Exchange 2007 - Autodiscover not correctly configured.

Posted on 2008-06-16
Last Modified: 2010-05-18
Hi There!

Bear with me, this could be a long and complicated post, and I am no expert with Exchange 2007.

We installed E2007 for a client, its a single server. They originally had the domain name and both internal and external DNS pointed at the same domain. They recently changed from to as their primary dns, however internally they still use I created a second forward zone in the dns for

It would appear that we have a number of problems and I am not certain if they are all linked, or a series of misconfigurations. They got a godaddy ssl cert, and accessing gives no errors.

However all of a sudden randomly it would seem, a few of the locally connected clients running Outlook 2007 are getting a username and password prompt which no combination will resolve. Email still sends/receives ok. I found this after I did a search, and it may be that I am being stupid, but I couldn't really get very far with this. I added the and A records to the forward dns, and this didn't help.

We also have a problem whereby on the terminal server which is also a DC (Yes I know its not a recommended solution but there are good reasons for it) if we try and connect Outlook 2007 to the exchange server, it gives us a credentials prompt which always fails no matter what combination we use.

we use form based auth with predefined.

I have put some of the output I think might be relevant below, replacing the real names with the domain1 and domain2.


A45F5F9D52689F530D5E5DBAF86E6790777AAB49  ...W., OU=Domain Control Validated,
9A4E0BF172BC5C207A210CCF2FF10C58E59EEA1B  .....      CN=domain2CA, DC=domain1, DC=co, DC=nz
8A88A71DAAE9266C3911B8680D13745AB1056567  .....
55B941EF64651C51939841CC67BBC8987D9925FD  .....
2BCD471834DC3CC4F33CDF03294B5837FCD65991  IP..S      CN=domain1EXCH

[PS] C:\>Get-ClientAccessServer | fl name,Autodiscoverserviceinternaluri

Name                           : DOMAIN1EXCH
AutoDiscoverServiceInternalUri :

[PS] C:\>Test-OutlookWebServices | fl

Id      : 1003
Type    : Information
Message : About to test AutoDiscover with the e-mail address

Id      : 1007
Type    : Information
Message : Testing server with the published name & .

Id      : 1019
Type    : Information
Message : Found a valid AutoDiscover service connection point. The AutoDiscover URL on this object is https://smtp.domain2

Id      : 1013
Type    : Error
Message : When contacting received the error The remote server re
          turned an error: (401) Unauthorized.

Id      : 1006
Type    : Error
Message : The Autodiscover service could not be contacted.

The URLS Above are correct and resolve both internally and Externally.

I found a link that said to suppress the 401 error I could change a loopback setting in the registry, but I could not determine why you would do that if its not recommended, plus in the middle of the work day, its not really ideal to restart our exchange server. Is the purpose of this article to allow you to disable this error as you require to go further to get to the bottom of the problem? Will an IISreset get around the restart?

Would appreciate any assistance, thanks very much in advance, please let me know if you need further information. The Server has all the latest patches/SP's?

Question by:networkn
  • 3

Author Comment

ID: 21799353
Ok I found this article:

The godaddy cert is single name, pointing at and I am wondering if all I need to do to fix this is:

 Option 2: Using a New Single-Name Certificate

Use the Exchange Management Shell on your Client Access server to install and enable your new third-party certificate.
To use the Exchange Management Shell to install and enable a new third-party SSL certificate


      On the Client Access server, open the Exchange Management Shell, and then run the following command:

      Import-ExchangeCertificate Path <full path to CER file> | Enable-ExchangeCertificate  -Services iis

Step 2: Modify the Service Connection Point

By default, the URL for the Autodiscover service stored in the SCP object in Active Directory will reference the internal FQDN for the Client Access server during Exchange 2007 Setup. You will use the Set-ClientAccessServer cmdlet to modify this URL so that it points to the new location (FQDN) for the Autodiscover service.
You must repeat this step for every Client Access server that is installed in your Exchange messaging infrastructure.
To use the Exchange Management Shell to change the internal URL for the Autodiscover service


      In the Exchange Management Shell, run the following command:

      Set-ClientAccessServer identity <servername> AutodiscoverServiceInternalUri

Step 3: Configure the Exchange Services URLs

Now that you have configured SSL for your Autodiscover service deployment scenario, you must configure your Exchange services for external and internal access. For more information, see How to Configure Exchange Services for the Autodiscover Service later in this white paper.

I guess I don't want to try something that could potentially break everything. Is there a way to backup this config so I can restore it if it turns to custard?

Author Comment

ID: 21800913
Well after a restart after hours I am STILL getting the 401 error, which is strange, I doublechecked it, and it looks correct. I did the right click on the start > test and it passed, but a send/receive gave me a prompt for a username and password I couldnt get past.

Accepted Solution

networkn earned 0 total points
ID: 21852372
Solved by restoring IIS to an earlier configuration. The 401 didn't go away when I renamed that reg setting.

Featured Post

Active Directory Webinar

We all know we need to protect and secure our privileges, but where to start? Join Experts Exchange and ManageEngine on Tuesday, April 11, 2017 10:00 AM PDT to learn how to track and secure privileged users in Active Directory.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
MS Outlook is a world-class email client application that is mainly used for e-communication globally.  In this article, we will discuss the basic idea about MS Outlook, its advanced features, and types of MS Outlook File formats.
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question