IntegratedBizTech
asked on
Autodiscover fails for Outlook 2007 only
Hello Everyone,
For some reason, auto discover is failing for outlook 2007 only. Auto-discover works fine for the users with outlook 2010 and 2013. We have combed through every possible setting that could be affecting this. The auto discover and mail DNS records are point to the correct server. We have gone through IIS, and verified correct links. We have rebuilt the EWS directory. When running the outlook Email test auto configuration, it fails every attempt to pull in auto discover settings. If you need additional information, just let us know and we will be happy to post.
Thank you,
For some reason, auto discover is failing for outlook 2007 only. Auto-discover works fine for the users with outlook 2010 and 2013. We have combed through every possible setting that could be affecting this. The auto discover and mail DNS records are point to the correct server. We have gone through IIS, and verified correct links. We have rebuilt the EWS directory. When running the outlook Email test auto configuration, it fails every attempt to pull in auto discover settings. If you need additional information, just let us know and we will be happy to post.
Thank you,
Patrick Bogers
What exchange server are you running and what events are displayed in the clients computers events?
ASKER
It's exchange server 2010, there are no error messages in the event log, prior, during, or after running outlook. The error message returned by the test email autoconfiguration are as follow.
"attempting URL https://mail.company.com/autodiscover/autodiscover.xml found through SCP
Autodiscover to https://mail.company.com/autodiscover/autodiscover.xml starting
getlasterror=o; httpstatus=200.
Autodiscover to https://mail.company.com/autodiscover/autodiscover.xml FAILED (0x800c8202)
Autodiscover to https://mail.company.com/autodiscover/autodiscover.xml starting
getlasterror=12030; httpstatus=200.
Autodiscover to https://company.com/autodiscover/autodiscover.xml FAILED (0x800c8203)
Autodiscover to https://autodiscover.company.com/autodiscover/autodiscover.xml starting
getlasterror=12175; httpstatus=o.
getlasterror=0; httpstatus=401
getlasterror=0; httpstatus=401
getlasterror=0; httpstatus=200.
Autodiscover to https://autodiscover.company.com/autodiscover/autodiscover.xml FAILED (0x800c8202)
Redirect check to http://autodiscover.company.com/autodiscover/autodiscover.xml starting
Redirect check to http://autodiscover.company.com/autodiscover/autodiscover.xml FAILED (0x80004005)
Srv Record lookup for company.com starting
Autodiscover URL redirection to https://mail.company.com/autodiscover/autodiscover.xml
Autodiscover to https://mail.company.com/autodiscover/autodiscover.xmll starting
getlaterror=0; httpstatus=200.
autodiscover to https://mail.company.com/autodiscover/autodiscover.xml FAILED (0x800c8202)
Srv record lookup for company.com FAILED (0x800c8202)"
A few additonal notes. We discovered that autodiscover not work for outlook 2010 as well, but you can still access the out of office assitant and offline address book. All of which you shouldn't be able to if autodiscover is not working correctly, but Offline address book and out of office will not work in outlook 2007. The autodiscover for outlook 2010 was working a week ago. The error message for outlook 2010 is the same as the one posted above.
"attempting URL https://mail.company.com/autodiscover/autodiscover.xml found through SCP
Autodiscover to https://mail.company.com/autodiscover/autodiscover.xml starting
getlasterror=o; httpstatus=200.
Autodiscover to https://mail.company.com/autodiscover/autodiscover.xml FAILED (0x800c8202)
Autodiscover to https://mail.company.com/autodiscover/autodiscover.xml starting
getlasterror=12030; httpstatus=200.
Autodiscover to https://company.com/autodiscover/autodiscover.xml FAILED (0x800c8203)
Autodiscover to https://autodiscover.company.com/autodiscover/autodiscover.xml starting
getlasterror=12175; httpstatus=o.
getlasterror=0; httpstatus=401
getlasterror=0; httpstatus=401
getlasterror=0; httpstatus=200.
