Exchange 2007 - AutoDiscover Service not working

I need help with Exchange AutoDiscover...

The primary issue is that when I open Out of Office assistant I get: "Your out of office settings cannot be displayed,because the server is unavailabe, try again later."...

When I test my autoconfiguration from outlook 2007, almost all the tests fail.. yet the url in the test appear to be correct.

Brief desc. of setup..

1. Windows 2003 sp2 Exch 2007 (all server roles on one server)
2. Go Daddy SSL cert
3. All "services" are installed under the default web site
4. DNS entries set up for internal and external entries for : autodiscover.ourdomain.com


I am will to try almost anything  to get his issue resolved.. All help greatly appreciated..

I have read many blogs and posts and have not yet successfully resolved this issue& Please help :)

Thanks
Liam



paadminAsked:
Who is Participating?
 
ATIGConnect With a Mentor Commented:
or

get-webservicesvirtualdirectory | Set-WebServicesVirtualDirectory -WindowsAuthentication:$true
0
 
DMTechGrooupCommented:
0
 
ATIGCommented:
Check out my blog... its help many on this list and breaks down everything you need to know

http://exchange-genie.blogspot.com/2007/07/autodiscover-ad-attribute.html 
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
paadminAuthor Commented:
Hey Guys, thanks for your help, I have tried the solutions above and still no success... I have the same type setup as described in the link;

 http://forums.msexchange.org/My_Exchange_2007_installation_guide/m_1800444783/tm.htm


I followed each step but still autodiscover is still failing... Yesterday I was successful in getting rid of the annoying security pop-up but still OOF  is not working..

When I test the configuration from outlook:

On the result tab it just says:

"Autoconfiguration was unable to determine your settings"

On the Log tab:
It look like it falis to "autodiscover" all the url's even though they appear to be correct..

When I do : Get-clientAccessServer | fl Name,AutoDiscoverServiceInternalUri

it shows the correct url..

Any other ideas/links , all  help greatly appreciated..

Thank you all for your help,
Liam



0
 
ATIGCommented:
1. Is this a domain joined clients?
When the client is domain joined it will lookup the SCP for autodiscover = set-clientaccessserver -autodiscoveruri

If that fails, it will move to DNS looking up autodisocver.domain.com/autodisocver/autodiscover.xml or domain/autodiscover/autodiscover.xml

That will pull autodiscover info

Next is the availability service which makes its called throught the EWS virtual
get-webservericesvirtualdirectory |  fl

you need to set those urls....

Did you look at my blog... it breaks the setup down step by step and has helped alot of people

Open EMS  and test-outlookwebservices username

it will run through your config.
0
 
paadminAuthor Commented:
Hey ATIG.. I will try to answer all your questions.. Some of them may be beyound my knowledge..

1. All clients are joined to domain.. the url is found through scp and then the next 10 lines shows starting... failed all the way down..

The result of my : get-webservicesvirtualdirectory | fl are pasted below


Name                          : EWS (Default Web Site)
InternalAuthenticationMethods : {Basic}
ExternalAuthenticationMethods : {Basic}
BasicAuthentication           : True
DigestAuthentication          : False
WindowsAuthentication         : False
MetabasePath                  : IIS://server.domain.local/W3SVC/1/ROOT
                                /EWS
Path                          : C:\Program Files\Microsoft\Exchange Server\Clie
                                ntAccess\exchweb\EWS
Server                        : PAEXCH
InternalUrl                   : https://mail.domain.com/EWS/Exchange
                                .asmx
ExternalUrl                   : https://mail.domain.com/EWS/Exchange
                                .asmx
AdminDisplayName              :
ExchangeVersion               : 0.1 (8.0.535.0)
DistinguishedName             : CN=EWS (Default Web Site),CN=HTTP,CN=Protocols,
                                CN=PAEXCH,CN=Servers,CN=Exchange Administrative
                                 Group (FYDIBOHF23SPDLT),CN=Administrative Grou
                                ps,CN=Produce Alliance,CN=Microsoft Exchange,CN
                                =Services,CN=Configuration,DC=ProduceAlliance,D
                                C=local
Identity                      : PAEXCH\EWS (Default Web Site)
Guid                          : 87251740-ff66-4323-bbbb-cbccfb358a4f
ObjectCategory                : domain.local/Configuration/Schema/ms-E
                                xch-Web-Services-Virtual-Directory
ObjectClass                   : {top, msExchVirtualDirectory, msExchWebServices
                                VirtualDirectory}
WhenChanged                   : 7/31/2007 4:54:17 PM
WhenCreated                   : 5/7/2007 5:35:56 PM
OriginatingServer             : serverdc.domain.local
IsValid                       : True

When I perform a test-outlookwebservices username : it fails.. with the following info..

