Partly working Autodiscover


I’m migrating from Exchange 2003 to 2010 and are struggling with the Autodiscover setup.
When I connect external with Outlook 2013 it keeps asking for username and password.
I then have to logon with localdomain\username twice to finish the wizard. I’m really keen on getting this right so that e-mail address and password is the only thing that’s needed.
When I try to create an Exchange account on an Android device the server settings are found when using the administrator account, but it doesn’t accept the username/password. When using a “normal” user it fails to find the server settings at all.
I have ran Microsoft Connectivity Analyzer for Outlook Anywhere (RPC over HTTP) and ActiveSync. Both tests finish successfully using the DNS record. But still I got this problem with Outlook and Android.
Outlook and Android devices works fine after manually configuration.
Maybe this has something to do with the SAN certificate since it doesn’t includes the mailserver.localdomain.local name? Or Basic/NTLM authentication?

This I what I have done:
•      Created a GoDaddy SAN certificate with this domain names:

•      Activated Outlook Anywhere with NTLM authentication

•      Changed the URL’s for the Virtual Directories

Set-ClientAccessServer -Identity localhostname -AutodiscoverServiceInternalUri

Set-WebServicesVirtualDirectory -Identity “localhostname\EWS (Default Web Site)” -InternalUrl

Set-WebServicesVirtualDirectory -Identity “localhostname\EWS (Default Web Site)” -ExternalUrl

Set-OABVirtualDirectory -Identity “localhostname\oab (Default Web Site)” -InternalUrl

Set-ActiveSyncVirtualDirectory “localhostname\microsoft-server-activesync (Default Web Site)” -ExternalURL
Who is Participating?
TMekeelConnect With a Mentor Commented:
You can add the external domain as a upn suffix to AD and it should be fine.
Go to AD > AD Domains and Trusts.  Right-click Domains and Trusts and select Properites.
Add the external suffix for example.
Then change the user's profile to the external suffix.

This will not stop domain accounts logging into local machines with domain\username.  They can still login that way, or now additionally with their email address.
SteveIT ManagerCommented:

when we did this recently I also created which handled all the 2003 users orior to mailbox move

In the end I bit the bullet, took a backup of the 2003 exchange and moved all mailboxes one friday night to the 2010 box rather than stay in coexistenxe
Giovanni HewardCommented:
You may want to review the guide I posted here.
Free tool for managing users' photos in Office 365

Easily upload multiple users’ photos to Office 365. Manage them with an intuitive GUI and use handy built-in cropping and resizing options. Link photos with users based on Azure AD attributes. Free tool!

elit2007Author Commented:
I suppose is my legacy name that is already included in the SAN certificate.
I have moved the administrator’s mailbox and a test user. So the account I'm testing against are located on the new Exchange server.
The Activesync and Outlook anywhere test finish successfully on http://testexchangeconnectivity. But in these tests also uses the localdomain/username. So I’m not sure if these tests will recognize my problem.
Thats a setting in Exchange that needs to be changed if you want to use the email address.
Look at the OWA settings under Server Configuration > Client Access > Authentication tab > Use forms-based authentication.

You should be able to change that so you can login with your email address instead of Domain\Username.
elit2007Author Commented:
Perfect, i changed to only use the username and selected the internal domain. Now Outlook connects using the email address and password. Android cant still find the server settings, but maybe this is antother problem.
Do you have an autodiscover record in your registrar's DNS (or whomever is hosting your DNS for your domain?)
I also see you have set the internal uri for autodiscover, but what about external?

Lastly, in Server COnfiguration > Client Access > Exchange ActiveSync > Authentication,
what settings are you using?
elit2007Author Commented:
Sorry. Forgot about the external URLs. Used EMC for those.

Owa external URL:

Activesync external URL:
Authentication: Basic
elit2007Author Commented:
And yes i registred in DNS. can't be used because the root is redirected to the corporate website.

I have not registred the SRV record. Should I?
elit2007Author Commented:
Arghh, fooled by the Widows Credential Manager. It is still prompting for the localdomain/username. See screenshot atached. Can't see anything about email login.
I think you want upn for the auth.
Also, you should have an autodiscover CNAME pointing to in your registrar's dns.  Not your local AD DNS.
elit2007Author Commented:
So upn will work although the internal domain is a .local domain?

I already got a CNAME for ->
on the external registrar.

The Exchange Connectivitytest find this record and run a successfully AvtiveSync test against it.
elit2007Author Commented:
Okey. So there will not be any problem to reach the external website from the local domain?
Or with other word, this settings will not affect the local DNS server?
elit2007Author Commented:
Another problem is that autodiscover is discovering the wrong certificate. Instead of using, it is using the certificate from
I found an article about this, but is it so bad that this problem can't be solved without removing SSL on the external web hotell? It seems almost impossible to get autodiscover to work probably.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.