Benachrichtigungen
Alles löschen
Exchange Server 2019
2 Beiträge
2 Benutzer
0 Reaktionen
5,198 Ansichten
Themenstarter 6. November 2019 21:20
Hallo,
benötige eure Hilfe. Ich kann keine Mails über Mobilgeräte abrufen. Test mit Microsoft Support and Recovery Assistant ergab folgendes:
The Microsoft Connectivity Analyzer is testing Exchange ActiveSync.
The Exchange ActiveSync test failed.
Additional Details
Elapsed Time: 4203 ms.
Test Steps
Attempting the Autodiscover and Exchange ActiveSync test (if requested).
Autodiscover was successfully tested for Exchange ActiveSync.
Additional Details
Elapsed Time: 2401 ms.
Test Steps
Attempting each method of contacting the Autodiscover service.
The Autodiscover service was tested successfully.
Additional Details
Elapsed Time: 2401 ms.
Test Steps
Attempting to test potential Autodiscover URL https://MeineDomain.de:443/Autodiscover/Autodiscover.xml
Testing of this potential Autodiscover URL failed.
Additional Details
Elapsed Time: 440 ms.
Test Steps
Attempting to resolve the host name MeineDomain.de in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 217.160.122.40, 2001:8d8:1000:b0c7:82e1:603:a43a:f823
Elapsed Time: 27 ms.
Testing TCP port 443 on host MeineDomain.de to ensure it's listening and open.
The port was opened successfully.
Additional Details
Elapsed Time: 128 ms.
Testing the SSL certificate to make sure it's valid.
The SSL certificate failed one or more certificate validation checks.
Additional Details
Elapsed Time: 283 ms.
Test Steps
The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server MeineDomain.de on port 443.
The Microsoft Connectivity Analyzer wasn't able to obtain the remote SSL certificate.
Additional Details
The SSL certificate failed validation for an unknown reason .
Elapsed Time: 237 ms.
Attempting to test potential Autodiscover URL https://autodiscover.MeineDomain.de:443/Autodiscover/Autodiscover.xml
Testing of the Autodiscover URL was successful.
Additional Details
Elapsed Time: 1961 ms.
Test Steps
Attempting to resolve the host name autodiscover.MeineDomain.de in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 217.89.181.11
Elapsed Time: 11 ms.
Testing TCP port 443 on host autodiscover.MeineDomain.de to ensure it's listening and open.
The port was opened successfully.
Additional Details
Elapsed Time: 134 ms.
Testing the SSL certificate to make sure it's valid.
The certificate passed all validation requirements.
Additional Details
Elapsed Time: 291 ms.
Test Steps
The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server autodiscover.MeineDomain.de on port 443.
The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
Additional Details
Remote Certificate Subject: CN=husmail.MeineDomain.de, Issuer: CN=GeoTrust TLS RSA CA G1, OU=www.digicert.com, O=DigiCert Inc, C=US.
Elapsed Time: 238 ms.
Validating the certificate name.
The certificate name was validated successfully.
Additional Details
Host name autodiscover.MeineDomain.de was found in the Certificate Subject Alternative Name entry.
Elapsed Time: 0 ms.
Certificate trust is being validated.
The certificate is trusted and all certificates are present in the chain.
Test Steps
The Microsoft Connectivity Analyzer is attempting to build certificate chains for certificate CN=husmail.MeineDomain.de.
One or more certificate chains were constructed successfully.
Additional Details
A total of 1 chains were built. The highest quality chain ends in root certificate CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US.
Elapsed Time: 24 ms.
Analyzing the certificate chains for compatibility problems with versions of Windows.
Potential compatibility problems were identified with some versions of Windows.
Additional Details
The Microsoft Connectivity Analyzer can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the "Update Root Certificates" feature isn't enabled.
Elapsed Time: 1 ms.
Testing the certificate date to confirm the certificate is valid.
