18
AutoDiscoverVirtualDirectory InternalURL Exchange 2013
Guten Tag
Nach dem ich ein Neues Zertifikat in den Exchange Server eingebunden habe, kommt immer die Meldung: "Es konnten keine E-Mail Infos abgerufen werden." und der Abwesenheitsassistent kann nicht gestartet werden. Ansonsten gibt es keine Fehlermeldungen bezüglich dem Zertifikat. Auch Outlook läuft einwandfrei.
Nach langer Suche habe ich herausgefunden, das der Fehler wahrscheinlich auf den AutoDiscover zurückzuführen ist.
Gibt es eine Möglichkeit, die InternalURL und ExternalURL zu entfernen?
Danke für die Antwort.
Freundliche Grüsse
fiffi1
Nach dem ich ein Neues Zertifikat in den Exchange Server eingebunden habe, kommt immer die Meldung: "Es konnten keine E-Mail Infos abgerufen werden." und der Abwesenheitsassistent kann nicht gestartet werden. Ansonsten gibt es keine Fehlermeldungen bezüglich dem Zertifikat. Auch Outlook läuft einwandfrei.
Nach langer Suche habe ich herausgefunden, das der Fehler wahrscheinlich auf den AutoDiscover zurückzuführen ist.
Gibt es eine Möglichkeit, die InternalURL und ExternalURL zu entfernen?
Danke für die Antwort.
Freundliche Grüsse
fiffi1
Auf Facebook teilen
Auf Twitter teilen
Auf Reddit teilen
Auf Linkedin teilenBitte markiere auch die Kommentare, die zur Lösung des Beitrags beigetragen haben
Content-ID: 325446
Url: https://administrator.de/contentid/325446
Ausgedruckt am: 08.11.2024 um 20:11 Uhr
18 Kommentare
Neuester Kommentar
Ich erinnere mich dunkel bei der Exchange-Ersteinrichtung autodiscover.meine_domain im DNS mit der IP des Exchange aufgelöst zu haben und einige Probleme (ich weiß nicht mehr genau was alles) verschwanden wie von Zauberhand.
Hallo ukulele-7
Danke für die schnelle Antwort, habe es direkt ausprobiert.
Ausser einer Performance Steigerung hat es leider nichts gebracht, die Fehler treten immer noch auf.
Freundlich Grüsse
fiffi1
Danke für die schnelle Antwort, habe es direkt ausprobiert.
Ausser einer Performance Steigerung hat es leider nichts gebracht, die Fehler treten immer noch auf.
Freundlich Grüsse
fiffi1
Moin.
Das Skript hier mit den richtigen URLs anwenden
Powershell: Konfigurieren der internen und externen URLs von Exchange Server 2013, 2016
Wenn Ihr nur den externen DNS-Namen im Zertifikat habt und nicht den internen Domainnamen müsst Ihr Split-DNS auf dem internen DNS-Server einrichten, bzw. intern einen SRV Record hinterlegen.
Bitte lese den Dreiteiler von Frank ausführlichst
https://www.frankysweb.de/exchange-2016-zertifikate-konfigurieren/
https://www.frankysweb.de/exchange-2016-zertifikate-konfigurieren-teil-2 ...
https://www.frankysweb.de/exchange-2016-zertifikate-konfigurieren-teil-3 ...
dann verstehst du auch was du falsch machst! Besser wie er es dort beschreibt kann man es definitiv nicht machen. Es ist zwar für EX2016, du kannst es aber 1zu1 auch auf EX2013 übertragen.
Gruß mik
Das Skript hier mit den richtigen URLs anwenden
Powershell: Konfigurieren der internen und externen URLs von Exchange Server 2013, 2016
Wenn Ihr nur den externen DNS-Namen im Zertifikat habt und nicht den internen Domainnamen müsst Ihr Split-DNS auf dem internen DNS-Server einrichten, bzw. intern einen SRV Record hinterlegen.
Bitte lese den Dreiteiler von Frank ausführlichst
https://www.frankysweb.de/exchange-2016-zertifikate-konfigurieren/
https://www.frankysweb.de/exchange-2016-zertifikate-konfigurieren-teil-2 ...
https://www.frankysweb.de/exchange-2016-zertifikate-konfigurieren-teil-3 ...
dann verstehst du auch was du falsch machst! Besser wie er es dort beschreibt kann man es definitiv nicht machen. Es ist zwar für EX2016, du kannst es aber 1zu1 auch auf EX2013 übertragen.
Gruß mik
Hallo Mik
Vielen Dank für deine Antwort!
Ich habe alles genau wie in der Anleitung beschrieben alles konfiguriert. Bis auf das Zertifikat erstellen, ich habe ein gekauftes SSL Wildcard Zertifikat.
Die einzigen Abweichungen die ich gesehen habt, war beim Verbindungsstatus vom Outlook, bei mir steht "GUID"@domäne.ch, in der Anleitung aber mail.frankysweb.de/*.
Bei der Outlookkonfiguration füllt es den Servername selbst aus.
Könnte es daran liegen?
Freundliche Grüsse
Fiffi1
Vielen Dank für deine Antwort!
