locked
Issues with Autodiscover RRS feed

  • Question

  •                                            

    Hello,


    We are having an issue with Autodiscover. When clients connect, they are getting cert errors as well as a message about autodiscover re-direction. We can click past all of this and it allows mailflow, but is preventing out of office, and the constant pop-ups are very annoying and frustrating for our users.

    Here is a print out of the Web Services Direcroty information. We changed the internal URI and have a DNS zone internally. This was for SSL reasons.


    [PS] C:\Windows\system32>Get-WebServicesVirtualDirectory | fl identity, *ur


    Identity : server\EWS (Default Web Site)
    InternalNLBBypassUrl : https://server/ews/exchange.asmx
    InternalUrl : https://mail.domain.com.com/EWS/Exchange.asmx
    ExternalUrl : https://mail.domain.com.com/EWS/Exchange.asmx



    [PS] C:\Windows\system32>Get-ClientAccessServer |fl identity,autodiscoverservice
    internaluri


    Identity : SERVER
    AutoDiscoverServiceInternalUri : https://mail.domain.com/autodiscover/autodiscover.xml

    We are using a SRV record for autodiscover and belive it to be setup correctly.

    We are getting a popup saying: "Allow this website to configure user@domain.com server settings?, Your account was redirected to this website for settings. You should only allow settings from sources you know and trust"

    Test exchange connectivity passes with warnings.

    Here is the output from a Exchange connectivity autodiscover test.

    ExRCA is attempting to test Autodiscover for user@domain.com.
    Autodiscover was tested successfully.

    Test Steps

    Attempting each method of contacting the Autodiscover service.
    The Autodiscover service was tested successfully.

    Test Steps

    Attempting to test potential Autodiscover URL https://domain.com/AutoDiscover/AutoDiscover.xml
    Testing of this potential Autodiscover URL failed.

    Test Steps
    Attempting to test potential Autodiscover URL https://autodiscover.domain.com/AutoDiscover/AutoDiscover.xml
    Testing of this potential Autodiscover URL failed.

    Test Steps
    Attempting to contact the Autodiscover service using the HTTP redirect method.
    The attempt to contact Autodiscover using the HTTP Redirect method failed.

    Test Steps
    Attempting to contact the Autodiscover service using the DNS SRV redirect method.
    ExRCA successfully contacted the Autodiscover service using the DNS SRV redirect method.

    Test Steps

    Attempting to locate SRV record _autodiscover._tcp.domain.com in DNS.
    The Autodiscover SRV record was successfully retrieved from DNS.

    Additional Details
    Attempting to test potential Autodiscover URL https://mail.domain.com/Autodiscover/Autodiscover.xml
    Testing of the Autodiscover URL was successful.

    Test Steps

    Attempting to resolve the host name mail.domain.com in DNS.
    The host name resolved successfully.

    Additional Details
    Testing TCP port 443 on host mail.domain.com to ensure it's listening and open.
    The port was opened successfully.
    Testing the SSL certificate to make sure it's valid.
    The certificate passed all validation requirements.

    Test Steps

    ExRCA is attempting to obtain the SSL certificate from remote server mail.domain.com on port 443.
    ExRCA successfully obtained the remote SSL certificate.

    Additional Details
    Validating the certificate name.
    The certificate name was validated successfully.

    Additional Details
    Certificate trust is being validated.
    The certificate is trusted and all certificates are present in the chain.

    Test Steps

    ExRCA is attempting to build certificate chains for certificate CN=mail.domain.com, OU=Domain Control Validated.
    One or more certificate chains were constructed successfully.

    Additional Details
    Analyzing the certificate chains for compatibility problems with versions of Windows.
    Potential compatibility problems were identified with some versions of Windows.

    Additional Details
    ExRCA can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the "Update Root Certificates" feature isn't enabled.
    Testing the certificate date to confirm the certificate is valid.
    Date validation passed. The certificate hasn't expired.

    Additional Details
    Checking the IIS configuration for client certificate authentication.
    Client certificate authentication wasn't detected.

    Additional Details
    Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
    ExRCA successfully retrieved Autodiscover settings by sending an Autodiscover POST.

    Any information that could point us in the right direction is appreciated.

    Monday, May 6, 2013 3:05 PM

All replies

  • Hello,

    From the result, your DNS SRV record and your certificate are ok.

    I suggest you run the cmdlet" get-autodiscovervirtualdirectory | fl“ to check autodiscover settings.

    Please make sure whether you have multiple SMTP namespace or not.

    Here is the article for your reference.

    Exchange Autodiscover

    http://www.msexchange.org/articles-tutorials/exchange-server-2010/management-administration/exchange-autodiscover.html


    Cara Chen
    TechNet Community Support


    • Edited by cara chen Tuesday, May 7, 2013 12:36 PM
    Tuesday, May 7, 2013 12:36 PM
  • Thank you for the reply. I am looking through the article you linked as we speak.

    I ran the command you suggested, but I do not know how to tell if I have multiple SMTP namespaces from the data. I have copied it below. server = exchange server and dc = domain controller.

    Name                            : Autodiscover (Default Web Site)
    InternalAuthenticationMethods   : {Basic, Ntlm, WindowsIntegrated}
    ExternalAuthenticationMethods   : {Basic, Ntlm, WindowsIntegrated}
    BasicAuthentication             : True
    DigestAuthentication            : False
    WindowsAuthentication           : True
    MetabasePath                    : IIS://server.domain.com/W3SVC/1/ROOT/Autod
                                      iscover
    Path                            : C:\Program Files\Microsoft\Exchange Server\Cl
                                      ientAccess\Autodiscover
    ExtendedProtectionTokenChecking : None
    ExtendedProtectionFlags         : {}
    ExtendedProtectionSPNList       : {}
    Server                          : server
    InternalUrl                     :
    ExternalUrl                     :
    AdminDisplayName                :
    ExchangeVersion                 : 0.1 (8.0.535.0)
    DistinguishedName               : CN=Autodiscover (Default Web Site),CN=HTTP,CN
                                      =Protocols,CN=server,CN=Servers,CN=Exchange A
                                      dministrative Group (FYDIBOHF23SPDLT),CN=Admi
                                      nistrative Groups,CN=domain,CN=Microsoft E
                                      xchange,CN=Services,CN=Configuration,DC=schae
                                      ffer,DC=com
    Identity                        : server\Autodiscover (Default Web Site)
    Guid                            : a9f16876-61f1-42db-b6d1-f9fec0831ca5
    ObjectCategory                  : domain.com/Configuration/Schema/ms-Exch-Au
                                      to-Discover-Virtual-Directory
    ObjectClass                     : {top, msExchVirtualDirectory, msExchAutoDisco
                                      verVirtualDirectory}
    WhenChanged                     : 3/6/2012 12:35:09 PM
    WhenCreated                     : 6/2/2010 4:54:40 PM
    OriginatingServer               : dc.domain.com
    IsValid                         : True

    Wednesday, May 8, 2013 9:47 PM