Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

AUTODISCOVER - Almost there but need help

Posted on 2013-11-11
17
Medium Priority
?
278 Views
Last Modified: 2015-02-05
Hi everyone..

Here's what I have:

Exchange 2007 - multi-domain hosted setup
Outlook 2007 SP3
Single SSL Certificate (not wildcard)
I have a _autodiscover DNS record created for the domain in question.  I do not have an autodiscover.domainname.com A record yet.

The Problem:
Out Of Office.. when you select it on my hosted domain clients, it complaints the server isn't available.  

What I've tried:
https://testconnectivity.microsoft.com - it reports everything is ok, except it errors out here:

"ErrorInvalidWatermark: The watermark is invalid.
Elapsed Time: 305 ms."

This whole thing works if I use HTTP Redirection and point it at the server.domainname.com that handles the email for the domain - however, since the certificate doesn't match the domain name for the email address, it pops up the certificate warning complaining that the name doesn't match.  If I tell the warning to continue anyway, Out of office pops up and seems to be happy - but if I say no, then it complains the server is unavailable.  Thoughts?

Thanks!!
0
Comment
Question by:TimFarren
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 10
  • 6
17 Comments
 
LVL 19

Expert Comment

by:suriyaehnop
ID: 39640423
Hold CTRL and right click on Outlook icon on taskbar and choose test email configuration.

Select only use autodiscover after key in email address and password, click on run test.

Verify your OOF URL is accessible?
0
 
LVL 63

Assisted Solution

by:Simon Butler (Sembee)
Simon Butler (Sembee) earned 1500 total points
ID: 39644502
If you are doing multiple domain then you need to use either redirect or SRV records for Autodiscover. It is important that Autodiscover.example.com does not resolve - so no wildcards in the public DNS records.

The fact that you are getting a certificate error would tend to suggest that the host name is resolving.

Also check that https://example.com/Autodiscover/Autodiscover.xml doesn't work - note the S on the URL.

Simon.
0
 
LVL 2

Author Comment

by:TimFarren
ID: 39652038
Simon -

Autodiscover.companyname.com doesn't resolve (company domain redacted).  There are no host records for it at the moment.  There's only a SRV record.  Having that record is causing prompts asking folks if the cert can be trusted.  The SRV record is pointing to the A record for my mail server that hosts the email.  The only way I've been able to make these warnings go away is to remove the SRV record / autodiscover A record.  Then email works, but things like downloading the addressbook fail with an error as well as the out of office wizard complains that the server is not available.  With the SRV in place, when the warning pops up, if we allow it to continue, then the OOF works - I'll admit I haven't tested the adressbook function but I suspect it works.  Maybe not.

Simon, do you believe the other suggestion is worth trying as well?
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39653082
Do you have a trusted SSL certificate in place?
If not then you need to get that corrected.
If you do, then you shouldn't get prompts about the certificate as long as the host name being used internally and externally is the same as on the SSL certificate.

Simon.
0
 
LVL 2

Author Comment

by:TimFarren
ID: 39653213
I do have a trusted certificate. It's not a wildcard cert though. Are you saying it shouldn't matter that the email domain that I am hosting doesn't match the domain in my SRV record? The SRV in their DNS references mail.nydomainname.com, not their domain.
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39653678
Correct. As long as the SRV record points to the correct host name, then it should work.
That is how hosted Exchange providers work - they have a single certificate and point all clients to it - otherwise it would get very expensive.

Simon.
0
 
LVL 2

Author Comment

by:TimFarren
ID: 39653827
Then I am confused about why my clients get these warnings.   What could I possibly be doing wrong?
0
 
LVL 63

Assisted Solution

by:Simon Butler (Sembee)
Simon Butler (Sembee) earned 1500 total points
ID: 39657982
You have to ensure that
a. Autodiscover.example.com does NOT resolve anywhere.
b. The SSL certificate is trusted
c. SRV record is completely correct with the full FQDN that matches the SSL certificate.

Simon.
0
 
LVL 2

Author Comment

by:TimFarren
ID: 39666175
I just setup a new domain on my server, with brand new users, and a brand new datastore.  I followed those guidelines listed above.  The autodiscover worked (it autodetected the mailbox settings) however, turning on out of office produces the error, "Your automatic reply settings cannot be displayed because the server is currently unavailable.  Please try again later".

Very frustrating.  I've been chasing this issue for months now.  Any other ideas?
0
 
LVL 2

Author Comment

by:TimFarren
ID: 39666194
Side note - I logged in over OWA, turned on out of office, and sent the user a test.  I received the out of office reply.  So at least that works - but remote outlook users can't see the settings.  Ugh..
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39668332
OWA sets the OOTO message in a different way.
The primary reason for OOTO not working is SSL certificate issues. Very little else causes a problem. You must have an error in the configuration of either the SRV record or the DNS records for the hosted domain somewhere.

Simon.
0
 
LVL 2

Author Comment

by:TimFarren
ID: 39668633
Ok, I setup the new domain just yesterday and bought the domain name from godaddy. I actually removed the @ record to ensure autodiscover wouldn't resolve to anything. The only other records I created was an SPF and mx records and then the SRV record.  Which is as follows:

Let's say my server is mail.server.com and their domain is client.com. The certificate is for mail.server.com. The SRV record is:

_autodiscover  _tcp  
Port=443
Name=@
Priority / weight I think is both 10
Host : mail.server.com

How else should these records be setup?  Does there need to be anything set in the server's local DNS?  Our internal domain is something like server.local.
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39674393
You don't need anything in your internal DNS unless you are going to have clients using that email domain on your internal DNS server (so on your internal network).

If you do an nslookup on the SRV record, do the correct results come back. Wouldn't be the first time DNS records fail to apply correctly.

Simon.
0
 
LVL 2

Author Comment

by:TimFarren
ID: 39674553
Yes they do come back correctly. In fact when you setup a new profile in outlook (offsite) and put the users email address and name in, autodiscover finds all the rest and sets up the account. Still the OOTO is broken and that is really what I am trying to fix.
0
 
LVL 2

Author Comment

by:TimFarren
ID: 39674563
Did I mention that I do not get the error if I use an A record for autodiscover.domainname.com and do a http redirect to my server?  The OOTO error goes away but then the silly certificate mismatch warning persistently pops up for my users.
0
 
LVL 2

Accepted Solution

by:
TimFarren earned 0 total points
ID: 40581670
I have implemented a workaround that I came up with myself.  I've not seen this posted anywhere, but it seems to work.

1.  Create in DNS (externally - godaddy for example) a record called autodiscover.domainname.com that points to 127.0.0.1.  Why?  Because a lot of web hosting companies supply the address of the webserver to the @ record, making autodiscover incorrectly resolve to the wrong host.

2.  Create a SRV record pointing _TCP _Autodiscover to the correct host (e.g. https://remote.domainname.com)

Alternative to #2 is to create url subdomain forwarding record.  Point autodiscover.domainname.com to remote.domainname.com for example as a redirect.  These methods seem to solve my problem.
0
 
LVL 2

Author Closing Comment

by:TimFarren
ID: 40590658
More info needed, I provided.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I don't pretend to be an expert at this, but I have found a few things that are useful. I hope that sharing them here will help others, so they will not have to face some rather hard choices. Since I felt this to be a topic of enough importance and…
The core idea of this article is to make you acquainted with the best way in which you can export Exchange mailbox to PST format.
This video discusses moving either the default database or any database to a new volume.
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question