set the autodiscover location on the CAS server

Set-ClientAccessServer -Identity SERVERNAME -AutoDiscoverServiceInternalUri ""

  • Run the below commands to setup the other VDs properly

Set-OABVirtualDirectory –Identity SERVERNAME\OAB (default web site) -InternalURL ExternalURL -RequireSSL:$true

Set-WebServicesVirtualDirectory –Identity SERVERNAME\EWS (default web site) -ExternalURL -InternalURL -BasicAuthentication:$True

Set-OWAVirtualDirectory –Identity SERVERNAME\OWA (default web site) -InternalURL -ExternalURL

Set-ECPVirtualDirectory –Identity SERVERNAME\ECP (default web site) -InternalURL -ExternalURL

Set-ActiveSyncVirtualDirectory –Identity SERVERNAME\Microsoft-Server-ActiveSync (default web site) -ExternalURL -InternalURL


You can then use to test Auto discover and Outlook Anywhere you just configured.

I was able to do this setup by referring to this link (although it is a Wxchange 2007 link)


------------ End of Document ------------------------
Tags: Exchange Server, Autodiscover, Outlook Anywhere
Published Date: 20110326

Exchange - Multiple copies in forwarded mail

Q: If you forward all your mails (Exchange) to an external email account using ADUC you receive multiple copies only if you also keep a copy in your exchange mailbox. If you do not keep a copy then this issue does not occur.

A: After jostling with this issue for 3 day myself, logged a case with MS.

After 14 hrs of continuous troubleshooting on this SEV 1 case and 4 MS engineers putting all their exchange skills together, we were able to reach to a solution.
A pretty stupid indeed.

Go to virtual SMTP server properties in ESM -> Access -> Authentication.
Check all the authentication methods.

Bingo and the issue is resolved. It happens because of the way Exchange servers authecticate each other. The first incoming hop in my exchnage organisation receives a mail and should split the message and send two copies. One to forwarded address and one to my Exchange mailbox. This splitting does not work if only Anonymous authentication is selected on the SMTP virtual server of the HomeMDB server of the user.


Recovering Personal Folder Passwords (PST)

PSTs are pain in the back. And I hope every exchange Admin would agree to that.

Anything and every thing can go wrong with them corruption, stopping backups from running because some geek copied theirs to a network share and then left Outlook open, File servers crashing because of the amount of network connections being used by open PSTs, usage of space, users that think that the 2GB limit is a lie.

But the worst thing about them is customers who password protect them, then forget the password and then deny all knowledge of ever setting the password in the first place.

PstPassword is a small utility that recover lost password of Outlook .PST (Personal Folders) file.

It is an excellent tool for recovering the password or generating a new password for the file without corrupting it - give it a go, and the best thing about it is that its free (for non-commercial use).


Script: Distribution List membership enumeration

net group "Name of Dist List" >c:\dist.txt would not give the Contacts who are members of that DL. Also it would be difficult to find the email addresses.

To retrieve the membership of a Distribution list to a file. (FullName,Sam Account,e-Mail ) use the below script.

On Error Resume Next

strPath = inputbox("Please enter in the path to your group in AD")

Set objGroup = GetObject ("LDAP://" & strPath)


strArrMember = objGroup.GetEx("member")

dim fs,objWriteFile

set fs=CreateObject("Scripting.FileSystemObject")

set objWriteFile = fs.CreateTextFile("GrpMem.csv", True)

dim objDistinguishedName

objWriteFile.Write "FullName,Sam Account,e-Mail" & vbcrlf

For Each strMember in strArrMember

Set objUser = GetObject ("LDAP://" & strMember) objWriteFile.Write objUser.FullName & "," & objUser.sAMAccountName & "," & objuser.mail & vbcrlf


Is a firewall blocking your Exchange Server's SMTP/POP3 communications!!!

It is interesting to note that if you have a cisco PIX firewall sitting in default security configuration somewhere between your exchange servers it is bound to cause hell lot of problems.

Exchange relies on three propreitary ESMTP verbs (X-EXPS, X-LINK2STATE and XEXCH50) for proper functioning and many others as well.
The stupid Mailgaurd feature, that is on by default, on Cisco PIX firewall allows ONLY RFC 821 SMTP commands to flow across (HELO, MAIL, RCPT, DATA, RSET, NOOP and Quit). All other commands are translated into X's.

When this happens, a number of symptoms can manifest:
  • Link state table does not update correctly
  • Mails keep pending to be submitted to sibling mail servers in a same Rotuing group
  • Exchange servers can't authenticate each other.
  • Seemingly commonplace commands are responded to with the 500 Unrecognized command error or one of its analogues.
  • Normal commands produce completely unexpected responses

You would need get the Mailgaurd feature disabled in the PIX firewall that is sitting between any exchange servers within a same Exchange organization.
Symantec's Raptor Firewall has also been identified as another culprit in such cases.