Outlook Test E-mail Autoconfiguration is generating error 0x800C8203

When I run Test-outlookWebServices, all results on my cas/hub server come
back as successful.  It's when I run Test E-mail Autoconfiguration on Outlook
2007 the I get the following errors after it finds the SCP succesfully:

Autodiscover to https://servername.domain.com/autodiscover/autodiscover.xml 
FAILED (0x800C8203).

Then it fails over to:

Autodiscover to
https://autodiscover.domain.com/autodiscover/autodiscover.xml FAILED
(0x800C8203).

It appears now that new users aren't getting their profiles created properly
via autodiscover and OOF is broken.  Thanks for any help.  
brooklynraAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

NpatangCommented:
We just need to make sure that Servername.domain.com should be resolvable internally. We should have the same URL on the CERT as well, and if these condition are met make sure that kernal mode Authenticationi s disabled on the CAS server.
0
brooklynraAuthor Commented:
I have set both the internalURL and externalURL for the autodiscover service to be the same, and have verified that both are resolvable internally.  As far as the Kernal mode - I'm running Windows 2003 Server, so I don't believe this is an option.

To give you a little background - I did run test-outlookwebservices |fl and everything connected just fine.  This is happening on clients inside the network as far as outside (we're running Outlook Anywhere on Exchange 2007).

0
NpatangCommented:
try running the command "get-ClientAccessServer |fl" and let me know what is the Internal URL is set to?
0
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

brooklynraAuthor Commented:
https://<fqdn>/autodiscover/autodiscover.xml

0
NpatangCommented:
try browsing https://<fqdn>/autodiscover/autodiscover.xml from the client machine and see if you are able to browse it ..
0
brooklynraAuthor Commented:
I got prompted for a username/password
after i authenticated, i got the following message:

  <?xml version="1.0" encoding="utf-8" ?>
- <Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
- <Response>
- <Error Time="14:06:48.1406250" Id="140494515">
  <ErrorCode>600</ErrorCode>
  <Message>Invalid Request</Message>
  <DebugData />
  </Error>
  </Response>
  </Autodiscover>
0
NpatangCommented:
CHeck if yo have any Proxy Settings in IE of client machine, if Yes remove it.
Also try adding the SCP URL (only FQDN of the server)  point to to CAS IP in the host file of the client machine.
0
brooklynraAuthor Commented:
No proxy settings set.  and i do have entries in the "hosts" file that point to the FQDN.
0
NpatangCommented:
If you do have entries in the host file try removing them and then run the nslookup and see if you are able to resolve the FQDN (SCP)to the internal IP of the CAS from the client
0
brooklynraAuthor Commented:
I just did that and re-ran the test configuration...same result.  still getting the same error message.
0
NpatangCommented:
Have you  try removing and recreating the Autodiscovervirtual directory?
0
SaakarSenior Technical ConsultantCommented:
1. Run Adsiedit.msc

2. Expand CN=Configuration, CN=Microsoft Exchange, CN=<OrganizationName>,
CN=Administrative Groups, CN= Exchange Administrative Group, CN= Servers,
CN=<CAS_ServerName>, CN= HTTP,CN=Autodiscover,CN=<CAS_ServerName>

3. Right-click over CN=<CAS_ServerName>, Select Properties

4. Edit the attribute Keywords

5. Add the following enttry 7378f46-2c66-4aa9-a6a6-3e7a48b19596

6. Run the cmdlet Get-ClientAccessServer <CAS_ServerName> | fl
0
brooklynraAuthor Commented:
I tried doing that, and still getting the same error message.
0
brooklynraAuthor Commented:
saakar_rao - I verified that the keyword you recommended was already in the Keywords attribute.  I ran test-configuration and still getting same result.  Below is the output from the get-clientaccessserver command:

Name                           : <netbios-name>
OutlookAnywhereEnabled         : True
AutoDiscoverServiceCN          : <netbios-name>
AutoDiscoverServiceClassName   : ms-Exchange-AutoDiscover-Service
AutoDiscoverServiceInternalUri : https://<fqdn>/autodiscover/autodiscover.xml
AutoDiscoverServiceGuid        : 77378f46-2c66-4aa9-a6a6-3e7a48b19596
AutoDiscoverSiteScope          : {Default-First-Site}
IsValid                        : True
OriginatingServer              : <internal fqdn - netbios.domain.local>
ExchangeVersion                : 0.1 (8.0.535.0)
DistinguishedName              : CN=<CAS_SERVERNAME>,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=<ORGANIZATION_NAME>,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=domain,DC=local
Identity                       : DFEXSV01
Guid                           : 5767ea9b-6790-458f-b585-5c9ca4694d7e
ObjectCategory                 : domain.local/Configuration/Schema/ms-Exch-Exchange-Server
ObjectClass                    : {top, server, msExchExchangeServer}
WhenChanged                    : 9/10/2008 5:57:52 PM
WhenCreated                    : 9/3/2008 6:12:39 PM


Should I consider adjusting the OriginatingServer variable?
0
SaakarSenior Technical ConsultantCommented:
1. Can you ping autodiscover.domain.com from your internal network, if not try creating a host record in your internal DNS
2. What are the port numbers on the Default Web Site, are they the default 80 and 443??
If not try changing them to default, and stop the Website those are using those ports and change them.
0
NpatangCommented:
DO you have the wild card Internal DNS server?
0
brooklynraAuthor Commented:
1)  I did it and i'm getting the same error message (0x800c8203) for autodiscover.x.x
2)  Default web is 80 and SSL is 443.
0
brooklynraAuthor Commented:
Npatang - yes i do have a wildcard set to the internal IP address of the CAS server.
0
NpatangCommented:
Remove the Wildcard entry from the internal DNS  and then flush dns and register dns on the clients and then try the same
0
brooklynraAuthor Commented:
Npatang - Done.  Same result.
0
NpatangCommented:
have you try with any other client in the domain?
0
brooklynraAuthor Commented:
I tried it across 3 clients and I'm getting the same issue.  The only new thing I've seen is that I'm getting a certificate error when I try the test configuration as it's trying to access autodiscover.domain.com...but that URL does not match the FQDN of the mail server (which is what the SSL certificate has registered.  

autodiscover.domain.com is not referenced until about the 3rd FQDN that the Test Configuration tool uses as part of the autoconfiguration query process.
0
NpatangCommented:
DO you have the SAN cert or Single name cert ?
0
SaakarSenior Technical ConsultantCommented:
0
brooklynraAuthor Commented:
Npatang - I have a Single name cert.

saakar - I have already run the instructions listed in http://support.microsoft.com/kb/940726 and I am getting the same results.
0
brooklynraAuthor Commented:
Does anyone know whether it's mandatory to have multiple FQDNs (i.e. autodiscover.domain.com, mail.domain.com, etc) set up for Autodiscover to work?  I would imagine that setting the FQDN registered with the SSL Cert as the URL listed in the SCP settings should suffice.  Am I wrong here?

When I run the test configuration in outlook, it does pick up the the proper FQDN listed in SCP, but then it errors out with 0x800C8203 (which according to Microsoft is a DNS related issue).  The first URL that the test configuration retrieves is the proper URL.  But when that lookup fails, it continues to random URLs such as autodiscover.domain.com, domain.com, etc.

Does this make sense to anyone?
0
NpatangCommented:
Its good to have Multiple FQDN's on the cert. Anyways try vreatin gthe Autofdiscover record in the internal DNS, if it is failing on SCP it should be able to connect via Autodiscover.. but if you don'thave this URl set on the cert you will get the cert error.
0
brooklynraAuthor Commented:
Thanks for everyone's help.  I found the answer to my original question at:

http://blog.fandotech.com/archives/tag/0x800c8203

Specifically, please review the following paragraph that addresses my specific issue:

Here is what I was finally able to trace this problem to: the msexchquerybasedn user attribute that we set to an OU containing the faculty users was to blame. Apparently (this is news to Microsoft) the autodiscover service uses the msexchquerybasedn attribute (if its set) to correlate a user to their location in AD. This was not always so, we ran this configuration for 10 months without issue. The msexchquerybasedn user attribute must be set to the OU of which the user is a member, or not contain a value. For installations where you have a single default OAB you do not need to set this user attribute to any value. However if you are using this attribute to populate your address books and are unable to change it, then you must alter your OU structure to remedy this.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.