Exchange autodiscover fails but Outlook clients connect

I would suggest you run a RPC over HTTPS test at https://testexchangeconnectivity.com and post the results.
P.S: There are 2 tests on this site.
1. Outlook Anywhere with Autodiscover and
2. Outlook Anywhere

I would suggest you run the 2nd test if you are unsure about Autodiscover working externally or not.

Reference articles:
White Paper: Exchange 2007 Autodiscover Service
http://technet.microsoft.com/en-us/library/bb332063(EXCHG.80).aspx

Yeah I've been running that but the tool crashes.

ExRCA is attempting to test Autodiscover for edowning@fei.edu.
     An unexpected error has occurred in the application. An event has been logged for the system administrator. If you continue to experience this error, please send us feedback.
     
    Additional Details
     Exception Details:
Message: Unable to connect to the remote server
Type: System.Net.WebException
Stack Trace:

Server stack trace:
at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
at System.Net.HttpWebRequest.GetRequestStream()
at Microsoft.Exchange.Tools.ExRca.Tests.AutoDiscover.AutoDiscoverGetXMLBase`2.Discover()
at Microsoft.Exchange.Tools.ExRca.Tests.AutoDiscover.AutoDiscoverGetXMLBase`2.PerformTestReally()
at Microsoft.Exchange.Tools.ExRca.Tests.Test.PerformTest()
at Microsoft.Exchange.Tools.ExRca.Tests.AutoDiscover.AutoDiscoverPostMethod.PerformTestReally()
at Microsoft.Exchange.Tools.ExRca.Tests.Test.PerformTest()
at Microsoft.Exchange.Tools.ExRca.Tests.Test.PerformChildren()
at Microsoft.Exchange.Tools.ExRca.Tests.Test.PerformTest()
at Microsoft.Exchange.Tools.ExRca.Tests.Test.PerformChildren()
at Microsoft.Exchange.Tools.ExRca.Tests.AutoDiscover.OutlookAutoDiscoverTest.PerformTestReally()
at Microsoft.Exchange.Tools.ExRca.Tests.Test.PerformTest()
at System.Runtime.Remoting.Messaging.StackBuilderSink._PrivateProcessMessage(IntPtr md, Object[] args, Object server, Int32 methodPtr, Boolean fExecuteInContext, Object[]& outArgs)
at System.Runtime.Remoting.Messaging.StackBuilderSink.AsyncProcessMessage(IMessage msg, IMessageSink replySink)

Exception rethrown at [0]:
at System.Runtime.Remoting.Proxies.RealProxy.EndInvokeHelper(Message reqMsg, Boolean bProxyCase)
at System.Runtime.Remoting.Proxies.RemotingProxy.Invoke(Object NotUsed, MessageData& msgData)
at Microsoft.Exchange.Tools.ExRca.Website.Default.PerformTestAsyncDelegate.EndInvoke(IAsyncResult result)
at Microsoft.Exchange.Tools.ExRca.Website.Default.TestCompleted(IAsyncResult ar, TopLevelTest theTest)
Exception Details:
Message: Unable to connect to the remote server
Type: System.Net.WebException
Stack Trace:

Server stack trace:
at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
at System.Net.HttpWebRequest.GetRequestStream()
at Microsoft.Exchange.Tools.ExRca.Tests.AutoDiscover.AutoDiscoverGetXMLBase`2.Discover()
at Microsoft.Exchange.Tools.ExRca.Tests.AutoDiscover.AutoDiscoverGetXMLBase`2.PerformTestReally()
at Microsoft.Exchange.Tools.ExRca.Tests.Test.PerformTest()
at Microsoft.Exchange.Tools.ExRca.Tests.AutoDiscover.AutoDiscoverPostMethod.PerformTestReally()
at Microsoft.Exchange.Tools.ExRca.Tests.Test.PerformTest()
at Microsoft.Exchange.Tools.ExRca.Tests.Test.PerformChildren()
at Microsoft.Exchange.Tools.ExRca.Tests.Test.PerformTest()
at Microsoft.Exchange.Tools.ExRca.Tests.Test.PerformChildren()
at Microsoft.Exchange.Tools.ExRca.Tests.AutoDiscover.OutlookAutoDiscoverTest.PerformTestReally()
at Microsoft.Exchange.Tools.ExRca.Tests.Test.PerformTest()
at System.Runtime.Remoting.Messaging.StackBuilderSink._PrivateProcessMessage(IntPtr md, Object[] args, Object server, Int32 methodPtr, Boolean fExecuteInContext, Object[]& outArgs)
at System.Runtime.Remoting.Messaging.StackBuilderSink.AsyncProcessMessage(IMessage msg, IMessageSink replySink)

