Solved

Autodiscovery Exchange 2010

Posted on 2011-03-16
6
1,598 Views
Last Modified: 2012-05-11
Hi I got a strange problem with the autodiscovery service on Exchange 2010. Our setup is Internet -> ASA5510 -> Forefront TMG -> ASA 5510 -> Exchange 2010 (CAS)

anyway i am pretty sure this is an Exchange problem. I do have a UCC cert and this is the error code i get when running outlook autodiscovery test in testexchangeconnectivity.com

Attempting to test potential Autodiscover URL https://autodiscover.x.se/AutoDiscover/AutoDiscover.xml
  Testing of this potential Autodiscover URL failed.
   Test Steps
   Attempting to resolve the host name autodiscover.x.se in DNS.
  The host name resolved successfully.
   Additional Details
  IP addresses returned: x.x.1.45
 
 Testing TCP port 443 on host autodiscover.x.se to ensure it's listening and open.
  The port was opened successfully.
 Testing the SSL certificate to make sure it's valid.
  The certificate passed all validation requirements.
   Test Steps
   Validating the certificate name.
  The certificate name was validated successfully.
   Additional Details
  Host name autodiscover.x.se was found in the Certificate Subject Alternative Name entry.
 
 Certificate trust is being validated.
  The certificate is trusted and all certificates are present in the chain.
   Additional Details
  The certificate chain has been validated up to a trusted root. Root = CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US.
 
 Testing the certificate date to confirm the certificate is valid.
  Date validation passed. The certificate hasn't expired.
   Additional Details
  The certificate is valid. NotBefore = 3/14/2011 12:00:00 AM, NotAfter = 3/18/2014 12:00:00 PM
 
 
 
 Checking the IIS configuration for client certificate authentication.
  Client certificate authentication wasn't detected.
   Additional Details
  Accept/Require Client Certificates isn't configured.
 
 Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
  Autodiscover settings weren't obtained when the Autodiscover POST request was sent.
   Test Steps
   ExRCA is attempting to retrieve an XML Autodiscover response from URL https://autodiscover.x.se/AutoDiscover/AutoDiscover.xml for user Testtest2@x.se.
  ExRCA failed to obtain an Autodiscover XML response.
   Tell me more about this issue and how to resolve it
   Additional Details
  An error message was returned from the Autodiscover service
XML response:
<?xml version="1.0"?>
<Autodiscover xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
<Response>
<Error Time="09:47:37.6622217" Id="2096444376">
<ErrorCode>500</ErrorCode>
<Message>The e-mail address cannot be found.</Message>
<DebugData />
</Error>
</Response>
</Autodiscover>
 
 When doing an internal test on the exchange server i Get

C:\Windows\system32>Test-OutlookWebServices -Identity: testtest@xxx.se


aceId : dd26e42f-d22c-4b39-bea1-c31fa9b9b2bb
      : 1019
      : Information
ge    : A valid Autodiscover service connection point was found. The Autodiscover URL on this object is https://ma
        il.xxx.se/Autodiscover/Autodiscover.xml.

aceId : dd26e42f-d22c-4b39-bea1-c31fa9b9b2bb
      : 1006
      : Information
ge    : Contacted the Autodiscover service at https://mail.xxx.se/Autodiscover/Autodiscover.xml.

aceId : dd26e42f-d22c-4b39-bea1-c31fa9b9b2bb
      : 1016
      : Information
ge    : [EXCH] The AS is configured for this user in the Autodiscover response received from https://mail.xxx.se/A
        utodiscover/Autodiscover.xml.

aceId : dd26e42f-d22c-4b39-bea1-c31fa9b9b2bb
      : 1015
      : Information
ge    : [EXCH] The OAB is configured for this user in the Autodiscover response received from https://mail.xxx.se/
        Autodiscover/Autodiscover.xml.