Ich habe alles genau wie in der Anleitung beschrieben alles konfiguriert. Bis auf das Zertifikat erstellen, ich habe ein gekauftes SSL Wildcard Zertifikat.
Die einzigen Abweichungen die ich gesehen habt, war beim Verbindungsstatus vom Outlook, bei mir steht "GUID"@domäne.ch, in der Anleitung aber mail.frankysweb.de/*.
Bei der Outlookkonfiguration füllt es den Servername selbst aus.
Könnte es daran liegen?
Freundliche Grüsse
Fiffi1
Führe erst mal einen Test durch
https://testconnectivity.microsoft.com
Du wirst eine URL übersehen haben( ich vermute MAPI o HTTP), oder die Dienste nicht neu gestartet haben. Führe dann nochmal das Skript aus und poste die Ausgaben.
https://testconnectivity.microsoft.com
Du wirst eine URL übersehen haben( ich vermute MAPI o HTTP), oder die Dienste nicht neu gestartet haben. Führe dann nochmal das Skript aus und poste die Ausgaben.
Exchange ActiveSync Autodiscover Test:
Attempting the Autodiscover and Exchange ActiveSync test (if requested).
Autodiscover was successfully tested for Exchange ActiveSync.
Additional Details
Elapsed Time: 2446 ms.
Test Steps
Attempting each method of contacting the Autodiscover service.
The Autodiscover service was tested successfully.
Additional Details
Elapsed Time: 2446 ms.
Test Steps
Attempting to test potential Autodiscover URL https://domäne.ch:443/Autodiscover/Autodiscover.xml <-- sollte doch autodiscover.domäne.ch sein
Testing of this potential Autodiscover URL failed.
Additional Details
Elapsed Time: 1249 ms.
Test Steps
Attempting to resolve the host name domäne.ch in DNS.
The host name resolved successfully.
Additional Details
Testing TCP port 443 on host domäne.ch to ensure it's listening and open.
The port was opened successfully.
Additional Details
Testing the SSL certificate to make sure it's valid.
The SSL certificate failed one or more certificate validation checks.
Additional Details
Test Steps
The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server domäne.ch on port 443.
The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
Additional Details
Validating the certificate name.
Certificate name validation failed.
Tell me more about this issue and how to resolve it
Additional Details
Host name domäne.ch doesn't match any name found on the server certificate CN=*.domäne.ch, O=*, L=*, S=*, C=CH.
Elapsed Time: 0 ms.
Attempting to test potential Autodiscover URL https://autodiscover.domäne.ch:443/Autodiscover/Autodiscover.xml
Testing of the Autodiscover URL was successful.
Additional Details
Test Steps
Attempting to resolve the host name autodiscover.domäne.ch in DNS.
The host name resolved successfully.
Additional Details
Testing TCP port 443 on host autodiscover.domäne.ch to ensure it's listening and open.
The port was opened successfully.
Additional Details
Testing the SSL certificate to make sure it's valid.
The certificate passed all validation requirements.
Additional Details
Test Steps
The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server autodiscover.domäne.ch on port 443.
The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
Additional Details
Validating the certificate name.
The certificate name was validated successfully.
Additional Details
Certificate trust is being validated.
The certificate is trusted and all certificates are present in the chain.
Test Steps
The Microsoft Connectivity Analyzer is attempting to build certificate chains for certificate CN=*.domäne.ch, OU=Domain Validated Only.
One or more certificate chains were constructed successfully.
Additional Details
Analyzing the certificate chains for compatibility problems with versions of Windows.
Potential compatibility problems were identified with some versions of Windows.
Additional Details
The Microsoft Connectivity Analyzer can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the "Update Root Certificates" feature isn't enabled.
Elapsed Time: 1 ms.
Testing the certificate date to confirm the certificate is valid.
Date validation passed. The certificate hasn't expired.
Additional Details
Checking the IIS configuration for client certificate authentication.
Client certificate authentication wasn't detected.
Additional Details
Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
The Microsoft Connectivity Analyzer successfully retrieved Autodiscover settings by sending an Autodiscover POST.
Additional Details
Test Steps
Attempting the Autodiscover and Exchange ActiveSync test (if requested).
Autodiscover was successfully tested for Exchange ActiveSync.
Additional Details
Elapsed Time: 2446 ms.
Test Steps
Attempting each method of contacting the Autodiscover service.
The Autodiscover service was tested successfully.
Additional Details
Elapsed Time: 2446 ms.
Test Steps
Attempting to test potential Autodiscover URL https://domäne.ch:443/Autodiscover/Autodiscover.xml <-- sollte doch autodiscover.domäne.ch sein
Testing of this potential Autodiscover URL failed.
Additional Details
Elapsed Time: 1249 ms.
Test Steps
Attempting to resolve the host name domäne.ch in DNS.
The host name resolved successfully.
Additional Details
Testing TCP port 443 on host domäne.ch to ensure it's listening and open.
The port was opened successfully.
Additional Details
Testing the SSL certificate to make sure it's valid.
The SSL certificate failed one or more certificate validation checks.
