Solved

Autodiscover Error

Posted on 2014-01-20
19
1,840 Views
Last Modified: 2014-07-25
Hi,

We are running SBS 2011 and we have a problem with autodiscover externally. When i run the autodiscover test on the Microsoft Remote Connectivity Analyzer site (https://testconnectivity.microsoft.com) i receive the following error message

 
Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
       Autodiscover settings weren't obtained when the Autodiscover POST request was sent.
        
Additional Details
       Elapsed Time: 1671 ms.
        
Test Steps
        
The Microsoft Connectivity Analyzer is attempting to retrieve an XML Autodiscover response from URL https://autodiscover.removed.com.au/AutoDiscover/AutoDiscover.xml for user user@removed.com.au.

       The Microsoft Connectivity Analyzer failed to obtain an Autodiscover XML response.
        
Additional Details
       An HTTP 401 Unauthorized response was received from the remote Unknown server. This is usually the result of an incorrect username or password. If you are attempting to log onto an Office 365 service, ensure you are using your full User Principal Name (UPN).
Headers received:
Content-Type: text/html
Server: Microsoft-IIS/7.5
WWW-Authenticate: Negotiate,NTLM,Basic realm="autodiscover.removed.com.au"
X-Powered-By: ASP.NET
Date: Thu, 09 Jan 2014 10:20:20 GMT
Content-Length: 58
Elapsed Time: 1671 ms.


So the credentials are definitely correct. Happens with all accounts. They are not Office365 accounts either.

 - SSL certificate passes validity check. It contains autodiscover.domain.com.au
 - Port 443 is open
 - Exchange services are running
 - Disabling or enabling loopback checking doesn't make any difference
 
It could potentially be a URL or permission problem. I'm not sure. Any help with this would be greatly appreciated.

Wolf
0
Comment
Question by:mrwolf
  • 11
  • 6
  • 2
19 Comments
 
LVL 1

Expert Comment

by:sameert
ID: 39796052
0
 
LVL 1

Expert Comment

by:sameert
ID: 39796061
Also Run Test E-Mail AutoConfiguration from Internal client
option from by CTRL+Right Clicking the Outlook icon in the System Tray and testing AutoDiscover

Please post the Result here

Thanks
0
 
LVL 3

Author Comment

by:mrwolf
ID: 39799029
Hi,

Here is the result of the autodiscover test through Outlook

First half of the result
Second half of the result
Let me know what you think

Thanks
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39802748
Was the server and the certificate installed using the wizards within SBS management console? If not, then you need to go back and correct both of those issues. On the SSL wizard, choose the option to use an existing SSL certificate.

If that doesn't work, then go back in to the SBS console and run the fix my network wizard.

Simon.
0
 
LVL 3

Author Comment

by:mrwolf
ID: 39816943
Hi,

It was installed using the SBS console. I ran the Fix My Network Wizard and it fixed three issues but did not resolve the fault.

Wizard results
Should i consider removing the certificate completely and re-adding it again?

Wolf
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39817633
You can try removing the SSL certificate and adding it back in again if you wish. It shouldn't do any harm. You must use the wizards to enable it though.

Simon.
0
 
LVL 3

Author Comment

by:mrwolf
ID: 39823225
I'm going away for the weekend but next week I'm going to take out that cert. It is a UCC certificate and it is up for renewal this year so i'm just going to take it out and purchase a single name certificate instead and use a SRV record for autodiscover. Cheaper and easier and then we will see whether importing a new certificate will fix this or not.
0
 
LVL 3

Author Comment

by:mrwolf
ID: 40028812
OK so after some time, the business agreed to renew the soon to expire UCC certificate with a standard single name certificate and it is installed correctly through the wizard.

Still getting the same error message externally though using Remote Connectivity Analyzer to test. Obviously now using a standard certificate i am using a SRV record and it finds that ok. It errors out with this:

The Microsoft Connectivity Analyzer is attempting to retrieve an XML Autodiscover response from URL https://mail.removed.com.au/Autodiscover/Autodiscover.xml for user user@removed.com.au.
       The Microsoft Connectivity Analyzer failed to obtain an Autodiscover XML response.

An HTTP 401 Unauthorized response was received from the remote Unknown server. This is usually the result of an incorrect username or password. If you are attempting to log onto an Office 365 service, ensure you are using your full User Principal Name (UPN).

HTTP Response Headers:
Content-Type: text/html
Server: Microsoft-IIS/7.5
WWW-Authenticate: Negotiate,NTLM,Basic realm="mail.removed.com.au"
X-Powered-By: ASP.NET
Date: Tue, 29 Apr 2014 03:10:41 GMT
Content-Length: 58
Elapsed Time: 1779 ms.

