Link to home
Start Free TrialLog in
Avatar of ChiIT
ChiIT

asked on

Allow this website to configure pops up even though it's been working for a while

Hello experts,

The attached message pops up for a user who is using outlook 2007 connected to a Exchange 2010 server. The user is connecting over the internet to email.

this user has had outlook working for a while, so it's not a new install. I've seen the autodiscover for new installs so it know's the server settings.

Does anyone know why this would come up randomly even after it's been setup and running for a while?

User generated image
Thanks in advance
Avatar of Radhakrishnan
Radhakrishnan
Flag of India image

Hi,

This happens when outlook redirects autodiscover operation from HTTP to HTTPS. This can be resolved by adding a registry key.

HKEY_CURRENT_USER\Software\Microsoft\Office\xx.0\Outlook\AutoDiscover\RedirectServers

You can also use the following registry subkey:
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\xx.0\Outlook\AutoDiscover\RedirectServers

Select 14.0 (outlook 2010)>>lick the Edit menu, point to New, and then click String Value.

Type the name of the HTTPS server to which AutoDiscover can be redirected without prompting for confirmation from the user, and then press ENTER. For example, to allow redirection to https://abcd.com, the first String Value (REG_SZ) name would be:

abcd.com

Note In Outlook 2010 the name of the server is case-sensitive. In Outlook 2013 it is not case sensitive.
There is no need to add text to the Value data box. The Data column should remain empty for the string values that you create.

Hope this helps.
The reason the prompt comes up is because Autodiscover regularly happens.

It is not (as many Exchange admins believe) a one time thing used for initial configuration. It cannot be ignored because you can configure things manually.
Outlook will do Autodiscover in the background to ensure that the settings are correct. You can make a change on Exchange and it will be on most of the clients within a few hours.

As for the prompt you are seeing, that could be down to a number of reasons.
a. You haven't got Autodiscover setup correctly.
b. Your ISP has changed something.

Thing is, if you have Autodiscover.example.com in your SSL certificate, then you just need to have an A record in the public DNS pointing to the site. There is no need to use SRV or HTTP redirect, which is the error would tend to suggest is happening. You do NOT get the prompts when you are using A records, only with the other options.

That leads me to believe that something isn't setup properly or something has been changed.

As such, while the above posting is a valid answer, it doesn't really deal with the why it is occurring, just the symptoms, particularly if things have appeared to be working correctly.

Simon.
Avatar of ChiIT
ChiIT

ASKER

Thanks both,

Simon, I'm assuming you are referring to the isp where exchange is, not the isp where the user is? this uses comcast business class internet where exchange is so I would be surprised if anything changed, so while not ruling that out I'm thinking your suggestion about config might be the first place to look.

I will check to see if there are SRV and HTTP redirects setup.

If it's ok I'll leave this open until later today while I check that config...
My use of ISP was probably not correct.

What I am referring to is where the public web site is located and/or where the DNS for the public domain name is located.

Time and again I have seen web hosts implement a new or updated control panel which uses Autodiscover itself, then have a wildcard on the domain, which means Autodiscover starts going somewhere it shouldn't.

Simon.
Avatar of ChiIT

ASKER

Godaddy is where the public domain name is hosted. I haven't  Iogged on there recently, what would I look for on a change for that?

Something else I thought of not sure if its related or not. There is an ssl cert for this domainname. I know its current ( not expired), could there be anything related to that which might cause this?
You need to follow the Autodiscover trail.
Do a test at the Microsoft test site: http://exrca.com/ 
See what is actually happening with Autodiscover.

Simon.
Avatar of ChiIT

ASKER

it looks like it passes successfully but its a bit confusing, the splash screen says passed, but when I copy the clipboard it has the following. not entirely sure I ran the tool correctly but this is what it came up with.

----

The Microsoft Connectivity Analyzer is attempting to test Autodiscover for administrator@mydomainname.com.
 Autodiscover was tested successfully.
 
