TimFarren
asked on
AUTODISCOVER - Almost there but need help
Hi everyone..
Here's what I have:
Exchange 2007 - multi-domain hosted setup
Outlook 2007 SP3
Single SSL Certificate (not wildcard)
I have a _autodiscover DNS record created for the domain in question. I do not have an autodiscover.domainname.co m A record yet.
The Problem:
Out Of Office.. when you select it on my hosted domain clients, it complaints the server isn't available.
What I've tried:
https://testconnectivity.microsoft.com - it reports everything is ok, except it errors out here:
"ErrorInvalidWatermark: The watermark is invalid.
Elapsed Time: 305 ms."
This whole thing works if I use HTTP Redirection and point it at the server.domainname.com that handles the email for the domain - however, since the certificate doesn't match the domain name for the email address, it pops up the certificate warning complaining that the name doesn't match. If I tell the warning to continue anyway, Out of office pops up and seems to be happy - but if I say no, then it complains the server is unavailable. Thoughts?
Thanks!!
Here's what I have:
Exchange 2007 - multi-domain hosted setup
Outlook 2007 SP3
Single SSL Certificate (not wildcard)
I have a _autodiscover DNS record created for the domain in question. I do not have an autodiscover.domainname.co
The Problem:
Out Of Office.. when you select it on my hosted domain clients, it complaints the server isn't available.
What I've tried:
https://testconnectivity.microsoft.com - it reports everything is ok, except it errors out here:
"ErrorInvalidWatermark: The watermark is invalid.
Elapsed Time: 305 ms."
This whole thing works if I use HTTP Redirection and point it at the server.domainname.com that handles the email for the domain - however, since the certificate doesn't match the domain name for the email address, it pops up the certificate warning complaining that the name doesn't match. If I tell the warning to continue anyway, Out of office pops up and seems to be happy - but if I say no, then it complains the server is unavailable. Thoughts?
Thanks!!
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Simon -
Autodiscover.companyname.c om doesn't resolve (company domain redacted). There are no host records for it at the moment. There's only a SRV record. Having that record is causing prompts asking folks if the cert can be trusted. The SRV record is pointing to the A record for my mail server that hosts the email. The only way I've been able to make these warnings go away is to remove the SRV record / autodiscover A record. Then email works, but things like downloading the addressbook fail with an error as well as the out of office wizard complains that the server is not available. With the SRV in place, when the warning pops up, if we allow it to continue, then the OOF works - I'll admit I haven't tested the adressbook function but I suspect it works. Maybe not.
Simon, do you believe the other suggestion is worth trying as well?
Autodiscover.companyname.c
Simon, do you believe the other suggestion is worth trying as well?
Do you have a trusted SSL certificate in place?
If not then you need to get that corrected.
If you do, then you shouldn't get prompts about the certificate as long as the host name being used internally and externally is the same as on the SSL certificate.
Simon.
If not then you need to get that corrected.
If you do, then you shouldn't get prompts about the certificate as long as the host name being used internally and externally is the same as on the SSL certificate.
Simon.
ASKER
I do have a trusted certificate. It's not a wildcard cert though. Are you saying it shouldn't matter that the email domain that I am hosting doesn't match the domain in my SRV record? The SRV in their DNS references mail.nydomainname.com, not their domain.
Correct. As long as the SRV record points to the correct host name, then it should work.
That is how hosted Exchange providers work - they have a single certificate and point all clients to it - otherwise it would get very expensive.
Simon.
That is how hosted Exchange providers work - they have a single certificate and point all clients to it - otherwise it would get very expensive.
Simon.
ASKER
Then I am confused about why my clients get these warnings. What could I possibly be doing wrong?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I just setup a new domain on my server, with brand new users, and a brand new datastore. I followed those guidelines listed above. The autodiscover worked (it autodetected the mailbox settings) however, turning on out of office produces the error, "Your automatic reply settings cannot be displayed because the server is currently unavailable. Please try again later".
Very frustrating. I've been chasing this issue for months now. Any other ideas?
Very frustrating. I've been chasing this issue for months now. Any other ideas?
ASKER
Side note - I logged in over OWA, turned on out of office, and sent the user a test. I received the out of office reply. So at least that works - but remote outlook users can't see the settings. Ugh..
OWA sets the OOTO message in a different way.
The primary reason for OOTO not working is SSL certificate issues. Very little else causes a problem. You must have an error in the configuration of either the SRV record or the DNS records for the hosted domain somewhere.
Simon.
The primary reason for OOTO not working is SSL certificate issues. Very little else causes a problem. You must have an error in the configuration of either the SRV record or the DNS records for the hosted domain somewhere.
Simon.
ASKER
Ok, I setup the new domain just yesterday and bought the domain name from godaddy. I actually removed the @ record to ensure autodiscover wouldn't resolve to anything. The only other records I created was an SPF and mx records and then the SRV record. Which is as follows:
Let's say my server is mail.server.com and their domain is client.com. The certificate is for mail.server.com. The SRV record is:
_autodiscover _tcp
Port=443
Name=@
Priority / weight I think is both 10
Host : mail.server.com
How else should these records be setup? Does there need to be anything set in the server's local DNS? Our internal domain is something like server.local.
Let's say my server is mail.server.com and their domain is client.com. The certificate is for mail.server.com. The SRV record is:
_autodiscover _tcp
Port=443
Name=@
Priority / weight I think is both 10
Host : mail.server.com
How else should these records be setup? Does there need to be anything set in the server's local DNS? Our internal domain is something like server.local.
You don't need anything in your internal DNS unless you are going to have clients using that email domain on your internal DNS server (so on your internal network).
If you do an nslookup on the SRV record, do the correct results come back. Wouldn't be the first time DNS records fail to apply correctly.
Simon.
If you do an nslookup on the SRV record, do the correct results come back. Wouldn't be the first time DNS records fail to apply correctly.
Simon.
ASKER
Yes they do come back correctly. In fact when you setup a new profile in outlook (offsite) and put the users email address and name in, autodiscover finds all the rest and sets up the account. Still the OOTO is broken and that is really what I am trying to fix.
ASKER
Did I mention that I do not get the error if I use an A record for autodiscover.domainname.co m and do a http redirect to my server? The OOTO error goes away but then the silly certificate mismatch warning persistently pops up for my users.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
More info needed, I provided.
Select only use autodiscover after key in email address and password, click on run test.
Verify your OOF URL is accessible?