locked
Autodiscover failure RRS feed

  • Question

  • I have an Exchange server 2007 installed on Windows server 2008 domain controller, I cannot check mail from mobile devices (such as iphone or ipad) that using Microsoft Exchange after I change the internal static IP address of this server from 192.168.xxx to 172.17.xxx (Everything is ok before I change the ip address). I tried to test autodiscover connectivity by Microsoft Remote Connectivity Analyzer and got result as below:

    Attempting the Autodiscover and Exchange ActiveSync test (if requested).  Testing of Autodiscover for Exchange ActiveSync failed.  

     

     

    Attempting each method of contacting the Autodiscover service.

     

    The Autodiscover service couldn't be contacted successfully by any method.

     

     

     

    Attempting to test potential Autodiscover URL https://domain.com/AutoDiscover/AutoDiscover.xml

     

    Testing of this potential Autodiscover URL failed.

     

     

     

    Attempting to resolve the host name domain.com in DNS.

     

    The host name resolved successfully.

     

     

    Additional Details

     

     

    Testing TCP port 443 on host domain.com to ensure it's listening and open.

     

    The port was opened successfully.

     

     

    Testing the SSL certificate to make sure it's valid.

     

    The SSL certificate failed one or more certificate validation checks.

     

     

     

    ExRCA is attempting to obtain the SSL certificate from remote server domain.com on port 443.

     

    ExRCA wasn't able to obtain the remote SSL certificate.

     

     

    Additional Details

     

    The certificate couldn't be validated because SSL negotiation wasn't successful. This could have occurred as a result of a network error or because of a problem with the certificate installation.

     

     

    Attempting to test potential Autodiscover URL https://autodiscover. domain.com /AutoDiscover/AutoDiscover.xml

     

    Testing of this potential Autodiscover URL failed.

     

     

     

    Attempting to resolve the host name autodiscover. domain.com in DNS.

     

    The host name resolved successfully.

     

     

    Additional Details

     

    IP addresses returned:

     

     

    Testing TCP port 443 on host autodiscover. domain.com to ensure it's listening and open.

     

    The port was opened successfully.

     

     

    Testing the SSL certificate to make sure it's valid.

     

    The SSL certificate failed one or more certificate validation checks.

     

     

     

    ExRCA is attempting to obtain the SSL certificate from remote server autodiscover. domain.com on port 443.

     

    ExRCA wasn't able to obtain the remote SSL certificate.

     

     

    Additional Details

     

    The certificate couldn't be validated because SSL negotiation wasn't successful. This could have occurred as a result of a network error or because of a problem with the certificate installation.

     

     

    Attempting to contact the Autodiscover service using the HTTP redirect method.

     

    The attempt to contact Autodiscover using the HTTP Redirect method failed.

     

     

     

    Attempting to resolve the host name autodiscover. domain.com in DNS.

     

    The host name resolved successfully.

     

     

    Additional Details

     

    IP addresses returned:

     

     

    Testing TCP port 80 on host autodiscover. domain.com to ensure it's listening and open.

     

    The port was opened successfully.

     

     

    ExRCA is checking the host autodiscover. domain.com for an HTTP redirect to the Autodiscover service.

     

    ExRCA failed to get an HTTP redirect response for Autodiscover.

     

     

    Additional Details

     

    A Web exception occurred because an HTTP 404 - NotFound response was received from Unknown.

     

     

    Attempting to contact the Autodiscover service using the DNS SRV redirect method.

     

    ExRCA failed to contact the Autodiscover service using the DNS SRV redirect method.

     

     

     

    Attempting to locate SRV record _autodiscover._tcp. domain.com in DNS.

     

    The Autodiscover SRV record wasn't found in DNS.

     I have a valid self-sign certificate and it still works well before. I tried to recreate autodiscover virtual directory but couldn't resolve the issue. I am really stuck now.

    Anybody has experience with this issue please give me advice to resolve the issue. Thanks a lot.