Additional Details
 
Elapsed Time: 4602 ms.


 
Test Steps
 
Attempting each method of contacting the Autodiscover service.
 The Autodiscover service was tested successfully.
 
Additional Details
 
Elapsed Time: 4602 ms.


 
Test Steps
 
Attempting to test potential Autodiscover URL https://mydomainname.com:443/Autodiscover/Autodiscover.xml
 Testing of this potential Autodiscover URL failed.
 
Additional Details
 
Elapsed Time: 276 ms.


 
Test Steps
 
Attempting to resolve the host name mydomainname.com in DNS.
 The host name resolved successfully.
 
Additional Details
 
IP addresses returned: xx.xx.xx.xx

Elapsed Time: 31 ms.



Testing TCP port 443 on host mydomainname.com to ensure it's listening and open.
 The port was opened successfully.
 
Additional Details
 
Elapsed Time: 84 ms.



Testing the SSL certificate to make sure it's valid.
 The SSL certificate failed one or more certificate validation checks.
 
Additional Details
 
Elapsed Time: 160 ms.


 
Test Steps
 
The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server mydomainname.com on port 443.
 The Microsoft Connectivity Analyzer wasn't able to obtain the remote SSL certificate.
 
Additional Details
 
The certificate couldn't be validated because SSL negotiation wasn't successful. This could have occurred as a result of a network error or because of a problem with the certificate installation.

Elapsed Time: 114 ms.







Attempting to test potential Autodiscover URL https://autodiscover.mydomainname.com:443/Autodiscover/Autodiscover.xml
 Testing of the Autodiscover URL was successful.
 
Additional Details
 
Elapsed Time: 4326 ms.


 
Test Steps
 
Attempting to resolve the host name autodiscover.mydomainname.com in DNS.
 The host name resolved successfully.
 
Additional Details
 
IP addresses returned: my ip address

Elapsed Time: 28 ms.



Testing TCP port 443 on host autodiscover.mydomainname.com to ensure it's listening and open.
 The port was opened successfully.
 
Additional Details
 
Elapsed Time: 127 ms.



Testing the SSL certificate to make sure it's valid.
 The certificate passed all validation requirements.
 
Additional Details
 
Elapsed Time: 230 ms.


 
Test Steps
 
The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server autodiscover.mydomainname.com on port 443.
 The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
 
Additional Details
 
Remote Certificate Subject: CN=mail.mydomainname.com, OU=Domain Control Validated, O=mail.mydomainname.com, Issuer: SERIALNUMBER=myserialnumber, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US.

Elapsed Time: 139 ms.



Validating the certificate name.
 The certificate name was validated successfully.
 
Additional Details
 
Host name autodiscover.mydomainname.com was found in the Certificate Subject Alternative Name entry.

Elapsed Time: 2 ms.



Certificate trust is being validated.
 The certificate is trusted and all certificates are present in the chain.
 
Test Steps
 
The Microsoft Connectivity Analyzer is attempting to build certificate chains for certificate CN=mail.mydomainname.com, OU=Domain Control Validated, O=mail.mydomainname.com.
 One or more certificate chains were constructed successfully.
 
Additional Details
 
A total of 1 chains were built. The highest quality chain ends in root certificate OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US.

Elapsed Time: 28 ms.



Analyzing the certificate chains for compatibility problems with versions of Windows.
 Potential compatibility problems were identified with some versions of Windows.
 
Additional Details
 
The Microsoft Connectivity Analyzer can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the "Update Root Certificates" feature isn't enabled.

Elapsed Time: 10 ms.





Testing the certificate date to confirm the certificate is valid.
 Date validation passed. The certificate hasn't expired.
 
Additional Details
 
The certificate is valid. NotBefore = 11/23/2012 7:15:32 PM, NotAfter = 11/23/2014 4:35:34 PM

Elapsed Time: 0 ms.





Checking the IIS configuration for client certificate authentication.
 Client certificate authentication wasn't detected.
 
