locked
Configure Autodiscover for Secondary Domain RRS feed

  • Question

  • Hi Folks,

    We currently have an on premises Exchange 2007 SP3 server which is hosting two domains for our business, com.au and co.nz

    Presently I'm trying to migrate our mailboxes to Office 365, however the migration has highlighted that an issue with autodiscover in that it hasn't been configured for the co.nz domain. I have added a DNS record autodiscover.mydomain.co.nz

    The following is the results of EXRCA

    The Microsoft Connectivity Analyzer is attempting to test Autodiscover for auser@mydomain.co.nz.

    Testing Autodiscover failed.

    Additional Details

    Elapsed Time: 6865 ms.

    Test Steps

    Attempting each method of contacting the Autodiscover service.

    The Autodiscover service couldn't be contacted successfully by any method.

    Additional Details

    Elapsed Time: 6864 ms.

    Test Steps

    Attempting to test potential Autodiscover URL mydomain.co.nz/.../AutoDiscover.xml

    Testing of this potential Autodiscover URL failed.

    Additional Details

    Elapsed Time: 2457 ms.

    Test Steps

    Attempting to resolve the host name mydomain.co.nz in DNS.

    The host name resolved successfully.

    Additional Details

    IP addresses returned: 125.255.112.X

    Elapsed Time: 853 ms.

    Testing TCP port 443 on host mydomain.co.nz to ensure it's listening and open.

    The port was opened successfully.

    Additional Details

    Elapsed Time: 571 ms.

    Testing the SSL certificate to make sure it's valid.

    The SSL certificate failed one or more certificate validation checks.

    Additional Details

    Elapsed Time: 1032 ms.

    Test Steps

    The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server mydomain.co.nz on port 443.

    The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.

    Additional Details

    Remote Certificate Subject: CN=mail.mydomain.com.au, O=MYDOMAIN SYSTEMS PTY LTD, L=Sydney, S=NSW, C=AU, Issuer: CN=DigiCert Secure Server CA, O=DigiCert Inc, C=US.

    Elapsed Time: 961 ms.

    Validating the certificate name.

    Certificate name validation failed.

     Tell me more about this issue and how to resolve it

    Additional Details

    Host name mydomain.co.nz doesn't match any name found on the server certificate CN=mail.mydomain.com.au, O=MYDOMAIN SYSTEMS PTY LTD, L=Crows Nest, S=NSW, C=AU.

    Elapsed Time: 1 ms.

    Attempting to test potential Autodiscover URL autodiscover.mydomain.co.nz/.../AutoDiscover.xml

    Testing of this potential Autodiscover URL failed.

    Additional Details

    Elapsed Time: 2848 ms.

    Test Steps

    Attempting to resolve the host name autodiscover.mydomain.co.nz in DNS.

    The host name resolved successfully.

    Additional Details

    IP addresses returned: 125.255.112.X

    Elapsed Time: 1110 ms.

    Testing TCP port 443 on host autodiscover.mydomain.co.nz to ensure it's listening and open.

    The port was opened successfully.

    Additional Details

    Elapsed Time: 748 ms.

    Testing the SSL certificate to make sure it's valid.

    The SSL certificate failed one or more certificate validation checks.

    Additional Details

    Elapsed Time: 989 ms.

    Test Steps

    The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server autodiscover.mydomain.co.nz on port 443.

    The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.

    Additional Details

    Remote Certificate Subject: CN=mail.mydomain.com.au, O=MYDOMAIN SYSTEMS PTY LTD, L=Crows Nest, S=NSW, C=AU, Issuer: CN=DigiCert Secure Server CA, O=DigiCert Inc, C=US.

    Elapsed Time: 934 ms.

    Validating the certificate name.

    Certificate name validation failed.

     Tell me more about this issue and how to resolve it

    Additional Details

    Host name autodiscover.mydomain.co.nz doesn't match any name found on the server certificate CN=mail.mydomain.com.au, O=MYDOMAIN SYSTEMS PTY LTD, L=Crows Nest, S=NSW, C=AU.

