Exch2007 Autodiscover Certificate Issue
- Hi,
I have existing autodiscover site but unfortunately someone missed out the subject when creating generating the certificate on the autodiscover.domain.com . It was only mail.domain.com that was on the certificate.
That is why we got the error when doing the https://autodiscover.domain.com/autodiscover/autodiscover.xml
<?xml version="1.0" encoding="utf-8" ?><ErrorCode>600</ErrorCode><Message>Invalid Request</Message>
Can I just put autodiscover.domain.com in the current certificate or just to hack? Sorry! This is the fastest solution.
I am planning to get another certificate ready but unfortunately I dont want to mess the current production site which uses the old certificate on Outlook Anywhere and OWA.
Can I have 2 website in the Exchange CAS co exist in the current box and installed the correct one certificate and not having to mess the production? Can you give some insight on this. Appreciate it.
The Current Outlook Anywhere, OAB and OWA works fine with Outlook 2003, Outlook 2007 but Out of office and Availability Service (Calendar & Schedule Asst) is missing and "the server is not available..." on Outlook 2007. When i troubleshoot the IIS logs, it was 4xx but i believe it was cerficate that messing the connection drops on the Out of Office.
Thanks for the help.
~ Jodan
Answers
- yes, you are correct. Its the cert missing on the OOF messages. why dont you try a wild card certificate (*.domain.com). This will handle all the request either autodiscover.domain.com or mail.domain.com
Raj- Marked As Answer byJoDanF Monday, November 02, 2009 11:50 PM
I have existing Autodiscover site but unfortunately someone missed out the subject when creating generating the certificate on the autodiscover.domain.com . It was only mail.domain.com that was on the certificate.
Use DNS Service Location (SRV) records to locate the Exchange Autodiscover service
http://support.microsoft.com/kb/940881. You must remove the A or CNAME record for autodiscover.domain.com
from your external DNS, since this lookup will be preformed before the SRV lookup.
This will work with your existing certificate. Availability is depended on Autodiscover. The downside: Windows Mobile 5.x to 6.5 don't handle SRV lookups. Neither does the iPhone, but Entourage 2008 WES and OS X Snow Leopard Mail does :-)
Test it: Exchange Remote connectivity Analyzer
https://www.testexchangeconnectivity.com/
And from Outlook
Configuring Outlook 2007 with Exchange Server 2007
http://www.msexchange.org/articles_tutorials/exchange-server-2007/management-administration/configuring-outlook-2007-exchange-server-2007.html
And you're done.
Jon-Alfred Smith MCTS: Messaging | MCSE: S+M- Unmarked As Answer byJoDanF Monday, November 02, 2009 11:50 PM
- Proposed As Answer byElan ShudnowMVPThursday, October 29, 2009 4:21 PM
- Marked As Answer byAllen SongMSFT, ModeratorMonday, November 02, 2009 8:24 AM
- Marked As Answer byJoDanF Tuesday, November 10, 2009 8:42 AM
The conclusion that "it is the certificate," based on the information you have provided, is not correct. https://autodiscover.domain.com/autodiscover/autodiscover.xml will not work with DNS SRV. And my proposal does work.
With your certificate, this should be the URL for auto-configuration:
https://mail.domain.com/Autodiscover/Autodiscover.xml
That is the way Autodiscover is configured at my job and here at home with SBS 2008. If you don't get this to work, you must have configured your DNS SRV record wrong. In order to verify the setup, do a nslookup (edited):
C:\>nslookup> set type=all
> _autodiscover._tcp.domain.comNon-authoritative answer:
_autodiscover._tcp.domain.com SRV service location:
priority = 0
weight = 0
port = 443
svr hostname = mail.domain.com
The Microsoft Exchange Remote Connectivity Analyzer would display these steps
https://www.testexchangeconnectivity.com/
(1) Attempting to test potential AutoDiscover URL https://domain.com/AutoDiscover/AutoDiscover.xml
Failed testing this potential AutoDiscover URL(2) Attempting to test potential AutoDiscover URL https://autodiscover.domain.com/AutoDiscover/AutoDiscover.xml
Failed testing this potential AutoDiscover URL
(3) Attempting to contact the AutoDiscover service using the HTTP redirect method.
Failed to contact AutoDiscover using the HTTP Redirect method
(4) Attempting to contact the AutoDiscover service using the DNS SRV redirect method.
Successfully contacted AutoDiscover using the DNS SRV redirect method.Details
Attempting to locate SRV record _autodiscover._tcp.domain.com in DNS.
