Multiple Domains using SRV record Autodiscover not working

Hi Experts,

I've configured an sbs 2010 server to have 3 domains for 3 different companies.
The problem i am having is that the srv record solution doesn't seem to be working.
I had it working briefly but not all functionality was working with the autodiscover so i've been playing around with settings.
(mainly IIS settings)
After further research i removed the CNAME entry from the external dns in the main domain and added an A record pointing to the sbs server .
This appears to be when the problems started. DNS on this site has always updated very quickly for me.
There are no cname or A records for autodiscover in the other domains or wild card entries.
There is an SRV record in the other domains
_autodisover._tcp  port 443.

When i do an external ns lookup for autodiscover.maindomain.com.au - no problem
when i do an external lookup for autodiscover.altdomain.com.au i get
 *** Unknown can't find autodiscover.copelandwa.com.au: Non-existent domain

if i do a test email auto configuration everything fails down to the redirection
then i get
url redirection
https://autodiscover to https://main.com.au/autodiscover/autdicover.xml starting
autodicover request completed with http status code 500
autodicover request completed with http status code 500
autodicover to https://main.com.au/autodiscover/autodiscover.xml failed (0x80004005)
srv record lookup for alt.com.au failed (0x80004005)

Not sure whats going on but it looks like the srv record is setup correctly because it has pointed to the correct server but it won't complete
Please help!!!!
GavrickAsked:
Who is Participating?
 
GavrickAuthor Commented:
I have got a little bit further with this.
In IIS7 under autodiscover if enable anonymos users in the authentication window the test auto config from outlook works perfectly.
I am able to create the outllok account and it works. However it continuously asks for password.
If i then disable the anon users. No password prompts and emails works.
I tested the OOF and server unavailable.

still get non existant domain in nslookup
What am i doing wrong?
0
 
MegaNuk3Commented:
"srv record lookup for alt.com.au failed "
This tells me your SRV record is incorrect

Compare your setup with this article:
http://support.microsoft.com/kb/940881
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
MegaNuk3Commented:
"srv record lookup for alt.com.au failed "
This tells me your SRV record is incorrect

Compare your setup with this article:
http://support.microsoft.com/kb/940881
0
 
MegaNuk3Commented:
On the Autodiscover app/VD in IIS, the authentication methods by default should be WIndows (kernel mode disabled) and Basic only. SSL = require SSL and client certificates = ignore

If you want to completely reset your autodiscover VD you can follow my article here:
http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_4962-7-Steps-to-AutoDiscover-Heaven.html
0
 
GavrickAuthor Commented:
thanks.. i already read that article and it is set up according to those instructions.
One of the parts that confuses me is that the test email autodiscover connection in outlook works..
0
 
MegaNuk3Commented:
Try the outlook anywhere test on www.testexchangeconnectivity.com and see what that says about your autodiscover...

Testing via an internal machine will first try and find a Service Connection Point in AD and will then move onto DNS if no SCP is found.

Are you trying to get external clients/outlook working or only internal at the moment?
0
 
GavrickAuthor Commented:
ok I've removed kernel mode and i'm using windows and basic

now it asks for username and password @altdomain.com.au for the connection test.
then maindomain.com.au, maindomain.com.au and then fails.

not where to find
make sure ssl = required and client certificates = ignore
0
 
MegaNuk3Commented:
Under IIS select the Autodiscover VD/APp and then in the middle pane select 'SSL Settings'

Also make sure you have the Feb2011 hotfix for Outlook installed as that fixes a few issues with Autodiscover
0
 
GavrickAuthor Commented:

Hi MegaNuk3.. ok the SSL settings are correct and this is the response to the link you provided

This is all being done externaly btw

 Testing TCP port 443 on host maincompany.com.au to ensure it's listening and open.
  The port was opened successfully.
 Testing the SSL certificate to make sure it's valid.
  The certificate passed all validation requirements.
   Test Steps
   Validating the certificate name.
  The certificate name was validated successfully.
   Additional Details
  Host name maincompany.com.au was found in the Certificate Subject Common name.
 
