Solved

Allow this website to configure pops up even though it's been working for a while

Posted on 2014-09-07
19
980 Views
Last Modified: 2014-09-15
Hello experts,

The attached message pops up for a user who is using outlook 2007 connected to a Exchange 2010 server. The user is connecting over the internet to email.

this user has had outlook working for a while, so it's not a new install. I've seen the autodiscover for new installs so it know's the server settings.

Does anyone know why this would come up randomly even after it's been setup and running for a while?

message
Thanks in advance
0
Comment
Question by:ChiIT
  • 10
  • 8
19 Comments
 
LVL 20

Expert Comment

by:Radhakrishnan Rajayyan
ID: 40309382
Hi,

This happens when outlook redirects autodiscover operation from HTTP to HTTPS. This can be resolved by adding a registry key.

HKEY_CURRENT_USER\Software\Microsoft\Office\xx.0\Outlook\AutoDiscover\RedirectServers

You can also use the following registry subkey:
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\xx.0\Outlook\AutoDiscover\RedirectServers

Select 14.0 (outlook 2010)>>lick the Edit menu, point to New, and then click String Value.

Type the name of the HTTPS server to which AutoDiscover can be redirected without prompting for confirmation from the user, and then press ENTER. For example, to allow redirection to https://abcd.com, the first String Value (REG_SZ) name would be:

abcd.com

Note In Outlook 2010 the name of the server is case-sensitive. In Outlook 2013 it is not case sensitive.
There is no need to add text to the Value data box. The Data column should remain empty for the string values that you create.

Hope this helps.
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40309398
The reason the prompt comes up is because Autodiscover regularly happens.

It is not (as many Exchange admins believe) a one time thing used for initial configuration. It cannot be ignored because you can configure things manually.
Outlook will do Autodiscover in the background to ensure that the settings are correct. You can make a change on Exchange and it will be on most of the clients within a few hours.

As for the prompt you are seeing, that could be down to a number of reasons.
a. You haven't got Autodiscover setup correctly.
b. Your ISP has changed something.

Thing is, if you have Autodiscover.example.com in your SSL certificate, then you just need to have an A record in the public DNS pointing to the site. There is no need to use SRV or HTTP redirect, which is the error would tend to suggest is happening. You do NOT get the prompts when you are using A records, only with the other options.

That leads me to believe that something isn't setup properly or something has been changed.

As such, while the above posting is a valid answer, it doesn't really deal with the why it is occurring, just the symptoms, particularly if things have appeared to be working correctly.

Simon.
0
 
LVL 2

Author Comment

by:ChiIT
ID: 40309579
Thanks both,

Simon, I'm assuming you are referring to the isp where exchange is, not the isp where the user is? this uses comcast business class internet where exchange is so I would be surprised if anything changed, so while not ruling that out I'm thinking your suggestion about config might be the first place to look.

I will check to see if there are SRV and HTTP redirects setup.

If it's ok I'll leave this open until later today while I check that config...
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40309671
My use of ISP was probably not correct.

What I am referring to is where the public web site is located and/or where the DNS for the public domain name is located.

Time and again I have seen web hosts implement a new or updated control panel which uses Autodiscover itself, then have a wildcard on the domain, which means Autodiscover starts going somewhere it shouldn't.

Simon.
0
 
LVL 2

Author Comment

by:ChiIT
ID: 40309687
Godaddy is where the public domain name is hosted. I haven't  Iogged on there recently, what would I look for on a change for that?

Something else I thought of not sure if its related or not. There is an ssl cert for this domainname. I know its current ( not expired), could there be anything related to that which might cause this?
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40309726
You need to follow the Autodiscover trail.
Do a test at the Microsoft test site: http://exrca.com/
See what is actually happening with Autodiscover.

Simon.
0
 
LVL 2

Author Comment

by:ChiIT
ID: 40309791
it looks like it passes successfully but its a bit confusing, the splash screen says passed, but when I copy the clipboard it has the following. not entirely sure I ran the tool correctly but this is what it came up with.

