Link to home
Start Free TrialLog in
Avatar of brooklynra
brooklynra

asked on

Outlook Test E-mail Autoconfiguration is generating error 0x800C8203

When I run Test-outlookWebServices, all results on my cas/hub server come
back as successful.  It's when I run Test E-mail Autoconfiguration on Outlook
2007 the I get the following errors after it finds the SCP succesfully:

Autodiscover to https://servername.domain.com/autodiscover/autodiscover.xml 
FAILED (0x800C8203).

Then it fails over to:

Autodiscover to
https://autodiscover.domain.com/autodiscover/autodiscover.xml FAILED
(0x800C8203).

It appears now that new users aren't getting their profiles created properly
via autodiscover and OOF is broken.  Thanks for any help.  
Avatar of Npatang
Npatang
Flag of India image

We just need to make sure that Servername.domain.com should be resolvable internally. We should have the same URL on the CERT as well, and if these condition are met make sure that kernal mode Authenticationi s disabled on the CAS server.
Avatar of brooklynra
brooklynra

ASKER

I have set both the internalURL and externalURL for the autodiscover service to be the same, and have verified that both are resolvable internally.  As far as the Kernal mode - I'm running Windows 2003 Server, so I don't believe this is an option.

To give you a little background - I did run test-outlookwebservices |fl and everything connected just fine.  This is happening on clients inside the network as far as outside (we're running Outlook Anywhere on Exchange 2007).

try running the command "get-ClientAccessServer |fl" and let me know what is the Internal URL is set to?
https://<fqdn>/autodiscover/autodiscover.xml

try browsing https://<fqdn>/autodiscover/autodiscover.xml from the client machine and see if you are able to browse it ..
I got prompted for a username/password
after i authenticated, i got the following message:

  <?xml version="1.0" encoding="utf-8" ?>
- <Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
- <Response>
- <Error Time="14:06:48.1406250" Id="140494515">
  <ErrorCode>600</ErrorCode>
  <Message>Invalid Request</Message>
  <DebugData />
  </Error>
  </Response>
  </Autodiscover>
CHeck if yo have any Proxy Settings in IE of client machine, if Yes remove it.
Also try adding the SCP URL (only FQDN of the server)  point to to CAS IP in the host file of the client machine.
No proxy settings set.  and i do have entries in the "hosts" file that point to the FQDN.
If you do have entries in the host file try removing them and then run the nslookup and see if you are able to resolve the FQDN (SCP)to the internal IP of the CAS from the client
I just did that and re-ran the test configuration...same result.  still getting the same error message.
Have you  try removing and recreating the Autodiscovervirtual directory?
1. Run Adsiedit.msc

2. Expand CN=Configuration, CN=Microsoft Exchange, CN=<OrganizationName>,
CN=Administrative Groups, CN= Exchange Administrative Group, CN= Servers,
CN=<CAS_ServerName>, CN= HTTP,CN=Autodiscover,CN=<CAS_ServerName>

3. Right-click over CN=<CAS_ServerName>, Select Properties

4. Edit the attribute Keywords

5. Add the following enttry 7378f46-2c66-4aa9-a6a6-3e7a48b19596

6. Run the cmdlet Get-ClientAccessServer <CAS_ServerName> | fl
I tried doing that, and still getting the same error message.
saakar_rao - I verified that the keyword you recommended was already in the Keywords attribute.  I ran test-configuration and still getting same result.  Below is the output from the get-clientaccessserver command:

Name                           : <netbios-name>
OutlookAnywhereEnabled         : True
AutoDiscoverServiceCN          : <netbios-name>
AutoDiscoverServiceClassName   : ms-Exchange-AutoDiscover-Service
AutoDiscoverServiceInternalUri : https://<fqdn>/autodiscover/autodiscover.xml
AutoDiscoverServiceGuid        : 77378f46-2c66-4aa9-a6a6-3e7a48b19596
AutoDiscoverSiteScope          : {Default-First-Site}
IsValid                        : True
OriginatingServer              : <internal fqdn - netbios.domain.local>
ExchangeVersion                : 0.1 (8.0.535.0)
DistinguishedName              : CN=<CAS_SERVERNAME>,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=<ORGANIZATION_NAME>,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=domain,DC=local
Identity                       : DFEXSV01
Guid                           : 5767ea9b-6790-458f-b585-5c9ca4694d7e
ObjectCategory                 : domain.local/Configuration/Schema/ms-Exch-Exchange-Server
ObjectClass                    : {top, server, msExchExchangeServer}
WhenChanged                    : 9/10/2008 5:57:52 PM
WhenCreated                    : 9/3/2008 6:12:39 PM


Should I consider adjusting the OriginatingServer variable?
1. Can you ping autodiscover.domain.com from your internal network, if not try creating a host record in your internal DNS
2. What are the port numbers on the Default Web Site, are they the default 80 and 443??
If not try changing them to default, and stop the Website those are using those ports and change them.
DO you have the wild card Internal DNS server?
1)  I did it and i'm getting the same error message (0x800c8203) for autodiscover.x.x
2)  Default web is 80 and SSL is 443.
Npatang - yes i do have a wildcard set to the internal IP address of the CAS server.
Remove the Wildcard entry from the internal DNS  and then flush dns and register dns on the clients and then try the same
Npatang - Done.  Same result.
have you try with any other client in the domain?
I tried it across 3 clients and I'm getting the same issue.  The only new thing I've seen is that I'm getting a certificate error when I try the test configuration as it's trying to access autodiscover.domain.com...but that URL does not match the FQDN of the mail server (which is what the SSL certificate has registered.  

autodiscover.domain.com is not referenced until about the 3rd FQDN that the Test Configuration tool uses as part of the autoconfiguration query process.
DO you have the SAN cert or Single name cert ?
Npatang - I have a Single name cert.

saakar - I have already run the instructions listed in http://support.microsoft.com/kb/940726 and I am getting the same results.
Does anyone know whether it's mandatory to have multiple FQDNs (i.e. autodiscover.domain.com, mail.domain.com, etc) set up for Autodiscover to work?  I would imagine that setting the FQDN registered with the SSL Cert as the URL listed in the SCP settings should suffice.  Am I wrong here?

When I run the test configuration in outlook, it does pick up the the proper FQDN listed in SCP, but then it errors out with 0x800C8203 (which according to Microsoft is a DNS related issue).  The first URL that the test configuration retrieves is the proper URL.  But when that lookup fails, it continues to random URLs such as autodiscover.domain.com, domain.com, etc.

Does this make sense to anyone?
Its good to have Multiple FQDN's on the cert. Anyways try vreatin gthe Autofdiscover record in the internal DNS, if it is failing on SCP it should be able to connect via Autodiscover.. but if you don'thave this URl set on the cert you will get the cert error.
ASKER CERTIFIED SOLUTION
Avatar of brooklynra
brooklynra

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial