ejefferson213
asked on
Exchange 2010 Autodiscover Failure
I have a mixed environment, one Exchange 2003 server and one Exchange 2010 server (that we’re converting to). Everything was working fine until I changed the https port used by OWA users on Exchange2010. OWA is working as desired but now, Out Of Office isn’t working along with Free/Busy information not showing in calendar events; Auto Discover is not working either. I’ve spent the last three days examining documents regarding such issues and have tried numerous “fixes” to no avail.
The Autodiscover shows this (from the Outlook Test Email Autoconfiguration):
Attempting URL https://server.domain:50100/Autodiscover/Autodiscover.xml found through SCP
Autodiscover to https://server.domain:50100/Autodiscover/Autodiscover.xml starting
Autodiscover internet timeout against URLhttps://server.domain:50100/Autodiscover/Autodiscover.xml
Autodiscover to https://server.domain:50100/Autodiscover/Autodiscover.xml FAILED (0x800C8203)
Autodiscover to https://domain/Autodiscover/Autodiscover.xml starting
Autodiscover to https://domain/Autodiscover/Autodiscover.xml FAILED (0x800C8203)
Autodiscover to https://autodiscover.domain/Autodiscover/Autodiscover.xml starting
Autodiscover to https://autodiscover.domain/Autodiscover/Autodiscover.xml FAILED (ox800C8203)
Local autodiscover for domain starting
Local autodiscover for domain FAILED (0x8004010F)
Redirect check to http://autodiscover.domain/autodiscover/autodiscover.xml starting
Redirect check to http://autodiscover.domain/autodiscover/autodiscover.xml FAILED (0x80072EE7)
(Accessing my email is working despite this)
Having changed the port from 443 to 50100 and finding out that Autodiscover was failing, I went in with set-clientaccessserver cmdlet and changed the URL to reflect the new port (which is evident above). Interestingly, I can run a successful test-outlookwebservices cmdlet on the Exchange 2010 server. I suspect that because of my Autodiscover issue, OOF and free/busy are not working. If I use a browser to access https://server.domain:50100/autodiscover/autodiscover.xml, I get error code 600 (Invalid Request) so I know the server is listening and responding. And it’s not prompting me for userid/password.
I tried adding port 443 back in and ended up getting: Autodiscover request completed with http status code 500 and Autodiscover to https://server/Autodiscover/Autodiscover.xml failed (0x80004005). An event error is recorded in the server which states:
The service '/Autodiscover/Autodiscove
So clearly, I can’t add a second https port and have Autodiscover work.
This problem seemed very similar to that posted under the number: 24661748 but I don’t have multiple NICs. How can I use a different OWA port and still have autodiscover work (and hopefully get OOF and free/busy functioning again)?
The Autodiscover shows this (from the Outlook Test Email Autoconfiguration):
Attempting URL https://server.domain:50100/Autodiscover/Autodiscover.xml found through SCP
Autodiscover to https://server.domain:50100/Autodiscover/Autodiscover.xml starting
Autodiscover internet timeout against URLhttps://server.domain:50100/Autodiscover/Autodiscover.xml
Autodiscover to https://server.domain:50100/Autodiscover/Autodiscover.xml FAILED (0x800C8203)
Autodiscover to https://domain/Autodiscover/Autodiscover.xml starting
Autodiscover to https://domain/Autodiscover/Autodiscover.xml FAILED (0x800C8203)
Autodiscover to https://autodiscover.domain/Autodiscover/Autodiscover.xml starting
Autodiscover to https://autodiscover.domain/Autodiscover/Autodiscover.xml FAILED (ox800C8203)
Local autodiscover for domain starting
Local autodiscover for domain FAILED (0x8004010F)
Redirect check to http://autodiscover.domain/autodiscover/autodiscover.xml starting
Redirect check to http://autodiscover.domain/autodiscover/autodiscover.xml FAILED (0x80072EE7)
(Accessing my email is working despite this)
Having changed the port from 443 to 50100 and finding out that Autodiscover was failing, I went in with set-clientaccessserver cmdlet and changed the URL to reflect the new port (which is evident above). Interestingly, I can run a successful test-outlookwebservices cmdlet on the Exchange 2010 server. I suspect that because of my Autodiscover issue, OOF and free/busy are not working. If I use a browser to access https://server.domain:50100/autodiscover/autodiscover.xml, I get error code 600 (Invalid Request) so I know the server is listening and responding. And it’s not prompting me for userid/password.
I tried adding port 443 back in and ended up getting: Autodiscover request completed with http status code 500 and Autodiscover to https://server/Autodiscover/Autodiscover.xml failed (0x80004005). An event error is recorded in the server which states:
The service '/Autodiscover/Autodiscove
So clearly, I can’t add a second https port and have Autodiscover work.