Additional Details
Test Steps
The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server domäne.ch on port 443.
The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
Additional Details
Validating the certificate name.
Certificate name validation failed.
Tell me more about this issue and how to resolve it
Additional Details
Host name domäne.ch doesn't match any name found on the server certificate CN=*.domäne.ch, O=*, L=*, S=*, C=CH.
Elapsed Time: 0 ms.
Attempting to test potential Autodiscover URL https://autodiscover.domäne.ch:443/Autodiscover/Autodiscover.xml
Testing of the Autodiscover URL was successful.
Additional Details
Test Steps
Attempting to resolve the host name autodiscover.domäne.ch in DNS.
The host name resolved successfully.
Additional Details
Testing TCP port 443 on host autodiscover.domäne.ch to ensure it's listening and open.
The port was opened successfully.
Additional Details
Testing the SSL certificate to make sure it's valid.
The certificate passed all validation requirements.
Additional Details
Test Steps
The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server autodiscover.domäne.ch on port 443.
The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
Additional Details
Validating the certificate name.
The certificate name was validated successfully.
Additional Details
Certificate trust is being validated.
The certificate is trusted and all certificates are present in the chain.
Test Steps
The Microsoft Connectivity Analyzer is attempting to build certificate chains for certificate CN=*.domäne.ch, OU=Domain Validated Only.
One or more certificate chains were constructed successfully.
Additional Details
Analyzing the certificate chains for compatibility problems with versions of Windows.
Potential compatibility problems were identified with some versions of Windows.
Additional Details
The Microsoft Connectivity Analyzer can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the "Update Root Certificates" feature isn't enabled.
Elapsed Time: 1 ms.
Testing the certificate date to confirm the certificate is valid.
Date validation passed. The certificate hasn't expired.
Additional Details
Checking the IIS configuration for client certificate authentication.
Client certificate authentication wasn't detected.
Additional Details
Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
The Microsoft Connectivity Analyzer successfully retrieved Autodiscover settings by sending an Autodiscover POST.
Additional Details
Test Steps
Exchange ActiveSync Test:
The Microsoft Connectivity Analyzer is testing Exchange ActiveSync.
The Exchange ActiveSync test failed.
Additional Details
Elapsed Time: 21496 ms.
Test Steps
Attempting the Autodiscover and Exchange ActiveSync test (if requested).
Autodiscover was successfully tested for Exchange ActiveSync.
Additional Details
Test Steps
Attempting each method of contacting the Autodiscover service.
The Autodiscover service was tested successfully.
Additional Details
Test Steps
Attempting to test potential Autodiscover URL https://domäne.ch:443/Autodiscover/Autodiscover.xml
Testing of this potential Autodiscover URL failed.
Additional Details
Test Steps
Attempting to test potential Autodiscover URL https://autodiscover.domäne.ch:443/Autodiscover/Autodiscover.xml
Testing of the Autodiscover URL was successful.
Additional Details
Test Steps
Validating Exchange ActiveSync settings.
Exchange ActiveSync URL https://mail.domäne.ch/Microsoft-Server-ActiveSync was validated successfully.
Additional Details
Attempting to resolve the host name mail.domäne.ch in DNS.
The host name resolved successfully.
Additional Details
Testing TCP port 443 on host mail.domäne.ch to ensure it's listening and open.
The port was opened successfully.
Additional Details
Testing the SSL certificate to make sure it's valid.
The certificate passed all validation requirements.
Additional Details
Test Steps
Checking the IIS configuration for client certificate authentication.
Client certificate authentication wasn't detected.
Additional Details
Testing HTTP Authentication Methods for URL https://mail.domäne.ch/Microsoft-Server-ActiveSync.
The HTTP authentication methods are correct.
Additional Details
An ActiveSync session is being attempted with the server.
Errors were encountered while testing the Exchange ActiveSync session.
Additional Details
Test Steps
Attempting to send the OPTIONS command to the server.
Testing of the OPTIONS command failed. For more information, see Additional Details.