 Certificate trust is being validated.
  The test passed with some warnings encountered. Please expand the additional details.
   Additional Details
  ExRCA can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the "Update Root Certificates" feature isn't enabled.
 
 Testing the certificate date to confirm the certificate is valid.
  Date validation passed. The certificate hasn't expired.
   Additional Details
  The certificate is valid. NotBefore = 4/10/2011 6:34:14 AM, NotAfter = 4/10/2012 6:34:14 AM
 
 
 
 Checking the IIS configuration for client certificate authentication.
  Client certificate authentication wasn't detected.
   Additional Details
  Accept/Require Client Certificates isn't configured.
 
 Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
  Autodiscover settings weren't obtained when the Autodiscover POST request was sent.
   Test Steps
   ExRCA is attempting to retrieve an XML Autodiscover response from URL https://maincompany.com.au/Autodiscover/Autodiscover.xml for user user@alt.com.au.
  ExRCA failed to obtain an Autodiscover XML response.
   Additional Details
  A Web exception occurred because an HTTP 401 - Unauthorized response was received from Unknown.
 
 
 
0
 
GavrickAuthor Commented:
I think by reading this i have a problem with my UCC certificate. I'm not sure if
servername
servername.mycompany.local
are on the certificate....
(only used standard godaddy certificates before)
I have appiled for the SANs... and will post the result once completed
0
 
MegaNuk3Commented:
Basically if you try and connect to:
https://maincompany.com.au/Autodiscover/Autodiscover.xml from IE externally it shouldn't give you any Cert error, it should prompt for credentials. After entering valid credentials you should get a "error code=600 invalid request" page. Are you getting this for any of the domains?
0
 
MegaNuk3Commented:
How many AD domains do you have? Just 1 that hosts these 3 SMTP domains?
0
 
MegaNuk3Commented:
You can test internally with
Test-OutlookWebServices "<email address>" | fl
And that will test autodiscover using that email address to prove Exchange is working properly
0
 
GavrickAuthor Commented:
ok.. Certificate update didn't work
I have 1 active Directory domain that hosts 3 SMTP domains

https://maincompany.com.au/Autodiscover/Autodiscover.xml  asks for username and password 3 times and then returns
You do not have permission to view this directory or page.

Below is the result of the internal test

RunspaceId : ae494b17-7ff2-4021-9388-1e3b6e570a63
Id         : 1019
Type       : Information
Message    : A valid Autodiscover service connection point was found. The Autodiscover URL on this object is https://maindomain.com.au/Autodiscover/Autodiscover.xml.

RunspaceId : ae494b17-7ff2-4021-9388-1e3b6e570a63
Id         : 1013
Type       : Error
Message    : When contacting https://maindomain.com.au/Autodiscover/Autodiscover.xml received the error The remote server returned an error: (401) Unauthorized.

RunspaceId : ae494b17-7ff2-4021-9388-1e3b6e570a63
Id         : 1023
Type       : Error
Message    : The Autodiscover service couldn't be contacted.

RunspaceId : ae494b17-7ff2-4021-9388-1e3b6e570a63
Id         : 1113
Type       : Error
Message    : When contacting https://SERVERname.localitwa.local:443/Autodiscover/Autodiscover.xml received the error The remote server returned an error: (401) Unauthorized.

RunspaceId : ae494b17-7ff2-4021-9388-1e3b6e570a63
Id         : 1123
Type       : Error
Message    : The Autodiscover service couldn't be contacted.

RunspaceId : ae494b17-7ff2-4021-9388-1e3b6e570a63
Id         : 1024
Type       : Success
Message    : [EXCH] Successfully contacted the AS service at https://maindomain.com.au/EWS/Exchange.asmx. The elapsed time was 334 milliseconds.

