Michael
asked on
Exchange 2010 Autodiscover fails
Setting up an Exchange 2010 box. We are using go-daddy for DNS. I have setup at godaddy the SRV records for autodiscover.
_autodiscover _tcp @ 0 0 443 emails.domain.com
When running the test on Microsoft Remote Connectivity Analyzer all the Autodiscover tests fail. I know Port 443 is open and forwarded because OWA is working. Not sure where to check from here.
Mike
_autodiscover _tcp @ 0 0 443 emails.domain.com
When running the test on Microsoft Remote Connectivity Analyzer all the Autodiscover tests fail. I know Port 443 is open and forwarded because OWA is working. Not sure where to check from here.
Mike
ASKER
I have done all those steps to no avail.
ASKER
When I run the test here is what I get
Attempting to contact the Autodiscover service using the DNS SRV redirect method.
ExRCA failed to contact the Autodiscover service using the DNS SRV redirect method.
Test Steps
Attempting to locate SRV record _autodiscover._tcp.DOMAIN. com in DNS.
The Autodiscover SRV record was successfully retrieved from DNS.
Additional Details
The Service Location (SRV) record lookup returned host emails.genieservices.com.
Attempting to test potential Autodiscover URL https://emails.DOMAIN.com/Autodiscover/Autodiscover.xml
Testing of this potential Autodiscover URL failed.
Test Steps
Attempting to resolve the host name emails.DOMAIN.com in DNS.
The host name resolved successfully.
Additional Details
Testing TCP port 443 on host emails.DOMAIN.com to ensure it's listening and open.
The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
The SSL certificate failed one or more certificate validation checks.
Test Steps
ExRCA is attempting to obtain the SSL certificate from remote server emails.DOMAIN.com on port 443.
ExRCA successfully obtained the remote SSL certificate.
Additional Details
Validating the certificate name.
Certificate name validation failed.
Tell me more about this issue and how to resolve it
Additional Details
Attempting to contact the Autodiscover service using the DNS SRV redirect method.
ExRCA failed to contact the Autodiscover service using the DNS SRV redirect method.
Test Steps
Attempting to locate SRV record _autodiscover._tcp.DOMAIN.
The Autodiscover SRV record was successfully retrieved from DNS.
Additional Details
The Service Location (SRV) record lookup returned host emails.genieservices.com.
Attempting to test potential Autodiscover URL https://emails.DOMAIN.com/Autodiscover/Autodiscover.xml
Testing of this potential Autodiscover URL failed.
Test Steps
Attempting to resolve the host name emails.DOMAIN.com in DNS.
The host name resolved successfully.
Additional Details
Testing TCP port 443 on host emails.DOMAIN.com to ensure it's listening and open.
The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
The SSL certificate failed one or more certificate validation checks.
Test Steps
ExRCA is attempting to obtain the SSL certificate from remote server emails.DOMAIN.com on port 443.
ExRCA successfully obtained the remote SSL certificate.
Additional Details
Validating the certificate name.
Certificate name validation failed.
Tell me more about this issue and how to resolve it
Additional Details
ASKER
I have not bought a SSL from go-daddy yet. But shouldnt this still work with just the self signed cert? If so do I need to somehow deploy the self signed cert?
Make sure DNS entry created in public dns "autodiscover.yourdomain.c om"
Please refer below link to create a self sign certificate in exchange.
http://technet.microsoft.com/en-us/library/bb851505%28v=exchg.80%29.aspx#CreatingImportingandEnablingCertificates
http://www.parkingdenied.com/2011/01/23/howto-generate-exchange-2007-certificates/
http://www.vircom.com/security/how-to-create-a-self-signed-ssl-certificate-for-exchange-200320072010-on-windows-server/
Please refer below link to create a self sign certificate in exchange.
http://technet.microsoft.com/en-us/library/bb851505%28v=exchg.80%29.aspx#CreatingImportingandEnablingCertificates
http://www.parkingdenied.com/2011/01/23/howto-generate-exchange-2007-certificates/
http://www.vircom.com/security/how-to-create-a-self-signed-ssl-certificate-for-exchange-200320072010-on-windows-server/
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Simon,
I am looking at the certs on Go-Daddy right now. As far as I can see I will need a UCC good for 5 domains?
domain.com
emails.domain.com
autodiscover.domain.com
This will be good for Outlook Anywhere / OWA / and Activsynch?
Mike
I am looking at the certs on Go-Daddy right now. As far as I can see I will need a UCC good for 5 domains?
domain.com
emails.domain.com
autodiscover.domain.com
This will be good for Outlook Anywhere / OWA / and Activsynch?
Mike
A 5 name certificate will be fine.
However don't put the root of the domain on the certificate or as the common name - no need. Set your preferred host name as the common name.
Simon.
However don't put the root of the domain on the certificate or as the common name - no need. Set your preferred host name as the common name.
Simon.
http://technet.microsoft.com/en-us/library/bb201695(v=exchg.141).aspx
http://www.petri.co.il/autodiscover-configuration-exchange-2010.htm
White paper to understand auto discover service.
http://technet.microsoft.com/en-us/library/jj591328(v=exchg.141).aspx