Autodiscover to https://autodiscover.company.com/autodiscover/autodiscover.xml FAILED (0x800c8202)
Redirect check to http://autodiscover.company.com/autodiscover/autodiscover.xml starting
Redirect check to http://autodiscover.company.com/autodiscover/autodiscover.xml FAILED (0x80004005)
Srv Record lookup for company.com starting
Autodiscover URL redirection to https://mail.company.com/autodiscover/autodiscover.xml
Autodiscover to https://mail.company.com/autodiscover/autodiscover.xmll starting
getlaterror=0; httpstatus=200.
autodiscover to https://mail.company.com/autodiscover/autodiscover.xml FAILED (0x800c8202)
Srv record lookup for company.com FAILED (0x800c8202)"
A few additonal notes. We discovered that autodiscover not work for outlook 2010 as well, but you can still access the out of office assitant and offline address book. All of which you shouldn't be able to if autodiscover is not working correctly, but Offline address book and out of office will not work in outlook 2007. The autodiscover for outlook 2010 was working a week ago. The error message for outlook 2010 is the same as the one posted above.
Hmm what about the certificate? is it still valid for the internal URL?
Does the host name in the error message resolve to the INTERNAL IP address of the server?
If so, is the SSL certificate still valid?
Does OWA etc work?
Another option would be to recreate the Autodiscover virtual directory, using the wizard in EMC.
Simon.
If so, is the SSL certificate still valid?
Does OWA etc work?
Another option would be to recreate the Autodiscover virtual directory, using the wizard in EMC.
Simon.
ASKER
The host can resolve over the internal IP address of the server. All the mail settings pull in because the computer are joined to the domain, so it is resolving over internally. The SSL certificate is still valid. We have one Certificate for this domain.This is the Certificate we have is attached to this post. The certificate is for the mail.company.com but we have a cname record in DNS for autodiscover.company.com to point over to the mail.company.com. All versions of outlook do get an SSL certificate error. It states
"autodiscover.company.com
Information you exchange with this site cannot be viewed or viewed or changed by others. However, there is a problem with this site's certificate.
The security certificate is from a trusted certifying Authority (Check)
The security certificate date is valid (check)
The name on the security certificate is invalid or does not match the name of the site (failed
"
When viewing the record, it brings up the same information for the cert as it does from the EMC.
We have already tried recreating the Autodiscover Virtual Directory with no success. OWA also works fine with no issue, internally or externally.
certificate.txt
"autodiscover.company.com
Information you exchange with this site cannot be viewed or viewed or changed by others. However, there is a problem with this site's certificate.
The security certificate is from a trusted certifying Authority (Check)
The security certificate date is valid (check)
The name on the security certificate is invalid or does not match the name of the site (failed
"
When viewing the record, it brings up the same information for the cert as it does from the EMC.
We have already tried recreating the Autodiscover Virtual Directory with no success. OWA also works fine with no issue, internally or externally.
certificate.txt
"This is the Certificate we have is attached to this post. The certificate is for the mail.company.com but we have a cname record in DNS for autodiscover.company.com to point over to the mail.company.com"
There is your problem.
You cannot do Autodiscover like that.
The client is trying to use Autodiscover.example.com, which resolves, but isn't on the DNS record.
You need to do one of two things.
1. Remove the CNAME and replace it with an SRV record, both internally and externally.
2. Add Autodiscover.example.com to the SSL certificate. That will probably mean a different kind of certificate being purchased.
Simon.
There is your problem.
You cannot do Autodiscover like that.
The client is trying to use Autodiscover.example.com, which resolves, but isn't on the DNS record.
You need to do one of two things.
1. Remove the CNAME and replace it with an SRV record, both internally and externally.
2. Add Autodiscover.example.com to the SSL certificate. That will probably mean a different kind of certificate being purchased.
Simon.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
We figured out the solution without any intervention.