Solved

Exchange 2010 SP1 autodiscover

Posted on 2011-09-25
21
969 Views
Last Modified: 2012-05-12
Hi All
I have recently added 3 Exchange 2010 (1 x CAS array / 2 x Mailbox/HUB) into our exchange 2003/2007 environment.

Previously our OWA/ActiveSync server in the DMZ was upgraded to Exchange 2007 (been running fine for about 18 months, I know this is an unsupported config).

 This server acts as OWA & ActiveSync for our Exchange 2003 servers.

However I can’t get Auto discover working correctly.

When I run tests form outlook I get the following.

Srv Record lookup for http://autodiscover.domain.com/autodiscover/autodiscover.xml Failed (0x80004005).
Autodiscover has a CNAME record pointing to the New Exchange 2010 CAS

When I run I get the following.

[PS] C:\Users\Exchsrvc\Desktop>Get-ClientAccessServer | Select Name, AutoDiscoverServiceInternalUri | FL
Name                           : XM2
AutoDiscoverServiceInternalUri : https://xm2.domain.com/Autodiscover/Autodiscover.xml
Name                           : PRDEXCAS1
AutoDiscoverServiceInternalUri : https://prdexcas1.domain.com/Autodiscover/Autodiscover.xml

I think the problem is some clients are trying to contact the DMZ CAS 2007 (XM2 for autodiscover).

When I run Test-OutlookWebServices on the exchange 2010 CAS server I get no errors.

When I run it on XM2 I get
  Id                       Type Message
  --                       ---- -------
1003                Information About to test AutoDisc...
1007                Information Testing server xm2.med...
1019                Information Found a valid AutoDisc...
1005                      Error When accessing https:/...
1013                      Error When contacting https:...
1013                      Error When contacting https:...
1006                      Error The Autodiscover servi...

Now XM2 is running OWA and ActiveSync and working fine.

My question is.

1.      Can I remove XM2 from the Exchange 2010 autodiscover without it breaking OWA ?
Thanks

0
Comment
Question by:MediaMon
  • 12
  • 9
21 Comments
 

Author Comment

by:MediaMon
ID: 36597062
Also it seems my clients are trying to connect via

http://autodiscover.domain.com/autodiscover/autodiscover.xml when they should be using

https://autodiscover.domain.com/autodiscover/autodiscover.xml.

Can I edit the SCP to reflect the correct URL ?

Thanks

0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 36597461
Firstly, your AUTODISCOVER DNS record should be an A record, not a CNAME record.  It should point to an IP Address not an alias.

Secondly, please run the following command in the Exchange Management Console and report back the results:

get-webservicesvirtualdirectory | fl *url*
0
 

Author Comment

by:MediaMon
ID: 36602487
Thanks Alan

I have removed the CNAME and added a host record.

Output of the command below.

[PS] C:\Users\Exchsrvc\Desktop>get-webservicesvirtualdirectory | fl *url*

InternalNLBBypassUrl : https://xm2.domain.com/ews/exchange.asmx
InternalUrl          : https://xm2.domain.com/EWS/Exchange.asmx
ExternalUrl          :

InternalNLBBypassUrl : https://prdexcas1.domain.com/ews/exchange.asmx
InternalUrl          : https://prdexcas1.domain.com/EWS/Exchange.asmx
ExternalUrl          :

Thanks
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 36602544
Okay - so no External URL's and the internal bypass URL is all lowercase and anything after the first / in a domain URL is case sensitive, thus:

InternalNLBBypassUrl : https://xm2.domain.com/ews/exchange.asmx
InternalUrl          : https://xm2.domain.com/EWS/Exchange.asmx
ExternalUrl          :

Should be:

InternalNLBBypassUrl : https://xm2.domain.com/EWS/Exchange.asmx
InternalUrl          : https://xm2.domain.com/EWS/Exchange.asmx
ExternalUrl          : https://externalname.domain.com/EWS/Exchange.asmx
0
 

Author Comment

by:MediaMon
ID: 36714696
Thank Alan

So how do I chnage these URL's ?

Also I want to remove XM2 as that is a Exchnage 2007 CAS box in our DMZ. I want it to use PRDEXCAS1 only.

Thanks
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 36714981
You can use the following EMS comand:

Set-WebServicesVirtualDirectory -Identity DOMAIN\EWS(default Web site) -ExternalUrl https://www.domain.com/EWS/exchange.asmx -BasicAuthentication $true -InternalUrl https://SERVER.internal.local/EWS/exchange.asmx -internalnlbbypassurl https://SERVER.internal.local/EWS/exchange.asmx

Change the bits in Bold to reflect your environment.
0
 

Author Comment

by:MediaMon
ID: 36807362
Thanks Alan so I have changed the INternalNLBbypassURL.

[PS] C:\Users\Exchsrvc\Desktop>get-webservicesvirtualdirectory | fl *url*

InternalNLBBypassUrl : https://xm2.mediamonitors.com.au/EWS/Exchange.asmx
InternalUrl          : https://xm2.mediamonitors.com.au/EWS/Exchange.asmx
ExternalUrl          :

InternalNLBBypassUrl : https://prdexcas1.mediamonitors.com.au/EWS/Exchange.asmx
InternalUrl          : https://prdexcas1.mediamonitors.com.au/EWS/Exchange.asmx
ExternalUrl          :

Still it seems auto discover is first querying XM2.

Test-OutlookWebServices fails on XM2 however it works perfectly on PRDEXCAS1 anyway I can remove the entry for XM2 without decommissioning the server ?