Successfully retrieved AutoDiscover SRV record from DNS.Additional Details
Srv Record returned host: mail.domain.comAttempting to test potential AutoDiscover URL https://mail.domain.com/Autodiscover/Autodiscover.xml
Testing AutoDiscover URL succeeded
MCTS: Messaging | MCSE: S+M | Small Business Specialist- Marked As Answer byJoDanF Tuesday, November 10, 2009 8:41 AM
- Actually I have tried that. Did not work.
https://autodiscover.domain.com/autodiscover/autodiscover.xml
<?xml version="1.0" encoding="utf-8" ?><ErrorCode>600</ErrorCode><Message>Invalid Request</Message>
Still the same issue and Out of office and Availability Service (Calendar & Schedule Asst) is missing and "the server is not available..." on Outlook 2007.
It is the certificate. I have to recreate the certificate. Thanks for the help.- Marked As Answer byJoDanF Monday, November 02, 2009 11:50 PM
All Replies
- yes, you are correct. Its the cert missing on the OOF messages. why dont you try a wild card certificate (*.domain.com). This will handle all the request either autodiscover.domain.com or mail.domain.com
Raj- Marked As Answer byJoDanF Monday, November 02, 2009 11:50 PM
I have existing Autodiscover site but unfortunately someone missed out the subject when creating generating the certificate on the autodiscover.domain.com . It was only mail.domain.com that was on the certificate.
Use DNS Service Location (SRV) records to locate the Exchange Autodiscover service
http://support.microsoft.com/kb/940881. You must remove the A or CNAME record for autodiscover.domain.com
from your external DNS, since this lookup will be preformed before the SRV lookup.
This will work with your existing certificate. Availability is depended on Autodiscover. The downside: Windows Mobile 5.x to 6.5 don't handle SRV lookups. Neither does the iPhone, but Entourage 2008 WES and OS X Snow Leopard Mail does :-)
Test it: Exchange Remote connectivity Analyzer
https://www.testexchangeconnectivity.com/
And from Outlook
Configuring Outlook 2007 with Exchange Server 2007
http://www.msexchange.org/articles_tutorials/exchange-server-2007/management-administration/configuring-outlook-2007-exchange-server-2007.html
And you're done.
Jon-Alfred Smith MCTS: Messaging | MCSE: S+M- Unmarked As Answer byJoDanF Monday, November 02, 2009 11:50 PM
- Proposed As Answer byElan ShudnowMVPThursday, October 29, 2009 4:21 PM
- Marked As Answer byAllen SongMSFT, ModeratorMonday, November 02, 2009 8:24 AM
- Marked As Answer byJoDanF Tuesday, November 10, 2009 8:42 AM
- Actually I have tried that. Did not work.
https://autodiscover.domain.com/autodiscover/autodiscover.xml
<?xml version="1.0" encoding="utf-8" ?><ErrorCode>600</ErrorCode><Message>Invalid Request</Message>
Still the same issue and Out of office and Availability Service (Calendar & Schedule Asst) is missing and "the server is not available..." on Outlook 2007.
It is the certificate. I have to recreate the certificate. Thanks for the help.- Marked As Answer byJoDanF Monday, November 02, 2009 11:50 PM
The conclusion that "it is the certificate," based on the information you have provided, is not correct. https://autodiscover.domain.com/autodiscover/autodiscover.xml will not work with DNS SRV. And my proposal does work.
With your certificate, this should be the URL for auto-configuration:
https://mail.domain.com/Autodiscover/Autodiscover.xml
That is the way Autodiscover is configured at my job and here at home with SBS 2008. If you don't get this to work, you must have configured your DNS SRV record wrong. In order to verify the setup, do a nslookup (edited):
C:\>nslookup> set type=all
> _autodiscover._tcp.domain.comNon-authoritative answer:
_autodiscover._tcp.domain.com SRV service location:
priority = 0
weight = 0
port = 443
svr hostname = mail.domain.com
The Microsoft Exchange Remote Connectivity Analyzer would display these steps
https://www.testexchangeconnectivity.com/
(1) Attempting to test potential AutoDiscover URL https://domain.com/AutoDiscover/AutoDiscover.xml
Failed testing this potential AutoDiscover URL(2) Attempting to test potential AutoDiscover URL https://autodiscover.domain.com/AutoDiscover/AutoDiscover.xml
Failed testing this potential AutoDiscover URL
(3) Attempting to contact the AutoDiscover service using the HTTP redirect method.
Failed to contact AutoDiscover using the HTTP Redirect method
(4) Attempting to contact the AutoDiscover service using the DNS SRV redirect method.
Successfully contacted AutoDiscover using the DNS SRV redirect method.Details
Attempting to locate SRV record _autodiscover._tcp.domain.com in DNS.
Successfully retrieved AutoDiscover SRV record from DNS.Additional Details
Srv Record returned host: mail.domain.comAttempting to test potential AutoDiscover URL https://mail.domain.com/Autodiscover/Autodiscover.xml
Testing AutoDiscover URL succeeded
MCTS: Messaging | MCSE: S+M | Small Business Specialist- Marked As Answer byJoDanF Tuesday, November 10, 2009 8:41 AM
Thanks Guys for the answer.