Additional Details
An HTTP 403 forbidden response was received. The response appears to have come from IIS7. Body of the response: <!DOCTYPE html PUBLIC "-W3CDTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>IIS 8.5 Detaillierter Fehler - 403.0 - Forbidden</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana,Arial,Helvetica,sans-serif;} code{margin:0;color:#006600;font-size:1.1em;font-weight:bold;} .config_source code{font-size:.8em;color:#000000;} pre{margin:0;font-size:1.4em;word-wrap:break-word;} ul,ol{margin:10px 0 10px 5px;} ul.first,ol.first{margin-top:5px;} fieldset{padding:0 15px 10px 15px;word-break:break-all;} .summary-container fieldset{padding-bottom:5px;margin-top:4px;} legend.no-expand-all{padding:2px 15px 4px 10px;margin:0 0 0 -12px;} legend{color:#333333;;margin:4px 0 8px -12px;_margin-top:0px; font-weight:bold;font-size:1em;} a:link,a:visited{color:#007EFF;font-weight:bold;} a:hover{text-decoration:none;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.4em;margin:10px 0 0 0;color:#CC0000;} h4{font-size:1.2em;margin:10px 0 5px 0; }#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS",Verdana,sans-serif; color:#FFF;background-color:#5C87B2; }#content{margin:0 0 0 2%;position:relative;} .summary-container,.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} .content-container p{margin:0 0 10px 0; }#details-left{width:35%;float:left;margin-right:2%; }#details-right{width:63%;float:left;overflow:hidden; }#server_version{width:96%;_height:1px;min-height:1px;margin:0 0 5px 0;padding:11px 2% 8px 2%;color:#FFFFFF; background-color:#5A7FA5;border-bottom:1px solid #C1CFDD;border-top:1px solid #4A6C8E;font-weight:normal; font-size:1em;color:#FFF;text-align:right; }#server_version p{margin:5px 0;} table{margin:4px 0 4px 0;width:100%;border:none;} td,th{vertical-align:top;padding:3px 0;text-align:left;font-weight:normal;border:none;} th{width:30%;text-align:right;padding-right:2%;font-weight:bold;} thead th{background-color:#ebebeb;width:25%; }#details-right th{width:20%;} table tr.alt td,table tr.alt th{} .highlight-code{color:#CC0000;font-weight:bold;font-style:italic;} .clear{clear:both;} .preferred{padding:0 5px 2px 5px;font-weight:normal;background:#006633;color:#FFF;font-size:.8em;} --> </style> </head> <body> <div id="content"> <div class="content-container"> <h3>HTTP-Fehler 403.0 - Forbidden</h3> <h4>Sie sind nicht berechtigt, dieses Verzeichnis oder diese Seite anzuzeigen.</h4> </div> <div class="content-container"> <fieldset><h4>Wahrscheinlichste Ursachen:</h4> <ul> <li>Dabei handelt es sich um den generischen Fehler 403. Der Benutzer ist dazu nicht autorisiert, die Seite anzuzeigen.</li> </ul> </fieldset> </div> <div class="content-container"> <fieldset><h4>Mögliche Vorgehensweise:</h4> <ul> <li>Erstellen Sie eine Ablaufverfolgungsregel für Anforderungsfehler für diesen HTTP-Statuscode. Weitere Informationen zum Erstellen von Überwachungsregeln für Anforderungsfehler finden Sie hier. </li> </ul> </fieldset> </div> <div class="content-container"> <fieldset><h4>Detaillierte Fehlerinformationen:</h4> <div id="details-left"> <table border="0" cellpadding="0" cellspacing="0"> <tr class="alt"><th>Modul</th><td> ManagedPipelineHandler</td></tr> <tr><th>Benachrichtigung</th><td> ExecuteRequestHandler</td></tr> <tr class="alt"><th>Handler</th><td> AirSyncHandler</td></tr> <tr><th>Fehlercode</th><td> 0x00000000</td></tr> </table> </div> <div id="details-right"> <table border="0" cellpadding="0" cellspacing="0"> <tr class="alt"><th>Angeforderte URL</th><td> https://servername.domdomäneh1:444/Microsoft-Server-ActiveSync/Proxy/default.eas</td></tr> <tr><th>Physischer Pfad</th><td> C:\Program Files\Microsoft\Exchange Server\V15\ClientAccess\sync\Proxy\default.eas</td></tr> <tr class="alt"><th>Anmeldemethode</th><td> Basic</td></tr> <tr><th>Benutzeranmeldung</th><td> DOMDOMÄNEH1\Administrator</td></tr> </table> <div class="clear"></div> </div> </fieldset> </div> <div class="content-container"> <fieldset><h4>Weitere Informationen:</h4> Der generische Fehler 403 weist darauf hin, dass der authentifizierte Benutzer nicht autorisiert ist, die angeforderte Ressource zu verwenden. Der Grund für den Fehler 403 sollte durch einen Unterstatuscode in den IIS-Protokolldateien angegeben werden. Sammeln Sie mithilfe der genannten Schritte weitere Informationen über die Fehlerquelle, falls kein Unterstatuscode vorhanden ist. <p>Weitere Informationen anzeigen »</p> </fieldset> </div> </div> </body> </html> HTTP Response Headers:
request-id: 99bc0c21-eedb-4204-b27b-81b9e07ca351
X-CalculatedBETarget: servername.domdomäneh1
X-MS-BackOffDuration: L/-470
X-DiagInfo: SERVERNAME
X-BEServer: SERVERNAME
Cache-Control: private
Content-Type: text/html; charset=utf-8
Set-Cookie: ClientId=VSUIXWEC9COFGEWCQQ; expires=Fri, 05-Jan-2018 09:44:46 GMT; path=/; HttpOnly,X-BackEndCookie=S-1-5-21-2289340035-2138575375-3714736036-500=u56Lnp2ejJqBy5vNxs2dx8bSx8nGyNLLm57H0sbIm57Sy5uZmcyZm87Lms3OgYHNz87I0s/N0s/Lq8/GxcvKxc/K; expires=Sat, 04-Feb-2017 09:45:05 GMT; path=/Microsoft-Server-ActiveSync; secure; HttpOnly
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-FEServer: SERVERNAME
Date: Thu, 05 Jan 2017 09:45:05 GMT
Content-Length: 5078
Elapsed Time: 19219 ms.