Date validation passed. The certificate hasn't expired.
Additional Details
The certificate is valid. NotBefore = 10/8/2019 12:00:00 AM, NotAfter = 10/7/2021 12:00:00 PM
Elapsed Time: 0 ms.
Checking the IIS configuration for client certificate authentication.
Client certificate authentication wasn't detected.
Additional Details
Accept/Require Client Certificates isn't configured.
Elapsed Time: 488 ms.
Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
The Microsoft Connectivity Analyzer successfully retrieved Autodiscover settings by sending an Autodiscover POST.
Additional Details
Elapsed Time: 1034 ms.
Test Steps
The Microsoft Connectivity Analyzer is attempting to retrieve an XML Autodiscover response from URL https://autodiscover.MeineDomain.de:443/Autodiscover/Autodiscover.xml for user ulrich.szember@MeineDomain.de.
The Autodiscover XML response was successfully retrieved.
Additional Details
Autodiscover Account Settings XML response: <?xml version="1.0"?> <Autodiscover xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006"> <Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/mobilesync/responseschema/2006"> <Culture>en:us</Culture> <User> <DisplayName>USzember</DisplayName> <EMailAddress>Ulrich.Szember@MeineDomain.de</EMailAddress> </User> <Action> <Settings> <Server> <Type>MobileSync</Type> <Url> https://husmail.MeineDomain.de/Microsoft-Server-ActiveSync</Url> <Name> https://husmail.MeineDomain.de/Microsoft-Server-ActiveSync</Name> </Server> </Settings> </Action> </Response> </Autodiscover> HTTP Response Headers: request-id: 7c670f4f-c3a3-473d-a33f-2f80879b0342 X-CalculatedBETarget: husex1.MeineDomain.de X-DiagInfo: HUSEX1 X-BEServer: HUSEX1 Persistent-Auth: true X-FEServer: HUSEX1 Content-Length: 753 Cache-Control: private Content-Type: text/xml; charset=utf-8 Date: Wed, 06 Nov 2019 20:14:20 GMT Set-Cookie: X-BackEndCookie=S-1-5-21-3255514759-1941023087-2716913136-1646=u56Lnp2ejJqBm5vJz8fGxsvSxsiZy9LLysfI0sady8rSmprGy53OzJuZz8uagYHNz87G0s7N0s/Jq83Pxc7Lxc3PgZeQjYyLkp6RkdKMnJeIno2F0Zuagc8=; expires=Fri, 06-Dec-2019 20:14:20 GMT; path=/Autodiscover; secure; HttpOnly Server: Microsoft-IIS/10.0 X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET
Elapsed Time: 1034 ms.
Validating Exchange ActiveSync settings.
Exchange ActiveSync URL https://husmail.MeineDomain.de/Microsoft-Server-ActiveSync was validated successfully.
Additional Details
Elapsed Time: 0 ms.
Attempting to resolve the host name husmail.MeineDomain.de in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 217.89.181.11, 2001:8d8:1000:b0c7:82e1:603:a43a:f823
Elapsed Time: 10 ms.
Testing TCP port 443 on host husmail.MeineDomain.de to ensure it's listening and open.
The port was opened successfully.
Additional Details
Elapsed Time: 133 ms.
Testing the SSL certificate to make sure it's valid.
The certificate passed all validation requirements.
Additional Details
Elapsed Time: 298 ms.
Test Steps
The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server husmail.MeineDomain.de on port 443.
The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
Additional Details
Remote Certificate Subject: CN=husmail.MeineDomain.de, Issuer: CN=GeoTrust TLS RSA CA G1, OU=www.digicert.com, O=DigiCert Inc, C=US.
Elapsed Time: 238 ms.
Validating the certificate name.
The certificate name was validated successfully.
Additional Details
Host name husmail.MeineDomain.de was found in the Certificate Subject Common name.
Elapsed Time: 0 ms.
Validating certificate trust for Windows Mobile devices.
