none
Exchange 2010 Autodiscover - Different Mail and AD domains RRS feed

  • Question

  • Hi,

    I am sorry if this has been answered before but I couldn't find a post although there were many similar ones that were related to my problem.

    I have an external DNS of abc.com.au with the activesync url email.abc.com.au

    I have an internal DNS of xyz.com.au which is not resolvable externally.

    I have Activesync working with manual setup where I specify email.abc.com.au along with the username and domain.

    When I try to use Autodiscover it does not work. I get the message:

    "Failed to search exchange server automatically. Enter settings manually."

    When I click on edit details it appear to auto fill the below:

    Email Address is correct. username@abc.com.au

    Domain\Usrname is incorrect. It has "\usrname instead of xyz\username

    Exchange server is incorrect. It has abc.com.au instead of email.abc.com.au

    When I do a test on https://www.testexchangeconnectivity.com using the same information I put into the activesync settings for Autodiscover the response I get is:

    <?xml version="1.0"?>
    <Autodiscover xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
    <Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/mobilesync/responseschema/2006">
    <Culture>en:us</Culture>
    <User>
    <DisplayName>FirstName LastName</DisplayName>
    <EMailAddress>FirstName.LastName@abc.com.au</EMailAddress>
    </User>
    <Action>
    <Settings>
    <Server>
    <Type>MobileSync</Type>
    <Url>https://email.abc.com.au/Microsoft-Server-ActiveSync</Url>
    <Name>https://email.abc.com.au/Microsoft-Server-ActiveSync</Name>
    </Server>
    </Settings>
    </Action>
    </Response>
    </Autodiscover>

    I cant figure out what is going wrong. email.abc.com.au is resolvable both internally and externally.

    I can only assume based of the xml response above that the internall domain and server address are not being passed through correctly. I just dont know how to check

    I have rechecked that all Exchange Virtual direcuses use email.abc.isis.com.au as their URL as that is the URL we have the certificate for. (*.abc.com.au)

    Does anyone have any ideas as to where I can look next?


    Zac Avramides

    Wednesday, June 12, 2013 5:24 AM

Answers

  • Are your UPN set to your Emailaddress? If you require authentication like if you publish Autodiscover using a TMG you need to make sure that the UPN is set to your Emailaddress. 

    When autodiscover is setup and working you should only need to enter emailaddress and password.

    If you need to enter domain\username because your samaccountname is not that same as your emailaddress you can change the UPN to be the emailaddress to get arround this.

    \Mattias

    • Marked as answer by ZAC85 Thursday, September 5, 2013 6:57 AM
    Wednesday, July 3, 2013 9:29 AM

All replies

  • Hi,

    Run the following cmdlet:

    Get-ActiveSyncVirtualDirectory | fl identity,InternalUrl,ExternalUrl

    The expected output should be like:

    Identity : SERVER Name\Microsoft-Server-ActiveSync (Default Web Site)
    InternalUrl : https://domain.local/Microsoft-Server-ActiveSync
    ExternalUrl : https://mail.domain.com/Microsoft-Server-ActiveSync

    If not, correct it by Set-ActiveSyncVirtualDirectory and restart IIS Services to take effect the new settings


    Regards from ExchangeOnline | Windows Administrator's Area

    Wednesday, June 12, 2013 6:33 AM
  • Thanks for that. 

    Currently neither Internal or External have anything listed. I had read online (cant remember where) that those didn't need to be set.

    I will set them shortly to test. 

    So I understand though. External will be https://email.abc.com.au/Microsoft-Server-ActiveSync

    In your example what is the Internal one pointing to? Internally there is a DNS entry cas.xyz.com.au that points to the Client Access Server in Exchange. In saying that https://email.abc.com.au also has a CNAME internally that points to CAS.xyz.com.au


    Zac Avramides

    Wednesday, June 12, 2013 8:25 AM
  • Hi,

    Internal can be pointed to cas.xyz.com.au


    Regards from ExchangeOnline | Windows Administrator's Area

    Wednesday, June 12, 2013 9:10 AM
  • Hi,

    Sorry I read your comment wrong last night. 

    The ActiveSync Virtual Directory's are set correctly. It is the Autodiscover VD that has empty Internal and External URLs.

    ActiveSync wouldn't be working if the ActiveSync Virtual Directory's would it?


    Zac Avramides

    Thursday, June 13, 2013 2:13 AM
  • Hi,

    Autodiscover Virtual Directory also has to set correctly: http://technet.microsoft.com/en-us/library/aa998601%28v=exchg.141%29.aspx


    Regards from ExchangeOnline | Windows Administrator's Area

    Thursday, June 13, 2013 3:27 AM
  • Thanks for that. I am setting them to https://email.abc.com.au

    Will let you know how it goes.


    Zac Avramides

    Thursday, June 13, 2013 4:37 AM
  • Sorry for the delay in reply.

    I have updated the AutoDiscover site to list https://email.abc.com.au but no change.

    After the message saying incorrect settings the settings the manual screen shows are still the same:

    Domain\username: \username

    Exchange server: abc.com.au

    Any ideas?


    Zac Avramides

    Wednesday, June 19, 2013 10:23 PM
  • Are your UPN set to your Emailaddress? If you require authentication like if you publish Autodiscover using a TMG you need to make sure that the UPN is set to your Emailaddress. 

    When autodiscover is setup and working you should only need to enter emailaddress and password.

    If you need to enter domain\username because your samaccountname is not that same as your emailaddress you can change the UPN to be the emailaddress to get arround this.

    \Mattias

    • Marked as answer by ZAC85 Thursday, September 5, 2013 6:57 AM
    Wednesday, July 3, 2013 9:29 AM
  • Hi Mattias,

    Sorry for the late reply. I am new to the UPN side of life.

    Currently there is nothing listed in the UPN Suffixes for our domain. If our internal domain is xyz.com.au I assume this is the default UPN suffix and hence not listed.

    Do I create abc.com.au as an alternative UPN suffix in the domains and trusts list?

    Cheers,


    Zac Avramides

    Monday, July 29, 2013 10:54 PM
  • Hi

    Did you solve this Zac?  We also have a different external domain for email to our internal AD domain.

    Wednesday, September 4, 2013 1:04 PM
  • Hi Christopher,

    We are still testing this.

    At first yes this does seem to fix it for us. We have tested it with one user only. However it brought with it other issues as some of our services were expecting username@abc.com.au instead of username@xyz.com.au and so wouldn't authenticate.


    Zac Avramides

    Thursday, September 5, 2013 12:00 AM
  • Hi,

    Some legacy application might not like that you change the UPN. 

    In a best case scenario you'll have the emailaddress adn the userPricipalName set to the same thing (Emailaddress)

    You'll most likely have something like first.last@domain.com , if that is the case autodicsover will work, however if you need to have a diffrent UPN do to legacy application that demad it than you'll have a problem. There are third party software that will take care of this for you. PointSharp has a more sofisticated autodiscover that can translate your emailaddress to whatever attributes you want to use. That means that you don't need to change the UPN but can still get the user to authenticate using his mailaddress with autodiscover. You can use the PointSharp MobileGateway to publish both ActiveSync and Autodiscover and it will also give you some clientless MDM features

    \Mattias


    Thursday, September 5, 2013 6:52 AM