none
Exchange 2007 - Issue with external autodiscover RRS feed

  • Question

  • I have and Exchange 2007 SP2 running on Server 2003 R2 that has been working perfectly.  However, we have just started having an intermittent problem where our external users are losing their outlook anywhere settings, and then can't connect, until we manually add the server settings back in.  Also when trying to add a new outlook account remotely it automatically assumes its an IMAP account (from the autodiscover).
    I have included the autodiscover test results

      The Microsoft Connectivity Analyzer is attempting to test Autodiscover for user@xxxx.com.au.

      Autodiscover was tested successfully.
        Additional Details
      Elapsed Time: 2654 ms.

        Test Steps
        Attempting each method of contacting the Autodiscover service.
      The Autodiscover service was tested successfully.
        Additional Details
      Elapsed Time: 2654 ms.

        Test Steps
        Attempting to test potential Autodiscover URL https://xxxx.com.au:443/Autodiscover/Autodiscover.xml

      Testing of the Autodiscover URL was successful.
        Additional Details
      Elapsed Time: 2654 ms.

        Test Steps
        Attempting to resolve the host name xxxx.com.au in DNS.
      The host name resolved successfully.
        Additional Details
      IP addresses returned: xx.xx.xx.xx
    Elapsed Time: 106 ms.

      Testing TCP port 443 on host xxxx.com.au to ensure it's listening and open.
      The port was opened successfully.
        Additional Details
      Elapsed Time: 246 ms.

      Testing the SSL certificate to make sure it's valid.
      The certificate passed all validation requirements.
        Additional Details
      Elapsed Time: 635 ms.

        Test Steps
        The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server xxxx.com.au on port 443.
      The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
        Additional Details
      Remote Certificate Subject: CN=xxxx.com.au, Issuer: CN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, S=TX, C=US.
    Elapsed Time: 587 ms.

      Validating the certificate name.
      The certificate name was validated successfully.
        Additional Details
      Host name xxxx.com.au was found in the Certificate Subject Common name.
    Elapsed Time: 0 ms.

      Certificate trust is being validated.
      The certificate is trusted and all certificates are present in the chain.
        Test Steps
        The Microsoft Connectivity Analyzer is attempting to build certificate chains for certificate CN=xxxx.com.au.
      One or more certificate chains were constructed successfully.
        Additional Details
      A total of 2 chains were built. The highest quality chain ends in root certificate CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB.
    Elapsed Time: 12 ms.

      Analyzing the certificate chains for compatibility problems with versions of Windows.
      Potential compatibility problems were identified with some versions of Windows.
        Additional Details
      The Microsoft Connectivity Analyzer can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the "Update Root Certificates" feature isn't enabled.
    Elapsed Time: 7 ms.

      Testing the certificate date to confirm the certificate is valid.
      Date validation passed. The certificate hasn't expired.
        Additional Details
      The certificate is valid. NotBefore = 8/28/2017 12:00:00 AM, NotAfter = 11/26/2017 11:59:59 PM
    Elapsed Time: 0 ms.

      Checking the IIS configuration for client certificate authentication.
      Client certificate authentication wasn't detected.
        Additional Details
      Accept/Require Client Certificates isn't configured.
    Elapsed Time: 851 ms.

      Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
      The Microsoft Connectivity Analyzer successfully retrieved Autodiscover settings by sending an Autodiscover POST.
        Additional Details
      Elapsed Time: 813 ms.

        Test Steps
        The Microsoft Connectivity Analyzer is attempting to retrieve an XML Autodiscover response from URL https://xxxx.com.au:443/Autodiscover/Autodiscover.xml for user user@xxxx.com.au.

      The Autodiscover XML response was successfully retrieved.
        Additional Details

    and outlook connectivity test

      Testing Outlook connectivity.
      The Outlook connectivity test failed.
        Additional Details
      Elapsed Time: 2687 ms.

        Test Steps
        The Microsoft Connectivity Analyzer is attempting to test Autodiscover for user@xxxx.com.au.

      Autodiscover was tested successfully.
        Additional Details
      Elapsed Time: 2687 ms.

        Test Steps
        Attempting each method of contacting the Autodiscover service.
      The Autodiscover service was tested successfully.
        Additional Details
      Elapsed Time: 2687 ms.

        Test Steps
        Attempting to test potential Autodiscover URL https://xxxx.com.au:443/Autodiscover/Autodiscover.xml

      Testing of the Autodiscover URL was successful.
        Additional Details
      Elapsed Time: 2687 ms.

        Test Steps
        Attempting to resolve the host name xxxx.com.au in DNS.
      The host name resolved successfully.
        Additional Details
      IP addresses returned: xx.xx.xx.xx
    Elapsed Time: 163 ms.

      Testing TCP port 443 on host xxxx.com.au to ensure it's listening and open.
      The port was opened successfully.
        Additional Details
      Elapsed Time: 252 ms.

      Testing the SSL certificate to make sure it's valid.
      The certificate passed all validation requirements.
        Additional Details
      Elapsed Time: 635 ms.