Exception rethrown at [0]:
at System.Runtime.Remoting.Proxies.RealProxy.EndInvokeHelper(Message reqMsg, Boolean bProxyCase)
at System.Runtime.Remoting.Proxies.RemotingProxy.Invoke(Object NotUsed, MessageData& msgData)
at Microsoft.Exchange.Tools.ExRca.Website.Default.PerformTestAsyncDelegate.EndInvoke(IAsyncResult result)
at Microsoft.Exchange.Tools.ExRca.Website.Default.TestCompleted(IAsyncResult ar, TopLevelTest theTest)

Select allOpen in new window

Which test did you run?

Outlook Anywhere (RPC over HTTP)
OR
Outlook Autodiscover

Try running the one you didn't.  i tested this with my domain and everything worked fine.

Is your Exchange setup to be accessed from outside?  That could be why this test is failing.

Do you have all your DNS entries set up correctly?

Yes DNS is good as far as I know, here are the results from the RPC over HTTP. Really the only failure is that the cert chain couldn't be built however I've looked that up and it's acknowledged on Technet that there isn't a way around that right now. Something about the tool not being able to get inside to look at the chain.

The other issue with fei.edu I don't understand except that fei.edu is our external host hosting our website and feinet.local is our internal domain. Additionally, our host provider doesn't have the capability to provide SRV records. I do have autodiscover,fei.edu, mail.fei.edu and webmail.fei.edu pointing to the exchange box.

Testing RPC/HTTP connectivity.
     The RPC/HTTP test failed.
     
    Test Steps
     
    ExRCA is attempting to test Autodiscover for edowning@fei.edu.
     Testing Autodiscover failed.
     
    Test Steps
     
    Attempting each method of contacting the Autodiscover service.
     The Autodiscover service couldn't be contacted successfully by any method.
     
    Test Steps
     
    Attempting to test potential Autodiscover URL https://fei.edu/AutoDiscover/AutoDiscover.xml
     Testing of this potential Autodiscover URL failed.
     
    Test Steps
     
    Attempting to resolve the host name fei.edu in DNS.
     The host name resolved successfully.
     
    Additional Details
    Testing TCP port 443 on host fei.edu to ensure it's listening and open.
     The port was opened successfully.
    Testing the SSL certificate to make sure it's valid.
     The certificate passed all validation requirements.
     
    Test Steps
    Checking the IIS configuration for client certificate authentication.
     Client certificate authentication wasn't detected.
     
    Additional Details
    Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
     Autodiscover settings weren't obtained when the Autodiscover POST request was sent.
     
    Test Steps
     
    ExRCA is attempting to retrieve an XML Autodiscover response from URL https://fei.edu/AutoDiscover/AutoDiscover.xml for user edowning@fei.edu.
     ExRCA failed to obtain an Autodiscover XML response.
     
    Additional Details
     A Web exception occurred because an HTTP 404 - NotFound response was received from Unknown.
    Attempting to test potential Autodiscover URL https://autodiscover.fei.edu/AutoDiscover/AutoDiscover.xml
     Testing of this potential Autodiscover URL failed.
     
    Test Steps
     
    Attempting to resolve the host name autodiscover.fei.edu in DNS.
     The host name resolved successfully.
     
    Additional Details
    Testing TCP port 443 on host autodiscover.fei.edu to ensure it's listening and open.
     The port was opened successfully.
    Testing the SSL certificate to make sure it's valid.
     The SSL certificate failed one or more certificate validation checks.
     
