Repair Out of Office Messaging in Exchange 2007

For the longest time, my users have complained that they cannot use the Out of Office Assistant in Outlook 2007 with Exchange 2007 as the backend server.  It damn near took a voodoo ceremony with water never run through a pipe, the head of a brown chicken and a pentagram drawn on the floor with an iron based nail polish, but I finally found a solution to the problem.


The problem is with neither Exchange 2007 nor Outlook 2007, but seems to only affect this combination.  The problem is actually with Windows Server 2003 Service Pack 1 and Windows XP Service Pack 2 or later.  You can research the issue all day without finding out the solution unless you creatively link through sub-issues found on Google.  Windows XP SP2 and Windows Server 2003 SP1 include a loopback check security feature that is designed to help prevent reflection attacks on your computer. Therefore, authentication fails if the FQDN or the custom host header that you use does not match the local computer name.

This fix does not need to be applied on all clients and servers.  It only needs to be performed on the server hosting the Exchange 2007 organization.  Details of the problem can be found at http://support.microsoft.com/default.aspx?scid=kb;EN-US;896861.  Method 2 is what worked for me with the least amount of effort.  Those instructions are below.

To specify the host names that are mapped to the loopback address and can connect to Web sites on your computer, follow these steps:

  1. Click Start, click Run, type regedit, and then click OK.
  2. In Registry Editor, locate and then click the following registry key:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0

  3. Right-click MSV1_0, point to New, and then click Multi-String Value.
  4. Type BackConnectionHostNames, and then press ENTER.
  5. Right-click BackConnectionHostNames, and then click Modify.
  6. In the Value data box, type the host name or the host names for the sites that are on the local computer, and then click OK.
  7. Quit Registry Editor, and then restart the IISAdmin service.