locked
Exchange 2010: Autodiscover issues RRS feed

  • Question

  • Hi-

    we researched an error message from an Outlook client's synchronization log:

    Not downloading Offline address book files.  A server (URL) could not be located.

    Supposedly related to an AutoDiscover issue.
    Domain ---> xxx.domain.org does "not" have a public A Record or Cname for Autodiscover.

    >nslookup autodiscover.xxxx.org

    *** xxx.xxxx.local can't find autodiscover.xxxxx.org: Non-existent domain

    Ran test to verify Autodiscover test - https://www.testexchangeconnectivity.com/

    Attempting to contact the Autodiscover service using the DNS SRV redirect method.
    ExRCA successfully contacted the Autodiscover service using the DNS SRV redirect method.

    ...and it appears domain is using the SRV method.

    There is an internal DNS entry setup as a zone in the customer's DNS.

    mail.xxx.org Zone - has internal entries for SOA, Name Server and Host record - part of the internal Server domain/network.

    Now - if the SRV works - what is stopping Address books from syncing to clients - if Autodiscover is supposedly setup correctly - or is

    it?

    There was a suggestion to create a CNAME - add to the internal DNS first for testing then external DNS.
    Example of Cname: autodiscover.xxx.org --> mail.xxx.org.

    Would this work withe existing SRV record in place?
    Else - what are some other possible options?

    Thanks for any help.

    -P
    Friday, October 21, 2011 6:45 PM

Answers

  • .Hello,

     

     now it makes sense. First of all web distribution is method, that you use Exchange Web Services to download OAB (HTTP or HTTPS). This method places files for OAB to virtual directory on each CAS server and then Outlook can download them from there using HTTP(s). In other hand PF distibution use MAPI and OAB files are stored in PF database. In web based distribution there is a possibility to use SSL to transfer data encrypted and this is a problem. Customer has a certificate with SN mail.xxx.org, but their autodiscover url is set to https://server.office.xxx.org/Autodiscover/Autodiscover.xml , you can

    1. change autodiscover to:https://mail.xxx.org/Autodiscover/Autodiscover.xml or
    2. create additional certificate or SAN to certificate to server.office.xxx.org or
    3. use OAB distribution without SSL1

    In your case I would prefer to change autodiscover record as mentioned above in option 1, because of certificate name, which is aleady issued.

    With regards


    Zbyněk
    Friday, October 21, 2011 11:18 PM
  • Hi Simon-

    No - we think we narrowed down the issue to a Outlook Profile or windows Profile problem.

    Thanks for your help.

    -P

     

    Monday, October 31, 2011 5:42 PM

All replies

  • Hello,

    What client do you use? OAB is generated by default once a day early in the morning and then it is distributed by two ways:

    1. Public folders are used for clients older than Outlook 2007 SP2 (I think)
    2. WEB based distribution method is used by clients newer then Outlook 2OO7 SP2

    please use Get-OABVirtualDirectory | fl cmdlet to gather your OAB web distribution settings http://technet.microsoft.com/en-us/library/aa997926.aspx

    To use OfflineAddressBook within Autodisceber you should use the procedure from the following article to configure OAB and web based distribution:

    http://technet.microsoft.com/en-us/magazine/ff381470.aspx

    Once you have set virtual directories, you can use test-OutlookWebServices cmdlet to test its functionality

    With regards


    Zbyněk
    Friday, October 21, 2011 7:22 PM
  • Hi-

     

    Appears the customer is using Outlook 2007 client w/ Exchange server 2010 running on SBS 2011 server.

    Looks like in Add/Remove Programs - an ugrade from Office 2003 Pro to Pro Plus 2007.

    I see Office 2007 - SP2 installed on most machines having this issue.

    Can you explain web based distr method?

    [PS] C:\Windows\system32>Get-OABVirtualDirectory | fl


    RunspaceId                      : 80d1bfb9-353a-472d-951f-6d5334278a25
    Name                            : OAB (Default Web Site)
    PollInterval                    : 480
    OfflineAddressBooks             : {\New OAB}
    RequireSSL                      : True
    BasicAuthentication             : True
    WindowsAuthentication           : True
    MetabasePath                    : IIS://SERVER.office.xxx.org/W3SVC/1/ROOT/OAB
    Path                            : C:\Program Files\Microsoft\Exchange Server\V14\ClientAccess\OAB
    ExtendedProtectionTokenChecking : None
    ExtendedProtectionFlags         : {}
    ExtendedProtectionSPNList       : {}
    Server                          : SERVER
    InternalUrl                     : https://mail.xxx.org/OAB
    InternalAuthenticationMethods   : {Basic, WindowsIntegrated}
    ExternalUrl                     : https://mail.xxx.org/OAB
    ExternalAuthenticationMethods   : {Basic, WindowsIntegrated}
    AdminDisplayName                :
    ExchangeVersion                 : 0.10 (14.0.100.0)
    DistinguishedName               : CN=OAB (Default Web Site),CN=HTTP,CN=Protocols,CN=SERVER,CN=Servers,CN=Exchange
                                      Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=OFFICE,CN=Microsof
                                      t Exchange,CN=Services,CN=Configuration,DC=office,DC=xxx,DC=org
    Identity                        : SERVER\OAB (Default Web Site)
    Guid                            : 0bf05c2e-0a48-497b-9f77-4e7dbbcd279e
    ObjectCategory                  : office.xxx.org/Configuration/Schema/ms-Exch-OAB-Virtual-Directory
    ObjectClass                     : {top, msExchVirtualDirectory, msExchOABVirtualDirectory}
    WhenChanged                     : 7/7/2011 2:44:39 PM
    WhenCreated                     : 7/7/2011 1:31:27 PM
    WhenChangedUTC                  : 7/7/2011 7:44:39 PM
    WhenCreatedUTC                  : 7/7/2011 6:31:27 PM
    OrganizationId                  :
    OriginatingServer               : SERVER.office.xxxx.org
    IsValid                         : True

     

     

    Appears I the customer has Autodiscover setup correctly - why won't the test start?

    Mailbox? Suppose I did not use the correct options?

    [PS] C:\Windows\system32>Test-OutlookWebServices -ClientAccessServer "SERVER"
    WARNING: An unexpected error has occurred and a Watson dump is being generated:
     Failed to find the mailbox. Mailbox = 'extest_bd3fcdbf7d554@office.xxx.org'.
    Failed to find the mailbox. Mailbox = 'extest_bd3fcdbf7d554@office.xxx.org'.
        + CategoryInfo          : NotSpecified: (:) [Test-OutlookWebServices], MailboxNotFoundException
        + FullyQualifiedErrorId : Microsoft.Exchange.Monitoring.MailboxNotFoundException,Microsoft.Exchange.Management.Sys
       temConfigurationTasks.TestOutlookWebServicesTask

    Your feedback was a bit complicated - bear with me as I try to understand how to troubleshoot this issue.

     

    Thanks,

    -P

    Friday, October 21, 2011 9:10 PM
  • Ran again with Email address...

    [PS] C:\Windows\system32>Test-OutlookWebServices -Identity:atsadmin@xxx.org

    And got this error...

    RunspaceId : 80d1bfb9-353a-472d-951f-6d5334278a25
    Id         : 1104
    Type       : Error
    Message    : The certificate for the URL https://server.office.xxx.org/Autodiscover/Autodiscover.xml is incorrec
                 t. For SSL to work, the certificate needs to have a subject of server.office.xxx.org, instead the s
                 ubject found is mail.xxx.org. Consider correcting service discovery, or installing a correct SSL certifi
                 cate.