aceId : dd26e42f-d22c-4b39-bea1-c31fa9b9b2bb
      : 1014
      : Information
ge    : [EXCH] The UM is configured for this user in the Autodiscover response received from https://mail.xxx.se/A
        utodiscover/Autodiscover.xml.

aceId : dd26e42f-d22c-4b39-bea1-c31fa9b9b2bb
      : 1016
      : Information
ge    : [EXPR] The AS is configured for this user in the Autodiscover response received from https://mail.xxx.se/A
        utodiscover/Autodiscover.xml.

aceId : dd26e42f-d22c-4b39-bea1-c31fa9b9b2bb
      : 1015
      : Information
ge    : [EXPR] The OAB is configured for this user in the Autodiscover response received from https://mail.xxx.se/
        Autodiscover/Autodiscover.xml.

aceId : dd26e42f-d22c-4b39-bea1-c31fa9b9b2bb
      : 1014
      : Information
ge    : [EXPR] The UM is configured for this user in the Autodiscover response received from https://mail.xxx.se/A
        utodiscover/Autodiscover.xml.

aceId : dd26e42f-d22c-4b39-bea1-c31fa9b9b2bb
      : 1022
      : Success
ge    : Autodiscover was tested successfully.

aceId : dd26e42f-d22c-4b39-bea1-c31fa9b9b2bb
      : 1106
      : Information
ge    : Contacted the Autodiscover service at https://xxxEX01.iaf.local:443/Autodiscover/Autodiscover.xml.

aceId : dd26e42f-d22c-4b39-bea1-c31fa9b9b2bb
      : 1116
      : Information
ge    : [EXCH] The AS is configured for this user in the Autodiscover response received from https://xxxEX01.iaf.l
        ocal:443/Autodiscover/Autodiscover.xml.

aceId : dd26e42f-d22c-4b39-bea1-c31fa9b9b2bb
      : 1115
      : Information
ge    : [EXCH] The OAB is configured for this user in the Autodiscover response received from https://xxxEX01.iaf.
        local:443/Autodiscover/Autodiscover.xml.

aceId : dd26e42f-d22c-4b39-bea1-c31fa9b9b2bb
      : 1114
      : Information
ge    : [EXCH] The UM is configured for this user in the Autodiscover response received from https://xxxEX01.iaf.l
        ocal:443/Autodiscover/Autodiscover.xml.

aceId : dd26e42f-d22c-4b39-bea1-c31fa9b9b2bb
      : 1116
      : Information
ge    : [EXPR] The AS is configured for this user in the Autodiscover response received from https://xxxEX01.iaf.l
        ocal:443/Autodiscover/Autodiscover.xml.

aceId : dd26e42f-d22c-4b39-bea1-c31fa9b9b2bb
      : 1115
      : Information
ge    : [EXPR] The OAB is configured for this user in the Autodiscover response received from https://xxxEX01.x.
        local:443/Autodiscover/Autodiscover.xml.

aceId : dd26e42f-d22c-4b39-bea1-c31fa9b9b2bb
      : 1114
      : Information
ge    : [EXPR] The UM is configured for this user in the Autodiscover response received from https://xxxEX01.x.l
        ocal:443/Autodiscover/Autodiscover.xml.

aceId : dd26e42f-d22c-4b39-bea1-c31fa9b9b2bb
      : 1122
      : Success
ge    : Autodiscover was tested successfully.

aceId : dd26e42f-d22c-4b39-bea1-c31fa9b9b2bb
      : 1024
      : Success
ge    : [EXCH] Successfully contacted the AS service at https://xxxex01.x.local/EWS/Exchange.asmx. The elapsed t
        ime was 719 milliseconds.

aceId : dd26e42f-d22c-4b39-bea1-c31fa9b9b2bb
      : 1026
      : Success
ge    : [EXCH] Successfully contacted the UM service at https://xxxex01.x.local/EWS/Exchange.asmx. The elapsed t
        ime was 125 milliseconds.