----

The Microsoft Connectivity Analyzer is attempting to test Autodiscover for administrator@mydomainname.com.
 Autodiscover was tested successfully.
 
Additional Details
 
Elapsed Time: 4602 ms.


 
Test Steps
 
Attempting each method of contacting the Autodiscover service.
 The Autodiscover service was tested successfully.
 
Additional Details
 
Elapsed Time: 4602 ms.


 
Test Steps
 
Attempting to test potential Autodiscover URL https://mydomainname.com:443/Autodiscover/Autodiscover.xml
 Testing of this potential Autodiscover URL failed.
 
Additional Details
 
Elapsed Time: 276 ms.


 
Test Steps
 
Attempting to resolve the host name mydomainname.com in DNS.
 The host name resolved successfully.
 
Additional Details
 
IP addresses returned: xx.xx.xx.xx

Elapsed Time: 31 ms.



Testing TCP port 443 on host mydomainname.com to ensure it's listening and open.
 The port was opened successfully.
 
Additional Details
 
Elapsed Time: 84 ms.



Testing the SSL certificate to make sure it's valid.
 The SSL certificate failed one or more certificate validation checks.
 
Additional Details
 
Elapsed Time: 160 ms.


 
Test Steps
 
The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server mydomainname.com on port 443.
 The Microsoft Connectivity Analyzer wasn't able to obtain the remote SSL certificate.
 
Additional Details
 
The certificate couldn't be validated because SSL negotiation wasn't successful. This could have occurred as a result of a network error or because of a problem with the certificate installation.

Elapsed Time: 114 ms.







Attempting to test potential Autodiscover URL https://autodiscover.mydomainname.com:443/Autodiscover/Autodiscover.xml
 Testing of the Autodiscover URL was successful.
 
Additional Details
 
Elapsed Time: 4326 ms.


 
Test Steps
 
Attempting to resolve the host name autodiscover.mydomainname.com in DNS.
 The host name resolved successfully.
 
Additional Details
 
IP addresses returned: my ip address

Elapsed Time: 28 ms.



Testing TCP port 443 on host autodiscover.mydomainname.com to ensure it's listening and open.
 The port was opened successfully.
 
Additional Details
 
Elapsed Time: 127 ms.



Testing the SSL certificate to make sure it's valid.
 The certificate passed all validation requirements.
 
Additional Details
 
Elapsed Time: 230 ms.


 
Test Steps
 
The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server autodiscover.mydomainname.com on port 443.
 The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
 
Additional Details
 
Remote Certificate Subject: CN=mail.mydomainname.com, OU=Domain Control Validated, O=mail.mydomainname.com, Issuer: SERIALNUMBER=myserialnumber, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US.

Elapsed Time: 139 ms.



Validating the certificate name.
 The certificate name was validated successfully.
 
Additional Details
 
Host name autodiscover.mydomainname.com was found in the Certificate Subject Alternative Name entry.

Elapsed Time: 2 ms.



Certificate trust is being validated.
 The certificate is trusted and all certificates are present in the chain.
 
Test Steps
 
The Microsoft Connectivity Analyzer is attempting to build certificate chains for certificate CN=mail.mydomainname.com, OU=Domain Control Validated, O=mail.mydomainname.com.
 One or more certificate chains were constructed successfully.
 
Additional Details
 
A total of 1 chains were built. The highest quality chain ends in root certificate OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US.

Elapsed Time: 28 ms.



Analyzing the certificate chains for compatibility problems with versions of Windows.
 Potential compatibility problems were identified with some versions of Windows.
 
Additional Details
 
The Microsoft Connectivity Analyzer can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the "Update Root Certificates" feature isn't enabled.

Elapsed Time: 10 ms.





Testing the certificate date to confirm the certificate is valid.
 Date validation passed. The certificate hasn't expired.
 
Additional Details
 
The certificate is valid. NotBefore = 11/23/2012 7:15:32 PM, NotAfter = 11/23/2014 4:35:34 PM

Elapsed Time: 0 ms.