The Microsoft Connectivity Analyzer is testing Exchange ActiveSync.
The Exchange ActiveSync test failed.
Additional Details
Elapsed Time: 21496 ms.
Test Steps
Attempting the Autodiscover and Exchange ActiveSync test (if requested).
Autodiscover was successfully tested for Exchange ActiveSync.
Additional Details
Test Steps
Attempting each method of contacting the Autodiscover service.
The Autodiscover service was tested successfully.
Additional Details
Test Steps
Attempting to test potential Autodiscover URL https://domäne.ch:443/Autodiscover/Autodiscover.xml
Testing of this potential Autodiscover URL failed.
Additional Details
Test Steps
Attempting to test potential Autodiscover URL https://autodiscover.domäne.ch:443/Autodiscover/Autodiscover.xml
Testing of the Autodiscover URL was successful.
Additional Details
Test Steps
Validating Exchange ActiveSync settings.
Exchange ActiveSync URL https://mail.domäne.ch/Microsoft-Server-ActiveSync was validated successfully.
Additional Details
Attempting to resolve the host name mail.domäne.ch in DNS.
The host name resolved successfully.
Additional Details
Testing TCP port 443 on host mail.domäne.ch to ensure it's listening and open.
The port was opened successfully.
Additional Details
Testing the SSL certificate to make sure it's valid.
The certificate passed all validation requirements.
Additional Details
Test Steps
Checking the IIS configuration for client certificate authentication.
Client certificate authentication wasn't detected.
Additional Details
Testing HTTP Authentication Methods for URL https://mail.domäne.ch/Microsoft-Server-ActiveSync.
The HTTP authentication methods are correct.
Additional Details
An ActiveSync session is being attempted with the server.
Errors were encountered while testing the Exchange ActiveSync session.
Additional Details
Test Steps
Attempting to send the OPTIONS command to the server.
Testing of the OPTIONS command failed. For more information, see Additional Details.
Additional Details
An HTTP 403 forbidden response was received. The response appears to have come from IIS7. Body of the response: <!DOCTYPE html PUBLIC "-W3CDTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>IIS 8.5 Detaillierter Fehler - 403.0 - Forbidden</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana,Arial,Helvetica,sans-serif;} code{margin:0;color:#006600;font-size:1.1em;font-weight:bold;} .config_source code{font-size:.8em;color:#000000;} pre{margin:0;font-size:1.4em;word-wrap:break-word;} ul,ol{margin:10px 0 10px 5px;} ul.first,ol.first{margin-top:5px;} fieldset{padding:0 15px 10px 15px;word-break:break-all;} .summary-container fieldset{padding-bottom:5px;margin-top:4px;} legend.no-expand-all{padding:2px 15px 4px 10px;margin:0 0 0 -12px;} legend{color:#333333;;margin:4px 0 8px -12px;_margin-top:0px; font-weight:bold;font-size:1em;} a:link,a:visited{color:#007EFF;font-weight:bold;} a:hover{text-decoration:none;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.4em;margin:10px 0 0 0;color:#CC0000;} h4{font-size:1.2em;margin:10px 0 5px 0; }#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS",Verdana,sans-serif; color:#FFF;background-color:#5C87B2; }#content{margin:0 0 0 2%;position:relative;} .summary-container,.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} .content-container p{margin:0 0 10px 0; }#details-left{width:35%;float:left;margin-right:2%; }#details-right{width:63%;float:left;overflow:hidden; }#server_version{width:96%;_height:1px;min-height:1px;margin:0 0 5px 0;padding:11px 2% 8px 2%;color:#FFFFFF; background-color:#5A7FA5;border-bottom:1px solid #C1CFDD;border-top:1px solid #4A6C8E;font-weight:normal; font-size:1em;color:#FFF;text-align:right; }#server_version p{margin:5px 0;} table{margin:4px 0 4px 0;width:100%;border:none;} td,th{vertical-align:top;padding:3px 0;text-align:left;font-weight:normal;border:none;} th{width:30%;text-align:right;padding-right:2%;font-weight:bold;} thead th{background-color:#ebebeb;width:25%; }#details-right th{width:20%;} table tr.alt td,table tr.alt th{} .highlight-code{color:#CC0000;font-weight:bold;font-style:italic;} .clear{clear:both;} .preferred{padding:0 5px 2px 5px;font-weight:normal;background:#006633;color:#FFF;font-size:.8em;} --> </style> </head> <body> <div id="content"> <div class="content-container"> <h3>HTTP-Fehler 403.0 - Forbidden</h3> <h4>Sie sind nicht berechtigt, dieses Verzeichnis oder diese Seite anzuzeigen.