    Elapsed Time: 1 ms.

    Attempting to contact the Autodiscover service using the HTTP redirect method.

    The attempt to contact Autodiscover using the HTTP Redirect method failed.

    Additional Details

    Elapsed Time: 811 ms.

    Test Steps

    Attempting to resolve the host name autodiscover.mydomain.co.nz in DNS.

    The host name resolved successfully.

    Additional Details

    IP addresses returned: 125.255.112.X

    Elapsed Time: 30 ms.

    Testing TCP port 80 on host autodiscover.mydomain.co.nz to ensure it's listening and open.

    The port was opened successfully.

    Additional Details

    Elapsed Time: 281 ms.

    The Microsoft Connectivity Analyzer is checking the host autodiscover.mydomain.co.nz for an HTTP redirect to the Autodiscover service.

    The Microsoft Connectivity Analyzer failed to get an HTTP redirect response for Autodiscover.

    Additional Details

    An HTTP 403 forbidden response was received. The response appears to have come from Unknown. Body of the response: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "www.w3.org/.../strict.dtd">< html><head>< meta http-equiv="Content-Type" content="text/html; charset=utf-8">< title>ERROR: The requested URL could not be retrieved</title>< style type="text/css"><!-- /* Stylesheet for Squid Error pages Adapted from design by Free CSS Templates www.freecsstemplates.org Released for free under a Creative Commons Attribution 2.5 License */ /* Page basics */ * { font-family: verdana, sans-serif; } html body { margin: 0; padding: 0; background: #efefef; font-size: 12px; color: #1e1e1e; } /* Page displayed title area */ #titles { margin-left: 15px; padding: 10px; padding-left: 100px; background: url('') no-repeat left; } /* initial title */ #titles h1 { color: #000000; } #titles h2 { color: #000000; } /* special event: FTP success page titles */ #titles ftpsuccess { background-color:#00ff00; width:100%; } /* Page displayed body content area */ #content { padding: 10px; background: #ffffff; } /* General text */ p { } /* error brief description */ #error p { } /* some data which may have caused the problem */ #data { } /* the error message received from the system or other software */ #sysmsg { } pre { font-family:sans-serif; } /* special event: FTP / Gopher directory listing */ #dirmsg { font-family: courier; color: black; font-size: 10pt; } #dirlisting { margin-left: 2%; margin-right: 2%; } #dirlisting tr.entry td.icon,td.filename,td.size,td.date { border-bottom: groove; } #dirlisting td.size { width: 50px; text-align: right; padding-right: 5px; } /* horizontal lines */ hr { margin: 0; } /* page displayed footer area */ #footer { font-size: 9px; padding-left: 10px; } body :lang(fa) { direction: rtl; font-size: 100%; font-family: Tahoma, Roya, sans-serif; float: right; } :lang(he) { direction: rtl; float: right; } --></style>< /head><body>< div id="titles">< h1>ERROR</h1>< h2>The requested URL could not be retrieved</h2>< /div>< hr>< div id="content">< p>The following error was encountered while trying to retrieve the URL: <a href="autodiscover.mydomain.co.nz/.../p>< blockquote id="error">< p><b>Access Denied.</b></p>< /blockquote>< p>Access control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect.</p>< p>Your cache administrator is <a href="mailto:webmaster?subject=CacheErrorInfo%20-%20ERR_ACCESS_DENIED&body=CacheHost%3A%20mydomain.com%0D%0AErrPage%3A%20ERR_ACCESS_DENIED%0D%0AErr%3A%20%5Bnone%5D%0D%0ATimeStamp%3A%20Fri,%2007%20Mar%202014%2001%3A16%3A18%20GMT%0D%0A%0D%0AClientIP%3A%20157.56.138.143%0D%0A%0D%0AHTTP%20Request%3A%0D%0AGET%20%2FAutodiscover%2FAutodiscover.xml%20HTTP%2F1.1%0AContent-Type%3A%20text%2Fxml%0D%0AUser-Agent%3A%20Microsoft%20Office%2F15.0%20(Windows%20NT%206.2%3B%20Microsoft%20Outlook%2015.0.4535%3B%20Pro%3B%20MS%20Connectivity%20Analyzer)%0D%0AHost%3A%20autodiscover.mydomain.co.nz%0D%0ACache-Control%3A%20no-store,no-cache%0D%0APragma%3A%20no-cache%0D%0AConnection%3A%20Keep-Alive%0D%0A%0D%0A%0D%0A">webmaster</a>.</p>< br>< /div>< hr>< div id="footer">< p>Generated Fri, 07 Mar 2014 01:16:18 GMT by mydomain.com (squid/3.1.6)</p>< !-- ERR_ACCESS_DENIED --></div>< /body></html>