Checking the IIS configuration for client certificate authentication.
 Client certificate authentication wasn't detected.
 
Additional Details
 
Accept/Require Client Certificates isn't configured.

Elapsed Time: 330 ms.



Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
 The Microsoft Connectivity Analyzer successfully retrieved Autodiscover settings by sending an Autodiscover POST.
 
Additional Details
 
Elapsed Time: 3610 ms.


 
Test Steps
 
The Microsoft Connectivity Analyzer is attempting to retrieve an XML Autodiscover response from URL https://autodiscover.mydomainname.com:443/Autodiscover/Autodiscover.xml for user administrator@mydomainname.com.
 The Autodiscover XML response was successfully retrieved.
 
Additional Details
 
Autodiscover Account Settings
XML response:
<?xml version="1.0"?>
<Autodiscover xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
<Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">
<User>
<DisplayName>Administrator</DisplayName>
<LegacyDN>/o=mydomain/ou=first administrative group/cn=Recipients/cn=Administrator</LegacyDN>
<DeploymentId>6bfdd6a3-2102-45a4-90d8-18e222a8dd2d</DeploymentId>
</User>
<Account>
<AccountType>email</AccountType>
<Action>settings</Action>
<Protocol>
<Type>EXCH</Type>
<Server>myserver.mydomain.local</Server>
<ServerDN>/o=mydomain/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=myserver</ServerDN>
<ServerVersion>738180DA</ServerVersion>
<MdbDN>/o=mydomain/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=myserver/cn=Microsoft Private MDB</MdbDN>
<ASUrl>https://myserver.mydomainname.local/EWS/Exchange.asmx</ASUrl>
<OOFUrl>https://myserver.mydomainname.local/EWS/Exchange.asmx</OOFUrl>
<OABUrl>Public Folder</OABUrl>
<UMUrl>https://myserver.mydomainname.local/EWS/UM2007Legacy.asmx</UMUrl>
<Port>0</Port>
<DirectoryPort>0</DirectoryPort>
<ReferralPort>0</ReferralPort>
<PublicFolderServer>myserver.mydomain.local</PublicFolderServer>
<AD>myserver.mydomain.local</AD>
<EwsUrl>https://myserver.mydomainname.local/EWS/Exchange.asmx</EwsUrl>
<EcpUrl>https://mail.mydomainname.com/ecp/</EcpUrl>
<EcpUrl-um>?p=customize/voicemail.aspx&amp;exsvurl=1</EcpUrl-um>
<EcpUrl-aggr>?p=personalsettings/EmailSubscriptions.slab&amp;exsvurl=1</EcpUrl-aggr>
<EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?exsvurl=1&amp;IsOWA=&lt;IsOWA&gt;&amp;MsgID=&lt;MsgID&gt;&amp;Mbx=&lt;Mbx&gt;</EcpUrl-mt>
<EcpUrl-ret>?p=organize/retentionpolicytags.slab&amp;exsvurl=1</EcpUrl-ret>
<EcpUrl-sms>?p=sms/textmessaging.slab&amp;exsvurl=1</EcpUrl-sms>
</Protocol>
<Protocol>
<Type>EXPR</Type>
<Server>mail.mydomainname.com</Server>
<OABUrl>Public Folder</OABUrl>
<Port>0</Port>
<DirectoryPort>0</DirectoryPort>
<ReferralPort>0</ReferralPort>
<SSL>On</SSL>
<AuthPackage>Ntlm</AuthPackage>
<EcpUrl>https://mail.mydomainname.com/ecp/</EcpUrl>
<EcpUrl-um>?p=customize/voicemail.aspx&amp;exsvurl=1</EcpUrl-um>
<EcpUrl-aggr>?p=personalsettings/EmailSubscriptions.slab&amp;exsvurl=1</EcpUrl-aggr>
<EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?exsvurl=1&amp;IsOWA=&lt;IsOWA&gt;&amp;MsgID=&lt;MsgID&gt;&amp;Mbx=&lt;Mbx&gt;</EcpUrl-mt>
<EcpUrl-ret>?p=organize/retentionpolicytags.slab&amp;exsvurl=1</EcpUrl-ret>
<EcpUrl-sms>?p=sms/textmessaging.slab&amp;exsvurl=1</EcpUrl-sms>
</Protocol>
<Protocol>
<Type>WEB</Type>
<Port>0</Port>
<DirectoryPort>0</DirectoryPort>
<ReferralPort>0</ReferralPort>
<Internal>
<OWAUrl AuthenticationMethod="Basic, Fba">https://mail.mydomainname.com/owa/</OWAUrl>
<Protocol>
<Type>EXCH</Type>
<ASUrl>https://myserver.mydomainname.local/EWS/Exchange.asmx</ASUrl>
</Protocol>
</Internal>
<External>
<OWAUrl AuthenticationMethod="Fba">https://mail.mydomainname.com/owa/</OWAUrl>
</External>
</Protocol>
</Account>
</Response>
</Autodiscover>
HTTP Response Headers:
Persistent-Auth: true
Content-Length: 4382
Cache-Control: private
Content-Type: text/xml; charset=utf-8
Date: Mon, 08 Sep 2014 13:01:51 GMT
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET


Elapsed Time: 3609 ms.

Autodicover
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40309805
The first error is fine - because Autodiscover attempts to connect to https://example.com/Autodiscover/Autodiscover.xml first.
It then attempts to connect to other URLs if that fails, the preferred URL being https://autodiscover.example.com/Autodiscover/Autodiscover.xml

The rest of the bits and pieces are really telling you to ensure that you have all of the intermediate certificates installed from GoDaddy.

However I would consider changing the URLs from the internal names to the external ones. Next time you renew the certificate you will not be able to include the internal names on it.
http://semb.ee/hostnames2010

Have any other clients reported the issue with Autodiscover prompts?

Simon.
0
 
LVL 2

Author Comment

by:ChiIT
ID: 40309817
actually, when running the trace, for the domain name do I need to put in autodiscover.domainname.com, or just domainname.com?
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 
LVL 2

Author Comment

by:ChiIT
ID: 40309847
This is probably a better trace. I just did it against the main domain name and let it resolve to autodiscover..


The Microsoft Connectivity Analyzer is attempting to test Autodiscover for MYUSERNAME@MYDOMAIN.com.
 Testing Autodiscover failed.
 
Additional Details
 
Elapsed Time: 4178 ms.


 
Test Steps
 
Attempting each method of contacting the Autodiscover service.
 The Autodiscover service couldn't be contacted successfully by any method.
 
Additional Details
 
Elapsed Time: 4178 ms.


 
Test Steps
 
Attempting to test potential Autodiscover URL https://MYDOMAIN.com:443/Autodiscover/Autodiscover.xml
 Testing of this potential Autodiscover URL failed.
 
Additional Details
 
Elapsed Time: 544 ms.


 
Test Steps
 
Attempting to resolve the host name MYDOMAIN.com in DNS.
 The host name resolved successfully.
 
Additional Details
 
IP addresses returned: MYIP

Elapsed Time: 285 ms.



Testing TCP port 443 on host MYDOMAIN.com to ensure it's listening and open.
 The port was opened successfully.
 
Additional Details
 
Elapsed Time: 86 ms.



Testing the SSL certificate to make sure it's valid.
 The SSL certificate failed one or more certificate validation checks.
 
Additional Details
 
Elapsed Time: 173 ms.


 
Test Steps
 
The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server MYDOMAIN.com on port 443.
 The Microsoft Connectivity Analyzer wasn't able to obtain the remote SSL certificate.
 
Additional Details
 
The certificate couldn't be validated because SSL negotiation wasn't successful. This could have occurred as a result of a network error or because of a problem with the certificate installation.

Elapsed Time: 119 ms.







Attempting to test potential Autodiscover URL https://autodiscover.MYDOMAIN.com:443/Autodiscover/Autodiscover.xml
 Testing of this potential Autodiscover URL failed.
 