Additional Details
 
Accept/Require Client Certificates isn't configured.

Elapsed Time: 330 ms.



Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
 The Microsoft Connectivity Analyzer successfully retrieved Autodiscover settings by sending an Autodiscover POST.
 
Additional Details
 
Elapsed Time: 3610 ms.


 
Test Steps
 
The Microsoft Connectivity Analyzer is attempting to retrieve an XML Autodiscover response from URL https://autodiscover.mydomainname.com:443/Autodiscover/Autodiscover.xml for user administrator@mydomainname.com.
 The Autodiscover XML response was successfully retrieved.
 
Additional Details
 
Autodiscover Account Settings
XML response:
<?xml version="1.0"?>
<Autodiscover xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
<Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">
<User>
<DisplayName>Administrator</DisplayName>
<LegacyDN>/o=mydomain/ou=first administrative group/cn=Recipients/cn=Administrator</LegacyDN>
<DeploymentId>6bfdd6a3-2102-45a4-90d8-18e222a8dd2d</DeploymentId>
</User>
<Account>
<AccountType>email</AccountType>
<Action>settings</Action>
<Protocol>
<Type>EXCH</Type>
<Server>myserver.mydomain.local</Server>
<ServerDN>/o=mydomain/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=myserver</ServerDN>
<ServerVersion>738180DA</ServerVersion>
<MdbDN>/o=mydomain/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=myserver/cn=Microsoft Private MDB</MdbDN>
<ASUrl>https://myserver.mydomainname.local/EWS/Exchange.asmx</ASUrl>
<OOFUrl>https://myserver.mydomainname.local/EWS/Exchange.asmx</OOFUrl>
<OABUrl>Public Folder</OABUrl>
<UMUrl>https://myserver.mydomainname.local/EWS/UM2007Legacy.asmx</UMUrl>
<Port>0</Port>
<DirectoryPort>0</DirectoryPort>
<ReferralPort>0</ReferralPort>
<PublicFolderServer>myserver.mydomain.local</PublicFolderServer>
<AD>myserver.mydomain.local</AD>
<EwsUrl>https://myserver.mydomainname.local/EWS/Exchange.asmx</EwsUrl>
<EcpUrl>https://mail.mydomainname.com/ecp/</EcpUrl>
<EcpUrl-um>?p=customize/voicemail.aspx&amp;exsvurl=1</EcpUrl-um>
<EcpUrl-aggr>?p=personalsettings/EmailSubscriptions.slab&amp;exsvurl=1</EcpUrl-aggr>
<EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?exsvurl=1&amp;IsOWA=&lt;IsOWA&gt;&amp;MsgID=&lt;MsgID&gt;&amp;Mbx=&lt;Mbx&gt;</EcpUrl-mt>
<EcpUrl-ret>?p=organize/retentionpolicytags.slab&amp;exsvurl=1</EcpUrl-ret>
<EcpUrl-sms>?p=sms/textmessaging.slab&amp;exsvurl=1</EcpUrl-sms>
</Protocol>
<Protocol>
<Type>EXPR</Type>
<Server>mail.mydomainname.com</Server>
<OABUrl>Public Folder</OABUrl>
<Port>0</Port>
<DirectoryPort>0</DirectoryPort>
<ReferralPort>0</ReferralPort>
<SSL>On</SSL>
<AuthPackage>Ntlm</AuthPackage>
<EcpUrl>https://mail.mydomainname.com/ecp/</EcpUrl>
<EcpUrl-um>?p=customize/voicemail.aspx&amp;exsvurl=1</EcpUrl-um>
<EcpUrl-aggr>?p=personalsettings/EmailSubscriptions.slab&amp;exsvurl=1</EcpUrl-aggr>
<EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?exsvurl=1&amp;IsOWA=&lt;IsOWA&gt;&amp;MsgID=&lt;MsgID&gt;&amp;Mbx=&lt;Mbx&gt;</EcpUrl-mt>
<EcpUrl-ret>?p=organize/retentionpolicytags.slab&amp;exsvurl=1</EcpUrl-ret>
<EcpUrl-sms>?p=sms/textmessaging.slab&amp;exsvurl=1</EcpUrl-sms>
</Protocol>
<Protocol>
<Type>WEB</Type>
<Port>0</Port>
<DirectoryPort>0</DirectoryPort>
<ReferralPort>0</ReferralPort>
<Internal>
<OWAUrl AuthenticationMethod="Basic, Fba">https://mail.mydomainname.com/owa/</OWAUrl>
<Protocol>
<Type>EXCH</Type>
<ASUrl>https://myserver.mydomainname.local/EWS/Exchange.asmx</ASUrl>
</Protocol>
</Internal>
<External>
<OWAUrl AuthenticationMethod="Fba">https://mail.mydomainname.com/owa/</OWAUrl>
</External>
</Protocol>
</Account>
</Response>
</Autodiscover>
HTTP Response Headers:
Persistent-Auth: true
Content-Length: 4382
Cache-Control: private
Content-Type: text/xml; charset=utf-8
Date: Mon, 08 Sep 2014 13:01:51 GMT
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET


Elapsed Time: 3609 ms.

User generated image
The first error is fine - because Autodiscover attempts to connect to https://example.com/Autodiscover/Autodiscover.xml first.
It then attempts to connect to other URLs if that fails, the preferred URL being https://autodiscover.example.com/Autodiscover/Autodiscover.xml

The rest of the bits and pieces are really telling you to ensure that you have all of the intermediate certificates installed from GoDaddy.

However I would consider changing the URLs from the internal names to the external ones. Next time you renew the certificate you will not be able to include the internal names on it.
http://semb.ee/hostnames2010

Have any other clients reported the issue with Autodiscover prompts?

Simon.
Avatar of ChiIT

ASKER

actually, when running the trace, for the domain name do I need to put in autodiscover.domainname.com, or just domainname.com?
Avatar of ChiIT

ASKER

This is probably a better trace. I just did it against the main domain name and let it resolve to autodiscover..


The Microsoft Connectivity Analyzer is attempting to test Autodiscover for MYUSERNAME@MYDOMAIN.com.
 Testing Autodiscover failed.
 
Additional Details
 
Elapsed Time: 4178 ms.


 
Test Steps
 
Attempting each method of contacting the Autodiscover service.
 The Autodiscover service couldn't be contacted successfully by any method.
 
Additional Details
 
Elapsed Time: 4178 ms.


 
Test Steps
 
Attempting to test potential Autodiscover URL https://MYDOMAIN.com:443/Autodiscover/Autodiscover.xml
 Testing of this potential Autodiscover URL failed.
 
Additional Details
 
Elapsed Time: 544 ms.


 
Test Steps
 
Attempting to resolve the host name MYDOMAIN.com in DNS.
 The host name resolved successfully.
 
Additional Details
 
IP addresses returned: MYIP

Elapsed Time: 285 ms.



Testing TCP port 443 on host MYDOMAIN.com to ensure it's listening and open.
 The port was opened successfully.
 
Additional Details
 
Elapsed Time: 86 ms.



Testing the SSL certificate to make sure it's valid.
 The SSL certificate failed one or more certificate validation checks.
 
Additional Details
 
Elapsed Time: 173 ms.


 
Test Steps
 
The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server MYDOMAIN.com on port 443.
 The Microsoft Connectivity Analyzer wasn't able to obtain the remote SSL certificate.
 
Additional Details
 
The certificate couldn't be validated because SSL negotiation wasn't successful. This could have occurred as a result of a network error or because of a problem with the certificate installation.

Elapsed Time: 119 ms.







Attempting to test potential Autodiscover URL https://autodiscover.MYDOMAIN.com:443/Autodiscover/Autodiscover.xml
 Testing of this potential Autodiscover URL failed.
 
