?
Solved

Exchange AutoDiscover 401 Unauthorized on New SBS 2008 Install

Posted on 2010-11-30
10
Medium Priority
?
2,168 Views
Last Modified: 2012-05-10
Hi Experts,

I just complete a SBS 2008 install and have noticed that I'm getting some AutoDiscover errors in Exchange 07.

I used a GoDaddy SSL installed through wizard and manually imported the intermediate cert to correct intermediate cert store... pretty standard. The cert was issued to the FQDN remote.domain.com. Again... all standard. Not sure why I'm getting these errors?

Here's what I get back from PowerShell...

 [PS] C:\Windows\System32>test-outlookwebservices | FL


Id      : 1003
Type    : Information
Message : About to test AutoDiscover with the e-mail address administrator@domain.com Id      : 1007
Type    : Information
Message : Testing server GSERVER.ggg.local with the published name https://remo
          te.domain.com/EWS/Exchange.asmx & https://remote.domain.com/EWS/Excha
          nge.asmx.

Id      : 1019
Type    : Information
Message : Found a valid AutoDiscover service connection point. The AutoDiscover
           URL on this object is https://remote.domain.com/Autodiscover/Autodis
          cover.xml.

Id      : 1013
Type    : Error
Message : When contacting https://remote.domain.com/Autodiscover/Autodiscover.x
          ml received the error The remote server returned an error: (401) Unau
          thorized.

Id      : 1006
Type    : Error
Message : The Autodiscover service could not be contacted.


Is it possible that my new Zyxel firewall is misconfigured? Would there be something I need to set in there? I am getting onto OWA & RWW fine internally and externally and all Outlook clients seem to be connecting fine. What alerted me to the problem was the fact that our Vipre Email Security Spam filtering was not working correctly.... which led me to the AutoDiscover issues.

Thanks for the assist.
0
Comment
Question by:philodendrin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
  • +1
10 Comments
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34241829
Have you run the Fix My Network Wizard and the Connect To The Internet Wizards when you setup SBS?

If not - please run them - if you did - please run them again.
0
 
LVL 8

Expert Comment

by:Jdtuck
ID: 34241874
Have you tried testing from www.testexchangeconnectivity.com?
0
 

Author Comment

by:philodendrin
ID: 34242045
Testing AutoDiscover via testexchangeconnectivity.com failed. So, it looks like I have an issue.

While running the "Setup Your Internet Address Wizard" I get "windows SBS 2008 cannot open ports 25, 80, 443, and 987". But I don't understand why it can't open the ports. I'm getting to all the services on those ports externally and internally (with the exception of AutoDiscover) just fine. So, what am I missing?
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 8

Expert Comment

by:Jdtuck
ID: 34242059
What were the errors from testexchangeconnectivity.com
0
 
LVL 13

Expert Comment

by:lastlostlast
ID: 34242071
Follow Method 2 of http://support.microsoft.com/kb/896861.

It is a known issue and the above KB should help fix the issue.
0
 
LVL 13

Accepted Solution

by:
lastlostlast earned 2000 total points
ID: 34242106
Https://testexchangeconnectivity.com will not help unless you have autodiscover configured for external access.

Refer to http://technet.microsoft.com/en-us/library/bb332063(EXCHG.80).aspx in order to get autodiscover working externally.

Unless you have configured autodiscover externally, any tests you perform for autodiscover using testexchangeconnectivity.com will fail.

Regardless, KB 896861 should help you fix the error noticed in "test-outlookwebservices | FL" cmd.


0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34242199
The Wizard is trying to open the ports on your router / firewall and unless it has uPNP enabled on the Router - it will have a hard time - so don't worry about those errors - that is quite normal.  I always configure the router / firewall manually anyway - then I know what is going on.
0
 

Author Comment

by:philodendrin
ID: 34242284
Lastlostlast... I'm a little confused by KB896861... where it states to type the "Host Name or Host Names" for the sites that are on the server (method 1), is it looking for the FQDN ie, company.com or is it looking for remote.company.com or what?
0
 

Author Comment

by:philodendrin
ID: 34242716
Okay... thinking through this, it has to be remote.company.com it's looking for... so ignore my last post.

Here's the new results:

[PS] C:\Windows\System32>test-outlookwebservices | FL


Id      : 1003
Type    : Information
Message : About to test AutoDiscover with the e-mail address administrator@company.com

Id      : 1007
Type    : Information
Message : Testing server GSERVER.ggg.local with the published name https://remo
          te.company.com/EWS/Exchange.asmx & https://remote.company.com/EWS/Excha
          nge.asmx.

Id      : 1019
Type    : Information
Message : Found a valid AutoDiscover service connection point. The AutoDiscover
           URL on this object is https://remote.company.com/Autodiscover/Autodis
          cover.xml.

Id      : 1006
Type    : Information
Message : The Autodiscover service was contacted at https://remote.company.com/A
          utodiscover/Autodiscover.xml.

Id      : 1016
Type    : Success
Message : [EXCH]-Successfully contacted the AS service at https://remote.company
          .com/EWS/Exchange.asmx. The elapsed time was 573 milliseconds.

Id      : 1015
Type    : Success
Message : [EXCH]-Successfully contacted the OAB service at https://remote.company
        .com/EWS/Exchange.asmx. The elapsed time was 0 milliseconds.

Id      : 1014
Type    : Success
Message : [EXCH]-Successfully contacted the UM service at https://remote.company
          .com/UnifiedMessaging/Service.asmx. The elapsed time was 4 millisecon
          ds.

Id      : 1016
Type    : Success
Message : [EXPR]-Successfully contacted the AS service at https://remote.company
          .com/EWS/Exchange.asmx. The elapsed time was 15 milliseconds.

Id      : 1015
Type    : Success
Message : [EXPR]-Successfully contacted the OAB service at https://remote.company
          .com/EWS/Exchange.asmx. The elapsed time was 0 milliseconds.

Id      : 1014
Type    : Success
Message : [EXPR]-Successfully contacted the UM service at https://remote.company
          .com/UnifiedMessaging/Service.asmx. The elapsed time was 4 millisecon
          ds.

Id      : 1013
Type    : Error
Message : When contacting https://remote.company.com/Rpc received the error The
          server committed a protocol violation. Section=ResponseStatusLine

Id      : 1017
Type    : Error
Message : [EXPR]-Error when contacting the RPC/HTTP service at https://remote.
          company.com/Rpc. The elapsed time was 433 milliseconds.

Id      : 1006
Type    : Success
Message : The Autodiscover service was tested successfully.

Id      : 1021
Type    : Information
Message : The following web services generated errors.
              Contacting server in EXPR
          Please use the prior output to diagnose and correct the errors.

Not sure what the protocol violation its complaining about could be. Should I be concerned about the RPC delays?
0
 
LVL 13

Expert Comment

by:lastlostlast
ID: 34253717
You need to mention the NETBIOS name of the server. Restart of the server is required.
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lotus Notes – formerly IBM Notes – is an email client application, while IBM Domino (earlier Lotus Domino) is an email server. The client possesses a set of features that are even more advanced as compared to that of Outlook. Likewise, IBM Domino is…
Read this checklist to learn more about the 15 things you should never include in an email signature.
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
how to add IIS SMTP to handle application/Scanner relays into office 365.
Suggested Courses
Course of the Month12 days, 23 hours left to enroll

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question