RunspaceId : ae494b17-7ff2-4021-9388-1e3b6e570a63
Id         : 1026
Type       : Success
Message    : [EXCH] Successfully contacted the UM service at https://lmaindomain.com.au/EWS/Exchange.asmx. The elapsed time was 443 milliseconds.

RunspaceId : ae494b17-7ff2-4021-9388-1e3b6e570a63
Id         : 1124
Type       : Success
Message    : [Server] Successfully contacted the AS service at https://localserver.localitwa.local/ews/exchange.asmx. The elapsed time was 64 milliseconds.

RunspaceId : ae494b17-7ff2-4021-9388-1e3b6e570a63
Id         : 1126
Type       : Success
Message    : [Server] Successfully contacted the UM service at https://localserver.localitwa.local/ews/exchange.asmx. The elapsed time was 23 milliseconds.


0
 
GavrickAuthor Commented:
Just thought i'd add that emails@mainsomain.com.au are working fine externally
0
 
MegaNuk3Commented:
Can you do a Get-AutodiscoverVirtualDirectory | fl
And post the result. Mask any internal names if you want.
0
 
GavrickAuthor Commented:
Here it is.

RunspaceId                      : 4b772370-09e1-4af4-89ae-535ccfaeaecc
Name                            : Autodiscover (Default Web Site)
InternalAuthenticationMethods   : {Basic, Ntlm, WindowsIntegrated}
ExternalAuthenticationMethods   : {Basic, Ntlm, WindowsIntegrated}
LiveIdSpNegoAuthentication      : False
WSSecurityAuthentication        : False
LiveIdBasicAuthentication       : False
BasicAuthentication             : True
DigestAuthentication            : False
WindowsAuthentication           : True
MetabasePath                    : IIS://LOCALSERVER.maindomain.local/W3SVC/1/ROOT/Autodiscover
Path                            : C:\Program Files\Microsoft\Exchange Server\V14\ClientAccess\Autodiscover
ExtendedProtectionTokenChecking : None
ExtendedProtectionFlags         : {}
ExtendedProtectionSPNList       : {}
Server                          : LOCALSERVER
InternalUrl                     : https://maindomain.com.au/Autodiscover/Autodiscover.xml
ExternalUrl                     : https://maindomain.com.au/Autodiscover/Autodiscover.xml
AdminDisplayName                :
ExchangeVersion                 : 0.10 (14.0.100.0)
DistinguishedName               : CN=Autodiscover (Default Web Site),CN=HTTP,CN=Protocols,CN=LOCALSERVER,CN=Servers,CN=
                                  Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=First Org
                                  anization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=localitwa,DC=local
Identity                        : LOCALSERVER\Autodiscover (Default Web Site)
Guid                            : a6da05b8-80eb-407d-8bc0-ddc035dadbd5
ObjectCategory                  : maindomain.local/Configuration/Schema/ms-Exch-Auto-Discover-Virtual-Directory
ObjectClass                     : {top, msExchVirtualDirectory, msExchAutoDiscoverVirtualDirectory}
WhenChanged                     : 1/02/2011 4:41:38 PM
WhenCreated                     : 31/01/2011 2:52:19 PM
WhenChangedUTC                  : 1/02/2011 8:41:38 AM
WhenCreatedUTC                  : 31/01/2011 6:52:19 AM
OrganizationId                  :
OriginatingServer               : SERVER.maindomain.local
IsValid                         : True
0
 
MegaNuk3Commented:
Can you answer my comment# 35373779 ?
Thanks
0
 
GavrickAuthor Commented:
I can connect to maindomain.com.au - no cert error- username pass - and i get error 600
i can connect to mail.domainB.com.au certificate error- continue - domain\user - error 600
0
 
MegaNuk3Connect With a Mentor Commented:
Also, Exchange 2010 has Anonymous auth enabled on the AutoDiscover VD/ App can you enable yours if it isn't enabled? Then test-outlookwebservices again.
0
 
GavrickAuthor Commented:
RunspaceId : 3e3fba6e-f60e-4464-b809-123425ff9736
Id         : 1019
Type       : Information
Message    : A valid Autodiscover service connection point was found. The Autodiscover URL on this object is https://main.com.au/Autodiscover/Autodiscover.xml.

