SBS 2008 Autodiscover

Posted on 2011-05-04
Last Modified: 2012-08-13
Have a new Small Business Server 2008.  I have having a problem with the autodiscover which is not allowing my spam software to work properly.  Note:  I don't have an SSL certificate on the server.  From what I am told I can get autodiscover to work without purchasing a certificate.
Here are the errors:

[PS] C:\Windows\System32>Test-OutlookWebServices | FL

Id      : 1003
Type    : Information
Message : About to test AutoDiscover with the e-mail address Administrator@anch

Id      : 1007
Type    : Information
Message : Testing server SERVER.anchorconveyor.local with the published name ht
          tps:// & .

Id      : 1019
Type    : Information
Message : Found a valid AutoDiscover service connection point. The AutoDiscover
           URL on this object is

Id      : 1005
Type    : Error
Message : When accessing
          ver.xml the error "RemoteCertificateNameMismatch:CN=SERVER.anchorconv
          eyor.local" was reported.

Id      : 1013
Type    : Error
Message : When contacting
          over.xml received the error The remote server returned an error: (401
          ) Unauthorized.

Id      : 1006
Type    : Error
Message : The Autodiscover service could not be contacted.

Any help is appreciated
Question by:David Barman
    LVL 31

    Accepted Solution

    Either drop the SSL on the AutoDiscover VD in IIS or change the URL to match the name on the cert:

    Set-ClientAccessServer -autodiscoverInternalUri "https://SERVER.Anchorconveyor.local/AutoDiscover/AutoDiscover.XML"

    Internally it will work with the .local name (name on cert), but external users will get a certificate warning (external users will use DNS and not the URL above)
    LVL 8

    Expert Comment

    ya u can make autodiscover to work without requiing a certificate using HTTP redirect method

    Copy pasted this from technet for your convinience
     Scenario 4: Using the Autodiscover Service with Redirection

    Until the release of the update rollup for Outlook 2007, described in Microsoft Knowledge Base article 939184 and referred to in Scenario 2: Using One Single-Name Certificate earlier in this white paper, this kind of deployment scenario was, and may still be, the ideal solution to use in situations such as a hosted Exchange 2007 environment. Using the Autodiscover service with redirection may be the ideal solution because some DNS providers do not support SRV records. However, this kind of deployment can also be used for organizations that are not hosting multiple domains. With this option, you install a single-name certificate on the Default Web Site and create another Web site that contains no certificate. Domain-connected clients continue to locate the Autodiscover service by using the SCP object and will not receive any security warnings as long as the URL for connecting to the Autodiscover service which is stored in the SCP object has been changed to refer to the FQDN of the certificate installed on the Default Web Site. Clients that connect from the Internet will at first be unable to find Autodiscover by using DNS, as described in How the Autodiscover Service Works earlier in this white paper. However, before failing to connect to the Autodiscover service, Outlook will try an additional method to connect to the Autodiscover URL by using HTTP (instead of HTTPS) and connect to the Autodiscover Web site and then be redirected to the Autodiscover service hosted under the Default Web Site. When these Internet-based Outlook clients connect to this redirection site, they will see a dismissible warning messaging asking them to verify that they are being redirected to a trusted URL. In this case, you must advise your users to accept this warning message and allow Outlook to connect to this trusted URL.


    Author Closing Comment

    by:David Barman
    Led me to the correct path.  thanks
    LVL 31

    Expert Comment

    Thanks for points

    Featured Post

    How does your email signature look on mobiles?

    Do your employees use mobile devices to reply to emails? With mobile becoming increasingly important to the business world, it is in your best interest to make sure that your email signature looks great across all types of devices.

    Join & Write a Comment

    Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
    Not sure what the best email signature size is? Are you worried about email signature image size? Follow this best practice guide.
    In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
    This video discusses moving either the default database or any database to a new volume.

    754 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now