</h4> </div> <div class="content-container"> <fieldset><h4>Wahrscheinlichste Ursachen:</h4> <ul> <li>Dabei handelt es sich um den generischen Fehler 403. Der Benutzer ist dazu nicht autorisiert, die Seite anzuzeigen.</li> </ul> </fieldset> </div> <div class="content-container"> <fieldset><h4>Mögliche Vorgehensweise:</h4> <ul> <li>Erstellen Sie eine Ablaufverfolgungsregel für Anforderungsfehler für diesen HTTP-Statuscode. Weitere Informationen zum Erstellen von Überwachungsregeln für Anforderungsfehler finden Sie hier. </li> </ul> </fieldset> </div> <div class="content-container"> <fieldset><h4>Detaillierte Fehlerinformationen:</h4> <div id="details-left"> <table border="0" cellpadding="0" cellspacing="0"> <tr class="alt"><th>Modul</th><td> ManagedPipelineHandler</td></tr> <tr><th>Benachrichtigung</th><td> ExecuteRequestHandler</td></tr> <tr class="alt"><th>Handler</th><td> AirSyncHandler</td></tr> <tr><th>Fehlercode</th><td> 0x00000000</td></tr> </table> </div> <div id="details-right"> <table border="0" cellpadding="0" cellspacing="0"> <tr class="alt"><th>Angeforderte URL</th><td> https://servername.domdomäneh1:444/Microsoft-Server-ActiveSync/Proxy/default.eas</td></tr> <tr><th>Physischer Pfad</th><td> C:\Program Files\Microsoft\Exchange Server\V15\ClientAccess\sync\Proxy\default.eas</td></tr> <tr class="alt"><th>Anmeldemethode</th><td> Basic</td></tr> <tr><th>Benutzeranmeldung</th><td> DOMDOMÄNEH1\Administrator</td></tr> </table> <div class="clear"></div> </div> </fieldset> </div> <div class="content-container"> <fieldset><h4>Weitere Informationen:</h4> Der generische Fehler 403 weist darauf hin, dass der authentifizierte Benutzer nicht autorisiert ist, die angeforderte Ressource zu verwenden. Der Grund für den Fehler 403 sollte durch einen Unterstatuscode in den IIS-Protokolldateien angegeben werden. Sammeln Sie mithilfe der genannten Schritte weitere Informationen über die Fehlerquelle, falls kein Unterstatuscode vorhanden ist. <p>Weitere Informationen anzeigen »</p> </fieldset> </div> </div> </body> </html> HTTP Response Headers:
request-id: 99bc0c21-eedb-4204-b27b-81b9e07ca351
X-CalculatedBETarget: servername.domdomäneh1
X-MS-BackOffDuration: L/-470
X-DiagInfo: SERVERNAME
X-BEServer: SERVERNAME
Cache-Control: private
Content-Type: text/html; charset=utf-8
Set-Cookie: ClientId=VSUIXWEC9COFGEWCQQ; expires=Fri, 05-Jan-2018 09:44:46 GMT; path=/; HttpOnly,X-BackEndCookie=S-1-5-21-2289340035-2138575375-3714736036-500=u56Lnp2ejJqBy5vNxs2dx8bSx8nGyNLLm57H0sbIm57Sy5uZmcyZm87Lms3OgYHNz87I0s/N0s/Lq8/GxcvKxc/K; expires=Sat, 04-Feb-2017 09:45:05 GMT; path=/Microsoft-Server-ActiveSync; secure; HttpOnly
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-FEServer: SERVERNAME
Date: Thu, 05 Jan 2017 09:45:05 GMT
Content-Length: 5078
Elapsed Time: 19219 ms.
Attempting to test potential Autodiscover URL https://domäne.ch:443/Autodiscover/Autodiscover.xml <-- sollte doch autodiscover.domäne.ch sein
Nein das ist OK, es gibt mehrere Optionen das einzurichten, der Test probiert diese einfach nacheinander durch, solange eine Methode erfolgreich ist ist dies OK.Ich schätze das SSL-Zertifikat der Backend-Website im IIS wurde nicht aktualisiert.
Habe ich gemacht und den IIS neugestartet, leider kommt der Fehler immernoch.
Hast du das Outlook Profil überhaupt schon mal komplett zurückgesetzt und ein ganz frisches Profil eingerichtet? Wenn du nämlich am Zertifikat und an den URLs geschraubt hast merkt sich Outlook intern bestimmte Dinge und das bringt es durcheinander.
Ja, das Outlookprofil habe ich schon gelöscht und ein neues erstellt.
DOMDOMÄNEH1\Administrator
Öhm du willst dich nicht wirklich mit einem Enterprise-Admin per ActiveSync verbinden?? Denen ist es per Default und aus gutem Grund verboten sich per ActiveSync zu verbinden!!Siehst du ja auch an der Meldung
An HTTP 403 forbidden response was received
Sie sind nicht berechtigt, dieses Verzeichnis oder diese Seite anzuzeigen
Lege also einen "normalen" Domain-User mit Mailbox an und teste mit dem.Sie sind nicht berechtigt, dieses Verzeichnis oder diese Seite anzuzeigen
Exchange ActiveSync Test:
The Microsoft Connectivity Analyzer is testing Exchange ActiveSync.
Exchange ActiveSync was tested successfully.
Additional Details
Test Steps
Attempting the Autodiscover and Exchange ActiveSync test (if requested).
Autodiscover was successfully tested for Exchange ActiveSync.