Additional Details
 
Elapsed Time: 1749 ms.


 
Test Steps
 
Attempting to resolve the host name autodiscover.MYDOMAIN.com in DNS.
 The host name resolved successfully.
 
Additional Details
 
IP addresses returned: MYPUBLICIP

Elapsed Time: 107 ms.



Testing TCP port 443 on host autodiscover.MYDOMAIN.com to ensure it's listening and open.
 The port was opened successfully.
 
Additional Details
 
Elapsed Time: 102 ms.



Testing the SSL certificate to make sure it's valid.
 The certificate passed all validation requirements.
 
Additional Details
 
Elapsed Time: 226 ms.


 
Test Steps
 
The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server autodiscover.MYDOMAIN.com on port 443.
 The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
 
Additional Details
 
Remote Certificate Subject: CN=mail.MYDOMAIN.com, OU=Domain Control Validated, O=mail.MYDOMAIN.com, Issuer: SERIALNUMBER=MYSERIALNUMBER, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US.

Elapsed Time: 136 ms.



Validating the certificate name.
 The certificate name was validated successfully.
 
Additional Details
 
Host name autodiscover.MYDOMAIN.com was found in the Certificate Subject Alternative Name entry.

Elapsed Time: 1 ms.



Certificate trust is being validated.
 The certificate is trusted and all certificates are present in the chain.
 
Test Steps
 
The Microsoft Connectivity Analyzer is attempting to build certificate chains for certificate CN=mail.MYDOMAIN.com, OU=Domain Control Validated, O=mail.MYDOMAIN.com.
 One or more certificate chains were constructed successfully.
 
Additional Details
 
A total of 1 chains were built. The highest quality chain ends in root certificate OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US.

Elapsed Time: 31 ms.



Analyzing the certificate chains for compatibility problems with versions of Windows.
 Potential compatibility problems were identified with some versions of Windows.
 
Additional Details
 
The Microsoft Connectivity Analyzer can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the "Update Root Certificates" feature isn't enabled.

Elapsed Time: 4 ms.





Testing the certificate date to confirm the certificate is valid.
 Date validation passed. The certificate hasn't expired.
 
Additional Details
 
The certificate is valid. NotBefore = 11/23/2012 7:15:32 PM, NotAfter = 11/23/2014 4:35:34 PM

Elapsed Time: 0 ms.





Checking the IIS configuration for client certificate authentication.
 Client certificate authentication wasn't detected.
 
Additional Details
 
Accept/Require Client Certificates isn't configured.

Elapsed Time: 287 ms.



Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
 Autodiscover settings weren't obtained when the Autodiscover POST request was sent.
 
Additional Details
 
Elapsed Time: 1024 ms.


 
Test Steps
 
The Microsoft Connectivity Analyzer is attempting to retrieve an XML Autodiscover response from URL https://autodiscover.MYDOMAIN.com:443/Autodiscover/Autodiscover.xml for user MYUSERNAME@MYDOMAIN.com.
 The Microsoft Connectivity Analyzer failed to obtain an Autodiscover XML response.
  Tell me more about this issue and how to resolve it
 
Additional Details
 
An error message was returned from the Autodiscover service
XML response:
<?xml version="1.0"?>
<Autodiscover xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
<Response>
<Error Time="13:27:11.0855816" Id="2111374496">
<ErrorCode>500</ErrorCode>
<Message>The e-mail address cannot be found.</Message>
<DebugData />
</Error>
</Response>
</Autodiscover>
HTTP Response Headers:
Persistent-Auth: true
Content-Length: 363
Cache-Control: private
Content-Type: text/xml; charset=utf-8
Date: Mon, 08 Sep 2014 13:27:11 GMT
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET


Elapsed Time: 1024 ms.







Attempting to contact the Autodiscover service using the HTTP redirect method.
 The attempt to contact Autodiscover using the HTTP Redirect method failed.
 
Additional Details
 
Elapsed Time: 1716 ms.


 
Test Steps
 
Attempting to resolve the host name autodiscover.MYDOMAIN.com in DNS.
 The host name resolved successfully.
 
