Solved

AutoDiscover Exchange 2010 Problem

Posted on 2013-01-15
19
881 Views
Last Modified: 2013-01-21
We are have a problem with out off office not working with internal Outlook 2010 clients. When they click on out office it returns an error about the server not being available. They are able to set out of office from https://mail.chbtitle.com/owa. We have an SSL cert with the name mail.chbtitle.com and SRV records in dns point to autodiscover._tcp.chbtitle.com. I can ping mail.chbtitle.com internally and also nslookup the SRV record. I ran the autodiscovey test from https://www.testexchangeconnectivity.com results below. I have also run the test email autoconfiguration tool in Outlook 2010 see the attached screen shot.

Any ideas where I should be looking?

Thanks,

Matt

Attempting to contact the Autodiscover service using the DNS SRV redirect method.
  ExRCA failed to contact the Autodiscover service using the DNS SRV redirect method.
   Test Steps
   Attempting to locate SRV record _autodiscover._tcp.chbtitle.com in DNS.
  The Autodiscover SRV record was successfully retrieved from DNS.
   Additional Details
  The Service Location (SRV) record lookup returned host mail.chbtitle.com.
 
 Attempting to test potential Autodiscover URL https://mail.chbtitle.com/Autodiscover/Autodiscover.xml
  Testing of this potential Autodiscover URL failed.
   Test Steps
   Attempting to resolve the host name mail.chbtitle.com in DNS.
  The host name resolved successfully.
   Additional Details
  IP addresses returned: 63.87.120.90
 
 Testing TCP port 443 on host mail.chbtitle.com to ensure it's listening and open.
  The port was opened successfully.
 Testing the SSL certificate to make sure it's valid.
  The certificate passed all validation requirements.
   Test Steps
   ExRCA is attempting to obtain the SSL certificate from remote server mail.chbtitle.com on port 443.
  ExRCA successfully obtained the remote SSL certificate.
   Additional Details
  Remote Certificate Subject: CN=mail.chbtitle.com, OU=Domain Control Validated, O=mail.chbtitle.com, Issuer: SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US.
 
 Validating the certificate name.
  The certificate name was validated successfully.
   Additional Details
  Host name mail.chbtitle.com was found in the Certificate Subject Common name.
 
 Certificate trust is being validated.
  The certificate is trusted and all certificates are present in the chain.
   Test Steps
   ExRCA is attempting to build certificate chains for certificate CN=mail.chbtitle.com, OU=Domain Control Validated, O=mail.chbtitle.com.
  One or more certificate chains were constructed successfully.
   Additional Details
  A total of 1 chains were built. The highest quality chain ends in root certificate OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US.
 
 Analyzing the certificate chains for compatibility problems with versions of Windows.
  Potential compatibility problems were identified with some versions of Windows.
   Additional Details
  ExRCA can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the "Update Root Certificates" feature isn't enabled.
 
 
 
 Testing the certificate date to confirm the certificate is valid.
  Date validation passed. The certificate hasn't expired.
   Additional Details
  The certificate is valid. NotBefore = 11/4/2011 8:19:50 PM, NotAfter = 11/4/2014 8:19:50 PM
 
 
 
 Checking the IIS configuration for client certificate authentication.
  Client certificate authentication wasn't detected.
   Additional Details
  Accept/Require Client Certificates isn't configured.
 
 Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
  Autodiscover settings weren't obtained when the Autodiscover POST request was sent.
   Test Steps
   ExRCA is attempting to retrieve an XML Autodiscover response from URL https://mail.chbtitle.com/Autodiscover/Autodiscover.xml for user susans@chbtitle.com.
  ExRCA failed to obtain an Autodiscover XML response.
   Additional Details
  An HTTP 500 response was returned from Unknown.
outlook.jpg
0
Comment
Question by:pitboy
  • 12
  • 4
  • 2
  • +1
19 Comments
 
LVL 18

Expert Comment

by:suriyaehnop
ID: 38781148
Could you post the "result" tab as well when you doing Outlook Test email
0
 

Author Comment

by:pitboy
ID: 38781153
here you go
outlook2.jpg
0
 

Author Comment

by:pitboy
ID: 38783919
No one has any ideas on this?
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 38784012
Autodiscover isn't working internally at all. The errors are just cascading down.
Did you change the value on set-clientaccessserver for AutodiscoverServiceInternalURI to reflect the SSL certificate?
Anything unusual about the server? Multiple IPs, multiple web sites etc?

As a note - you cannot bump on this site, so asking "No one has any ideas on this? " isn't going to help, only people looking at older questions (like me) will see it. Most people just look at the most recent stuff.

Simon.
0
 

Author Comment

by:pitboy
ID: 38784052
Simon -

Thanks for your post. Here is the cmd I used when changing the URI.

Set-ClientAccessServer -Identity CHB02 -AutodiscoverServiceInternalUri https://mail.chbtitle.com/autodiscover/autodiscover.xml

The outlook clients are get this pop up from Outlook. See attached image.

Matt
autoconfigure.png
0
 

Author Comment

by:pitboy
ID: 38784062
The server has one IP. It's a DC with Exchange installed on it. Not a good pratice but I wasn't the one who installed it. Just dealing with the mess.
0
 

Author Comment

by:pitboy
ID: 38784789
This is what I get when going to https://mail.chbtitle.com/Autodiscover/Autodiscover.xml from a internal client computer. It prompts for a user and pass first.
autodiscover.xml.png
0
 
LVL 1

Expert Comment

by:jlipschitz
ID: 38785020
Try creating a cname record in DNS for autodiscover.chbtitle.com and have it point to mail.chbtitle.com.  Do an ipconfig /flushdns on the client after it has been changed.  Close outlook if it was open and reopen it.  We had that issue and that resolved it internally.  Once you had determined that works, set it up on your internet DNS.  (Most people use a hosted DNS for their internet domain).  That should fix it for users outside of your corporate network connecting to your Exchange Server.
0
 

Author Comment

by:pitboy
ID: 38785067
Thanks for the suggestion. When I did that and ran the test email auto config it pops up a SSL cert warning because of the name mismatch. The cert is issued to mail.chbtitle.com. I tell it yes to proceed and the test fails.
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 

Author Comment

by:pitboy
ID: 38785079
[PS] C:\Windows\system32>get-autodiscovervirtualdirectory | FL


RunspaceId                      : b29c650e-fbe3-47cd-a000-525ae02379af
Name                            : Autodiscover (Default Web Site)
InternalAuthenticationMethods   : {Basic, Ntlm, WindowsIntegrated, WSSecurity}
ExternalAuthenticationMethods   : {Basic, Ntlm, WindowsIntegrated, WSSecurity}
LiveIdSpNegoAuthentication      : False
WSSecurityAuthentication        : True
LiveIdBasicAuthentication       : False
BasicAuthentication             : True
DigestAuthentication            : False
WindowsAuthentication           : True
MetabasePath                    : IIS://CHB02.CHBT.local/W3SVC/1/ROOT/Autodiscover
Path                            : C:\Program Files\Microsoft\Exchange Server\V14\ClientAccess\Autodiscover
ExtendedProtectionTokenChecking : None
ExtendedProtectionFlags         : {}
ExtendedProtectionSPNList       : {}
Server                          : CHB02
InternalUrl                     : https://mail.chbtitle.com/Autodiscover/Autodiscover.xml
ExternalUrl                     : https://mail.chbtitle.com/Autodiscover/Autodiscover.xml
AdminDisplayName                :
ExchangeVersion                 : 0.10 (14.0.100.0)
DistinguishedName               : CN=Autodiscover (Default Web Site),CN=HTTP,CN=Protocols,CN=CHB02,CN=Servers,CN=
                                  ge Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=CHBT,CN=M
                                  ft Exchange,CN=Services,CN=Configuration,DC=CHBT,DC=local
Identity                        : CHB02\Autodiscover (Default Web Site)
Guid                            : 75f67de5-aaf8-4376-bf83-4f90589dbdbb
ObjectCategory                  : CHBT.local/Configuration/Schema/ms-Exch-Auto-Discover-Virtual-Directory
ObjectClass                     : {top, msExchVirtualDirectory, msExchAutoDiscoverVirtualDirectory}
WhenChanged                     : 1/16/2013 5:05:27 PM
WhenCreated                     : 11/5/2010 3:07:27 PM
WhenChangedUTC                  : 1/16/2013 11:05:27 PM
WhenCreatedUTC                  : 11/5/2010 8:07:27 PM
OrganizationId                  :
OriginatingServer               : CHB02.CHBT.local
IsValid                         : True
0
 
LVL 1

Expert Comment

by:jlipschitz
ID: 38785105
I apologize, it should not have been a CName, it should have been an A record of autodiscover.chbtitle.com  pointing to the IP of your Outlook Web Access Server's IP.  If you have a Cisco Firewall, you may have to use the internal IP.  If you have a firewall that allows traffic to be sent to the firewall and then back in without reallying going outside, then you can use the external IP for the A record.  If yo have a Cisco Firewall, then you will definately need an UCC Certificate.

Depending on the SSL Certificate type you have, you may need to get a UCC SSL Certificate that would allow you to have up to 5 domain names pointed at the same IP Address.  We had to get that for our server.  This would get rid of the certificate warning.

Here is a great article explaining how it should all work and good tools for testing:  http://www.petri.co.il/autodiscover-configuration-exchange-2010.htm
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 38785140
Browsing to autodiscover will give the error that you have posted. That is to be expected.
The popup from the Mac clients is also to be expected because you are using SRV records.

Don't create an internal autodiscover DNS record unless you have an SSL certificate with autodiscover on it. It will only cause you problems because of the name mismatch.

Simon.
0
 

Author Comment

by:pitboy
ID: 38785224
When I run the test for auto config they are clearing trying to resolve autodiscover.chbtitle.com. Since my ssl cert is issues to mail.chbtitle.com where do you tell the outlook clients to use mail.chbtitle.com to resolve autodiscover
0
 
LVL 1

Expert Comment

by:jlipschitz
ID: 38785294
You can do it on a per client setting in the registry, but I don't know how you might deploy this across your network other than through vbs scripting:  

http://support.microsoft.com/kb/2480582

This article shows how to adjust those settings.  Be careful modifying the registry.  Always make good notes of what you add so you can delete them if they don't work.  Make backup copies of the registry if you change an existing value so that it can be restored.
0
 

Author Comment

by:pitboy
ID: 38785317
I'm not looking to suppress the autoconfig pop up.

Here is a screen shot of what I am try to fix. it finds autodiscover.xml through SCP and it starts but fails with a statue of 500. Could the autodiscover.xml be corrput?

I also removed this users outlook profile and open Outlook to see if the server and user would automatically populate when adding an account. It worked as it should but out of office still is not working.
0
 

Author Comment

by:pitboy
ID: 38785496
I'm also seeing this in the application event log on the Exchange server

Log Name:      Application
Source:        System.ServiceModel 3.0.0.0
Date:          1/16/2013 8:28:30 PM
Event ID:      3
Task Category: WebHost
Level:         Error
Keywords:      Classic
User:          SYSTEM
Computer:      CHB02.CHBT.local
Description:
WebHost failed to process a request.
 Sender Information: System.ServiceModel.ServiceHostingEnvironment+HostingManager/31201899
 Exception: System.ServiceModel.ServiceActivationException: The service '/Autodiscover/autodiscover.xml' cannot be activated due to an exception during compilation.  The exception message is: Method not found: 'System.String System.ServiceModel.Activation.Iis7Helper.ExtendedProtectionDotlessSpnNotEnabledThrowHelper(System.Object)'.. ---> System.MissingMethodException: Method not found: 'System.String System.ServiceModel.Activation.Iis7Helper.ExtendedProtectionDotlessSpnNotEnabledThrowHelper(System.Object)'.
   at System.ServiceModel.WasHosting.MetabaseSettingsIis7V2.WebConfigurationManagerWrapper.BuildExtendedProtectionPolicy(ExtendedProtectionTokenChecking tokenChecking, ExtendedProtectionFlags flags, List`1 spnList)
   at System.ServiceModel.WasHosting.MetabaseSettingsIis7V2.WebConfigurationManagerWrapper.GetExtendedProtectionPolicy(ConfigurationElement element)
   at System.ServiceModel.WasHosting.MetabaseSettingsIis7V2.ProcessWindowsAuthentication(String siteName, String virtualPath, HostedServiceTransportSettings& transportSettings)
   at System.ServiceModel.WasHosting.MetabaseSettingsIis7V2.CreateTransportSettings(String relativeVirtualPath)
   at System.ServiceModel.Activation.MetabaseSettingsIis.GetTransportSettings(String virtualPath)
   at System.ServiceModel.Activation.MetabaseSettingsIis.GetAuthenticationSchemes(String virtualPath)
   at System.ServiceModel.Channels.HttpChannelListener.ApplyHostedContext(VirtualPathExtension virtualPathExtension, Boolean isMetadataListener)
   at System.ServiceModel.Channels.HttpsChannelListener.ApplyHostedContext(VirtualPathExtension virtualPathExtension, Boolean isMetadataListener)
   at System.ServiceModel.Channels.HttpsTransportBindingElement.BuildChannelListener[TChannel](BindingContext context)
   at System.ServiceModel.Channels.BindingContext.BuildInnerChannelListener[TChannel]()
   at System.ServiceModel.Channels.BindingElement.BuildChannelListener[TChannel](BindingContext context)
   at Microsoft.Exchange.Autodiscover.WCF.LegacyMessageEncoderBindingElement.BuildChannelListener[TChannel](BindingContext context)
   at System.ServiceModel.Channels.BindingContext.BuildInnerChannelListener[TChannel]()
   at System.ServiceModel.Channels.Binding.BuildChannelListener[TChannel](Uri listenUriBaseAddress, String listenUriRelativeAddress, ListenUriMode listenUriMode, BindingParameterCollection parameters)
   at System.ServiceModel.Description.DispatcherBuilder.MaybeCreateListener(Boolean actuallyCreate, Type[] supportedChannels, Binding binding, BindingParameterCollection parameters, Uri listenUriBaseAddress, String listenUriRelativeAddress, ListenUriMode listenUriMode, ServiceThrottle throttle, IChannelListener& result, Boolean supportContextSession)
   at System.ServiceModel.Description.DispatcherBuilder.BuildChannelListener(StuffPerListenUriInfo stuff, ServiceHostBase serviceHost, Uri listenUri, ListenUriMode listenUriMode, Boolean supportContextSession, IChannelListener& result)
   at System.ServiceModel.Description.DispatcherBuilder.InitializeServiceHost(ServiceDescription description, ServiceHostBase serviceHost)
   at System.ServiceModel.ServiceHostBase.InitializeRuntime()
   at System.ServiceModel.ServiceHostBase.OnOpen(TimeSpan timeout)
   at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
   at System.ServiceModel.ServiceHostingEnvironment.HostingManager.ActivateService(String normalizedVirtualPath)
   at System.ServiceModel.ServiceHostingEnvironment.HostingManager.EnsureServiceAvailable(String normalizedVirtualPath)
   --- End of inner exception stack trace ---
   at System.ServiceModel.ServiceHostingEnvironment.HostingManager.EnsureServiceAvailable(String normalizedVirtualPath)
   at System.ServiceModel.ServiceHostingEnvironment.EnsureServiceAvailableFast(String relativeVirtualPath)
 Process Name: w3wp
 Process ID: 11056