RunspaceId : 3e3fba6e-f60e-4464-b809-123425ff9736
Id         : 1006
Type       : Information
Message    : Contacted the Autodiscover service at https://main.com.au/Autodiscover/Autodiscover.xml.

RunspaceId : 3e3fba6e-f60e-4464-b809-123425ff9736
Id         : 1016
Type       : Information
Message    : [EXCH] The AS is configured for this user in the Autodiscover response received from https://lmain.com.au/Autodiscover/Autodiscover.xml.

RunspaceId : 3e3fba6e-f60e-4464-b809-123425ff9736
Id         : 1015
Type       : Information
Message    : [EXCH] The OAB is configured for this user in the Autodiscover response received from https://main.com.au/Autodiscover/Autodiscover.xml.

RunspaceId : 3e3fba6e-f60e-4464-b809-123425ff9736
Id         : 1014
Type       : Information
Message    : [EXCH] The UM is configured for this user in the Autodiscover response received from https://main.com.au/Autodiscover/Autodiscover.xml.

RunspaceId : 3e3fba6e-f60e-4464-b809-123425ff9736
Id         : 1016
Type       : Information
Message    : [EXPR] The AS is configured for this user in the Autodiscover response received from https://main.com.au/Autodiscover/Autodiscover.xml.

RunspaceId : 3e3fba6e-f60e-4464-b809-123425ff9736
Id         : 1015
Type       : Information
Message    : [EXPR] The OAB is configured for this user in the Autodiscover response received from https://main.com.au/Autodiscover/Autodiscover.xml.

RunspaceId : 3e3fba6e-f60e-4464-b809-123425ff9736
Id         : 1014
Type       : Information
Message    : [EXPR] The UM is configured for this user in the Autodiscover response received from https://main.com.au/Autodiscover/Autodiscover.xml.

RunspaceId : 3e3fba6e-f60e-4464-b809-123425ff9736
Id         : 1022
Type       : Success
Message    : Autodiscover was tested successfully.

RunspaceId : 3e3fba6e-f60e-4464-b809-123425ff9736
Id         : 1106
Type       : Information
Message    : Contacted the Autodiscover service at https://server.localitwa.local:443/Autodiscover/Autodiscover.xml.

RunspaceId : 3e3fba6e-f60e-4464-b809-123425ff9736
Id         : 1116
Type       : Information
Message    : [EXCH] The AS is configured for this user in the Autodiscover response received from https://SERVER.main.local:443/Autodiscover/Autodiscover.xml.

RunspaceId : 3e3fba6e-f60e-4464-b809-123425ff9736
Id         : 1115
Type       : Information
Message    : [EXCH] The OAB is configured for this user in the Autodiscover response received from https://SERVER.main.local:443/Autodiscover/Autodiscover.xml.

RunspaceId : 3e3fba6e-f60e-4464-b809-123425ff9736
Id         : 1114
Type       : Information
Message    : [EXCH] The UM is configured for this user in the Autodiscover response received from https://LOCALSERVER.main.local:443/Autodiscover/Autodiscover.xml.

RunspaceId : 3e3fba6e-f60e-4464-b809-123425ff9736
Id         : 1116
Type       : Information
Message    : [EXPR] The AS is configured for this user in the Autodiscover response received from https://SERVER.main.local:443/Autodiscover/Autodiscover.xml.

RunspaceId : 3e3fba6e-f60e-4464-b809-123425ff9736
Id         : 1115
Type       : Information
Message    : [EXPR] The OAB is configured for this user in the Autodiscover response received from https://SERVER.main.local:443/Autodiscover/Autodiscover.xml.

RunspaceId : 3e3fba6e-f60e-4464-b809-123425ff9736
Id         : 1114
Type       : Information
Message    : [EXPR] The UM is configured for this user in the Autodiscover response received from https://SERVER.main.local:443/Autodiscover/Autodiscover.xml.