    Headers received:

    Mime-Version: 1.0

    X-Squid-Error: ERR_ACCESS_DENIED 0

    Vary: Accept-Language

    Content-Language: en

    X-Cache: MISS from mydomain.com

    X-Cache-Lookup: NONE from mydomain.com:80

    Connection: keep-alive

    Content-Length: 3472

    Content-Type: text/html

    Date: Fri, 07 Mar 2014 01:16:18 GMT

    Server: squid/3.1.6

    Via: 1.0 mydomain.com (squid/3.1.6)

    HTTP Response Headers:

    Mime-Version: 1.0

    X-Squid-Error: ERR_ACCESS_DENIED 0

    Vary: Accept-Language

    Content-Language: en

    X-Cache: MISS from mydomain.com

    X-Cache-Lookup: NONE from mydomain.com:80

    Connection: keep-alive

    Content-Length: 3472

    Content-Type: text/html

    Date: Fri, 07 Mar 2014 01:16:18 GMT

    Server: squid/3.1.6

    Via: 1.0 mydomain.com (squid/3.1.6)

    Elapsed Time: 499 ms.

    Attempting to contact the Autodiscover service using the DNS SRV redirect method.

    The Microsoft Connectivity Analyzer failed to contact the Autodiscover service using the DNS SRV redirect method.

    Additional Details

    Elapsed Time: 256 ms.

    Test Steps

    Attempting to locate SRV record _autodiscover._tcp.mydomain.co.nz in DNS.

    The Autodiscover SRV record wasn't found in DNS.

     Tell me more about this issue and how to resolve it

    Additional Details

    Elapsed Time: 256 ms.

    Checking if there is an autodiscover CNAME record in DNS for your domain 'mydomain.co.nz' for Office 365.

    Failed to validate autodiscover CNAME record in DNS. If your mailbox isn't in Office 365, you can ignore this warning.

     Tell me more about this issue and how to resolve it

    Additional Details

    There is no Autodiscover CNAME record for your domain 'mydomain.co.nz'.

    Elapsed Time: 490 ms.

    Advice Welcomed thanks,

    Adam

    Sunday, March 9, 2014 8:52 PM

Answers

  • Hi Ed,

    Thanks for your reply. I have fixed this by adding the NZ domains to my SANS certificate and adding a SRV record to my DNS.

    Thanks.

    Adam

    • Proposed as answer by Angela Shi Wednesday, March 12, 2014 9:56 AM
    • Marked as answer by Agilbert2003 Wednesday, March 12, 2014 8:45 PM
    Monday, March 10, 2014 9:28 AM

All replies

  • Did you read the output and try to understand it?

    Do you have an Internet DNS record for autodiscover.mydomain.co.nz?

    Post your real domain name and we can look.  It's hard to help when you obfuscate the output.


    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

    Monday, March 10, 2014 12:04 AM
  • Hi Ed,

    Thanks for your reply. I have fixed this by adding the NZ domains to my SANS certificate and adding a SRV record to my DNS.

    Thanks.

    Adam

    • Proposed as answer by Angela Shi Wednesday, March 12, 2014 9:56 AM
    • Marked as answer by Agilbert2003 Wednesday, March 12, 2014 8:45 PM
    Monday, March 10, 2014 9:28 AM