none
autodiscover outlook error - encrypted connection to your mail server is not available

    Question

  • 3 Exchange 2010sp1, CA, Hub, Mail (DAG),
    Windows 2008R2

    TMG 2010sp1 with Edge server role

    Remote Connectivity Analyzer for Autodiscover and Outlook Anywhere says "Connectivity Test Successful" but

    when trying to setup a profile in Outlook 2007 & 2010 (entering name, email address, and password) I get an error "An encrypted connection to your mail server is not available." 

    Does anyone have ideas what's going wrong and how to troubleshoot this further?

    Thanks in advance for any help.

    Monday, April 11, 2011 9:04 PM

Answers

  • I opened a support incident with Microsoft for this issue.  Their TMG team had me create an Exchange Publishing rule specifically for Autodiscover.  Previously I had created separate publishing rules for OWA, OA, ActiveSync but not one for AutoDiscover itself.

    The new rule used the same web listener as my other rules.  For AUTHENTICATION DELEGATION, it was set to "No delegation, but client may authenticate directly".  For USERS, it was set to "All Users" NOT "All authenticated Users".

     

    • Marked as answer by Paul Matsune Tuesday, April 26, 2011 9:37 PM
    Tuesday, April 26, 2011 9:37 PM

All replies

  • Just noticed there was an "Test Email AutoConfiguration" tool in Outlook 2010.  I'll see if I can decipher the log results to help further troubleshoot this problem.

    Tuesday, April 12, 2011 2:41 AM
  • Hi pmatsune,

     

    From your description, I understand that when you setup a profile in Outlook 2007 & Outlook 2010 (entering name, email address, and password) you get the error “An encrypted connection to your mail server is not available”. For this issue, I want to clarify the following information:

     

    1.   What is the method that clients connect to Exchange Server, MAPI or Outlook Anywhere?

    2.   How about setup profile on a computer (in the domain).

    3.   Is there any related information in your event log?

     

    Here is a similar thread for you, hope it help:

     

    Outlook to EX 2010 Issue - an encrypted connection is not available

    http://social.technet.microsoft.com/Forums/en-US/exchange2010/thread/98b24066-ba32-4d48-949e-86f1d862427c

     

    Thanks,

     

    Evan Liu

     

    TechNet Subscriber Support in forum

    If you have any feedback on our support, please contact tngfb@microsoft.com  

     


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members read
    Tuesday, April 12, 2011 3:39 PM
  • 1. Outlook Anywhere

    2. I can setup a profile manually on a computer.

    3. I don't see anything in the event log.  When I run the "Test E-mail AutoConfiguration" in Outlook 2010 I see:

    When testing external email address:

    Autodiscover to https://autodiscover.external.name/autodiscover/autodiscover.xml starting
    Autodiscover request completed with http status code 500
    Autodiscover to https://autodiscover.external.name/autodiscover/autodiscover.xml Failed (0x8004005)

    When testing internal email address:

    Autodiscover to https://autodiscover.internal.name/autodiscover/autodiscover.xml starting
    Autodiscover internet timeout against URL https://autodiscover.internal.name/autodiscover/autodiscover.xml
    Autodiscover internet timeout against URL https://autodiscover.internal.name/autodiscover/autodiscover.xml
    Autodiscover to https://autodiscover.internal.name/autodiscover/autodiscover.xml Failed (0x800C8203)

    Wednesday, April 13, 2011 8:19 PM
  • Hi pmatsune,

     

    What happen if you try that URL in a browser?

     

    Please run test-Outlookwebservices |fl command in EMS, and post the result in your next post.

     

    For error “http status code 500” I suggest you follow these steps to check on IIS:

    1) Open IIS

    2) Expend Default web site

    3) Select Autodiscover

    4) Select Content View

    5) Locate Web.config file

    6) Right click on Web.config file and select Edit Permission for "authenticated

    users" and "System"

    7) Now select Security

    8) Uncheck any all the boxes showing under Deny

    9) Also make sure Read & Execute and Read permissions should be allowed for

    "authenticated users" and "System"

     

    Thanks,

     

    Evan Liu

     

    TechNet Subscriber Support in forum

    If you have any feedback on our support, please contact tngfb@microsoft.com  


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Sunday, April 17, 2011 8:05 AM
  • In a web browser using the public domain name, I get a FBA login page from our TMG.  After I login with username and password I get an errorcode 600 response ( which I believe is the expected response).

    From a browser using autodiscover.internal.domain/autodiscover/autodiscover.xml I get a 403 "forbidden" error.  If I use https://servername.internal.domain/autodiscover/autodiscover.xml I get prompted with a "windows security" login box for username and password, I enter my credentials and get the same error code 600 response.

    Checked web.config permissions and they looked okay.

    Here's the output from the test-OutlookWebServices command:

    RunspaceId : 56d1849c-baff-4b08-a801-3b5614dfee29
    Id         : 1019
    Type       : Information
    Message    : A valid Autodiscover service connection point was found. The Autodiscover URL on this object is https://EX
                 CHX1.internal.domain/Autodiscover/Autodiscover.xml.

    RunspaceId : 56d1849c-baff-4b08-a801-3b5614dfee29
    Id         : 1006
    Type       : Information
    Message    : Contacted the Autodiscover service at https://EXCHX1.internal.domain/Autodiscover/Autodiscover.xml.

    RunspaceId : 56d1849c-baff-4b08-a801-3b5614dfee29
    Id         : 1016
    Type       : Information
    Message    : [EXCH] The AS is configured for this user in the Autodiscover response received from https://EXCHX1.internal.domain/Autodiscover/Autodiscover.xml.