RunspaceId : 3e3fba6e-f60e-4464-b809-123425ff9736
Id         : 1122
Type       : Success
Message    : Autodiscover was tested successfully.

RunspaceId : 3e3fba6e-f60e-4464-b809-123425ff9736
Id         : 1013
Type       : Error
Message    : When contacting https://main.com.au/EWS/Exchange.asmx received the error Client found response content type of '', but expected 'text/xml'.
             The request failed with an empty response.

RunspaceId : 3e3fba6e-f60e-4464-b809-123425ff9736
Id         : 1025
Type       : Error
Message    : [EXCH] Error contacting the AS service at https://main.com.au/EWS/Exchange.asmx. Elapsed time was 844
              milliseconds.

RunspaceId : 3e3fba6e-f60e-4464-b809-123425ff9736
Id         : 1026
Type       : Success
Message    : [EXCH] Successfully contacted the UM service at https://miain.com.au/EWS/Exchange.asmx. The elapsed time was 708 milliseconds.

RunspaceId : 3e3fba6e-f60e-4464-b809-123425ff9736
Id         : 1113
Type       : Error
Message    : When contacting https://lserver.lmain.local/ews/exchange.asmx received the error Client found response content type of '', but expected 'text/xml'.
             The request failed with an empty response.

RunspaceId : 3e3fba6e-f60e-4464-b809-123425ff9736
Id         : 1125
Type       : Error
Message    : [Server] Error contacting the AS service at https://lserver.mainlocal/ews/exchange.asmx. Elapsedtime was 102 milliseconds.

RunspaceId : 3e3fba6e-f60e-4464-b809-123425ff9736
Id         : 1126
Type       : Success
Message    : [Server] Successfully contacted the UM service at https://server.main.local/ews/exchange.asmx. The elapsed time was 85 milliseconds.
0
 
MegaNuk3Connect With a Mentor Commented:
Are you using Outlook Anywhere? If so, you might want to set the external hostname on it to an externally resolvable name that is on your cert.
0
 
GavrickAuthor Commented:
Thanks MegaNuk3

Very helpful...
Feel free to help with SRV record prob.. if you like
it's my final hurdle!
0
 
MegaNuk3Commented:
What is the problem with your SRV?
0
 
GavrickAuthor Commented:
May be a false alarm now that i've tested the srv record the correct way
set type=all
_autodiscover._tcp.domainb.com.au

Will let you know..
0
 
MegaNuk3Commented:
Best way to test it is with an external Outlook client. Then do a "Test Autoconfiguration" on it.
0
 
GavrickAuthor Commented:
Ok so almost everything is perfect now. The only thing wrong is. that on the external computer with outlook 2007. It continually prompts for password. But only once at startup on the outlook2010 external machine. If i disable annonymous authentication to autodiscover problem goes away but autodisdovery does not work.

Any thoughts?
0
 
MegaNuk3Commented:
Install this on that Outlook 2007 machine http://support.microsoft.com/kb/2475891
0
 
GavrickAuthor Commented:
Thanks... was looking for this hotfix. However it's already been applied.
Still prompting
0
 
MegaNuk3Commented:
Ensure that client is set to use basic auth and to encrypt the connction between itself and exchange.

Also do a outlook autoconfigure test from it
0
 
GavrickAuthor Commented:
User has Left for the day... and computer is off... will pick this up tomorrow..
0
 
GavrickAuthor Commented:
Finally got back onto the users computer
Checked those settings and they are set.
Autodiscover test works fine.
I'v found in my searches for the solution that you are supposed to change the RPC SSL setting to accept instead of ignore in IIS. However if i do this both 2007 and 2010 outlook remain in disconnected mode..

Is there something else wrong?
0
 
MegaNuk3Commented:
Test the URLs returned by the autoconfig test and see which ome is prompting and prompting, you may need to add OAB.XML on the end of the OAB one to get anywhere
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.