    Id                       Type Message
    --                       ---- -------
  1003                Information About to test AutoDisc...
  1013                      Error When contacting https:...
  1006                      Error Failed to contact Auto...


Hopefully this will help, I will check out your blog now.. I wanted to get this info posted while you were online..

Thank for all you help,
Liam






0
 
ATIGCommented:
test-outlookwebservices username | fl so I can see the entire results
0
 
ATIGCommented:
Also, the cert on the CAS https:// mail.domain.local

If you do get-exchangecertificate | fl

do you see you cert with web next to it?
0
 
paadminAuthor Commented:
Here are the results of the : test-outlookwebservices username | fl
Id      : 1003
Type    : Information
Message : About to test AutoDiscover with the e-mail address Liam.Barry@domain.com.

Id      : 1013
Type    : Error
Message : When contacting https://mail.domain.com/autodiscover/autodiscover.xml received the error The remote server returned an error: (401) Unauthorized.

Id      : 1006
Type    : Error
Message : Failed to contact AutoDiscover
0
 
paadminAuthor Commented:
Thanks again for all your help....

Here are the results of the : get-exchangecertificate | fl


AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAccessR
                     ule}
CertificateDomains : {mail.domain.com}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=mail.domain.com
NotAfter           : 6/3/2008 11:54:04 PM
NotBefore          : 6/4/2007 5:54:04 PM
PublicKeySize      : 2048
SerialNumber       : 6E7AAFD1895C7FBB42C22BBABA3D633B
Status             : Invalid
Subject            : CN=mail.domain.com
Thumbprint         : 148657FAC451FFAC3D3A15856254E5B202E7DFAA

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAccessR
                     ule}
CertificateDomains : {mail.domain.com, www.mail.domain.com}
HasPrivateKey      : True
IsSelfSigned       : False
Issuer             : SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.
                     com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US
NotAfter           : 6/4/2009 1:11:42 PM
NotBefore          : 6/4/2007 1:11:42 PM
PublicKeySize      : 1024
SerialNumber       : 4044D5
Status             : Valid
Subject            : CN=mail.domain.com, OU=Domain Control Validated, O=mail.domain.com
Thumbprint         : 4946E69C3DEB4AFA4996DF4C3D4B9DD7EB88A671

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAccessR
                     ule, System.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {server, server.ProduceAlliance.local}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=server
NotAfter           : 5/7/2008 5:32:33 PM
NotBefore          : 5/7/2007 5:32:33 PM
PublicKeySize      : 2048
SerialNumber       : 1A904D032F7EB89D448C7CF2F7C8139A
Status             : Valid
Subject            : CN=server
Thumbprint         : 9B89857012D40FF2721D672711065939D4290E2B
0
 
ATIGCommented:
When you hit https://mail.domain.com/owa

do you get a cert warning?

I see you have a selfsigned cert with the url in it?
I have see problem that Exchange presents the self signed over that  legt cert but that would just give you a cert popup

On my blog, there is an article about the 401 error and how to fix it
Also, is everythign on the same server or can you from the test-outlookwebservice from another Exchange server that does not have the CAS role?
0
 
paadminAuthor Commented:
We do not get a cert warning on owa..

We do not get a cert pop either on Outlook 2007 (anymore)..

I have made the registry adjustment on exchange but did not reboot.. I did reboot the client computer and no chance in status, still getting 401 unauthorized.

Do I really need to restart the exhcange server for a registry change ? Is there a service I can stop/restart instead as it's in the middle of our work day :)

We only have one exch 2007 server, so I cannot test from anywhere else..

We are using a godaddy cert, so we should not have a self signed cert, is that correct ? If so, how (or should)  I change that ?

Thank agian for your great help,
Liam  
0
 
ATIGCommented:
Exchange certs self signed certs by default and I have seen the cause problems but you would know it because you would see it when the client tried to auth, but you are not getting the cert pop showing that.

From Outlook
hold control right click the icon in the bottom right of the screen
and do a test from the client (this example is on my blog as well)

Is this a domain joined client or ?

Have you configured the dns records for autodiscover?


0
 
paadminAuthor Commented:
Hey Briian thanks for all your help..

This is a domain joined client..

From Outlook the autoconfifuation results all fail...