Additional Details
 
IP addresses returned: MYPUBLICIP

Elapsed Time: 63 ms.



Testing TCP port 80 on host autodiscover.MYDOMAIN.com to ensure it's listening and open.
 The port was opened successfully.
 
Additional Details
 
Elapsed Time: 187 ms.



The Microsoft Connectivity Analyzer is checking the host autodiscover.MYDOMAIN.com for an HTTP redirect to the Autodiscover service.
 The redirect (HTTP 301/302) response was received successfully.
 
Additional Details
 
Redirect URL: HTTPS://AUTODISCOVER.MYDOMAIN.COM/AUTODISCOVER/AUTODISCOVER.XML
HTTP Response Headers:
Content-Length: 185
Content-Type: text/html; charset=utf-8
Date: Mon, 08 Sep 2014 13:27:11 GMT
Location: HTTPS://AUTODISCOVER.MYDOMAIN.COM/AUTODISCOVER/AUTODISCOVER.XML
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET


Elapsed Time: 249 ms.



Attempting to test potential Autodiscover URL HTTPS://AUTODISCOVER.MYDOMAIN.COM/AUTODISCOVER/AUTODISCOVER.XML
 Testing of this potential Autodiscover URL failed.
 
Additional Details
 
Elapsed Time: 1216 ms.


 
Test Steps
 
Attempting to resolve the host name autodiscover.MYDOMAIN.com in DNS.
 The host name resolved successfully.
 
Additional Details
 
IP addresses returned: MYPUBLICIP

Elapsed Time: 28 ms.



Testing TCP port 443 on host autodiscover.MYDOMAIN.com to ensure it's listening and open.
 The port was opened successfully.
 
Additional Details
 
Elapsed Time: 96 ms.



Testing the SSL certificate to make sure it's valid.
 The certificate passed all validation requirements.
 
Additional Details
 
Elapsed Time: 231 ms.


 
Test Steps
 
The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server autodiscover.MYDOMAIN.com on port 443.
 The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
 
Additional Details
 
Remote Certificate Subject: CN=mail.MYDOMAIN.com, OU=Domain Control Validated, O=mail.MYDOMAIN.com, Issuer: SERIALNUMBER=MYSERIALNUMBER, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US.

Elapsed Time: 137 ms.



Validating the certificate name.
 The certificate name was validated successfully.
 
Additional Details
 
Host name autodiscover.MYDOMAIN.com was found in the Certificate Subject Alternative Name entry.

Elapsed Time: 1 ms.



Certificate trust is being validated.
 The certificate is trusted and all certificates are present in the chain.
 
Test Steps
 
The Microsoft Connectivity Analyzer is attempting to build certificate chains for certificate CN=mail.MYDOMAIN.com, OU=Domain Control Validated, O=mail.MYDOMAIN.com.
 One or more certificate chains were constructed successfully.
 
Additional Details
 
A total of 1 chains were built. The highest quality chain ends in root certificate OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US.

Elapsed Time: 33 ms.



Analyzing the certificate chains for compatibility problems with versions of Windows.
 Potential compatibility problems were identified with some versions of Windows.
 
Additional Details
 
The Microsoft Connectivity Analyzer can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the "Update Root Certificates" feature isn't enabled.

Elapsed Time: 4 ms.





Testing the certificate date to confirm the certificate is valid.
 Date validation passed. The certificate hasn't expired.
 
Additional Details
 
The certificate is valid. NotBefore = 11/23/2012 7:15:32 PM, NotAfter = 11/23/2014 4:35:34 PM

Elapsed Time: 0 ms.





Checking the IIS configuration for client certificate authentication.
 Client certificate authentication wasn't detected.
 
Additional Details
 
Accept/Require Client Certificates isn't configured.

Elapsed Time: 66 ms.



Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
 Autodiscover settings weren't obtained when the Autodiscover POST request was sent.
 
Additional Details
 
Elapsed Time: 792 ms.