Thanks
0
 

Author Comment

by:MediaMon
ID: 36812664
autodiscover result
0
 

Author Comment

by:MediaMon
ID: 36812712
Also just checked I am only using the In-built exchange Certificate as this CAS is not Internet facing and only PRDEXCAS1.domain.com is listed. Do I need to Assign a New Exchnage Certificate like mentioned inthe below article for autodiscover.domain.com ?

http://technet.microsoft.com/en-us/library/dd351057.aspx

Will this cause any dramas with existing mailbox users on Exchnage 2010 ?

Many Thanks

0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 36890384
To get Exchange 2010 working properly you need to buy and install a SAN / UCC SSL certificate with the following minimum names:

mail.externaldomain.com (or whatever you have chosen to use)
autodiscover.externaldomain.com
internalservername.internaldomain.local
internalservername

To get Out Of Office and the Offline Address book working, you will need to create a new DNS A record in your Domains Control Panel (not internal DNS), called Autodiscover and it needs to point to the IP address of your Exchange server.

Once all this is in place, Exchange will work properly and so will Autodiscover / Out Of Office etc.

GoDaddy are about the cheapest place to buy an SSL certificate.

Alan
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 

Author Comment

by:MediaMon
ID: 36907869
Thanks Alan I will purchase a certificate and let you know how I get on.

Thanks again
0
 

Author Comment

by:MediaMon
ID: 36983963
Hi Alan

Sorr for the delay.

So I have installed a wild card certificate and I can access OWA not problem certificate seems to be working.

However autodiscover is not working. I even have to type in my cas array name when setting up an outlook profile.

I turned on loggin on the outllook client and I get.

1412      109267921      10/18/11 15:02:38      Autodiscover to https://PRDEXCAS1.domain.com/Autodiscover/Autodiscover.xml starting
1412      109268046      10/18/11 15:02:38      Autodiscover XML Received
---BEGIN XML---
<?xml version="1.0" encoding="utf-8"?>
<Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
  <Response>
    <Error Time="15:02:38.5473865" Id="624335843">
      <ErrorCode>500</ErrorCode>
      <Message>The e-mail address cannot be found.</Message>
      <DebugData />
    </Error>
  </Response>
</Autodiscover>
----END XML----
1412      109268093      10/18/11 15:02:38      Autodiscover to https://PRDEXCAS1.domain.com/Autodiscover/Autodiscover.xml FAILED (0x800C8203)
1412      109268109      10/18/11 15:02:38      Autodiscover to https://domain.com/autodiscover/autodiscover.xml starting
1412      109274296      10/18/11 15:02:44      Autodiscover to https://domain.com/autodiscover/autodiscover.xml FAILED (0x800C8203)
1412      109274312      10/18/11 15:02:44      Autodiscover to https://autodiscover.domain.com/autodiscover/autodiscover.xml starting
1412      109274437      10/18/11 15:02:45      Autodiscover XML Received
---BEGIN XML---
<?xml version="1.0" encoding="utf-8"?>
<Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
  <Response>
    <Error Time="15:02:44.9226313" Id="624335843">
      <ErrorCode>500</ErrorCode>
      <Message>The e-mail address cannot be found.</Message>
      <DebugData />

I am really running out of ideas I have read what seems like 100's of posts to no avail.

Any ideas would be appreciated.

Thanks
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 36984331
Did you setup the DNS A record called Autodiscover (in external DNS)?
0
 

Author Comment

by:MediaMon
ID: 36989864
HI Alan

I am just trying to get autodiscover working internally for starters.

I have setup an A record called autodiscover and can resolve this no problems.

Looking att he above error its seems teh client is recieveing the XML but can't do anythig with it.

I can access it with a browser no problem.but i get the 600 invaild which from what I read is normal behaviour.

Thanks
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 36991140
Where did you setup the Autodiscover A record?  In internal DNS?
0
 

Author Comment

by:MediaMon
ID: 37015248
Hi Alan

Yes internal DNS. I am ready to log a call with MS I am getting no where with this, thanks anyway for your suggestions.

0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 37015362
As per my earlier comment:

http:#a36890384

"To get Out Of Office and the Offline Address book working, you will need to create a new DNS A record in your Domains Control Panel (not internal DNS), called Autodiscover and it needs to point to the IP address of your Exchange server."

The Autodiscover A record needs to be created in DNS (Externally - not Internally).

Please go to your Domains Control Panel and create the A record called AUTODISCOVER and point it to the External IP Address of your server.  Once this is configured, things will start to work properly.

Alan
0
 

Author Comment

by:MediaMon
ID: 37015397
Hi Alan

Sorry I am a bit confused as to why I have to create an external record for this ? Asuming my company provides no external access to mail resources why do I need to publish autodicover.domain.com with a public IP address ?

I just want my internal clients to get to get their outlook profiles setup by autodiscover.

I If need to create this externally for example 203.116.5.x it seems crazy my clients would go outside to access something internally ?

Thanks

0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 37016288
Autodiscover is looked up using external DNS.  It does seem crazy - but that is how it works.
0
 

Author Comment

by:MediaMon
ID: 37027950
Thanks Alan so I have done as you suggested

name      class      type      data      time to live

autodiscover.domain.com      IN      A      203.110.xxx.xx      86400s      (1d)

as domain.com is actually our AD domain suffix so I still had to add an internal DNS A record to point to 203.110.xxx.xx does that sound right ?

Will be doing some tests today. Also thanks for this great article I encountered this problem to with some mobile devices.

http://alanhardisty.wordpress.com/2010/03/05/activesync-not-working-on-exchange-2010-when-inherit-permissions-not-set/

Thanks
0
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 500 total points
ID: 37028187
Excellent - on both counts!

Give it an few hours and then check to see if Autodiscover works happily and also Out Of Office.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now