Thanks you for providing the list an update, Michael. I also want to publicly thank you for all the assistance you provided on this, as well as on a daily basis for this list. You, sir, are a national treasure.
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Michael B. Smith Sent: Wednesday, April 05, 2017 4:55 PM To: exchange@lists.myitforum.com Subject: [Exchange] RE: Shared Calendar/Autodiscover problem So I took this offlist with Bill and we eventually figured it out. A recent change in his environment had set WinHttp\DefaultSecureProtocols to only prefer TLS 1.1 and TLS 1.2 That's a problem because Exchange 2010 only supports TLS 1.0 (when Exchange 2010 was written, even openSSL didn't support TLS 1.1/1.2). So TLS 1.0 was added to WinHttp\DefaultSecureProtocols and now everything is happy. FYI: By default, Exchange 2013 is not configured to support TLS 1.1 or TLS 1.2. Exchange 2016 respects the schannel configuration of the host operating system (which gets a little complicated since Exchange supports LOTS of different protocols!). Current releases of Exchange 2013 and Exchange 2016 can be configured for TLS 1.1 or TLS 1.2. But it requires some careful configuration. That may change this fall. Be aware that if you try to turn off TLS 1.0, you will break connections to large parts of the world-wide email ecosystem. There are still many servers and services that only support TLS 1.0. From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com] On Behalf Of Mayo, Bill Sent: Tuesday, April 4, 2017 2:07 PM To: exchange@lists.myitforum.com<mailto:exchange@lists.myitforum.com> Subject: [Exchange] RE: Shared Calendar/Autodiscover problem I *think* so. I don't really do much with workstations, but I believe they are getting those updates through the regular Windows process. I am personally experiencing the problem, and I looked at each cert in the chain through IE. Each level indicates "This certificate is OK". From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com] On Behalf Of Michael B. Smith Sent: Tuesday, April 04, 2017 1:51 PM To: exchange@lists.myitforum.com<mailto:exchange@lists.myitforum.com> Subject: [Exchange] RE: Shared Calendar/Autodiscover problem Do you have all intermediates in the certificate chain distributed to all client computers? From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com] On Behalf Of Mayo, Bill Sent: Tuesday, April 4, 2017 1:24 PM To: exchange@lists.myitforum.com<mailto:exchange@lists.myitforum.com> Subject: [Exchange] RE: Shared Calendar/Autodiscover problem It is taking like 30 minutes for messages sent to the list to come back to me. Don't know if that is just me or what. Anyway... 12175 seems to be related to a certificate issue. However, the certificates all look good, and are trusted by IE if I manually put in the path to the XML. We did renew our certificate about 2 months ago, but this has been in place a while and I don't know why it would cause a problem at this point. I did previously check and make sure no certificates in Exchange did not show up as expired, and they don't. The only other thing I see here is that when I run "Test-OutlookWebServices" on a CAS, I do see a warning message that the name of the actual CAS server is not on the certificate. I can't honestly remember if the server names were on the old certificate, but I did use the wizard to generate the CRL. I am really stumped. From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com] On Behalf Of Mayo, Bill Sent: Tuesday, April 04, 2017 1:01 PM To: exchange@lists.myitforum.com<mailto:exchange@lists.myitforum.com> Subject: [Exchange] RE: Shared Calendar/Autodiscover problem For both a failing user and successful user, exrca.com indicates a successful test. FWIW, here is some additional information from troubleshooting since I initially sent the message. 1) I downloaded and ran "autodiscovertest.exe"; I don't see any error messages there on the same computer/user for which I get a failure for Outlook. 2) I turned on Outlook logging and in addition to the "0x80072ef3" error, I note the additional message preceding that error is "GetLastError=12175; httpStatus=0." 3) Logging on with different accounts and onto different computers, it does not appear to be specifically following a user or computer. An account without the problem logged onto a different computer and had the problem there. An affected account logged onto the computer where the unaffected user did not have a problem, and still had the problem there. From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com] On Behalf Of Michael B. Smith Sent: Tuesday, April 04, 2017 12:06 PM To: exchange@lists.myitforum.com<mailto:exchange@lists.myitforum.com> Subject: [Exchange] RE: Shared Calendar/Autodiscover problem I've not (yet, anyway) heard of a growing problem with the recent updates. What does exrca.com say for both a failing user and a successful user? From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com] On Behalf Of Mayo, Bill Sent: Tuesday, April 4, 2017 11:00 AM To: exchange@lists.myitforum.com<mailto:exchange@lists.myitforum.com> Subject: [Exchange] Shared Calendar/Autodiscover problem This morning we started getting calls about people unable to view information on shared calendars with a message of "no connection". Tested via OWA and the information is accessible. Did a lot of googling and found suggestions that it was tied to autodiscover. Tested autodiscover on a computer with the problem and it fails with an error 0x80072ef3. However, we have at least one computer where there is no problem with the calendars and autodiscover is working. I did a "Test-OutlookWebServices" on both CAS servers and that seems to be reporting OK. The only thing that I know of that is different with the computer that doesn't have a problem is that it hasn't had the same updates applied as a computer with the problem (it hasn't applied the last cycle). We also just received a report about a problem setting out of office, which I think also ties into autodiscover. We are on Exchange 2010 and Outlook 2010. Two CAS servers in an NLB, and they have both been rebooted. Any help or pointers would be appreciated. Bill Mayo