The certificate is trusted and all certificates are present in the chain.
Test Steps
The Microsoft Connectivity Analyzer is attempting to build certificate chains for certificate CN=husmail.MeineDomain.de.
One or more certificate chains were constructed successfully.
Additional Details
A total of 1 chains were built. The highest quality chain ends in root certificate CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US.
Elapsed Time: 22 ms.
Analyzing the certificate chains for compatibility problems with Windows Phone devices.
Potential compatibility problems were identified with some versions of Windows Phone.
Additional Details
The certificate is not trusted on any version of Windows Phone device. Root = CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US
Elapsed Time: 5 ms.
The Microsoft Connectivity Analyzer is analyzing intermediate certificates sent by the remote server.
All intermediate certificates are present and valid.
Additional Details
All intermediate certificates were present and valid.
Elapsed Time: 0 ms.
Testing the certificate date to confirm the certificate is valid.
Date validation passed. The certificate hasn't expired.
Additional Details
The certificate is valid. NotBefore = 10/8/2019 12:00:00 AM, NotAfter = 10/7/2021 12:00:00 PM
Elapsed Time: 0 ms.
Checking the IIS configuration for client certificate authentication.
Client certificate authentication wasn't detected.
Additional Details
Accept/Require Client Certificates isn't configured.
Elapsed Time: 482 ms.
Testing HTTP Authentication Methods for URL https://husmail.MeineDomain.de/Microsoft-Server-ActiveSync.
The test passed with some warnings encountered. Please expand the additional details.
Additional Details
The following authentication methods are enabled, but they aren't allowed authentication methods for this service. Methods: Negotiate, NTLM HTTP Response Headers: request-id: 715a81d8-d975-455b-bcf1-db0c4f4b81a8 Server: Microsoft-IIS/10.0 WWW-Authenticate: Negotiate,NTLM,Basic realm="husmail.MeineDomain.de" X-Powered-By: ASP.NET X-FEServer: HUSEX1 Date: Wed, 06 Nov 2019 20:14:22 GMT Content-Length: 0
Elapsed Time: 358 ms.
An ActiveSync session is being attempted with the server.
Errors were encountered while testing the Exchange ActiveSync session.
Additional Details
Elapsed Time: 518 ms.
Test Steps
Attempting to send the OPTIONS command to the server.
Testing of the OPTIONS command failed. For more information, see Additional Details.
Additional Details
An HTTP 500 response was returned from Unknown. HTTP Response Headers: request-id: 47c42f59-3493-489e-80a7-96051a59e734 X-CalculatedBETarget: husex1.MeineDomain.de X-DiagInfo: HUSEX1 X-BEServer: HUSEX1 Persistent-Auth: true X-FEServer: HUSEX1 Content-Length: 3484 Cache-Control: private Content-Type: text/html; charset=utf-8 Date: Wed, 06 Nov 2019 20:14:22 GMT Set-Cookie: X-BackEndCookie=S-1-5-21-3255514759-1941023087-2716913136-1646=u56Lnp2ejJqBm5vJz8fGxsvSxsiZy9LLysfI0sady8rSmprGy53OzJuZz8uagYHNz87G0s7N0s/Jq83Pxc7Lxc3N; expires=Fri, 06-Dec-2019 20:14:22 GMT; path=/Microsoft-Server-ActiveSync; secure; HttpOnly Server: Microsoft-IIS/10.0 X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET
Elapsed Time: 518 ms.
Microsoft Support and Recovery Assistant Microsoft Support
9. November 2019 19:43
Hi,
du probierst das aber nicht zufällig mit einem Admin User?
Wenn ja, wirds an der unterbrochenen Vererbung liegen. Siehe dazu hier:
Und nein, nur den Haken wieder rein machen hilft nicht lange, da RBAC greift. Teste es am besten mit einem StiNo (stinknormalen) User
Gruß,
Monthy