        Test Steps
        The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server xxxx.com.au on port 443.
      The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
        Additional Details
      Remote Certificate Subject: CN=xxxx.com.au, Issuer: CN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, S=TX, C=US.
    Elapsed Time: 590 ms.

      Validating the certificate name.
      The certificate name was validated successfully.
        Additional Details
      Host name xxxx.com.au was found in the Certificate Subject Common name.
    Elapsed Time: 0 ms.

      Certificate trust is being validated.
      The certificate is trusted and all certificates are present in the chain.
        Test Steps
        The Microsoft Connectivity Analyzer is attempting to build certificate chains for certificate CN=xxxx.com.au.
      One or more certificate chains were constructed successfully.
        Additional Details
      A total of 2 chains were built. The highest quality chain ends in root certificate CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB.
    Elapsed Time: 12 ms.

      Analyzing the certificate chains for compatibility problems with versions of Windows.
      Potential compatibility problems were identified with some versions of Windows.
        Additional Details
      The Microsoft Connectivity Analyzer can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the "Update Root Certificates" feature isn't enabled.
    Elapsed Time: 7 ms.

      Testing the certificate date to confirm the certificate is valid.
      Date validation passed. The certificate hasn't expired.
        Additional Details
      The certificate is valid. NotBefore = 8/28/2017 12:00:00 AM, NotAfter = 11/26/2017 11:59:59 PM
    Elapsed Time: 0 ms.

      Checking the IIS configuration for client certificate authentication.
      Client certificate authentication wasn't detected.
        Additional Details
      Accept/Require Client Certificates isn't configured.
    Elapsed Time: 833 ms.

      Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
      The Microsoft Connectivity Analyzer successfully retrieved Autodiscover settings by sending an Autodiscover POST.
        Additional Details
      Elapsed Time: 802 ms.

        Test Steps
        The Microsoft Connectivity Analyzer is attempting to retrieve an XML Autodiscover response from URL https://xxxx.com.au:443/Autodiscover/Autodiscover.xml for user user@xxxx.com.au.

      The Autodiscover XML response was successfully retrieved.
        Additional Details
      Autodiscover Account Settings
    XML response:
    < ?xml version="1.0"?>
    < Autodiscover xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
      <Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">
        <User>
          <DisplayName>user@xxxx.com.au</DisplayName>
        </User>
        <Account>
          <AccountType>email</AccountType>
          <Action>settings</Action>
          <Protocol>
            <Type>IMAP</Type>
            <Server>xxxx.com.au</Server>
            <Port>993</Port>
            <DirectoryPort>0</DirectoryPort>
            <ReferralPort>0</ReferralPort>
            <SSL>on</SSL>
            <DomainRequired>off</DomainRequired>
            <SPA>off</SPA>
            <AuthRequired>on</AuthRequired>
            <LoginName>user@xxxx.com.au</LoginName>
          </Protocol>
          <Protocol>
            <Type>SMTP</Type>
            <Server>xxxx.com.au</Server>
            <Port>465</Port>
            <DirectoryPort>0</DirectoryPort>
            <ReferralPort>0</ReferralPort>
            <SSL>on</SSL>
            <DomainRequired>off</DomainRequired>
            <SPA>off</SPA>
            <AuthRequired>on</AuthRequired>
            <LoginName>user@xxxx.com.au</LoginName>
          </Protocol>
        </Account>
      </Response>
    < /Autodiscover>
    HTTP Response Headers:
    Keep-Alive: timeout=5, max=100
    Connection: Keep-Alive
    Content-Length: 1206
    Content-Type: application/xml; charset="UTF-8"
    Date: Thu, 09 Nov 2017 01:04:00 GMT
    Server: Apache/2.2.29 (Unix) mod_ssl/2.2.29 OpenSSL/1.0.1e-fips mod_bwlimited/1.4
    Elapsed Time: 802 ms.

      Autodiscover settings for Outlook connectivity are being validated.
      The Microsoft Connectivity Analyzer wasn't able to validate Outlook Autodiscover settings.
        Additional Details
      No account settings were returned from the Autodiscover response.
    Elapsed Time: 0 ms.

    Any assistance would be greatly appreciated.


    • Edited by tecra76 Friday, November 10, 2017 12:29 AM
    Thursday, November 9, 2017 1:19 AM

All replies

  • You make it hard to help you when you obfuscate your post or redact information.  When you post "xxx.com.au" is that always your company domain?  I'm assuming that "autodiscover.xxx.com.au" is never shown in the report.

    If that's the case, then are you publishing Autodiscover as "https://xxx.com.au/Autodiscover/Autodiscover.xml" as opposed to https://autodiscover.xxx.com.au/Autodiscover/Autodiscover.sml?  That would surprise me because nobody ever does.

    Assuming you don't publish using that URL, then what the results you posted tell me is that your company website is responding to the URL "https://xxx.com.au/Autodiscover/Autodiscover.xml" with something that looks valid, confusing the Autodiscover client.  In that case, you should work with your web site hosting people to have them ignore the /Autodiscover virtual directory. 

    Again, this analysis is based on some key assumptions because you chose to not be transparent in your post.


    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
    Celebrating 20 years of providing Exchange peer support!


    Thursday, November 9, 2017 4:30 PM
    Moderator