Solved

Outlook Test E-mail Autoconfiguration is generating error 0x800C8203

Posted on 2009-07-08
28
9,800 Views
Last Modified: 2012-06-21
When I run Test-outlookWebServices, all results on my cas/hub server come
back as successful.  It's when I run Test E-mail Autoconfiguration on Outlook
2007 the I get the following errors after it finds the SCP succesfully:

Autodiscover to https://servername.domain.com/autodiscover/autodiscover.xml
FAILED (0x800C8203).

Then it fails over to:

Autodiscover to
https://autodiscover.domain.com/autodiscover/autodiscover.xml FAILED
(0x800C8203).

It appears now that new users aren't getting their profiles created properly
via autodiscover and OOF is broken.  Thanks for any help.  
0
Comment
Question by:brooklynra
  • 14
  • 11
  • 3
28 Comments
 
LVL 8

Expert Comment

by:Npatang
ID: 24806219
We just need to make sure that Servername.domain.com should be resolvable internally. We should have the same URL on the CERT as well, and if these condition are met make sure that kernal mode Authenticationi s disabled on the CAS server.
0
 

Author Comment

by:brooklynra
ID: 24806331
I have set both the internalURL and externalURL for the autodiscover service to be the same, and have verified that both are resolvable internally.  As far as the Kernal mode - I'm running Windows 2003 Server, so I don't believe this is an option.

To give you a little background - I did run test-outlookwebservices |fl and everything connected just fine.  This is happening on clients inside the network as far as outside (we're running Outlook Anywhere on Exchange 2007).

0
 
LVL 8

Expert Comment

by:Npatang
ID: 24806428
try running the command "get-ClientAccessServer |fl" and let me know what is the Internal URL is set to?
0
 

Author Comment

by:brooklynra
ID: 24806447
https://<fqdn>/autodiscover/autodiscover.xml

0
 
LVL 8

Expert Comment

by:Npatang
ID: 24806501
try browsing https://<fqdn>/autodiscover/autodiscover.xml from the client machine and see if you are able to browse it ..
0
 

Author Comment

by:brooklynra
ID: 24806510
I got prompted for a username/password
after i authenticated, i got the following message:

  <?xml version="1.0" encoding="utf-8" ?>
- <Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
- <Response>
- <Error Time="14:06:48.1406250" Id="140494515">
  <ErrorCode>600</ErrorCode>
  <Message>Invalid Request</Message>
  <DebugData />
  </Error>
  </Response>
  </Autodiscover>
0
 
LVL 8

Expert Comment

by:Npatang
ID: 24806570
CHeck if yo have any Proxy Settings in IE of client machine, if Yes remove it.
Also try adding the SCP URL (only FQDN of the server)  point to to CAS IP in the host file of the client machine.
0
 

Author Comment

by:brooklynra
ID: 24806602
No proxy settings set.  and i do have entries in the "hosts" file that point to the FQDN.
0
 
LVL 8

Expert Comment

by:Npatang
ID: 24806636
If you do have entries in the host file try removing them and then run the nslookup and see if you are able to resolve the FQDN (SCP)to the internal IP of the CAS from the client
0
 

Author Comment

by:brooklynra
ID: 24806679
I just did that and re-ran the test configuration...same result.  still getting the same error message.
0
 
LVL 8

Expert Comment

by:Npatang
ID: 24806709
Have you  try removing and recreating the Autodiscovervirtual directory?
0
 
LVL 12

Expert Comment

by:Saakar
ID: 24806993
1. Run Adsiedit.msc

2. Expand CN=Configuration, CN=Microsoft Exchange, CN=<OrganizationName>,
CN=Administrative Groups, CN= Exchange Administrative Group, CN= Servers,
CN=<CAS_ServerName>, CN= HTTP,CN=Autodiscover,CN=<CAS_ServerName>

3. Right-click over CN=<CAS_ServerName>, Select Properties

4. Edit the attribute Keywords

5. Add the following enttry 7378f46-2c66-4aa9-a6a6-3e7a48b19596

6. Run the cmdlet Get-ClientAccessServer <CAS_ServerName> | fl
0
 

Author Comment

by:brooklynra
ID: 24807006
I tried doing that, and still getting the same error message.
0
 

Author Comment

by:brooklynra
ID: 24807287
saakar_rao - I verified that the keyword you recommended was already in the Keywords attribute.  I ran test-configuration and still getting same result.  Below is the output from the get-clientaccessserver command:

Name                           : <netbios-name>
OutlookAnywhereEnabled         : True
AutoDiscoverServiceCN          : <netbios-name>
AutoDiscoverServiceClassName   : ms-Exchange-AutoDiscover-Service
AutoDiscoverServiceInternalUri : https://<fqdn>/autodiscover/autodiscover.xml
AutoDiscoverServiceGuid        : 77378f46-2c66-4aa9-a6a6-3e7a48b19596
AutoDiscoverSiteScope          : {Default-First-Site}
IsValid                        : True
OriginatingServer              : <internal fqdn - netbios.domain.local>
ExchangeVersion                : 0.1 (8.0.535.0)
DistinguishedName              : CN=<CAS_SERVERNAME>,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=<ORGANIZATION_NAME>,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=domain,DC=local
Identity                       : DFEXSV01
Guid                           : 5767ea9b-6790-458f-b585-5c9ca4694d7e
ObjectCategory                 : domain.local/Configuration/Schema/ms-Exch-Exchange-Server
ObjectClass                    : {top, server, msExchExchangeServer}
WhenChanged                    : 9/10/2008 5:57:52 PM
WhenCreated                    : 9/3/2008 6:12:39 PM


Should I consider adjusting the OriginatingServer variable?
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 12

Expert Comment

by:Saakar
ID: 24807803
1. Can you ping autodiscover.domain.com from your internal network, if not try creating a host record in your internal DNS
2. What are the port numbers on the Default Web Site, are they the default 80 and 443??
If not try changing them to default, and stop the Website those are using those ports and change them.
0
 
LVL 8

Expert Comment

by:Npatang
ID: 24807854
DO you have the wild card Internal DNS server?
0
 

Author Comment

by:brooklynra
ID: 24807861
1)  I did it and i'm getting the same error message (0x800c8203) for autodiscover.x.x
2)  Default web is 80 and SSL is 443.
0
 

Author Comment

by:brooklynra
ID: 24807923
Npatang - yes i do have a wildcard set to the internal IP address of the CAS server.
0
 
LVL 8

Expert Comment

by:Npatang
ID: 24807959
Remove the Wildcard entry from the internal DNS  and then flush dns and register dns on the clients and then try the same
0
 

Author Comment

by:brooklynra
ID: 24807975
Npatang - Done.  Same result.
0
 
LVL 8

Expert Comment

by:Npatang
ID: 24807999
have you try with any other client in the domain?
0
 

Author Comment

by:brooklynra
ID: 24808061
I tried it across 3 clients and I'm getting the same issue.  The only new thing I've seen is that I'm getting a certificate error when I try the test configuration as it's trying to access autodiscover.domain.com...but that URL does not match the FQDN of the mail server (which is what the SSL certificate has registered.  

autodiscover.domain.com is not referenced until about the 3rd FQDN that the Test Configuration tool uses as part of the autoconfiguration query process.
0
 
LVL 8

Expert Comment

by:Npatang
ID: 24808133
DO you have the SAN cert or Single name cert ?
0
 
LVL 12

Expert Comment

by:Saakar
ID: 24808155
0
 

Author Comment

by:brooklynra
ID: 24813563
Npatang - I have a Single name cert.

saakar - I have already run the instructions listed in http://support.microsoft.com/kb/940726 and I am getting the same results.
0
 

Author Comment

by:brooklynra
ID: 24814356
Does anyone know whether it's mandatory to have multiple FQDNs (i.e. autodiscover.domain.com, mail.domain.com, etc) set up for Autodiscover to work?  I would imagine that setting the FQDN registered with the SSL Cert as the URL listed in the SCP settings should suffice.  Am I wrong here?

When I run the test configuration in outlook, it does pick up the the proper FQDN listed in SCP, but then it errors out with 0x800C8203 (which according to Microsoft is a DNS related issue).  The first URL that the test configuration retrieves is the proper URL.  But when that lookup fails, it continues to random URLs such as autodiscover.domain.com, domain.com, etc.

Does this make sense to anyone?
0
 
LVL 8

Expert Comment

by:Npatang
ID: 24814396
Its good to have Multiple FQDN's on the cert. Anyways try vreatin gthe Autofdiscover record in the internal DNS, if it is failing on SCP it should be able to connect via Autodiscover.. but if you don'thave this URl set on the cert you will get the cert error.
0
 

Accepted Solution

by:
brooklynra earned 0 total points
ID: 24862478
Thanks for everyone's help.  I found the answer to my original question at:

http://blog.fandotech.com/archives/tag/0x800c8203

Specifically, please review the following paragraph that addresses my specific issue:

Here is what I was finally able to trace this problem to: the msexchquerybasedn user attribute that we set to an OU containing the faculty users was to blame. Apparently (this is news to Microsoft) the autodiscover service uses the msexchquerybasedn attribute (if its set) to correlate a user to their location in AD. This was not always so, we ran this configuration for 10 months without issue. The msexchquerybasedn user attribute must be set to the OU of which the user is a member, or not contain a value. For installations where you have a single default OAB you do not need to set this user attribute to any value. However if you are using this attribute to populate your address books and are unable to change it, then you must alter your OU structure to remedy this.
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Not sure what the best email signature size is? Are you worried about email signature image size? Follow this best practice guide.
Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
In this video we show how to create a User Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Mailb…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now