aceId : dd26e42f-d22c-4b39-bea1-c31fa9b9b2bb
      : 1024
      : Success
ge    : [EXPR] Successfully contacted the AS service at https://mail.x.se/EWS/Exchange.asmx. The elapsed time wa
        s 78 milliseconds.

aceId : dd26e42f-d22c-4b39-bea1-c31fa9b9b2bb
      : 1026
      : Success
ge    : [EXPR] Successfully contacted the UM service at https://mail.x.se/EWS/Exchange.asmx. The elapsed time wa
        s 46 milliseconds.

aceId : dd26e42f-d22c-4b39-bea1-c31fa9b9b2bb
      : 1124
      : Success
ge    : [Server] Successfully contacted the AS service at https://xxxex01.x.local/ews/exchange.asmx. The elapsed
         time was 46 milliseconds.

aceId : dd26e42f-d22c-4b39-bea1-c31fa9b9b2bb
      : 1126
      : Success
ge    : [Server] Successfully contacted the UM service at https://xxxex01.x.local/ews/exchange.asmx. The elapsed
         time was 46 milliseconds.
 
Do not point me at the White paper, i´ve done it and i have also recreated the autodiscoveryvirtualdirectory cause i had internal server 500 errors before

Firewall port open in ASA is 443 and that is the port open in the TMG aswell, except LDAP ports against the domaincontrollers

On the TMG i got thoose paths published

/rpc/*
/oab/*
/microsoft-server-activesync/*
/ews/*
/Autodiscover/*
 

Next problem is the Activesync Autodiscover where i get this error message

Attempting to test potential Autodiscover URL https://autodiscover.x.se/AutoDiscover/AutoDiscover.xml
  Testing of this potential Autodiscover URL failed.
   Test Steps
   Attempting to resolve the host name autodiscover.x.se in DNS.
  The host name resolved successfully.
   Additional Details
  IP addresses returned: x.x.1.45
 
 Testing TCP port 443 on host autodiscover.x.se to ensure it's listening and open.
  The port was opened successfully.
 Testing the SSL certificate to make sure it's valid.
  The certificate passed all validation requirements.
   Test Steps
   Validating the certificate name.
  The certificate name was validated successfully.
   Additional Details
  Host name autodiscover.x.se was found in the Certificate Subject Alternative Name entry.
 
 Certificate trust is being validated.
  The certificate is trusted and all certificates are present in the chain.
   Additional Details
  The certificate chain has been validated up to a trusted root. Root = CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US.
 
 Testing the certificate date to confirm the certificate is valid.
  Date validation passed. The certificate hasn't expired.
   Additional Details
  The certificate is valid. NotBefore = 3/14/2011 12:00:00 AM, NotAfter = 3/18/2014 12:00:00 PM
 
 
 
 Checking the IIS configuration for client certificate authentication.
  Client certificate authentication wasn't detected.
   Additional Details
  Accept/Require Client Certificates isn't configured.
 
 Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
  Autodiscover settings weren't obtained when the Autodiscover POST request was sent.
   Test Steps
   ExRCA is attempting to retrieve an XML Autodiscover response from URL https://autodiscover.x.se/AutoDiscover/AutoDiscover.xml for user testtest2@x.se.
  ExRCA failed to obtain an Autodiscover XML response.
   Additional Details
  None of the expected XML elements were found in the XML response.
 
 Great, that would be all i think.. Thanks in advance

BTW Activesync works in the not autodiscover way
 
 
0
Comment
Question by:ptopservicedesk
  • 3
  • 3
6 Comments
 
LVL 26

Expert Comment

by:e_aravind
ID: 35153834
when you try to access the URL
https://cas=server/autodiscover/autodiscover.xml

Do we get the correct error\warning message http-600??

Do we have the internal and external URLs populated correctly?
0
 

Author Comment

by:ptopservicedesk
ID: 35156204
Yes that is correct. I have not touched the autodiscover internaluri since i recreated the folder. Before i had mail.company.se/xxxxx
Everything else is pointed at mail.company.se

But when i run this cmdlet it show the internaluri is unpopulated...