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="System.ServiceModel 3.0.0.0" />
    <EventID Qualifiers="49154">3</EventID>
    <Level>2</Level>
    <Task>5</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2013-01-17T02:28:30.000000000Z" />
    <EventRecordID>560317</EventRecordID>
    <Channel>Application</Channel>
    <Computer>CHB02.CHBT.local</Computer>
    <Security UserID="S-1-5-18" />
  </System>
  <EventData>
    <Data>System.ServiceModel.ServiceHostingEnvironment+HostingManager/31201899</Data>
    <Data>System.ServiceModel.ServiceActivationException: The service '/Autodiscover/autodiscover.xml' cannot be activated due to an exception during compilation.  The exception message is: Method not found: 'System.String System.ServiceModel.Activation.Iis7Helper.ExtendedProtectionDotlessSpnNotEnabledThrowHelper(System.Object)'.. ---&gt; System.MissingMethodException: Method not found: 'System.String System.ServiceModel.Activation.Iis7Helper.ExtendedProtectionDotlessSpnNotEnabledThrowHelper(System.Object)'.
   at System.ServiceModel.WasHosting.MetabaseSettingsIis7V2.WebConfigurationManagerWrapper.BuildExtendedProtectionPolicy(ExtendedProtectionTokenChecking tokenChecking, ExtendedProtectionFlags flags, List`1 spnList)
   at System.ServiceModel.WasHosting.MetabaseSettingsIis7V2.WebConfigurationManagerWrapper.GetExtendedProtectionPolicy(ConfigurationElement element)
   at System.ServiceModel.WasHosting.MetabaseSettingsIis7V2.ProcessWindowsAuthentication(String siteName, String virtualPath, HostedServiceTransportSettings&amp; transportSettings)
   at System.ServiceModel.WasHosting.MetabaseSettingsIis7V2.CreateTransportSettings(String relativeVirtualPath)
   at System.ServiceModel.Activation.MetabaseSettingsIis.GetTransportSettings(String virtualPath)
   at System.ServiceModel.Activation.MetabaseSettingsIis.GetAuthenticationSchemes(String virtualPath)
   at System.ServiceModel.Channels.HttpChannelListener.ApplyHostedContext(VirtualPathExtension virtualPathExtension, Boolean isMetadataListener)
   at System.ServiceModel.Channels.HttpsChannelListener.ApplyHostedContext(VirtualPathExtension virtualPathExtension, Boolean isMetadataListener)
   at System.ServiceModel.Channels.HttpsTransportBindingElement.BuildChannelListener[TChannel](BindingContext context)
   at System.ServiceModel.Channels.BindingContext.BuildInnerChannelListener[TChannel]()
   at System.ServiceModel.Channels.BindingElement.BuildChannelListener[TChannel](BindingContext context)
   at Microsoft.Exchange.Autodiscover.WCF.LegacyMessageEncoderBindingElement.BuildChannelListener[TChannel](BindingContext context)
   at System.ServiceModel.Channels.BindingContext.BuildInnerChannelListener[TChannel]()
   at System.ServiceModel.Channels.Binding.BuildChannelListener[TChannel](Uri listenUriBaseAddress, String listenUriRelativeAddress, ListenUriMode listenUriMode, BindingParameterCollection parameters)
   at System.ServiceModel.Description.DispatcherBuilder.MaybeCreateListener(Boolean actuallyCreate, Type[] supportedChannels, Binding binding, BindingParameterCollection parameters, Uri listenUriBaseAddress, String listenUriRelativeAddress, ListenUriMode listenUriMode, ServiceThrottle throttle, IChannelListener&amp; result, Boolean supportContextSession)
   at System.ServiceModel.Description.DispatcherBuilder.BuildChannelListener(StuffPerListenUriInfo stuff, ServiceHostBase serviceHost, Uri listenUri, ListenUriMode listenUriMode, Boolean supportContextSession, IChannelListener&amp; result)
   at System.ServiceModel.Description.DispatcherBuilder.InitializeServiceHost(ServiceDescription description, ServiceHostBase serviceHost)
   at System.ServiceModel.ServiceHostBase.InitializeRuntime()
   at System.ServiceModel.ServiceHostBase.OnOpen(TimeSpan timeout)
   at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
   at System.ServiceModel.ServiceHostingEnvironment.HostingManager.ActivateService(String normalizedVirtualPath)
   at System.ServiceModel.ServiceHostingEnvironment.HostingManager.EnsureServiceAvailable(String normalizedVirtualPath)
   --- End of inner exception stack trace ---
   at System.ServiceModel.ServiceHostingEnvironment.HostingManager.EnsureServiceAvailable(String normalizedVirtualPath)
   at System.ServiceModel.ServiceHostingEnvironment.EnsureServiceAvailableFast(String relativeVirtualPath)</Data>
    <Data>w3wp</Data>
    <Data>11056</Data>
  </EventData>
</Event>
0
 

Accepted Solution

by:
pitboy earned 0 total points
ID: 38785560
http://support.microsoft.com/kb/2802139

fix my issue... Another microsoft fix that break something else
0
 
LVL 1

Expert Comment

by:jlipschitz
ID: 38785696
Good job finding the solution and thanks for posting what you found.
0
 

Author Closing Comment

by:pitboy
ID: 38800549
because I found the solution myself
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Suggested Solutions

If you don't know how to downgrade, my instructions below should be helpful.
Are you unable to connect or configure Hotmail email account in Microsoft Outlook 2010, 2007? Or Outlook.com emails are not downloading to Outlook? Lets’ see the problem and resolve Outlook Connector error syncing folder hierarchy (0x8004102A).
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now