    Tuesday, August 23, 2011 2:55 PM

Answers

  • Hello,

     

    For external autodiscover service, you need to ensure:

     

    1. Autodiscover.domain.com can be resolved to CAS server.

    2. Autodiscover.domain.com should be included in the certificate.

     

    Thanks,

    Simon

     

     

    Thursday, August 25, 2011 7:11 AM

All replies

    1. Have you setup an SRV or DNS A record for autodiscover on public DNS servers? - http://social.technet.microsoft.com/Forums/en-US/exchange2010/thread/0fb4a33e-07e9-49d4-a48a-e794c30cb10e/

    Sukh
    Tuesday, August 23, 2011 8:57 PM
  • On Tue, 23 Aug 2011 14:55:54 +0000, nxthanh wrote:
     
    >I have an Exchange server 2007 installed on Windows server 2008 domain controller, I cannot check mail from mobile devices (such as iphone or ipad) that using Microsoft Exchange after I change the internal static IP address of this server from 192.168.xxx to 172.17.xxx (Everything is ok before I change the ip address). I tried to test autodiscover connectivity by Microsoft Remote Connectivity Analyzer and got result as below:
    >
    >
    >
    >Attempting the Autodiscover and Exchange ActiveSync test (if requested). Testing of Autodiscover for Exchange ActiveSync failed.
    > Attempting each method of contacting the Autodiscover service.
    >
    > The Autodiscover service couldn't be contacted successfully by any method.
    > Attempting to test potential Autodiscover URL https://domain.com/AutoDiscover/AutoDiscover.xml
    > Testing of this potential Autodiscover URL failed.
    > Attempting to resolve the host name domain.com in DNS.
    > The host name resolved successfully.
    > Additional Details
    > Testing TCP port 443 on host domain.com to ensure it's listening and open.
    > The port was opened successfully.
    > Testing the SSL certificate to make sure it's valid.
    > The SSL certificate failed one or more certificate validation checks.
    > ExRCA is attempting to obtain the SSL certificate from remote server domain.com on port 443.
    > ExRCA wasn't able to obtain the remote SSL certificate.
    > Additional Details
    > The certificate couldn't be validated because SSL negotiation wasn't successful. This could have occurred as a result of a network error or because of a problem with the certificate installation.
    >
    > Attempting to test potential Autodiscover URL https://autodiscover. domain.com /AutoDiscover/AutoDiscover.xml
    > Testing of this potential Autodiscover URL failed.
    > Attempting to resolve the host name autodiscover. domain.com in DNS.
    > The host name resolved successfully.
    > Additional Details
    > IP addresses returned:
    > Testing TCP port 443 on host autodiscover. domain.com to ensure it's listening and open.
    > The port was opened successfully.
    > Testing the SSL certificate to make sure it's valid.
    > The SSL certificate failed one or more certificate validation checks.
    > ExRCA is attempting to obtain the SSL certificate from remote server autodiscover. domain.com on port 443.
    > ExRCA wasn't able to obtain the remote SSL certificate.
    > Additional Details
    > The certificate couldn't be validated because SSL negotiation wasn't successful. This could have occurred as a result of a network error or because of a problem with the certificate installation.
    >
    > Attempting to contact the Autodiscover service using the HTTP redirect method.
    > The attempt to contact Autodiscover using the HTTP Redirect method failed.
    > Attempting to resolve the host name autodiscover. domain.com in DNS.
    > The host name resolved successfully.
    > Additional Details
    > IP addresses returned:
    > Testing TCP port 80 on host autodiscover. domain.com to ensure it's listening and open.
    > The port was opened successfully.
    > ExRCA is checking the host autodiscover. domain.com for an HTTP redirect to the Autodiscover service.
    > ExRCA failed to get an HTTP redirect response for Autodiscover.
    > Additional Details
    > A Web exception occurred because an HTTP 404 - NotFound response was received from Unknown.
    > Attempting to contact the Autodiscover service using the DNS SRV redirect method.
    > ExRCA failed to contact the Autodiscover service using the DNS SRV redirect method.
    > Attempting to locate SRV record _autodiscover._tcp. domain.com in DNS.
    > The Autodiscover SRV record wasn't found in DNS.
     
     
    > I have a valid self-sign certificate and it still works well before. I tried to recreate autodiscover virtual directory but couldn't resolve the issue. I am really stuck now.
    >
    >Anybody has experience with this issue please give me advice to resolve the issue. Thanks a lot.
     
    Changing the IP address on the machine (which is using a NATed address
    on the Internet) would have no effect on the certificate. Your problem
    reads more like a network problem.
     