     

     


    • Edited by Pickle-man Friday, October 21, 2011 9:31 PM
    Friday, October 21, 2011 9:16 PM
  • .Hello,

     

     now it makes sense. First of all web distribution is method, that you use Exchange Web Services to download OAB (HTTP or HTTPS). This method places files for OAB to virtual directory on each CAS server and then Outlook can download them from there using HTTP(s). In other hand PF distibution use MAPI and OAB files are stored in PF database. In web based distribution there is a possibility to use SSL to transfer data encrypted and this is a problem. Customer has a certificate with SN mail.xxx.org, but their autodiscover url is set to https://server.office.xxx.org/Autodiscover/Autodiscover.xml , you can

    1. change autodiscover to:https://mail.xxx.org/Autodiscover/Autodiscover.xml or
    2. create additional certificate or SAN to certificate to server.office.xxx.org or
    3. use OAB distribution without SSL1

    In your case I would prefer to change autodiscover record as mentioned above in option 1, because of certificate name, which is aleady issued.

    With regards


    Zbyněk
    Friday, October 21, 2011 11:18 PM
  • Hello,

     

    The OAB feature is based on the autodiscover service. Please check if the autodiscover service works firstly by:

     

    a. While Outlook is running, click the CTRL key and then right-click the Outlook icon in the system tray and then select “Test Email Autoconfiguration”.

    b. Confirm that your email address is in the address field, uncheckUse Guessmart” and “secure Guessmart authentication” boxes. Then click the “Test” button.

    c. Once it runs, please post screen shot of the Log tab and Results tab.

     

    If the issue occurs on an internal client, please access the autodiscover url via IE and see what error code it returns.

     

    Thanks,

    Simon

    Monday, October 24, 2011 8:01 AM
    Moderator
  • Hi Zybynek-

     

    OK - we would choose Option #1 - for our next step.

    We already have an exteranl SRV working but "no"internal SRV record.

    We'll test the internal SRV record method first and will let you know - thanks!

     

    Hi Simon-

    We have tested the email configuration - though we may want to test again.

    There have been a few techs working on this issue and making changes.

    I have not had the chance to test on a users workstation yet - tried setting up a new profile, outlook client config and now am having issues.

    Trying to use an Admin user that has OWA working already but i can;t setup an Outlook client - when checking Mailbox - name - I get "the name cannot be resolved. The name cannot be matched to a name in the address list".

    Any ideas?

    Else - will let you know when Iresolve and can get you the Test email autoconfig & autodiscover url info.

    Thanks to you both.

    -P

     

     

    .

     

     

     

     

     

     

    Monday, October 24, 2011 9:31 PM
  • Hi Zbynek & Simon-

     

    Zbynek-

    I agree - Option #1 would be the best choice.

    There are a number of other engineers on this case and so we did not opt to try this option yet.

    We did however try to add an "internal" SRV first - to see if that helps.

    Will let you know our results.

     

    Simon-

    We have been haivng issue with Autodiscover and login prompts as well as Address books.

    Both are Autodiscover related- I think...?

    Here is a snapshot of the client when testing Email configuration...

    Results:

    Log in next message...

    Zbynek & Simon - Thanks to both for your help!

    -P

    Tuesday, October 25, 2011 2:14 PM
  • Here is the log:

     

    Tuesday, October 25, 2011 2:15 PM
  • Hi Zbynek & Simon-

     

    Zbynek-

    I agree - Option #1 would be the best choice.

    There are a number of other engineers on this case and so we did not opt to try this option yet.

    We did however try to add an "internal" SRV first - to see if that helps.

    Will let you know our results.

     

    Simon-

    We have been haivng issue with Autodiscover and login prompts as well as Address books.

    Both are Autodiscover related- I think...?

    Here is a snapshot of the client when testing Email configuration...

    Results:

    Log:

     

    Zbynek & Simon - Thanks to both for your help!

    -P

    Tuesday, October 25, 2011 2:17 PM
  • Hello,

     

    From the screenshot you posted, the autodiscover works properly for the internal Outlook Client.

     

    Is there any further question?

     

    Thanks,

    Simon


    Thursday, October 27, 2011 1:51 AM
    Moderator
  • Hi Simon-

    No - we think we narrowed down the issue to a Outlook Profile or windows Profile problem.

    Thanks for your help.

    -P

     

    Monday, October 31, 2011 5:42 PM