    RunspaceId : 56d1849c-baff-4b08-a801-3b5614dfee29
    Id         : 1015
    Type       : Information
    Message    : [EXCH] The OAB is configured for this user in the Autodiscover response received from https://EXCHX1.internal.domain/Autodiscover/Autodiscover.xml.

    RunspaceId : 56d1849c-baff-4b08-a801-3b5614dfee29
    Id         : 1014
    Type       : Information
    Message    : [EXCH] The UM is configured for this user in the Autodiscover response received from https://EXCHX1.internal.domain/Autodiscover/Autodiscover.xml.

    RunspaceId : 56d1849c-baff-4b08-a801-3b5614dfee29
    Id         : 1016
    Type       : Warning
    Message    : [EXPR] The AS is not configured for this user in the AutoDiscover response received from https://EXCHX1.internal.domain/Autodiscover/Autodiscover.xml.

    RunspaceId : 56d1849c-baff-4b08-a801-3b5614dfee29
    Id         : 1015
    Type       : Warning
    Message    : [EXPR] The OAB is not configured for this user in the AutoDiscover response received from https://EXCHX1.internal.domain/Autodiscover/Autodiscover.xml.

    RunspaceId : 56d1849c-baff-4b08-a801-3b5614dfee29
    Id         : 1014
    Type       : Warning
    Message    : [EXPR] The UM is not configured for this user in the AutoDiscover response received from https://EXCHX1.internal.domain/Autodiscover/Autodiscover.xml.

    RunspaceId : 56d1849c-baff-4b08-a801-3b5614dfee29
    Id         : 1022
    Type       : Success
    Message    : Autodiscover was tested successfully.

    RunspaceId : 56d1849c-baff-4b08-a801-3b5614dfee29
    Id         : 1021
    Type       : Information
    Message    : The following web services generated errors: As,Oab,UM in EXPR. Use the previous output to diagnose and correct the errors.

    RunspaceId : 56d1849c-baff-4b08-a801-3b5614dfee29
    Id         : 1024
    Type       : Success
    Message    : [EXCH] Successfully contacted the AS service at https://exchx1.internal.domain/EWS/Exchange.asmx. The elapsed time
                  was 46 milliseconds.

    RunspaceId : 56d1849c-baff-4b08-a801-3b5614dfee29
    Id         : 1026
    Type       : Success
    Message    : [EXCH] Successfully contacted the UM service at https://exchx1.internal.domain/EWS/Exchange.asmx. The elapsed time
                  was 0 milliseconds.

    RunspaceId : 56d1849c-baff-4b08-a801-3b5614dfee29
    Id         : 1124
    Type       : Success
    Message    : [Server] Successfully contacted the AS service at https://exchx1.internal.domain/ews/exchange.asmx. The elapsed time was 546 milliseconds.

    RunspaceId : 56d1849c-baff-4b08-a801-3b5614dfee29
    Id         : 1126
    Type       : Success
    Message    : [Server] Successfully contacted the UM service at https://exchx1.internal.domain/ews/exchange.asmx. The elapsed ti
                 me was 0 milliseconds.

     

     

    Monday, April 18, 2011 7:22 PM
  • I opened a support incident with Microsoft for this issue.  Their TMG team had me create an Exchange Publishing rule specifically for Autodiscover.  Previously I had created separate publishing rules for OWA, OA, ActiveSync but not one for AutoDiscover itself.

    The new rule used the same web listener as my other rules.  For AUTHENTICATION DELEGATION, it was set to "No delegation, but client may authenticate directly".  For USERS, it was set to "All Users" NOT "All authenticated Users".

     

    • Marked as answer by Paul Matsune Tuesday, April 26, 2011 9:37 PM
    Tuesday, April 26, 2011 9:37 PM
  • Hi,

    Can you please elaborate on this a bit more? 

    Do you mean to create a separate publishing rule specifically for autodiscover and then set the following:

    1. Authentication Delegation - No delegation, but client may authenticate directly.

    2. Users - Set to All Users?

    If you can please clarify the above I would appreciate it.  I am having the same issue with Exchange autodiscover through TMG.

    Thanks.

    Thursday, April 12, 2012 9:06 PM
  • Yes, they had me create a separate publishing rule specifically for autodiscover.

    1.  No delegation, but client may authenticate directly

    2.  Users - Set to All Users.

    Thursday, April 12, 2012 10:01 PM
  • 3 Exchange 2010sp1, CA, Hub, Mail (DAG),
    Windows 2008R2

    TMG 2010sp1 with Edge server role

    Remote Connectivity Analyzer for Autodiscover and Outlook Anywhere says "Connectivity Test Successful" but

    when trying to setup a profile in Outlook 2007 & 2010 (entering name, email address, and password) I get an error "An encrypted connection to your mail server is not available." 

    Does anyone have ideas what's going wrong and how to troubleshoot this further?

    Thanks in advance for any help.


    Is this tools is helpful for send encrypted mail with any errors? I used to use it and I think this is the simplest solution for me. Visit http://www.encryptomatic.com/ for details of Email encryption without any errors

    • Edited by Jermy Kilter Thursday, August 16, 2012 4:29 PM Correction
    Thursday, August 16, 2012 4:27 PM
  • Hello, Paul!

    Is there any official articles on Microsoft Support website about this issue?

    Thanks!


    • Edited by VolodymyrM Tuesday, November 13, 2012 1:18 PM additional info
    Tuesday, November 13, 2012 1:11 PM