Solved

Exchange AutoDiscover 401 Unauthorized on New SBS 2008 Install

Posted on 2010-11-30
10
2,134 Views
Last Modified: 2012-05-10
Hi Experts,

I just complete a SBS 2008 install and have noticed that I'm getting some AutoDiscover errors in Exchange 07.

I used a GoDaddy SSL installed through wizard and manually imported the intermediate cert to correct intermediate cert store... pretty standard. The cert was issued to the FQDN remote.domain.com. Again... all standard. Not sure why I'm getting these errors?

Here's what I get back from PowerShell...

 [PS] C:\Windows\System32>test-outlookwebservices | FL


Id      : 1003
Type    : Information
Message : About to test AutoDiscover with the e-mail address administrator@domain.com Id      : 1007
Type    : Information
Message : Testing server GSERVER.ggg.local with the published name https://remo
          te.domain.com/EWS/Exchange.asmx & https://remote.domain.com/EWS/Excha
          nge.asmx.

Id      : 1019
Type    : Information
Message : Found a valid AutoDiscover service connection point. The AutoDiscover
           URL on this object is https://remote.domain.com/Autodiscover/Autodis
          cover.xml.

Id      : 1013
Type    : Error
Message : When contacting https://remote.domain.com/Autodiscover/Autodiscover.x
          ml received the error The remote server returned an error: (401) Unau
          thorized.

Id      : 1006
Type    : Error
Message : The Autodiscover service could not be contacted.


Is it possible that my new Zyxel firewall is misconfigured? Would there be something I need to set in there? I am getting onto OWA & RWW fine internally and externally and all Outlook clients seem to be connecting fine. What alerted me to the problem was the fact that our Vipre Email Security Spam filtering was not working correctly.... which led me to the AutoDiscover issues.

Thanks for the assist.
0
Comment
Question by:philodendrin
  • 3
  • 3
  • 2
  • +1
10 Comments
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34241829
Have you run the Fix My Network Wizard and the Connect To The Internet Wizards when you setup SBS?

If not - please run them - if you did - please run them again.
0
 
LVL 8

Expert Comment

by:Jdtuck
ID: 34241874
Have you tried testing from www.testexchangeconnectivity.com?
0
 

Author Comment

by:philodendrin
ID: 34242045
Testing AutoDiscover via testexchangeconnectivity.com failed. So, it looks like I have an issue.

While running the "Setup Your Internet Address Wizard" I get "windows SBS 2008 cannot open ports 25, 80, 443, and 987". But I don't understand why it can't open the ports. I'm getting to all the services on those ports externally and internally (with the exception of AutoDiscover) just fine. So, what am I missing?
0
 
LVL 8

Expert Comment

by:Jdtuck
ID: 34242059
What were the errors from testexchangeconnectivity.com
0
 
LVL 13

Expert Comment

by:lastlostlast
ID: 34242071
Follow Method 2 of http://support.microsoft.com/kb/896861.

It is a known issue and the above KB should help fix the issue.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 13

Accepted Solution

by:
lastlostlast earned 500 total points
ID: 34242106
Https://testexchangeconnectivity.com will not help unless you have autodiscover configured for external access.

Refer to http://technet.microsoft.com/en-us/library/bb332063(EXCHG.80).aspx in order to get autodiscover working externally.

Unless you have configured autodiscover externally, any tests you perform for autodiscover using testexchangeconnectivity.com will fail.

Regardless, KB 896861 should help you fix the error noticed in "test-outlookwebservices | FL" cmd.


0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34242199
The Wizard is trying to open the ports on your router / firewall and unless it has uPNP enabled on the Router - it will have a hard time - so don't worry about those errors - that is quite normal.  I always configure the router / firewall manually anyway - then I know what is going on.
0
 

Author Comment

by:philodendrin
ID: 34242284
Lastlostlast... I'm a little confused by KB896861... where it states to type the "Host Name or Host Names" for the sites that are on the server (method 1), is it looking for the FQDN ie, company.com or is it looking for remote.company.com or what?
0
 

Author Comment

by:philodendrin
ID: 34242716
Okay... thinking through this, it has to be remote.company.com it's looking for... so ignore my last post.

Here's the new results:

[PS] C:\Windows\System32>test-outlookwebservices | FL


Id      : 1003
Type    : Information
Message : About to test AutoDiscover with the e-mail address administrator@company.com

Id      : 1007
Type    : Information
Message : Testing server GSERVER.ggg.local with the published name https://remo
          te.company.com/EWS/Exchange.asmx & https://remote.company.com/EWS/Excha
          nge.asmx.

Id      : 1019
Type    : Information
Message : Found a valid AutoDiscover service connection point. The AutoDiscover
           URL on this object is https://remote.company.com/Autodiscover/Autodis
          cover.xml.

Id      : 1006
Type    : Information
Message : The Autodiscover service was contacted at https://remote.company.com/A
          utodiscover/Autodiscover.xml.

Id      : 1016
Type    : Success
Message : [EXCH]-Successfully contacted the AS service at https://remote.company
          .com/EWS/Exchange.asmx. The elapsed time was 573 milliseconds.

Id      : 1015
Type    : Success
Message : [EXCH]-Successfully contacted the OAB service at https://remote.company
        .com/EWS/Exchange.asmx. The elapsed time was 0 milliseconds.

Id      : 1014
Type    : Success
Message : [EXCH]-Successfully contacted the UM service at https://remote.company
          .com/UnifiedMessaging/Service.asmx. The elapsed time was 4 millisecon
          ds.

Id      : 1016
Type    : Success
Message : [EXPR]-Successfully contacted the AS service at https://remote.company
          .com/EWS/Exchange.asmx. The elapsed time was 15 milliseconds.

Id      : 1015
Type    : Success
Message : [EXPR]-Successfully contacted the OAB service at https://remote.company
          .com/EWS/Exchange.asmx. The elapsed time was 0 milliseconds.

Id      : 1014
Type    : Success
Message : [EXPR]-Successfully contacted the UM service at https://remote.company
          .com/UnifiedMessaging/Service.asmx. The elapsed time was 4 millisecon
          ds.

Id      : 1013
Type    : Error
Message : When contacting https://remote.company.com/Rpc received the error The
          server committed a protocol violation. Section=ResponseStatusLine

Id      : 1017
Type    : Error
Message : [EXPR]-Error when contacting the RPC/HTTP service at https://remote.
          company.com/Rpc. The elapsed time was 433 milliseconds.

Id      : 1006
Type    : Success
Message : The Autodiscover service was tested successfully.

Id      : 1021
Type    : Information
Message : The following web services generated errors.
              Contacting server in EXPR
          Please use the prior output to diagnose and correct the errors.

Not sure what the protocol violation its complaining about could be. Should I be concerned about the RPC delays?
0
 
LVL 13

Expert Comment

by:lastlostlast
ID: 34253717
You need to mention the NETBIOS name of the server. Restart of the server is required.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
how to add IIS SMTP to handle application/Scanner relays into office 365.

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

25 Experts available now in Live!

Get 1:1 Help Now