    Test Steps
     
    Validating the certificate name.
     The certificate name was validated successfully.
     
    Additional Details
    Certificate trust is being validated.
     Certificate trust validation failed.
     
    Additional Details
     The certificate chain couldn't be built. You may be missing required intermediate certificates.
    Attempting to contact the Autodiscover service using the HTTP redirect method.
     The attempt to contact Autodiscover using the HTTP Redirect method failed.
     
    Test Steps
     
    Attempting to resolve the host name autodiscover.fei.edu in DNS.
     The host name resolved successfully.
     
    Additional Details
    Testing TCP port 80 on host autodiscover.fei.edu to ensure it's listening and open.
     The port was opened successfully.
    ExRCA is checking the host autodiscover.fei.edu for an HTTP redirect to the Autodiscover service.
     The redirect (HTTP 301/302) response was received successfully.
     
    Additional Details
    Attempting to test potential Autodiscover URL http://mail.fei.edu/owa
     Testing of this potential Autodiscover URL failed.
     
    Test Steps
     
    Attempting to resolve the host name mail.fei.edu in DNS.
     The host name resolved successfully.
     
    Additional Details
    Testing TCP port 443 on host mail.fei.edu to ensure it's listening and open.
     The port was opened successfully.
    Testing the SSL certificate to make sure it's valid.
     The SSL certificate failed one or more certificate validation checks.
     
    Test Steps
     
    Validating the certificate name.
     The certificate name was validated successfully.
     
    Additional Details
    Certificate trust is being validated.
     Certificate trust validation failed.
     
    Additional Details
    Attempting to contact the Autodiscover service using the DNS SRV redirect method.
     ExRCA failed to contact the Autodiscover service using the DNS SRV redirect method.
     
    Test Steps
     
    Attempting to locate SRV record _autodiscover._tcp.fei.edu in DNS.
     The Autodiscover SRV record wasn't found in DNS

Select allOpen in new window

I did some queries on your DNS setup.

> mail.fei.edu

Non-authoritative answer:
Name:    mail.fei.edu
Address:  74.211.236.226

> autodiscover.fei.edu

Non-authoritative answer:
Name:    autodiscover.fei.edu
Address:  74.211.236.228

> set type=mx
> fei.edu

Non-authoritative answer:
fei.edu MX preference = 0, mail exchanger = mail.fei.edu

Non-authoritative answer:
Name:    webmail.fei.edu
Address:  74.211.236.226

There may be a reason for this but your autodiscover entry points to a different IP address than your mail DNS entry and your webmail DNS entry.

This may be accurate but just want to make sure we cover all bases.

Yes .226 is an IP address that has been in use since a new ISP was brought in. Other services run over it however it is what I used for RDNS so I have been loath to change it. As I built the Exchange environment I used .228 which NATs directly to the Exchange box. .226 port forwards 80 & 443 to it.

I may be out of pocket for a few hours. Thanks a lot for taking a look at this, I'll be back as soon as I can.

Is mail.fei.edu resolvable internally to the internal IP address of your CAS server?

Thanks rcombis I'll have a look at those.

MegaNuk yes mail.fei.edu resolves to my CAS from internal. In otherwords if I nslookup mail.fei.edu from a machine behind my external router it resolves to my CAS.

So all your internal clients are going to one internal IP address,  like 192.168.1.10 and anyone externally is going to your external IP address.  Just want to make sure here.

yes, just to be sure here if you ping mail.fei.edu from internal then you get a reply back from the internal IP address of the CAS server?

Yes those questions posted are correct. I fixed the issue which was that the Autodiscovery virtual directory was subject to a redirect. For some reason it was redirecting to the URL for the OWA. I removed the bad entry and the test succeeds now. That would explain why it resolved ok but the XML failed. Thanks for all your help with this.

Thanks for the update. Where exactly did you see the redirect?

Nice. Thanks for the extra info.

Thanks for the help.

Not the answer but I appreciate the effort.