Solved

Exchange AutoDiscover 401 Unauthorized on New SBS 2008 Install

Posted on 2010-11-30
10
2,124 Views
Last Modified: 2012-05-10
Hi Experts,

I just complete a SBS 2008 install and have noticed that I'm getting some AutoDiscover errors in Exchange 07.

I used a GoDaddy SSL installed through wizard and manually imported the intermediate cert to correct intermediate cert store... pretty standard. The cert was issued to the FQDN remote.domain.com. Again... all standard. Not sure why I'm getting these errors?

Here's what I get back from PowerShell...

 [PS] C:\Windows\System32>test-outlookwebservices | FL


Id      : 1003
Type    : Information
Message : About to test AutoDiscover with the e-mail address administrator@domain.com Id      : 1007
Type    : Information
Message : Testing server GSERVER.ggg.local with the published name https://remo
          te.domain.com/EWS/Exchange.asmx & https://remote.domain.com/EWS/Excha
          nge.asmx.

Id      : 1019
Type    : Information
Message : Found a valid AutoDiscover service connection point. The AutoDiscover
           URL on this object is https://remote.domain.com/Autodiscover/Autodis
          cover.xml.

Id      : 1013
Type    : Error
Message : When contacting https://remote.domain.com/Autodiscover/Autodiscover.x
          ml received the error The remote server returned an error: (401) Unau
          thorized.

Id      : 1006
Type    : Error
Message : The Autodiscover service could not be contacted.


Is it possible that my new Zyxel firewall is misconfigured? Would there be something I need to set in there? I am getting onto OWA & RWW fine internally and externally and all Outlook clients seem to be connecting fine. What alerted me to the problem was the fact that our Vipre Email Security Spam filtering was not working correctly.... which led me to the AutoDiscover issues.

Thanks for the assist.
0
Comment
Question by:philodendrin
  • 3
  • 3
  • 2
  • +1
10 Comments
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
Have you run the Fix My Network Wizard and the Connect To The Internet Wizards when you setup SBS?

If not - please run them - if you did - please run them again.
0
 
LVL 8

Expert Comment

by:Jdtuck
Comment Utility
Have you tried testing from www.testexchangeconnectivity.com?
0
 

Author Comment

by:philodendrin
Comment Utility
Testing AutoDiscover via testexchangeconnectivity.com failed. So, it looks like I have an issue.

While running the "Setup Your Internet Address Wizard" I get "windows SBS 2008 cannot open ports 25, 80, 443, and 987". But I don't understand why it can't open the ports. I'm getting to all the services on those ports externally and internally (with the exception of AutoDiscover) just fine. So, what am I missing?
0
 
LVL 8

Expert Comment

by:Jdtuck
Comment Utility
What were the errors from testexchangeconnectivity.com
0
 
LVL 13

Expert Comment

by:lastlostlast
Comment Utility
Follow Method 2 of http://support.microsoft.com/kb/896861.

It is a known issue and the above KB should help fix the issue.
0
Shouldn't all users have the same email signature?

You wouldn't let your users design their own business cards, would you? So, why do you let them design their own email signatures? Think of the damage they could be doing to your brand reputation! Choose the easy way to manage set up and add email signatures for all users.

 
LVL 13

Accepted Solution

by:
lastlostlast earned 500 total points
Comment Utility
Https://testexchangeconnectivity.com will not help unless you have autodiscover configured for external access.

Refer to http://technet.microsoft.com/en-us/library/bb332063(EXCHG.80).aspx in order to get autodiscover working externally.

Unless you have configured autodiscover externally, any tests you perform for autodiscover using testexchangeconnectivity.com will fail.

Regardless, KB 896861 should help you fix the error noticed in "test-outlookwebservices | FL" cmd.


0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
The Wizard is trying to open the ports on your router / firewall and unless it has uPNP enabled on the Router - it will have a hard time - so don't worry about those errors - that is quite normal.  I always configure the router / firewall manually anyway - then I know what is going on.
0
 

Author Comment

by:philodendrin
Comment Utility
Lastlostlast... I'm a little confused by KB896861... where it states to type the "Host Name or Host Names" for the sites that are on the server (method 1), is it looking for the FQDN ie, company.com or is it looking for remote.company.com or what?
0
 

Author Comment

by:philodendrin
Comment Utility
Okay... thinking through this, it has to be remote.company.com it's looking for... so ignore my last post.

Here's the new results:

[PS] C:\Windows\System32>test-outlookwebservices | FL


Id      : 1003
Type    : Information
Message : About to test AutoDiscover with the e-mail address administrator@company.com

Id      : 1007
Type    : Information
Message : Testing server GSERVER.ggg.local with the published name https://remo
          te.company.com/EWS/Exchange.asmx & https://remote.company.com/EWS/Excha
          nge.asmx.

Id      : 1019
Type    : Information
Message : Found a valid AutoDiscover service connection point. The AutoDiscover
           URL on this object is https://remote.company.com/Autodiscover/Autodis
          cover.xml.

Id      : 1006
Type    : Information
Message : The Autodiscover service was contacted at https://remote.company.com/A
          utodiscover/Autodiscover.xml.

Id      : 1016
Type    : Success
Message : [EXCH]-Successfully contacted the AS service at https://remote.company
          .com/EWS/Exchange.asmx. The elapsed time was 573 milliseconds.

Id      : 1015
Type    : Success
Message : [EXCH]-Successfully contacted the OAB service at https://remote.company
        .com/EWS/Exchange.asmx. The elapsed time was 0 milliseconds.

Id      : 1014
Type    : Success
Message : [EXCH]-Successfully contacted the UM service at https://remote.company
          .com/UnifiedMessaging/Service.asmx. The elapsed time was 4 millisecon
          ds.

Id      : 1016
Type    : Success
Message : [EXPR]-Successfully contacted the AS service at https://remote.company
          .com/EWS/Exchange.asmx. The elapsed time was 15 milliseconds.

Id      : 1015
Type    : Success
Message : [EXPR]-Successfully contacted the OAB service at https://remote.company
          .com/EWS/Exchange.asmx. The elapsed time was 0 milliseconds.

Id      : 1014
Type    : Success
Message : [EXPR]-Successfully contacted the UM service at https://remote.company
          .com/UnifiedMessaging/Service.asmx. The elapsed time was 4 millisecon
          ds.

Id      : 1013
Type    : Error
Message : When contacting https://remote.company.com/Rpc received the error The
          server committed a protocol violation. Section=ResponseStatusLine

Id      : 1017
Type    : Error
Message : [EXPR]-Error when contacting the RPC/HTTP service at https://remote.
          company.com/Rpc. The elapsed time was 433 milliseconds.

Id      : 1006
Type    : Success
Message : The Autodiscover service was tested successfully.

Id      : 1021
Type    : Information
Message : The following web services generated errors.
              Contacting server in EXPR
          Please use the prior output to diagnose and correct the errors.

Not sure what the protocol violation its complaining about could be. Should I be concerned about the RPC delays?
0
 
LVL 13

Expert Comment

by:lastlostlast
Comment Utility
You need to mention the NETBIOS name of the server. Restart of the server is required.
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

We are happy to announce a brand new addition to our line of acclaimed email signature management products – CodeTwo Email Signatures for Office 365.
Check out this infographic on what you need to make a good email signature that will work perfectly for your organization.
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now