Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 495
  • Last Modified:

Issues with Exchange auto discovery

Hi All,

Firstly, I apologise for a asking a new question but the troubleshooting has since progressed and I believe the issue is now a complete seperate issue to the original question I logged earlier in the week, and I am in desperate need of some assistance with this one.

I will go ahead and close off the existing question.

So, my issue is that the Auto discovery is not working on our Exchange server, we can access the Exchange server internally OK, except for Mac users and all external users cannot access the exchange server, auto out of office and calendar events etc cannot be accessed as we receive and error message stating the the server is unavailable.

See the extract from the forum I found which outlines the identical to the problem I am having.

http://social.technet.microsoft.com/forums/en-US/exchangesvr3rdpartyappslegacy/thread/54814542-00ac-445d-8533-49229cbacd1a/

Test Steps
Validating the certificate name. Certificate name validation failed. Additional Details Host name autodiscover.Domain.com doesn't match any name found on the server certificate
CN=webmail.Domain.com, OU=Comodo Unified Communications, O=<Organization>, STREET=<street address>, L=<city>, S=<state>, PostalCode=<zip code>, C=US.
==================================
Since that is the test you are expecting to pass, the subsequent methods (HTTP/SRV) are simply failovers to the next possible configurations which you don't have implemented (assuming the step above should have passed). The error is fairly as-is, it is reporting that it can't find autodiscover.domain.com in the cert. So, can you tell me the following:
1. I assume the subject name is webmail.domain.com?
2. Is autodiscover.domain.com  one of the SAN names? IE: if you view the cert > details > scroll down to subject alternative names.... autodiscover.domain.com appears there? I see you stated this but I'd like to confirm just where in the cert it exists.
3. If you browse to https://autodiscover.domain.com in a browser do you see a certificate error there?


With regards to point 2. I have checked our certificate which labelled with "mail.companydomain.com.au" (issued by GoDaddy, and I have substituted actual name with the work 'companydomain'), and beneath ‘subject alternative names’ there is no listing for the auto discovery.

Not sure if this is entirely relevant as I don’t know how the listing would be removed if it in fact does need to be listed, although I did see on another site that the auto discovery service is part of the certificate.

I have attached a copy of our certificate, highlighting the Subject alternative name and its listings and as you will see there is no listing for Auto Discovery.

Any EE gutus who have any tips and suggestions on what I should do in order to further troubleshoot this issue and rectify this please do let me know.

Many Thanks,
0
Adma1
Asked:
Adma1
  • 9
  • 4
  • 2
1 Solution
 
Adma1Author Commented:
Sorry forgot to attach the screenshot.Please see attached.
Mail-cert.png
0
 
David Johnson, CD, MVPOwnerCommented:
This is what you need:
    the server FQDN of “myserver.mycompany.com.au
    the OWA, OA, Activesync external URL names, eg “mail.mycompany.com.au”
    the Autodiscover name for the primary SMTP namespace, eg “autodiscover.mycompany.com.au”

So you need to add  autodiscover.mycompany.com.au and the FQDN of the server to your SAN certificate
0
 
Adma1Author Commented:
Ok, I'm a bit lost as to how this could have occured as everything has been working fine usine this certificate since the exchange server was deployed some time ago.

Can I just add the required URL's or do I need to purchase a new certificate?

Thanks
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
Simon Butler (Sembee)ConsultantCommented:
You have said your certificate is from GoDaddy, but the text above says Comodo.

The easiest solution would be a new certificate, which you can add autodiscover to the list of additional names. The other option would be to use SRV records for autodiscover. If your external DNS provider does NOT support SRV records then you will have to use a new certificate.

If you go down the path of using your existing certificate ensure that you have changed all of the references in Exchange to the name on your SSL certificate.
http://exchange.sembee.info/2010/install/clientaccesshostnames.asp

Then setup Exchange for a single name SSL certificate.
http://exchange.sembee.info/2010/install/singlenamessl.asp

Simon.
0
 
Adma1Author Commented:
Thanks for your detailed response Simon.

I am going to first try the SRV record and see if that resolves this issue.

How do I determine what the exact SRV autodicover record to use and pass on to our external DNS provider?

Thanks again.
Adrian
0
 
Simon Butler (Sembee)ConsultantCommented:
http://support.microsoft.com/kb/940881 explains what is required.

Simon.
0
 
Adma1Author Commented:
Looks like we already have the SRV running.

Using the following commands I have produces the results below.

On your DNS, click Start, and then click Run.
In the Open box, type cmd.
Type nslookup, and then press ENTER.
Type set type=all, and then press ENTER.
Type _ldap._tcp.dc._msdcs.Domain_Name, where Domain_Name is the name of your domain, and


Results of our Nslookup are below.

Microsoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Users\administrator.(USER)>nslookup
Default Server:  UnKnown
Address:  192.168.0.X

> set type=all
> _ldap._tcp.dc._msdcs.DOMAINNAME


Server:  UnKnown
Address:  192.168.0.X

_ldap._tcp.dc._msdcs.DOMAINNAME    SRV service location:
          priority       = 0
          weight         = 100
          port           = 389
          svr hostname   = mail-server.DOMAINNAME
_ldap._tcp.dc._msdcs.DOMAINNAME    SRV service location:
          priority       = 0
          weight         = 100
          port           = 389
          svr hostname   = file-server.DOMAINNAME
mail-server.DOMAINNAME     internet address = 192.168.0.X
mail-server.DOMAINNAME     internet address = 115.70.X.X
file-server.DOMAINNAME    internet address = 192.168.0.X
>
0
 
Adma1Author Commented:
Hi Simon, thanks so far for you advice, I still cannot get the auto discovery working, any other tips?
0
 
David Johnson, CD, MVPOwnerCommented:
@sembee2:
From the askers intial post: except for Mac users and all external users cannot access the exchange server

Your post refers to outlook 2007 can now use  srv records.

@adama1: as a last resort delete the exising SRV record and create a new one.
0
 
Adma1Author Commented:
Ok, sorry for the 100 questions I'm going to google how to do this as I haven't done this before, if you have information on how best to remove and re add the SRV record pls let meknow.
0
 
Simon Butler (Sembee)ConsultantCommented:
You are looking at internal DNS records, not external.

SRV records have to be set on your external provider. While the article refers to Outlook 2007, that is just because it is a feature first introduced with that version. It is all a server side configuation.

Both Outlook Anywhere and Mac clients are sensitive to the SSL certificate, so problems there will stop them connecting.

Simon.
0
 
Adma1Author Commented:
OK, Thanks Simon.

So just to clarify when you say external provider you are referring to (in our case) the 3rd part DNS host?
0
 
Simon Butler (Sembee)ConsultantCommented:
Wherever the world looks for your DNS records - could be your ISP, domain registrar or another third party.

Simon.
0
 
Adma1Author Commented:
Hi all,

I managed to find a resolution to this issue, refer to article here and hotfix update here.
http://www.microsoft.com/en-us/download/details.aspx?id=28949

Since this I applied this uypdate all has been working fine.

Thanks for the advise and suggestions.
0
 
Adma1Author Commented:
Hot fix update seems to have resolved this issue.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

  • 9
  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now