Additional Details
Test Steps
Attempting each method of contacting the Autodiscover service.
The Autodiscover service was tested successfully.
Additional Details
Test Steps
Attempting to test potential Autodiscover URL https://domäne.ch:443/Autodiscover/Autodiscover.xml
Testing of this potential Autodiscover URL failed.
Additional Details
Test Steps
Attempting to test potential Autodiscover URL https://autodiscover.domäne.ch:443/Autodiscover/Autodiscover.xml
Testing of the Autodiscover URL was successful.
Additional Details
Test Steps
Attempting to resolve the host name autodiscover.domäne.ch in DNS.
The host name resolved successfully.
Additional Details
Testing TCP port 443 on host autodiscover.domäne.ch to ensure it's listening and open.
The port was opened successfully.
Additional Details
Testing the SSL certificate to make sure it's valid.
The certificate passed all validation requirements.
Additional Details
Test Steps
The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server autodiscover.domäne.ch on port 443.
The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
Additional Details
Validating the certificate name.
The certificate name was validated successfully.
Additional Details
Certificate trust is being validated.
The certificate is trusted and all certificates are present in the chain.
Test Steps
The Microsoft Connectivity Analyzer is attempting to build certificate chains for certificate CN=*.domäne.ch, OU=Domain Validated Only.
One or more certificate chains were constructed successfully.
Additional Details
Analyzing the certificate chains for compatibility problems with versions of Windows.
Potential compatibility problems were identified with some versions of Windows.
Additional Details
Testing the certificate date to confirm the certificate is valid.
Date validation passed. The certificate hasn't expired.
Additional Details
Checking the IIS configuration for client certificate authentication.
Client certificate authentication wasn't detected.
Additional Details
Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
The Microsoft Connectivity Analyzer successfully retrieved Autodiscover settings by sending an Autodiscover POST.
Additional Details
Test Steps
Validating Exchange ActiveSync settings.
Exchange ActiveSync URL https://mail.domäne.ch/Microsoft-Server-ActiveSync was validated successfully.
Additional Details
Attempting to resolve the host name mail.domäne.ch in DNS.
The host name resolved successfully.
Additional Details
Testing TCP port 443 on host mail.domäne.ch to ensure it's listening and open.
The port was opened successfully.
Additional Details
Testing the SSL certificate to make sure it's valid.
The certificate passed all validation requirements.
Additional Details
Test Steps
The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server mail.domäne.ch on port 443.
The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
Additional Details
Validating the certificate name.
The certificate name was validated successfully.
Additional Details
Validating certificate trust for Windows Mobile devices.
The certificate is trusted and all certificates are present in the chain.
Test Steps
The Microsoft Connectivity Analyzer is attempting to build certificate chains for certificate CN=*.domäne.ch, OU=Domain Validated Only.
One or more certificate chains were constructed successfully.
Additional Details
Analyzing the certificate chains for compatibility problems with Windows Phone devices.
Potential compatibility problems were identified with some versions of Windows Phone.
Tell me more about this issue and how to resolve it
Additional Details
The Microsoft Connectivity Analyzer is analyzing intermediate certificates sent by the remote server.
All intermediate certificates are present and valid.
Additional Details
Testing the certificate date to confirm the certificate is valid.
Date validation passed. The certificate hasn't expired.
Additional Details
Checking the IIS configuration for client certificate authentication.
Client certificate authentication wasn't detected.
Additional Details
Testing HTTP Authentication Methods for URL https://mail.domäne.ch/Microsoft-Server-ActiveSync.
The HTTP authentication methods are correct.
Additional Details
An ActiveSync session is being attempted with the server.
Testing of an Exchange ActiveSync session completed successfully.
Additional Details
Test Steps
The Microsoft Connectivity Analyzer is testing Exchange ActiveSync.
Exchange ActiveSync was tested successfully.
Additional Details
Test Steps
Attempting the Autodiscover and Exchange ActiveSync test (if requested).
Autodiscover was successfully tested for Exchange ActiveSync.
Additional Details
Test Steps
Attempting each method of contacting the Autodiscover service.
The Autodiscover service was tested successfully.
Additional Details
Test Steps
Attempting to test potential Autodiscover URL https://domäne.ch:443/Autodiscover/Autodiscover.xml
Testing of this potential Autodiscover URL failed.
Additional Details
Test Steps
Attempting to test potential Autodiscover URL https://autodiscover.domäne.ch:443/Autodiscover/Autodiscover.xml
Testing of the Autodiscover URL was successful.
Additional Details
Test Steps
Attempting to resolve the host name autodiscover.domäne.ch in DNS.
The host name resolved successfully.
Additional Details
Testing TCP port 443 on host autodiscover.domäne.ch to ensure it's listening and open.
The port was opened successfully.
Additional Details
Testing the SSL certificate to make sure it's valid.
The certificate passed all validation requirements.
Additional Details
Test Steps
The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server autodiscover.domäne.ch on port 443.
The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
Additional Details
Validating the certificate name.
The certificate name was validated successfully.
Additional Details
Certificate trust is being validated.