Additional Details
 
Elapsed Time: 1749 ms.


 
Test Steps
 
Attempting to resolve the host name autodiscover.MYDOMAIN.com in DNS.
 The host name resolved successfully.
 
Additional Details
 
IP addresses returned: MYPUBLICIP

Elapsed Time: 107 ms.



Testing TCP port 443 on host autodiscover.MYDOMAIN.com to ensure it's listening and open.
 The port was opened successfully.
 
Additional Details
 
Elapsed Time: 102 ms.



Testing the SSL certificate to make sure it's valid.
 The certificate passed all validation requirements.
 
Additional Details
 
Elapsed Time: 226 ms.


 
Test Steps
 
The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server autodiscover.MYDOMAIN.com on port 443.
 The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
 
Additional Details
 
Remote Certificate Subject: CN=mail.MYDOMAIN.com, OU=Domain Control Validated, O=mail.MYDOMAIN.com, Issuer: SERIALNUMBER=MYSERIALNUMBER, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US.

Elapsed Time: 136 ms.



Validating the certificate name.
 The certificate name was validated successfully.
 
Additional Details
 
Host name autodiscover.MYDOMAIN.com was found in the Certificate Subject Alternative Name entry.

Elapsed Time: 1 ms.



Certificate trust is being validated.
 The certificate is trusted and all certificates are present in the chain.
 
Test Steps
 
The Microsoft Connectivity Analyzer is attempting to build certificate chains for certificate CN=mail.MYDOMAIN.com, OU=Domain Control Validated, O=mail.MYDOMAIN.com.
 One or more certificate chains were constructed successfully.
 
Additional Details
 
A total of 1 chains were built. The highest quality chain ends in root certificate OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US.

Elapsed Time: 31 ms.



Analyzing the certificate chains for compatibility problems with versions of Windows.
 Potential compatibility problems were identified with some versions of Windows.
 
Additional Details
 
The Microsoft Connectivity Analyzer can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the "Update Root Certificates" feature isn't enabled.

Elapsed Time: 4 ms.





Testing the certificate date to confirm the certificate is valid.
 Date validation passed. The certificate hasn't expired.
 
Additional Details
 
The certificate is valid. NotBefore = 11/23/2012 7:15:32 PM, NotAfter = 11/23/2014 4:35:34 PM

Elapsed Time: 0 ms.





Checking the IIS configuration for client certificate authentication.
 Client certificate authentication wasn't detected.
 
Additional Details
 
Accept/Require Client Certificates isn't configured.

Elapsed Time: 287 ms.



Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
 Autodiscover settings weren't obtained when the Autodiscover POST request was sent.
 
Additional Details
 
Elapsed Time: 1024 ms.


 
Test Steps
 
The Microsoft Connectivity Analyzer is attempting to retrieve an XML Autodiscover response from URL https://autodiscover.MYDOMAIN.com:443/Autodiscover/Autodiscover.xml for user MYUSERNAME@MYDOMAIN.com.
 The Microsoft Connectivity Analyzer failed to obtain an Autodiscover XML response.
  Tell me more about this issue and how to resolve it
 
Additional Details
 
An error message was returned from the Autodiscover service
XML response:
<?xml version="1.0"?>
<Autodiscover xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
<Response>
<Error Time="13:27:11.0855816" Id="2111374496">
<ErrorCode>500</ErrorCode>
<Message>The e-mail address cannot be found.</Message>
<DebugData />
</Error>
</Response>
</Autodiscover>
HTTP Response Headers:
Persistent-Auth: true
Content-Length: 363
Cache-Control: private
Content-Type: text/xml; charset=utf-8
Date: Mon, 08 Sep 2014 13:27:11 GMT
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET


Elapsed Time: 1024 ms.







Attempting to contact the Autodiscover service using the HTTP redirect method.
 The attempt to contact Autodiscover using the HTTP Redirect method failed.
 
Additional Details
 
Elapsed Time: 1716 ms.


