Autodiscover connecting to internal AD

Posted on 2009-04-06
Last Modified: 2012-05-06
A quick one for you guys, but I'm going around in circles trying to find a fix.

I've taken on a job to troubleshoot an Exchange 2007 Server on a Server 2008 Standard Edition machine. A SAN certificate has been installed, which has the domains, servername, and listed. ( being the Common Name, the others being Subject Alternate Names).

The firewall has already been configured to allow port 443 through to the server, URLs updated in Exchange and the SSL certificate installed. Outlook (on a non-domain joined machine) does seem to work. However, it is painfully slow in the initial discovery and start-up phases.

What seems to be happening is Outlook is attempting to connect to the internal server name ( rather than the external name ( I've checked every location in Exchange but cannot find where the wrong URL is located.

Any insight would be appreciated as I'm going round in circles. Thanks.
Question by:tigermatt
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 10

Assisted Solution

kevala earned 125 total points
ID: 24082733
Can you post a "Test E-Mail AutoConfiguration" with only "Use AutoDiscover" enabled?

Hold CTRL, right-click the Outlook icon, select Test E-mail.....
Check only "Use Autodiscover"
Click Test

Look through the connections on all tabs, post results of results tab and log tab if possible.
LVL 65

Accepted Solution

Mestha earned 250 total points
ID: 24082908
Standard first test:
See what that throws up. It will show you everything the process goes through.
There is an initial connection on the AD name, because Outlook Anywhere doesn't kick in until after that has failed, so a slight delay in connecting is to be expected. However if the Outlook install is in cached mode then Outlook should start correctly.

Where you can get odd things happening is if the server's FQDN resolves externally due to a wildcard on the domain. That will cause things to take longer to time out because it is now a connectivity rather than a name resolution time out.

LVL 13

Assisted Solution

FearNoMore earned 125 total points
ID: 24083194
Hmmm.....have you checked the SCP (Service Connection Point) in ADSIedit?
 DC=<domain>, CN=Configuration, CN=Services, CN=Microsoft Exchange, CN=First Organization, CN=Administrative Groups, CN=Exchange Administrative Group, CN=Servers, CN=<CAS Name>, CN=Protocols, CN=AutoDiscover, CN=<CAS Name
 A similar problem is posted here
LVL 58

Author Comment

ID: 24086211
Well, I've advanced a lot in the last 12 hours. This server had been completely incorrectly configured, which was the cause for Autodiscover to be very slow.

In short, this is what I've now done:

Re-keyed the SSL certificate with the supplier and re-applied the SSL certificate
Reset the configuration of the various Exchange Virtual Directories
Fixed the EAPs and Accepted Domains lists, to include only the client's main domains and none of the other rubbish which was in there
Disabled Autodiscover, rebooted, re-enabled.

And it is now much, much quicker - in fact, whereas configuration in Outlook could take upwards of 5 minutes to detect and make the initial connection, I just made a connection in less than 15 seconds. So, a lot quicker!

Thanks for your help guys. Simon, that test site is particularly useful and is now in my bookmarks. Thanks!

LVL 58

Author Closing Comment

ID: 31567277
All useful information, thank you!

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Follow this checklist to learn more about the 15 things you should never include in an email signature from personal quotes, animated gifs and out-of-date marketing content.
Find out what you should include to make the best professional email signature for your organization.
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question