The certificate is trusted and all certificates are present in the chain.
Test Steps
The Microsoft Connectivity Analyzer is attempting to build certificate chains for certificate CN=*.domäne.ch, OU=Domain Validated Only.
One or more certificate chains were constructed successfully.
Additional Details
Analyzing the certificate chains for compatibility problems with versions of Windows.
Potential compatibility problems were identified with some versions of Windows.
Additional Details
Testing the certificate date to confirm the certificate is valid.
Date validation passed. The certificate hasn't expired.
Additional Details
Checking the IIS configuration for client certificate authentication.
Client certificate authentication wasn't detected.
Additional Details
Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
The Microsoft Connectivity Analyzer successfully retrieved Autodiscover settings by sending an Autodiscover POST.
Additional Details
Test Steps
Validating Exchange ActiveSync settings.
Exchange ActiveSync URL https://mail.domäne.ch/Microsoft-Server-ActiveSync was validated successfully.
Additional Details
Attempting to resolve the host name mail.domäne.ch in DNS.
The host name resolved successfully.
Additional Details
Testing TCP port 443 on host mail.domäne.ch to ensure it's listening and open.
The port was opened successfully.
Additional Details
Testing the SSL certificate to make sure it's valid.
The certificate passed all validation requirements.
Additional Details
Test Steps
The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server mail.domäne.ch on port 443.
The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
Additional Details
Validating the certificate name.
The certificate name was validated successfully.
Additional Details
Validating certificate trust for Windows Mobile devices.
The certificate is trusted and all certificates are present in the chain.
Test Steps
The Microsoft Connectivity Analyzer is attempting to build certificate chains for certificate CN=*.domäne.ch, OU=Domain Validated Only.
One or more certificate chains were constructed successfully.
Additional Details
Analyzing the certificate chains for compatibility problems with Windows Phone devices.
Potential compatibility problems were identified with some versions of Windows Phone.
Tell me more about this issue and how to resolve it
Additional Details
The Microsoft Connectivity Analyzer is analyzing intermediate certificates sent by the remote server.
All intermediate certificates are present and valid.
Additional Details
Testing the certificate date to confirm the certificate is valid.
Date validation passed. The certificate hasn't expired.
Additional Details
Checking the IIS configuration for client certificate authentication.
Client certificate authentication wasn't detected.
Additional Details
Testing HTTP Authentication Methods for URL https://mail.domäne.ch/Microsoft-Server-ActiveSync.
The HTTP authentication methods are correct.
Additional Details
An ActiveSync session is being attempted with the server.
Testing of an Exchange ActiveSync session completed successfully.
Additional Details
Test Steps
Na also, in dem ist wie du selber siehst alles paletti.
Das Problem ist ja nicht die Verbindung zum Exchange herzustellen.
Sondern der Fehler bei der Automatische Antworten: Ihre Einstellungen für automatische Antworten können nicht angezeigt werden, da der Server zurzeit nicht verfügbar ist.
Und wenn ich ein neues Mail schreiben möchte, steht über der "An" Zeile: Es konnten keine E-Mail-Infos abgerufen werden.
Gruss
Fiffi1
Sondern der Fehler bei der Automatische Antworten: Ihre Einstellungen für automatische Antworten können nicht angezeigt werden, da der Server zurzeit nicht verfügbar ist.
Und wenn ich ein neues Mail schreiben möchte, steht über der "An" Zeile: Es konnten keine E-Mail-Infos abgerufen werden.
Gruss
Fiffi1
Da ist eindeutig ein Zeichen für eine fehlerhaft gesetzte URL. Wie ich oben schon gesagt habe lass das Skript laufen und poste die Ergebnisausgabe, da werden alle URLs nochmal aufgeführt.
Habe dich vorhin Falsch verstanden, habe mit Skript den Link gemeint
Habe jetzt das Skript ausgeführt und denn Server neu gestartet. Es Funktioniert jetzt alles einwandfrei.
Vielen Vielen Dank für deine super Hilfe Ohne dich wäre ich wohl noch Stunden vor dem Problem gehockt.
Gruss
fiffi1
Habe jetzt das Skript ausgeführt und denn Server neu gestartet. Es Funktioniert jetzt alles einwandfrei.
Vielen Vielen Dank für deine super Hilfe
Ohne dich wäre ich wohl noch Stunden vor dem Problem gehockt.Gruss
fiffi1
Zitat von @fiffi1:
Habe dich vorhin Falsch verstanden, habe mit Skript den Link gemeintHabe jetzt das Skript ausgeführt und denn Server neu gestartet. Es Funktioniert jetzt alles einwandfrei.
Alles klar, freut mich Habe dich vorhin Falsch verstanden, habe mit Skript den Link gemeintHabe jetzt das Skript ausgeführt und denn Server neu gestartet. Es Funktioniert jetzt alles einwandfrei.
Vielen Vielen Dank für deine super Hilfe Ohne dich wäre ich wohl noch Stunden vor dem Problem gehockt.
Immer gerne. Dafür sind wir hier da Ohne dich wäre ich wohl noch Stunden vor dem Problem gehockt..Gruß mik
1