On the result tab it just says:

"Autoconfiguration was unable to determine your settings"

On the Log tab:
It looks like it falis to "autodiscover" all the url's even though they appear to be correct..

For DNS records,

I have set up an "A" records (internal and external DNS) for autodiscover pointing to the exchagne 2007 server.

Is this correct ?

Your Blog has helped me a great deal but still cannot find a solution to this issue... Any other ideas ? Do I need to wait to restart the exch server to see if that resovled the 401 error or is that another issue ?

All help of your help greatly appreacited,
Thanks
Liam



0
 
ATIGCommented:
you may be able to get away with an IISreset on it, I will have to check the article... have not thought about it a bit :)

So you have an A record for Autodiscover.domain.com = IP of Exchange server?

get the following... all the command are on the blog

If it fails everything it looks like the SCP is not getting set right in AD...

you can copy the log out put to the screen.....from both tabs

0
 
paadminAuthor Commented:
Q . So you have an A record for Autodiscover.domain.com = IP of Exchange server?
A. Correct

You said : "get the following..." all the command are on the blog
Not sure if I missed someothing, or your forgot to type it :) but what should I get ?

I have tried copying the log but it will not let me.. I will retype for you and paste it in a few minutes (about 10 lines of typing..

Thanks again,
Liam  
0
 
paadminAuthor Commented:
I dd an IISRESET and re-ran the : test-outlookwebservices username | fl cmdlet

Got a different msg...

Why would it refuse it ? when OWA isworking without problems ... Any other ideas..

Id      : 1003
Type    : Information
Message : About to test AutoDiscover with the e-mail address emailadress@domain.com.

Id      : 1013
Type    : Error
Message : When contacting https://mail.domain.com/autodiscover/autodiscover.xml received the error Unable t connect to the remote server

Id      : 1013
Type    : Error
Message : When contacting https://mail.domain.com/autodiscover/autodiscover.xml received the error No connetion could be made because the target machine actively refused it

Id      : 1006
Type    : Error
Message : Failed to contact AutoDiscover



0
 
paadminAuthor Commented:
Hey Brian,

Disregard the previous post IIS did not restart correctly. I manually restarted the service and now I am getthing the msg below when I run..

test-outlookwebservices username | fl


Id      : 1003
Type    : Information
Message : About to test AutoDiscover with the e-mail address emailaddress@domain.com.

Id      : 1013
Type    : Error
Message : When contacting https://mail.domain.com/autodiscover/autodiscover.xml received the error The remote server returned an error: (403) Forbidden.

Id      : 1006
Type    : Error
0
 
paadminAuthor Commented:
Brian,

Here are the lof entries as pormised from a Autoconfiguration test in Outlook 2007....



Attempting URL https://mail.domain.com/autodiscover/autodiscover.xml found through SCP
Autodiscover to https://mail.domain.com/autodiscover/autodiscover.xml starting
Autodiscover request completed with http status code 403
Autodiscover to https://mail.domain.com/autodiscover/autodiscover.xml FAILED (0x80004005)
Autodiscover to https://domain.com/autodiscover/autodiscover.xml starting
Autodiscover to https://domain.com/autodiscover/autodiscover.xml failed (0x800c8203)
Autodiscover to https://autodiscover.domain.com/autodiscover/autodiscover.xml starting
Autodiscover to https://autodiscover.domain.com/autodiscover/autodiscover.xml failed (0x800c8203)
Local autodiscover for domain.com starting
Local autodiscover for domain.com failed (0x8004010f)
Redirect check to http://autodiscover.doamin.com/autodiscover/autodiscover.xml starting
Redirect check to http://autodiscover.doamin.com/autodiscover/autodiscover.xml failed (0x80072ee7)
0
 
ATIGCommented:
Attempting URL https://mail.domain.com/autodiscover/autodiscover.xml found through SCP
Autodiscover to https://mail.domain.com/autodiscover/autodiscover.xml starting
Autodiscover request completed with http status code 403

this is what we need to look into why you are gettting this ....
0
 
paadminAuthor Commented:
Sounds good..  I will start researching.. If you have anyhting you would like me to test, let me know,

You have no idea how much appreacite all of your help... :)

Thanks
Liam  
0
 
paadminAuthor Commented:
Brian.... We have made Progess....

I got rid for the 403 message, the autodiscover folder had auth set to anon..

I set this to Intregration windows auth and now I can run the outlook 2007 autoconfigution and get no error message.. BUT my OOF is still not working..

