The Problem: autodiscover not properly working on internal domain with non-domain laptop and Outlook. User keeps getting prompted for password inside Outlook and password not taking causing account to get locked out (due to lock out policies).
The Setup: 2 Windows 2003 servers. 1 server is the root domain controller and file server, the other server is Exchange 2007 with all the latest updates. Domain joined workstations in the office using Outlook are fine. Problems with NON domain laptops using autodiscover both inside and outside of the office.
I spent 10 hours on this last night and finally got autodiscover working properly outside of the office. When this user brings his non domain laptop into the office and uses Outlook, it fails again, prompts the user for the password, password does not work and locks out the user account. The corporate policy only allows 3 invalid login attempts before lockout with forced manual reset.
In Outlook sometimes there are multiple password prompts, 1 prompt for mail.domainname.com, and additional password prompt for autdiscover.domainname.com
. Sometimes even a prompt for server.domain.local. The client can connect to the first prompt with his password and use email. However shortly thereafter autodiscover.dmainname.com
password prompt pops up > password doesn’t work > user is locked out of account.
We have a trusted UCC SSL certificate installed for:
NetbiosServerName
server.domain.local
mail.domainname.com
autodiscover.domainname.co
m
autodiscover.domainname.lo
cal
Host A record for autdiscover.domainname.com
is configured in external DNS to point to WAN IP and forward internally
Host A and PTR record configured with internal DNS for autodiscover.domainname.co
m > LAN IP of Exchange mail server.
I am only having the lockout (password prompt) problem with 1 user specifically. I was having this problem for this user externally until I resolved the problem this morning. Now it only seemed to be a problem when the user is working in Outlook 2007 on the internal network with a NON joined domain laptop.
Commands Output:
Get-ClientAccessServer
Name
----
EXCHANGE
Get-outlookprovider
Name Server CertPrincipalName TTL
---- ------ ----------------- ---
EXCH exchange 1
EXPR msstd:mail.domainname.com 1
WEB 1
Test-OutlookWebServices | fl (Notice the errors)
Id : 1003
Type : Information Message : About to test AutoDiscover with the e-mail address Administrator@domainname.c
om.
Id : 1007
Type : Information Message : Testing server server.domain.local with the published name
https:/ /server.domain.local/EWS/E
xchange.as
mx &
https://mail.domainname.com/EWS/Exchange.asmx.
Id : 1019
Type : Information
Message : Found a valid AutoDiscover service connection point. The AutoDiscoverURL on this object is
https://server.domain.local/Autodiscover/Autodiscover.xml.
Id : 1006
Type : Information
Message : The Autodiscover service was contacted at
https://server.domain.local/Autodiscover/Autodiscover.xml.
Id : 1016
Type : Success
Message : [EXCH]-Successfully contacted the AS service at
https://server.domain.local/EWS/Exchange.asmx. The elapsed time was 31 milliseconds.
Id : 1015
Type : Success
Message : [EXCH]-Successfully contacted the OAB service at
https://server.domain.local/EWS/Exchange.asmx. The elapsed time was 0 milliseconds.
Id : 1014
Type : Success
Message : [EXCH]-Successfully contacted the UM service at
https://server.domain.local/UnifiedMessaging/Service.asmx. The elapsed time was 31 milliseconds.
Id : 1013
Type : Error
Message : When contacting
https://mail.domainname.com/EWS/Exchange.asmx received the error The request failed with HTTP status 401: Unauthorized.
Id : 1016
Type : Error
Message : [EXPR]-Error when contacting the AS service at
https://mail.domainname.com/EWS/Exchange.asmx. The elapsed time was 31 milliseconds.
Id : 1015
Type : Success
Message : [EXPR]-Successfully contacted the OAB service at
https://mail.domainname.com/EWS/Exchange.asmx. The elapsed time was 0 milliseconds.
Id : 1014
Type : Success
Message : [EXPR]-Successfully contacted the UM service at
https://mail.domainname.com/UnifiedMessaging/Service.asmx. The elapsed time was 31 milliseconds.