 
Test Steps
 
Attempting to resolve the host name autodiscover.MYDOMAIN.com in DNS.
 The host name resolved successfully.
 
Additional Details
 
IP addresses returned: MYPUBLICIP

Elapsed Time: 63 ms.



Testing TCP port 80 on host autodiscover.MYDOMAIN.com to ensure it's listening and open.
 The port was opened successfully.
 
Additional Details
 
Elapsed Time: 187 ms.



The Microsoft Connectivity Analyzer is checking the host autodiscover.MYDOMAIN.com for an HTTP redirect to the Autodiscover service.
 The redirect (HTTP 301/302) response was received successfully.
 
Additional Details
 
Redirect URL: HTTPS://AUTODISCOVER.MYDOMAIN.COM/AUTODISCOVER/AUTODISCOVER.XML
HTTP Response Headers:
Content-Length: 185
Content-Type: text/html; charset=utf-8
Date: Mon, 08 Sep 2014 13:27:11 GMT
Location: HTTPS://AUTODISCOVER.MYDOMAIN.COM/AUTODISCOVER/AUTODISCOVER.XML
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET


Elapsed Time: 249 ms.



Attempting to test potential Autodiscover URL HTTPS://AUTODISCOVER.MYDOMAIN.COM/AUTODISCOVER/AUTODISCOVER.XML
 Testing of this potential Autodiscover URL failed.
 
Additional Details
 
Elapsed Time: 1216 ms.


 
Test Steps
 
Attempting to resolve the host name autodiscover.MYDOMAIN.com in DNS.
 The host name resolved successfully.
 
Additional Details
 
IP addresses returned: MYPUBLICIP

Elapsed Time: 28 ms.



Testing TCP port 443 on host autodiscover.MYDOMAIN.com to ensure it's listening and open.
 The port was opened successfully.
 
Additional Details
 
Elapsed Time: 96 ms.



Testing the SSL certificate to make sure it's valid.
 The certificate passed all validation requirements.
 
Additional Details
 
Elapsed Time: 231 ms.


 
Test Steps
 
The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server autodiscover.MYDOMAIN.com on port 443.
 The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
 
Additional Details
 
Remote Certificate Subject: CN=mail.MYDOMAIN.com, OU=Domain Control Validated, O=mail.MYDOMAIN.com, Issuer: SERIALNUMBER=MYSERIALNUMBER, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US.

Elapsed Time: 137 ms.



Validating the certificate name.
 The certificate name was validated successfully.
 
Additional Details
 
Host name autodiscover.MYDOMAIN.com was found in the Certificate Subject Alternative Name entry.

Elapsed Time: 1 ms.



Certificate trust is being validated.
 The certificate is trusted and all certificates are present in the chain.
 
Test Steps
 
The Microsoft Connectivity Analyzer is attempting to build certificate chains for certificate CN=mail.MYDOMAIN.com, OU=Domain Control Validated, O=mail.MYDOMAIN.com.
 One or more certificate chains were constructed successfully.
 
Additional Details
 
A total of 1 chains were built. The highest quality chain ends in root certificate OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US.

Elapsed Time: 33 ms.



Analyzing the certificate chains for compatibility problems with versions of Windows.
 Potential compatibility problems were identified with some versions of Windows.
 
Additional Details
 
The Microsoft Connectivity Analyzer can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the "Update Root Certificates" feature isn't enabled.

Elapsed Time: 4 ms.





Testing the certificate date to confirm the certificate is valid.
 Date validation passed. The certificate hasn't expired.
 
Additional Details
 
The certificate is valid. NotBefore = 11/23/2012 7:15:32 PM, NotAfter = 11/23/2014 4:35:34 PM

Elapsed Time: 0 ms.





Checking the IIS configuration for client certificate authentication.
 Client certificate authentication wasn't detected.
 
Additional Details
 
Accept/Require Client Certificates isn't configured.

Elapsed Time: 66 ms.



Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
 Autodiscover settings weren't obtained when the Autodiscover POST request was sent.
 
Additional Details
 
Elapsed Time: 792 ms.


 
Test Steps
 
The Microsoft Connectivity Analyzer is attempting to retrieve an XML Autodiscover response from URL HTTPS://AUTODISCOVER.MYDOMAIN.COM/AUTODISCOVER/AUTODISCOVER.XML for user MYUSERNAME@MYDOMAIN.com.
 The Microsoft Connectivity Analyzer failed to obtain an Autodiscover XML response.
  Tell me more about this issue and how to resolve it
 
Additional Details
 
An error message was returned from the Autodiscover service
XML response:
<?xml version="1.0"?>
<Autodiscover xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
<Response>
<Error Time="13:27:13.0717802" Id="2111374496">
<ErrorCode>500</ErrorCode>
<Message>The e-mail address cannot be found.</Message>
<DebugData />
</Error>
</Response>
</Autodiscover>
HTTP Response Headers:
Persistent-Auth: true
Content-Length: 363
Cache-Control: private
Content-Type: text/xml; charset=utf-8
Date: Mon, 08 Sep 2014 13:27:12 GMT
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET


Elapsed Time: 791 ms.









Attempting to contact the Autodiscover service using the DNS SRV redirect method.
 The Microsoft Connectivity Analyzer failed to contact the Autodiscover service using the DNS SRV redirect method.
 
Additional Details
 
Elapsed Time: 135 ms.


 
Test Steps
 
Attempting to locate SRV record _autodiscover._tcp.MYDOMAIN.com in DNS.
 The Autodiscover SRV record wasn't found in DNS.
  Tell me more about this issue and how to resolve it
 
Additional Details
 
Elapsed Time: 135 ms.





Checking if there is an autodiscover CNAME record in DNS for your domain 'MYDOMAIN.com' for Office 365.
 Failed to validate autodiscover CNAME record in DNS. If your mailbox isn't in Office 365, you can ignore this warning.
  Tell me more about this issue and how to resolve it
 
Additional Details
 
There is no Autodiscover CNAME record for your domain 'MYDOMAIN.com'.

Elapsed Time: 31 ms.
Avatar of ChiIT

ASKER

Thank you Simon, more than one person experience this, but its very intermittent. When doing some online research some people see it every 5 minutes. This is sporadic, and always when the users are away from the office, so accessing over the internet.
You have a redirect in there, which is completely unnecessary.
Therefore find where Autodiscover.example.com resolves to. If it is coming to the same IP address as your Exchange server, then you need to look on the web server for another web site. If there isn't one, then it could be a virtual directory for Autodiscover overriding things.

The reason it doesn't happen internally is because Autodiscover works in a different way.

Simon.
Avatar of ChiIT

ASKER

It resolves externally to the public IP address of the comcast business class service that's installed, which is also where the exchange server is installed, and iis.

Internally it does resolve to the same server.

In iis there is an autodiscover under the default website.
ASKER CERTIFIED SOLUTION
Avatar of Simon Butler (Sembee)
Simon Butler (Sembee)
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of ChiIT

ASKER

Just to confirm back from a post previous, there is only an A record for autodiscover. I just checked on that.

I've included a screenshot of IIS. blurred a few things that were a bit to specific. Besides default there are some other SBS and sharepoint sites that are not being used. Assume they come pre-loaded....

User generated image
That looks like standard SBS stuff. My previous advice still stands - reset the virtual directory.

Simon.
Avatar of ChiIT

ASKER

Thanks Simon, will resetting the virtual directory have any adverse side effects I should be aware of?  Also I'll google it, but, what is the virtual directory used for?
Resetting it should have no effect - as I wrote above, the default settings should be fine.
The virtual directory is used for Autodiscover information. Autodiscover configures the client and is also how the availability information is found.

Simon.
Avatar of ChiIT

ASKER

thanks Simon, great help