Solved

Issues with Exchange auto discovery

Posted on 2013-01-15
15
484 Views
Last Modified: 2013-01-28
Hi All,

Firstly, I apologise for a asking a new question but the troubleshooting has since progressed and I believe the issue is now a complete seperate issue to the original question I logged earlier in the week, and I am in desperate need of some assistance with this one.

I will go ahead and close off the existing question.

So, my issue is that the Auto discovery is not working on our Exchange server, we can access the Exchange server internally OK, except for Mac users and all external users cannot access the exchange server, auto out of office and calendar events etc cannot be accessed as we receive and error message stating the the server is unavailable.

See the extract from the forum I found which outlines the identical to the problem I am having.

http://social.technet.microsoft.com/forums/en-US/exchangesvr3rdpartyappslegacy/thread/54814542-00ac-445d-8533-49229cbacd1a/

Test Steps
Validating the certificate name. Certificate name validation failed. Additional Details Host name autodiscover.Domain.com doesn't match any name found on the server certificate
CN=webmail.Domain.com, OU=Comodo Unified Communications, O=<Organization>, STREET=<street address>, L=<city>, S=<state>, PostalCode=<zip code>, C=US.
==================================
Since that is the test you are expecting to pass, the subsequent methods (HTTP/SRV) are simply failovers to the next possible configurations which you don't have implemented (assuming the step above should have passed). The error is fairly as-is, it is reporting that it can't find autodiscover.domain.com in the cert. So, can you tell me the following:
1. I assume the subject name is webmail.domain.com?
2. Is autodiscover.domain.com  one of the SAN names? IE: if you view the cert > details > scroll down to subject alternative names.... autodiscover.domain.com appears there? I see you stated this but I'd like to confirm just where in the cert it exists.
3. If you browse to https://autodiscover.domain.com in a browser do you see a certificate error there?


With regards to point 2. I have checked our certificate which labelled with "mail.companydomain.com.au" (issued by GoDaddy, and I have substituted actual name with the work 'companydomain'), and beneath ‘subject alternative names’ there is no listing for the auto discovery.

Not sure if this is entirely relevant as I don’t know how the listing would be removed if it in fact does need to be listed, although I did see on another site that the auto discovery service is part of the certificate.

I have attached a copy of our certificate, highlighting the Subject alternative name and its listings and as you will see there is no listing for Auto Discovery.

Any EE gutus who have any tips and suggestions on what I should do in order to further troubleshoot this issue and rectify this please do let me know.

Many Thanks,
0
Comment
Question by:Adma1
  • 9
  • 4
  • 2
15 Comments
 

Author Comment

by:Adma1
ID: 38781450
Sorry forgot to attach the screenshot.Please see attached.
Mail-cert.png
0
 
LVL 78

Expert Comment

by:David Johnson, CD, MVP
ID: 38781514
This is what you need:
    the server FQDN of “myserver.mycompany.com.au
    the OWA, OA, Activesync external URL names, eg “mail.mycompany.com.au”
    the Autodiscover name for the primary SMTP namespace, eg “autodiscover.mycompany.com.au”

So you need to add  autodiscover.mycompany.com.au and the FQDN of the server to your SAN certificate
0
 

Author Comment

by:Adma1
ID: 38781759
Ok, I'm a bit lost as to how this could have occured as everything has been working fine usine this certificate since the exchange server was deployed some time ago.

Can I just add the required URL's or do I need to purchase a new certificate?

Thanks
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 38784044
You have said your certificate is from GoDaddy, but the text above says Comodo.

The easiest solution would be a new certificate, which you can add autodiscover to the list of additional names. The other option would be to use SRV records for autodiscover. If your external DNS provider does NOT support SRV records then you will have to use a new certificate.

If you go down the path of using your existing certificate ensure that you have changed all of the references in Exchange to the name on your SSL certificate.
http://exchange.sembee.info/2010/install/clientaccesshostnames.asp

Then setup Exchange for a single name SSL certificate.
http://exchange.sembee.info/2010/install/singlenamessl.asp

Simon.
0
 

Author Comment

by:Adma1
ID: 38784771
Thanks for your detailed response Simon.

I am going to first try the SRV record and see if that resolves this issue.

How do I determine what the exact SRV autodicover record to use and pass on to our external DNS provider?

Thanks again.
Adrian
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 38785226
http://support.microsoft.com/kb/940881 explains what is required.

Simon.
0
 

Author Comment

by:Adma1
ID: 38785330
Looks like we already have the SRV running.

Using the following commands I have produces the results below.

On your DNS, click Start, and then click Run.
In the Open box, type cmd.
Type nslookup, and then press ENTER.
Type set type=all, and then press ENTER.
Type _ldap._tcp.dc._msdcs.Domain_Name, where Domain_Name is the name of your domain, and


Results of our Nslookup are below.

Microsoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Users\administrator.(USER)>nslookup
Default Server:  UnKnown
Address:  192.168.0.X

> set type=all
> _ldap._tcp.dc._msdcs.DOMAINNAME


Server:  UnKnown
Address:  192.168.0.X

_ldap._tcp.dc._msdcs.DOMAINNAME    SRV service location:
          priority       = 0
          weight         = 100
          port           = 389
          svr hostname   = mail-server.DOMAINNAME
_ldap._tcp.dc._msdcs.DOMAINNAME    SRV service location:
          priority       = 0
          weight         = 100
          port           = 389
          svr hostname   = file-server.DOMAINNAME
mail-server.DOMAINNAME     internet address = 192.168.0.X
mail-server.DOMAINNAME     internet address = 115.70.X.X
file-server.DOMAINNAME    internet address = 192.168.0.X
>
0
 

Author Comment

by:Adma1
ID: 38785841
Hi Simon, thanks so far for you advice, I still cannot get the auto discovery working, any other tips?
0
 
LVL 78

Expert Comment

by:David Johnson, CD, MVP
ID: 38785929
@sembee2:
From the askers intial post: except for Mac users and all external users cannot access the exchange server

Your post refers to outlook 2007 can now use  srv records.

@adama1: as a last resort delete the exising SRV record and create a new one.
0
 

Author Comment

by:Adma1
ID: 38785939
Ok, sorry for the 100 questions I'm going to google how to do this as I haven't done this before, if you have information on how best to remove and re add the SRV record pls let meknow.
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 38786073
You are looking at internal DNS records, not external.

SRV records have to be set on your external provider. While the article refers to Outlook 2007, that is just because it is a feature first introduced with that version. It is all a server side configuation.

Both Outlook Anywhere and Mac clients are sensitive to the SSL certificate, so problems there will stop them connecting.

Simon.
0
 

Author Comment

by:Adma1
ID: 38786185
OK, Thanks Simon.

So just to clarify when you say external provider you are referring to (in our case) the 3rd part DNS host?
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 38788954
Wherever the world looks for your DNS records - could be your ISP, domain registrar or another third party.

Simon.
0
 

Accepted Solution

by:
Adma1 earned 0 total points
ID: 38812605
Hi all,

I managed to find a resolution to this issue, refer to article here and hotfix update here.
http://www.microsoft.com/en-us/download/details.aspx?id=28949

Since this I applied this uypdate all has been working fine.

Thanks for the advise and suggestions.
0
 

Author Closing Comment

by:Adma1
ID: 38826204
Hot fix update seems to have resolved this issue.
0

Join & Write a Comment

In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now