This problem seemed very similar to that posted under the number: 24661748 but I don’t have multiple NICs. How can I use a different OWA port and still have autodiscover work (and hopefully get OOF and free/busy functioning again)?
i wrote two articles on this topic. the first one discusses how autodiscover works and the second is for troubleshooting
https://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_3585-Exchange-Autodiscover-and-Web-Services-OOF-and-OAB.html
https://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_3704-Troubleshooting-Outlook-Certificate-Errors.html
post any questions or errors you have after working thru the second article
https://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_3585-Exchange-Autodiscover-and-Web-Services-OOF-and-OAB.html
https://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_3704-Troubleshooting-Outlook-Certificate-Errors.html
post any questions or errors you have after working thru the second article
ASKER
Thank you so much for taking the time to assist!!!
I gathered the information you spoke of in the posting and it is displayed below. But first:
. there is only one site with one Exchange 2003 server and one Exchange 2010 server
. we're a small non-profit with only 1 external IP address; port 443 is in use on the Exchange 2003 server thus I chose to use a different port for Exchange 2010 OWA (50100)
. all SMTP traffic passes through the Exchange 2003 server; that's working perfectly
. OAB to Exchange 2010 works
. external DNS name = internal DNS name
. self signed, single SAN cert
. not using Outlook anywhere (yet) at this point, just interested in getting OAB, OOF and free/busy to work
Also, looking deeper in the IIS log (on the Exchange 2010 server), I see that three attempts to access autodiscover.xml were issued (presumably by Exchange). The first two have no user name given and they show a failure of 401. However, the third shows my user name and a return status of 200 (which as you know for web functions, that's successful). Interestingly, I have 3 authentications enabled: Anonymous, Basic and Windows Integrated. I suspect Exchange is pursuing authentication in that order and finally I'm authenticated via Windows Integrated. However a sniffer trace done while the TestEmailAutoConfiguration
Perhaps you can't change the port for 443 traffic???????
Here's the info from the displays:
[PS] C:\Windows\system32>get-ex
CertificateDomains : {Exchange2, Exchange2.achieve-ability.
CertificateRequest :
[PS] C:\Windows\system32>get-cl
RunspaceId : 4895292b-e100-496c-b0ef-9a
Name : EXCHANGE2
Fqdn : EXCHANGE2.achieve-ability.
OutlookAnywhereEnabled : True
AutoDiscoverServiceCN : Exchange2
AutoDiscoverServiceClassNa
AutoDiscoverServiceInterna
AutoDiscoverServiceGuid : 77378f46-2c66-4aa9-a6a6-3e
AutoDiscoverSiteScope : {Default-First-Site-Name}
AlternateServiceAccountCon
IsValid : True
ExchangeVersion : 0.1 (8.0.535.0)
DistinguishedName : CN=EXCHANGE2,CN=Servers,CN
ministrative Groups,CN=Achieve-Ability,
iguration,DC=achieve-abili
Identity : EXCHANGE2
Guid : 3ed6b8d0-bd76-467c-b1c4-a3
ObjectCategory : achieve-ability.org/Config
ObjectClass : {top, server, msExchExchangeServer}
WhenChanged : 10/4/2010 12:58:00 PM
WhenCreated : 10/2/2010 11:46:10 AM
WhenChangedUTC : 10/4/2010 4:58:00 PM
WhenCreatedUTC : 10/2/2010 3:46:10 PM
OrganizationId :
OriginatingServer : nemo.achieve-ability.org
[PS] C:\Windows\system32>get-we
InternalNLBBypassUrl : https://exchange2.achieve-ability.org:50100/ews/exchange.asmx
InternalUrl : https://exchange2.achieve-ability.org:50100/EWS/Exchange.asmx
ExternalUrl : https://www1.achieve-ability.org:50100/EWS/Exchange.asmx
[PS] C:\Windows\system32>get-oa
InternalUrl : http://exchange2.achieve-ability.org/OAB
ExternalUrl : https://mail.achieve-ability.org/OAB
[PS] C:\Windows\system32>get-au
InternalUrl :
ExternalUrl :
[PS] C:\Windows\system32>get-ou
ExternalHostname : anywhere.achieve-ability.o
I gathered the information you spoke of in the posting and it is displayed below. But first:
. there is only one site with one Exchange 2003 server and one Exchange 2010 server
. we're a small non-profit with only 1 external IP address; port 443 is in use on the Exchange 2003 server thus I chose to use a different port for Exchange 2010 OWA (50100)
. all SMTP traffic passes through the Exchange 2003 server; that's working perfectly
. OAB to Exchange 2010 works
. external DNS name = internal DNS name
. self signed, single SAN cert
. not using Outlook anywhere (yet) at this point, just interested in getting OAB, OOF and free/busy to work
Also, looking deeper in the IIS log (on the Exchange 2010 server), I see that three attempts to access autodiscover.xml were issued (presumably by Exchange). The first two have no user name given and they show a failure of 401. However, the third shows my user name and a return status of 200 (which as you know for web functions, that's successful). Interestingly, I have 3 authentications enabled: Anonymous, Basic and Windows Integrated. I suspect Exchange is pursuing authentication in that order and finally I'm authenticated via Windows Integrated. However a sniffer trace done while the TestEmailAutoConfiguration
Perhaps you can't change the port for 443 traffic???????