[PS] C:\Windows\system32>Get-AutodiscoverVirtualDirectory | FL


RunspaceId                      : dd26e42f-d22c-4b39-bea1-c31fa9b9b2bb
Name                            : Autodiscover (Default Web Site)
InternalAuthenticationMethods   : {Basic, Ntlm, WindowsIntegrated}
ExternalAuthenticationMethods   : {Basic, Ntlm, WindowsIntegrated}
LiveIdSpNegoAuthentication      : False
WSSecurityAuthentication        : False
LiveIdBasicAuthentication       : False
BasicAuthentication             : True
DigestAuthentication            : False
WindowsAuthentication           : True
MetabasePath                    : IIS://xEX01.iaf.local/W3SVC/1/ROOT/Autodiscover
Path                            : C:\Program Files\Microsoft\Exchange Server\V14\ClientAccess\Autodiscover
ExtendedProtectionTokenChecking : None
ExtendedProtectionFlags         : {}
ExtendedProtectionSPNList       : {}
Server                          : xEX01
InternalUrl                     :
ExternalUrl                     :
AdminDisplayName                :
ExchangeVersion                 : 0.10 (14.0.100.0)
DistinguishedName               : CN=Autodiscover (Default Web Site),CN=HTTP,CN=Protocols,CN=xEX01,CN=Servers,CN=Exch
                                  ange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=x,CN=Micros
                                  oft Exchange,CN=Services,CN=Configuration,DC=x,DC=local
Identity                        : xEX01\Autodiscover (Default Web Site)
Guid                            : e7d47afb-e8b0-4821-a6a7-19471576dde8
ObjectCategory                  : iaf.local/Configuration/Schema/ms-Exch-Auto-Discover-Virtual-Directory
ObjectClass                     : {top, msExchVirtualDirectory, msExchAutoDiscoverVirtualDirectory}
WhenChanged                     : 2011-03-16 09:29:37
WhenCreated                     : 2011-03-16 09:29:37
WhenChangedUTC                  : 2011-03-16 08:29:37
WhenCreatedUTC                  : 2011-03-16 08:29:37
OrganizationId                  :
OriginatingServer               : x01.x.local
IsValid                         : True



So the error code is 600

thanks Per
0
 
LVL 26

Accepted Solution

by:
e_aravind earned 500 total points
ID: 35159021
OKies...so the autodiscovery with the Outlook works fine and we need to get thsi working for the Mobile devices.

In the Mobile devices
a) They are hardcoded to use the autodiscover.domain.com
so need to have the name resolution without any issue and the certs should be fine ...without any cert. warning when accessing these URL from the mobile-device-browsers
Yes, we need to check the URL https://autodiscover.domain.com from inside the mobile device browser window

b) if it still fails...collect-n-share the control logs responsible for the mobile device.

http://blogs.technet.com/b/vik/archive/2008/12/04/setting-up-verbose-logging-in-windows-mobile-and-parsing-logs.aspx
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 

Author Comment

by:ptopservicedesk
ID: 35163942
So is it possible that it actually will work with a mobile even though it doesn´t look correct in testexchangeconnectivity?
0
 
LVL 26

Expert Comment

by:e_aravind
ID: 35164306
yes, i would say that we have some good chances to get the Mobile-device co-ordinating fine with the autodiscovery service.
0
 

Author Comment

by:ptopservicedesk
ID: 35180392
Well I think I got fooled by the Testexchangeconnectivity site.

It is working, thanks alot for the help
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Local Continuous Replication is a cost effective and quick way of backing up Exchange server data. The following article describes the steps required to configure Local Continuous Replication. Also, the article tells you how to restore from a backup…
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
how to add IIS SMTP to handle application/Scanner relays into office 365.

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now