Go Premium for a chance to win a PS4. Enter to Win


Exchange 2010 testexchangeconnectivity.com Autodiscover 401 unauthorized

Posted on 2013-01-30
Medium Priority
Last Modified: 2013-01-30
OK, I've been trying all the various tactics one finds for autodiscover troubleshooting for several weeks now with no luck, so I thought I'd bring it here and go back to first principles.  I'll give the output from testexchangeconnectivity.com and will provide other information as requested so as to proceed methodically.  Thanks in advance!

Here is the redacted output from testexchangeconnectivity.com:

      ExRCA is attempting to test Autodiscover for tester@domain.com.
       Testing Autodiscover failed.
      Test Steps
      Attempting each method of contacting the Autodiscover service.
       The Autodiscover service couldn't be contacted successfully by any method.
      Test Steps
      Attempting to test potential Autodiscover URL https://domain.com/AutoDiscover/AutoDiscover.xml
       Testing of this potential Autodiscover URL failed.
      Test Steps
      Attempting to resolve the host name domain.com in DNS.
       The host name resolved successfully.
      Additional Details
       IP addresses returned: XXXXXXX
      Testing TCP port 443 on host domain.com to ensure it's listening and open.
       The specified port is either blocked, not listening, or not producing the expected response.
        Tell me more about this issue and how to resolve it
      Additional Details
       A network error occurred while communicating with the remote host.
      Attempting to test potential Autodiscover URL https://autodiscover.domain.com/AutoDiscover/AutoDiscover.xml
       Testing of this potential Autodiscover URL failed.
      Test Steps
      Attempting to resolve the host name autodiscover.domain.com in DNS.
       The host name resolved successfully.
      Additional Details
       IP addresses returned: XXXXXXXXXXXX
      Testing TCP port 443 on host autodiscover.domain.com to ensure it's listening and open.
       The port was opened successfully.
      Testing the SSL certificate to make sure it's valid.
       The certificate passed all validation requirements.
      Test Steps
      ExRCA is attempting to obtain the SSL certificate from remote server autodiscover.domain.com on port 443.
       ExRCA successfully obtained the remote SSL certificate.
      Additional Details
       Remote Certificate Subject: XXXXXXXXXXXXXXXX
      Validating the certificate name.
       The certificate name was validated successfully.
      Additional Details
       Host name autodiscover.domain.com was found in the Certificate Subject Alternative Name entry.
      Certificate trust is being validated.
       The certificate is trusted and all certificates are present in the chain.
      Test Steps
      ExRCA is attempting to build certificate chains for certificate XXXXXXXXXXXXXXXX
       One or more certificate chains were constructed successfully.
      Additional Details
       A total of 1 chains were built. The highest quality chain ends in root certificate CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE.
      Analyzing the certificate chains for compatibility problems with versions of Windows.
       Potential compatibility problems were identified with some versions of Windows.
      Additional Details
       ExRCA can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the "Update Root Certificates" feature isn't enabled.
      Testing the certificate date to confirm the certificate is valid.
       Date validation passed. The certificate hasn't expired.
      Additional Details
       The certificate is valid. NotBefore = 10/14/2012 12:00:00 AM, NotAfter = 10/14/2015 11:59:59 PM
      Checking the IIS configuration for client certificate authentication.
       Client certificate authentication wasn't detected.
      Additional Details
       Accept/Require Client Certificates isn't configured.
      Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
       Autodiscover settings weren't obtained when the Autodiscover POST request was sent.
      Test Steps
      ExRCA is attempting to retrieve an XML Autodiscover response from URL https://autodiscover.domain.com/AutoDiscover/AutoDiscover.xml for user tester@domain.com.
       ExRCA failed to obtain an Autodiscover XML response.
      Additional Details
       An HTTP 401 Unauthorized response was received from the remote Unknown server. This is usually the result of an incorrect username or password. If you are attempting to log onto an Office 365 service, ensure you are using your full User Principal Name (UPN).
Question by:McCombsExchange
  • 2
  • 2
LVL 10

Expert Comment

ID: 38836995
you either need to configure the UPN suffix for your user to match your email domain.com, or authenticate as domain\username.

Author Comment

ID: 38837004
Unfortunately, I am authenticating as domain\username.  Still this.
LVL 10

Accepted Solution

djcanter earned 2000 total points
ID: 38837049
The only way i can duplicate this is to have invalid domain\username/password combo.
If I have correct username/password, but invalid email address, the error is different.

Is this an on-premise exchange server? Can you confirm from AD the user logon name (pre-windows 2000).  Please also confirm the account is not locked.

Author Closing Comment

ID: 38837550
This is exactly why I needed to go back to first principles.  I was getting so bogged down in the minutiae of the auth settings and the internalautodiscoveruri and the certificate subject alternate names, I forgot that the script I used to create the test user creates room-type mailboxes, which of course are disabled.  /smh

It works now, of course.

Thank you!!!

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Stellar Exchange Toolkit: this 5 in 1 toolkit comes loaded with mega-software tool. Here’s an introduction to tools’ usage and advantages:
Mailbox Corruption is a nightmare every Exchange DBA wishes he never has. Recovering from it can be super-hectic if not entirely futile. And though techniques like the New-MailboxRepairRequest cmdlet have been designed to help with fixing minor corr…
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
Suggested Courses

971 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question