I am still getting the msg : "Your out of office settings cannot be displayed,because the server is unavailabe, try again later."...

When I go to the shell and run: test-outlookwebservices

Id      : 1003
Type    : Information
Message : About to test AutoDiscover with the e-mail address email@domain.com.

Id      : 1013
Type    : Error
Message : When contacting https://mail.domain.com/autodiscover/autodiscover.xml received the error The operation has timed out

Id      : 1006
Type    : Error
Message : Failed to contact AutoDiscover


Any other ideas ?  Thanks again..
Liam


0
 
paadminAuthor Commented:
I re-ran it again and got this msg:

test-outlookwebservices emailaddress | fl


Id      : 1003
Type    : Information
Message : About to test AutoDiscover with the e-mail address emailaddress@domain.com.

Id      : 1013
Type    : Error
Message : When contacting https://mail.domain.com/autodiscover/autodiscover.xml received the error The unde
          lying connection was closed: An unexpected error occurred on a receive.

Id      : 1013
Type    : Error
Message : When contacting https://mail.domain.com/autodiscover/autodiscover.xml received the error Unable t
           read data from the transport connection: An existing connection was forcibly closed by the remote host.

Id      : 1013
Type    : Error
Message : When contacting https://mail.domain.com/autodiscover/autodiscover.xml received the error An exist
          ng connection was forcibly closed by the remote host

Id      : 1006
Type    : Error
Message : Failed to contact AutoDiscover
0
 
ATIGCommented:
good stuff... I was going to write you back about basic only being set on EWS...

I will get back to you tomorrow and take a look....

It still appears there somthing going on with your errors you are getting
0
 
paadminAuthor Commented:
Thanks again for all your help.. I will post any update, I will try and work on this for about another hour..
0
 
paadminAuthor Commented:
Hey Brian (and everyone else), I did not have any more success after you left yesterday...

So we have the Autocionfiguration is working from Outlook finally but the Out of office assistant is still not working. I thought for sure that once we get one working the other would work but I guess that was going to be too easy :)

Is there anything else you can think of that I can try to get the out office to work?

The : test-outlookwebservices username | fl yields the following results...


Id      : 1003
Type    : Information
Message : About to test AutoDiscover with the e-mail address email@domain.com.

Id      : 1013
Type    : Error
Message : When contacting https://mail.domain.com/autodiscover/autodiscover.xml received the error The underlying connection was closed: An unexpected error occurred on a receive.

Id      : 1013
Type    : Error
Message : When contacting https://mail.domain.com/autodiscover/autodiscover.xml received the error Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.

Id      : 1013
Type    : Error
Message : When contacting https://mail.domain.com/autodiscover/autodiscover.xml received the error An existing connection was forcibly closed by the remote host

Id      : 1006
Type    : Error
Message : Failed to contact AutoDiscover
0
 
ATIGCommented:
can you do a get on the EWS with a | fl
0
 
paadminAuthor Commented:
Is this what you needed ? I am still learning all the "Get" commands :) if not can you help with the corrert CMDLET ?

get-webservicesvirtualdirectory | fl


Name                          : EWS (Default Web Site)
InternalAuthenticationMethods : {Basic}
ExternalAuthenticationMethods : {Basic}
BasicAuthentication           : True
DigestAuthentication          : False
WindowsAuthentication         : False
MetabasePath                  : IIS://server.localdomain.local/W3SVC/1/ROOT/EWS
Path                          : C:\Program Files\Microsoft\Exchange Server\ClientAccess\exchweb\EWS
Server                        : server
InternalUrl                   : https://mail.domain.com/EWS/Exchange.asmx
ExternalUrl                   : https://mail.domain.com/EWS/Exchange.asmx
AdminDisplayName              :
ExchangeVersion               : 0.1 (8.0.535.0)
DistinguishedName             : CN=EWS (Default Web Site),CN=HTTP,CN=Protocols,CN=server,CN=Servers,CN=Exchange Adminis
                                trative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=domain,CN=Microso
                                ft Exchange,CN=Services,CN=Configuration,DC=localdomain,DC=local
Identity                      : server\EWS (Default Web Site)
Guid                          : 87251740-ff66-4323-bbbb-cbccfb358a4f
ObjectCategory                : localdomain.local/Configuration/Schema/ms-Exch-Web-Services-Virtual-Directory
ObjectClass                   : {top, msExchVirtualDirectory, msExchWebServicesVirtualDirectory}
WhenChanged                   : 7/31/2007 4:54:17 PM
WhenCreated                   : 5/7/2007 5:35:56 PM
OriginatingServer             : serverdc.localdomain.local
IsValid                       : True
0
 
ATIGCommented:
add NTLM,Intergrated for the Internal/External Auth

enable intergrated on the EWS in IIS and remove basic
0
 
ATIGCommented:
I dont have basic set on mine so if setting intergrated with basic does not work remove basic

0
 
paadminAuthor Commented:
You are the best...