Id : 1017
Type : Success
Message : [EXPR]-Successfully contacted the RPC/HTTP service at
https://mail.domainname.com/Rpc. The elapsed time was 0 milliseconds.
Id : 1006
Type : Success
Message : The Autodiscover service was tested successfully.
Id : 1021
Type : Information
Message : The following web services generated errors.
As in EXPR
Please use the prior output to diagnose and correct the errors.
get-autodiscovervirtualdir
ectory |fl
Name : Autodiscover (Default Web Site)
InternalAuthenticationMeth
ods : {Basic, Ntlm, WindowsIntegrated}
ExternalAuthenticationMeth
ods : {Basic, Ntlm, WindowsIntegrated}
BasicAuthentication : True
DigestAuthentication : False
WindowsAuthentication : True
MetabasePath : IIS://server.domain.local/
W3SVC/1/RO
OT/Autodis
coverPath:
D:\ProgramFiles\Exchsrvr\C
lientAcces
s\Autodisc
over
Server : EXCHANGE
InternalUrl :
ExternalUrl :
AdminDisplayName :
ExchangeVersion : 0.1 (8.0.535.0)
DistinguishedName : CN=Autodiscover (Default Web Site),CN=HTTP,CN=Protocols
,CN=EXCHAN
GE,CN=Serv
ers,CN=Exc
hange Administrative Group (FYDIBOHF23SPDLT),CN=Admin
istrative Groups,CN=name NE,CN=Microsoft Exchange,CN=Services,CN=Co
nfiguratio
n,DC=domai
n,DC=local
Identity : EXCHANGE\Autodiscover (Default Web Site)
Guid : 7a7fe343-490e-453d-9883-c5
b24c7a417a
ObjectCategory : domain.local/Configuration
/Schema/ms
-Exch-Auto
-Discover-
Virtual-Di
rectory
ObjectClass : {top, msExchVirtualDirectory, msExchAutoDiscoverVirtualD
irectory}
WhenChanged : 2/29/2008 4:23:53 PM
WhenCreated : 2/29/2008 4:223:47 PM
OriginatingServer : server.domain.local
IsValid : True
Id : 1003
Type : Information Message : About to test AutoDiscover with the e-mail address username@domainname.com.
Id : 1006
Type : Information
Message : The Autodiscover service was contacted at https://server.domain.lo
cal/Autodiscover/Autodisco
Id : 1016
Type : Success
Message : [EXCH]-Successfully contacted the AS service at https://server.domain.local/EWS/Exchange.asmx. The elapsed time was 78 milliseconds.
Id : 1015
Type : Success
Message : [EXCH]-Successfully contacted the OAB service at https://server.domain.local/EWS/Exchange.asmx. The elapsed time was 0 milliseconds.
Id : 1014
Type : Success
Message : [EXCH]-Successfully contacted the UM service at https://server.domain.local/UnifiedMessaging/Service.asmx. The elapsed time was 62 mill
iseconds.
Id : 1013
Type : Error
Message : When contacting https://mail.domainname.com/EWS/Exchange.asmx r
eceived the error The request failed with HTTP status 401: Unauthorized.
Id : 1016
Type : Error
Message : [EXPR]-Error when contacting the AS service at https://mail.domainname.com/EWS/Exchange.asmx. The elapsed time was 31 milliseconds.
Id : 1015
Type : Success
Message : [EXPR]-Successfully contacted the OAB service at https://mail.domainname.com/EWS/Exchange.asmx. The elapsed time was 0 milliseconds.
Id : 1014
Type : Success
Message : [EXPR]-Successfully contacted the UM service at https://mail.domainname.com/UnifiedMessaging/Service.asmx. The elapsed time was 15 m
illiseconds.
Id : 1017
Type : Success
Message : [EXPR]-Successfully contacted the RPC/HTTP service at https://mail.domainname.com/Rpc. The elapsed time was 15 milliseconds.
Id : 1006
Type : Success
Message : The Autodiscover service was tested successfully.
Id : 1021
Type : Information
Message : The following web services generated errors.
As in EXPR
Please use the prior output to diagnose and correct the errors.