Here's the info from the displays:
[PS] C:\Windows\system32>get-ex
CertificateDomains : {Exchange2, Exchange2.achieve-ability.
CertificateRequest :
[PS] C:\Windows\system32>get-cl
RunspaceId : 4895292b-e100-496c-b0ef-9a
Name : EXCHANGE2
Fqdn : EXCHANGE2.achieve-ability.
OutlookAnywhereEnabled : True
AutoDiscoverServiceCN : Exchange2
AutoDiscoverServiceClassNa
AutoDiscoverServiceInterna
AutoDiscoverServiceGuid : 77378f46-2c66-4aa9-a6a6-3e
AutoDiscoverSiteScope : {Default-First-Site-Name}
AlternateServiceAccountCon
IsValid : True
ExchangeVersion : 0.1 (8.0.535.0)
DistinguishedName : CN=EXCHANGE2,CN=Servers,CN
ministrative Groups,CN=Achieve-Ability,
iguration,DC=achieve-abili
Identity : EXCHANGE2
Guid : 3ed6b8d0-bd76-467c-b1c4-a3
ObjectCategory : achieve-ability.org/Config
ObjectClass : {top, server, msExchExchangeServer}
WhenChanged : 10/4/2010 12:58:00 PM
WhenCreated : 10/2/2010 11:46:10 AM
WhenChangedUTC : 10/4/2010 4:58:00 PM
WhenCreatedUTC : 10/2/2010 3:46:10 PM
OrganizationId :
OriginatingServer : nemo.achieve-ability.org
[PS] C:\Windows\system32>get-we
InternalNLBBypassUrl : https://exchange2.achieve-ability.org:50100/ews/exchange.asmx
InternalUrl : https://exchange2.achieve-ability.org:50100/EWS/Exchange.asmx
ExternalUrl : https://www1.achieve-ability.org:50100/EWS/Exchange.asmx
[PS] C:\Windows\system32>get-oa
InternalUrl : http://exchange2.achieve-ability.org/OAB
ExternalUrl : https://mail.achieve-ability.org/OAB
[PS] C:\Windows\system32>get-au
InternalUrl :
ExternalUrl :
[PS] C:\Windows\system32>get-ou
ExternalHostname : anywhere.achieve-ability.o
ASKER
As a final test, I simply changed the port back to the standard port of 443 and the autodiscover function worked. And as expected, when it was changed back to 50100, it failed. Conclusion seems to be that Exchange is not equipped to handle a port other than 443.
yes, outlook is coded to attempt https://domain.com/autodiscover/autodiscover.xml and if that fails https://autodiscover.domain.com/autodiscover/autodiscover.xml
it will not attempt another port
it will not attempt another port
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
After looking at additional postings, I've come to the realization that trying to run off of different ports doesn't work. That is, I can get OWA working externally on a different port but getting autodiscover to work using different ports is not supported. Perhaps it can be done, as one post suggests, through the use of multiple web sites but I'm not willing to go there. As you stated, and as I plan to do, I'll do a full-scale migration to the new server and restore the default ports when that happens. I'm sure that life will return to normal once that is done.
Thanks for your efforts to help me try and solve this!
Thanks for your efforts to help me try and solve this!
ASKER
. the client has established a session with the Exchange server and has sent two packets:
. normal web Post packet
. an xml request for autodiscover.xml
. the server responds with an ACK but then all communications stop and the client restarts the process thus that's why it's reporting timeout
The IIS log is showing three GET attempts against Autodiscover.xml. The first two have no username and the result is an error return code of 401.1. The last log entry shows my credentials being passed and the status return code is 200 (OK). So I'm confused as to why the server's not responding having authenticated me. Interestingly, there are three authentication methods: anonymous, Basic and Windows Integrated.