The final:

get-webservicesvirtualdirectory | Set-WebServicesVirtualDirectory -WindowsAuthentication:$true

Worked.. You have no idea how much i apprecaite your help.. I am the only Network person here at this computer and Expert Exchange is one of my best resources for help..
0
 
ATIGCommented:
:) glad to hear you got it working :)

finally I just did a survey asking about setting basic auth only on that hehehe :)

glad I can help

0
 
paadminAuthor Commented:
I wish I could award more that 500 point for your help.. I really appreacite everything over the past 2 days, I was really begining to think that I would never get his issue resolved..

Thanks agian,
Liam
0
 
ATIGCommented:
I would have stuck with you through it... would have got you soon but been busy lately. I thought you had changed the auth yesterday :)

well you got it now and are now an autodiscover guru :)
0
 
jjozCommented:
hi All,

my EWS VD has been set into

WindowsAuthentication         : True

but the problem still exist.
0
 
jedaykinCommented:
me to
0
 
ConnectNZCommented:
me three
0
 
jedaykinCommented:
I fix my autodiscover problem.
Adding dns server a ahost record.
host record name must be autodiscover and give exchange server ip
taaa taaaa autodiscover problem fixed :)
0
 
Graeme-NightingaleCommented:
Hi, just FYI I was researching another fault with users being prompted for username/password while in Outlook 2007. It mentioned the following -

To fix outlook 2007 prompting for a password (where the username and password combination is never correct - and everything works when you click cancel) do the following.

Open IIS manager on the exchange server.

Expand Sites then SBS Web Applications.

Click Autodiscover. Double click SSL Settings.

Change the setting from Ignore to Accept and click apply (on the right hand side)

Do the same for OAB.

This will fix the problem. Next time you open Outlook 2007 you will not be prompted for a password.

I've found that changing the settings in ISS for Autodiscover can cause ""Autoconfiguration was unable to determine your settings"

Just a heads up!
0
 
LeviDailyCommented:
Hey guys i am having a similar issue.i am running server 2008 with exchange 2010. When users try to go to out off office they get the same error. when i right click on outlook test email auto config. i get this response back..

Autoconfiguration has started, this may take up to a minute
Autoconfiguration was unable to determine your settings !!

I have done the get-webservicesvirtualdirectory | Set-WebServicesVirtualDirectory -WindowsAuthentication:$true and it took it just fine.

I have made sure my ssl cert is good from godaddy.  in the my UCC cert i have mail.company.org, autodiscover.company.org and servername.company.org      I also made sure that in DNS it is pointed to the correct mail server

OWA seems to be working great. When i do the get-webservicesvirtualdirectory | fl it does tell me the right information i am looking for

Server                        : servername
InternalUrl                   : https://servername.company.org/EWS/Exchange.asmx
ExternalUrl                   : https:// mail.company.org /ews/exchange.asmx
AdminDisplayName              :
ExchangeVersion               : 0.10 (14.0.100.0)
DistinguishedName             : CN=EWS (Default Web Site),CN=HTTP,CN=Protocols,CN=GCEX01,CN=Servers,CN=Exchange Adminis
                                trative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Exchange,CN=Microsoft Excha
                                nge,CN=Services,CN=Configuration,DC=company,DC=org
Identity                      : servername\EWS (Default Web Site)
Guid                          : 10ca477f-6094-4776-8944-b94ba2fe7f54
ObjectCategory                : company.org/Configuration/Schema/ms-Exch-Web-Services-Virtual-Directory
ObjectClass                   : {top, msExchVirtualDirectory, msExchWebServicesVirtualDirectory}
WhenChanged                   : 12/21/2010 10:13:38 AM
WhenCreated                   : 12/21/2010 10:13:37 AM
WhenChangedUTC                : 12/21/2010 6:13:38 PM
WhenCreatedUTC                : 12/21/2010 6:13:37 PM
OrganizationId                :
OriginatingServer             : servername.company.org
IsValid                       : True


Any suggestions would be appreciated as i am lost

0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.