It all works perfectly internally though. I went through these articles running the tests and checking the permissions but it is all ok

http://blogs.technet.com/b/exchdxb/archive/2012/05/10/troublshooting-autodiscover-exchange-2007-2010.aspx

http://msexchangeguru.com/2010/10/05/autodiscover/

I could recreate the virtual directory but there doesn't seem to be anything wrong with the virtual directory and i have recreated it before.

Is there anyway that a firewall could cause this behaviour? I am thinking if it is doing something to the XML response but i can actually browse the xml file remotely and i do get the correct response from within a browser (errorcode 600) so i don't know what is going on. Username and password are definitely correct.

Sigh
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40031625
Internally and externally work in different ways.
Therefore it is perfectly possible for it to work inside but not outside.

Resetting the Autodiscover virtual directory would be something I would consider doing if you have changed ANYTHING from default (or even think you have). The Autodiscover virtual directory does not have to be changed away from the default settings for 99.9% of installations.

Simon.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 3

Author Comment

by:mrwolf
ID: 40033835
Hi Simon,

I recreated the Autodiscovery Virtual Directory but i still get the same error unfortunately.

Any other ideas? I'm leaning towards firewall purely because it's the only thing i don't have access to to check and IPS does some strange things... long shot though

Gab
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40034095
On the EXRCA site there is a client piece, that you can download and install on a workstation. Try using that and see what happens INTERNALLY. I would also a machine that is off the domain. You will need to have Autodiscover.example.com on your internal DNS (or SRV record if you are using a single name certificate) so that the Autodiscover path goes through correctly.

If the firewall is doing IPS then it shouldn't be touching SSL traffic.

Simon.
0
 
LVL 3

Author Comment

by:mrwolf
ID: 40041361
I downloaded the tool and ran the option that says "I am experiencing other problems with Outlook" but it completed successfully without errors with the same user account.

There is indeed a autodiscover record internally which points to the private IP address on the SBS box.
0
 
LVL 3

Author Comment

by:mrwolf
ID: 40074176
Hi Simon,

Here is the IIS HTTP logs for the last time i tested using the Microsoft test site. I have removed references to the domain and username.

Hopefully this is of some help
IIS-Logs.txt
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40078824
There isn't much in there of any use.
You did the test with a non-domain machine?

It is unusual for the test site to work and Outlook to fail.

Simon.
0
 
LVL 3

Author Comment

by:mrwolf
ID: 40079457
Yes it is very odd. I feel like I've read every article and tried a hundred fixes although it is still probably something small and simple.

I ran that test from a laptop that was not joined to the domain.

I get the expected response from the autodiscover xml file in a web browser externally so it is pretty confusing that it doesn't work. I might have to raise this with Microsoft. Or maybe I'll just upgrade to Server 2012 and Exchange 2013 instead :) I've been meaning to do that. Time is the biggest restraint
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40087325
I don't really have anything else to suggest.
There has to be something in your environment that is causing the problem that you are either not mentioning (because you don't think it is relevant) or you aren't aware of. AV software could be causing the problem as can HTTP proxies.

Simon.
0
 
LVL 3

Author Comment

by:mrwolf
ID: 40090196
I will log this with Microsoft and update this thread when i have an answer.

Thanks for your help with this Simon.
0
 
LVL 3

Accepted Solution

by:
mrwolf earned 0 total points
ID: 40207990
Microsoft resolved the issue. Strangely though it works with Outlook and mobiles etc but not with the Test Exchange Connectivity website for some reason. They said this happens sometimes.

Here are some of the things they checked. Not all of it was relevant to the solution. They said it was most likely the RDgateway. This seems very odd to me but that's what they said.

RESOLUTION:

o We verified autodicsover srv record was correct and it was pointing to correct IP address.
o Created the registry key Disableloopbackcheck "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa" and backconnection hostname "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0" .
o Checked authentication on the EWS, Autodiscover, RCP and RPC with cert virtual directories in IIS.
o Corrected authentication on RCP virtual directories, other virtual directories were set to correct authentication.
o Checked the internal and external url on autodiscover, outlookanyhwere, clientaccessserver: urls were correct.
o Tried to browse the https://mail.infinet.com.au/autodiscover/autodiscover.xml: It was asking for username and password repeatedly.
o Enabled RDgateway feature on the server "Dism /online /Enable-feature:Gateway-UI".
o IIS settings were not configured and certificate was not installed on RD Gateway.
o Corrected the IIS settings for RD gateway and installed the trusted certificate.
o Checked Exchange console, found one certificate which was showing invalid.
o Removed the invalid certificate and Enabled correct certificate on exchange server.
o Restarted the RDgateway, Exchange services and did iisreset.
o Did testautoconfiguration from outlook 2013.
o Got the xml request on outlook and option to configure MSFT account on outlook.
O Issue resolved
0
 
LVL 3

Author Closing Comment

by:mrwolf
ID: 40218882
I ended up logging the ticket with Microsoft to get the solution.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Easy CSR creation in Exchange 2007,2010 and 2013
This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now