    Is the NAT device sending the packets to the correct device? Are the
    port mappings on the NAT device correct (if it's using port mapping)?
    Is the default route on the Exchange server correct? Are there any
    static (i.e. persistant) routes on the Exchange server?
     
    ---
    Rich Matheisen
    MCSE+I, Exchange MVP
     

    --- Rich Matheisen MCSE+I, Exchange MVP
    Wednesday, August 24, 2011 1:06 AM
  • Hi Rich,

    I mapped port 443 on the router to this server already, default route is correct, no static routes on this server. After change ip address, I ran ipconfig /registerdns command to update the ip configuration into dns server on DC. I can check mail on MS Outlook and OWA on the internet, just problem occurs with iphone/ipad.

    When I run test email autoconfiguration of MS Outlook client, It shows the message error "Autoconfiguration was unable to determine your settings".

    Wednesday, August 24, 2011 8:43 AM
  • I would suggest that you restart the server if you haven't done that after you changed the IP address?
    Martin Sundström | Microsoft Certified Trainer | MCITP: Enterprise Messaging Administrator 2007/2010 | http://msundis.wordpress.com
    Wednesday, August 24, 2011 8:59 AM
  • I restarted server when changing the ip address. I check the IIS logfiles and detect that there isn't any transaction log of Iphone/Ipad in the logfile after this action, users say that they cannot check mail on their iphone/ipad (before they can). What could I do to fix this issue ?

     

    Wednesday, August 24, 2011 10:02 AM
  • No redirects for HTTP in the Active Sync virtual directory? The users that can't sync, are they members of any administrative group? Any Exchange ActiveSync Policies activated for the Iphone/Ipad mailboxes?
    Martin Sundström | Microsoft Certified Trainer | MCITP: Enterprise Messaging Administrator 2007/2010 | http://msundis.wordpress.com
    Wednesday, August 24, 2011 1:59 PM
  • On Wed, 24 Aug 2011 08:43:28 +0000, nxthanh wrote:
     
    >I mapped port 443 on the router to this server already, default route is correct, no static routes on this server. After change ip address, I ran ipconfig /registerdns command to update the ip configuration into dns server on DC. I can check mail on MS Outlook and OWA on the internet, just problem occurs with iphone/ipad.
     
    When you use OWA are there any certificate errors? If you try to use
    OWA from the mobile device are there certificate errors?
     
    >When I run test email autoconfiguration of MS Outlook client, It shows the message error "Autoconfiguration was unable to determine your settings".
     
    Is that when you're connected to the company network (or VPN), or when
    you're connected from outside the company network?
     
    Are you using a self-signed certificate, or a certificate issued by an
    internal CA? If so, the http://testexchangeconnectivity.com site won't
    be much help.
     
    You should verify that DNS (all of the ones used by the client and by
    your servers) are returning the new IP address. Chek to be sure that
    there are no hosts file on any of the machines that might still have
    the old IP address in them.
     
    What about the Active Directory? Does the new IP address belong to a
    defined AS Site?
     
    Check the AD to verify that the SCP is correct, too:
     
    CN=<SERVERNAME>,CN=Autodiscover,CN=Protocols,CN=<SERVERNAME>,CN=Servers,CN=Exchange
    Administrative Group (FYDIBOHF23SPDLT),CN=Administrative
    Groups,CN=<ORGNAME>,CN=Microsoft
    Exchange,CN=Services,CN=Configuration,DC=<DOMAIN>,DC=<TLD>
     
    The property "keywords" should have the correct AD site name in it (it
    will look like "Site=SiteName").
     
    ---
    Rich Matheisen
    MCSE+I, Exchange MVP
     

    --- Rich Matheisen MCSE+I, Exchange MVP
    Thursday, August 25, 2011 1:05 AM
  • any update?
    --------Abhi----------------- Exchange Specialist------------- ------------------ Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Thursday, August 25, 2011 6:19 AM
  • Hello,

     

    For external autodiscover service, you need to ensure:

     

    1. Autodiscover.domain.com can be resolved to CAS server.

    2. Autodiscover.domain.com should be included in the certificate.

     

    Thanks,

    Simon

     

     

    Thursday, August 25, 2011 7:11 AM