Exchange 2007 - Autodiscover not correctly configured.

Hi There!

Bear with me, this could be a long and complicated post, and I am no expert with Exchange 2007.

We installed E2007 for a client, its a single server. They originally had the domain name and both internal and external DNS pointed at the same domain. They recently changed from to as their primary dns, however internally they still use I created a second forward zone in the dns for

It would appear that we have a number of problems and I am not certain if they are all linked, or a series of misconfigurations. They got a godaddy ssl cert, and accessing gives no errors.

However all of a sudden randomly it would seem, a few of the locally connected clients running Outlook 2007 are getting a username and password prompt which no combination will resolve. Email still sends/receives ok. I found this after I did a search, and it may be that I am being stupid, but I couldn't really get very far with this. I added the and A records to the forward dns, and this didn't help.

We also have a problem whereby on the terminal server which is also a DC (Yes I know its not a recommended solution but there are good reasons for it) if we try and connect Outlook 2007 to the exchange server, it gives us a credentials prompt which always fails no matter what combination we use.

we use form based auth with predefined.

I have put some of the output I think might be relevant below, replacing the real names with the domain1 and domain2.


A45F5F9D52689F530D5E5DBAF86E6790777AAB49  ...W., OU=Domain Control Validated,
9A4E0BF172BC5C207A210CCF2FF10C58E59EEA1B  .....      CN=domain2CA, DC=domain1, DC=co, DC=nz
8A88A71DAAE9266C3911B8680D13745AB1056567  .....
55B941EF64651C51939841CC67BBC8987D9925FD  .....
2BCD471834DC3CC4F33CDF03294B5837FCD65991  IP..S      CN=domain1EXCH

[PS] C:\>Get-ClientAccessServer | fl name,Autodiscoverserviceinternaluri

Name                           : DOMAIN1EXCH
AutoDiscoverServiceInternalUri :

[PS] C:\>Test-OutlookWebServices | fl

Id      : 1003
Type    : Information
Message : About to test AutoDiscover with the e-mail address

Id      : 1007
Type    : Information
Message : Testing server with the published name & .

Id      : 1019
Type    : Information
Message : Found a valid AutoDiscover service connection point. The AutoDiscover URL on this object is https://smtp.domain2

Id      : 1013
Type    : Error
Message : When contacting received the error The remote server re
          turned an error: (401) Unauthorized.

Id      : 1006
Type    : Error
Message : The Autodiscover service could not be contacted.

The URLS Above are correct and resolve both internally and Externally.

I found a link that said to suppress the 401 error I could change a loopback setting in the registry, but I could not determine why you would do that if its not recommended, plus in the middle of the work day, its not really ideal to restart our exchange server. Is the purpose of this article to allow you to disable this error as you require to go further to get to the bottom of the problem? Will an IISreset get around the restart?

Would appreciate any assistance, thanks very much in advance, please let me know if you need further information. The Server has all the latest patches/SP's?

Who is Participating?
networknConnect With a Mentor Author Commented:
Solved by restoring IIS to an earlier configuration. The 401 didn't go away when I renamed that reg setting.
networknAuthor Commented:
Ok I found this article:

The godaddy cert is single name, pointing at and I am wondering if all I need to do to fix this is:

 Option 2: Using a New Single-Name Certificate

Use the Exchange Management Shell on your Client Access server to install and enable your new third-party certificate.
To use the Exchange Management Shell to install and enable a new third-party SSL certificate


      On the Client Access server, open the Exchange Management Shell, and then run the following command:

      Import-ExchangeCertificate Path <full path to CER file> | Enable-ExchangeCertificate  -Services iis

Step 2: Modify the Service Connection Point

By default, the URL for the Autodiscover service stored in the SCP object in Active Directory will reference the internal FQDN for the Client Access server during Exchange 2007 Setup. You will use the Set-ClientAccessServer cmdlet to modify this URL so that it points to the new location (FQDN) for the Autodiscover service.
You must repeat this step for every Client Access server that is installed in your Exchange messaging infrastructure.
To use the Exchange Management Shell to change the internal URL for the Autodiscover service


      In the Exchange Management Shell, run the following command:

      Set-ClientAccessServer identity <servername> AutodiscoverServiceInternalUri

Step 3: Configure the Exchange Services URLs

Now that you have configured SSL for your Autodiscover service deployment scenario, you must configure your Exchange services for external and internal access. For more information, see How to Configure Exchange Services for the Autodiscover Service later in this white paper.

I guess I don't want to try something that could potentially break everything. Is there a way to backup this config so I can restore it if it turns to custard?
networknAuthor Commented:
Well after a restart after hours I am STILL getting the 401 error, which is strange, I doublechecked it, and it looks correct. I did the right click on the start > test and it passed, but a send/receive gave me a prompt for a username and password I couldnt get past.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.