 
Test Steps
 
The Microsoft Connectivity Analyzer is attempting to retrieve an XML Autodiscover response from URL HTTPS://AUTODISCOVER.MYDOMAIN.COM/AUTODISCOVER/AUTODISCOVER.XML for user MYUSERNAME@MYDOMAIN.com.
 The Microsoft Connectivity Analyzer failed to obtain an Autodiscover XML response.
  Tell me more about this issue and how to resolve it
 
Additional Details
 
An error message was returned from the Autodiscover service
XML response:
<?xml version="1.0"?>
<Autodiscover xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
<Response>
<Error Time="13:27:13.0717802" Id="2111374496">
<ErrorCode>500</ErrorCode>
<Message>The e-mail address cannot be found.</Message>
<DebugData />
</Error>
</Response>
</Autodiscover>
HTTP Response Headers:
Persistent-Auth: true
Content-Length: 363
Cache-Control: private
Content-Type: text/xml; charset=utf-8
Date: Mon, 08 Sep 2014 13:27:12 GMT
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET


Elapsed Time: 791 ms.









Attempting to contact the Autodiscover service using the DNS SRV redirect method.
 The Microsoft Connectivity Analyzer failed to contact the Autodiscover service using the DNS SRV redirect method.
 
Additional Details
 
Elapsed Time: 135 ms.


 
Test Steps
 
Attempting to locate SRV record _autodiscover._tcp.MYDOMAIN.com in DNS.
 The Autodiscover SRV record wasn't found in DNS.
  Tell me more about this issue and how to resolve it
 
Additional Details
 
Elapsed Time: 135 ms.





Checking if there is an autodiscover CNAME record in DNS for your domain 'MYDOMAIN.com' for Office 365.
 Failed to validate autodiscover CNAME record in DNS. If your mailbox isn't in Office 365, you can ignore this warning.
  Tell me more about this issue and how to resolve it
 
Additional Details
 
There is no Autodiscover CNAME record for your domain 'MYDOMAIN.com'.

Elapsed Time: 31 ms.
0
 
LVL 2

Author Comment

by:ChiIT
ID: 40309850
Thank you Simon, more than one person experience this, but its very intermittent. When doing some online research some people see it every 5 minutes. This is sporadic, and always when the users are away from the office, so accessing over the internet.
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40309997
You have a redirect in there, which is completely unnecessary.
Therefore find where Autodiscover.example.com resolves to. If it is coming to the same IP address as your Exchange server, then you need to look on the web server for another web site. If there isn't one, then it could be a virtual directory for Autodiscover overriding things.

The reason it doesn't happen internally is because Autodiscover works in a different way.

Simon.
0
 
LVL 2

Author Comment

by:ChiIT
ID: 40310090
It resolves externally to the public IP address of the comcast business class service that's installed, which is also where the exchange server is installed, and iis.

Internally it does resolve to the same server.

In iis there is an autodiscover under the default website.
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 500 total points
ID: 40310292
Is there only one web site on the server? The one with Autodiscover on it?
If so, then I would suggest a reset of the Autodiscover virtual directory.

EMC, Server Config, Client Access. Right click on the server and choose Reset Virtual Directory.
On the first screen choose Browse and select Autodiscover. Click next etc to complete the wizard.
For Autodiscover the default configuration is fine, so once the wizard has completed, run IISRESET and then test again.

Simon.
0
 
LVL 2

Author Comment

by:ChiIT
ID: 40310796
Just to confirm back from a post previous, there is only an A record for autodiscover. I just checked on that.

I've included a screenshot of IIS. blurred a few things that were a bit to specific. Besides default there are some other SBS and sharepoint sites that are not being used. Assume they come pre-loaded....

iis
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40310840
That looks like standard SBS stuff. My previous advice still stands - reset the virtual directory.

Simon.
0
 
LVL 2

Author Comment

by:ChiIT
ID: 40311108
Thanks Simon, will resetting the virtual directory have any adverse side effects I should be aware of?  Also I'll google it, but, what is the virtual directory used for?
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40311970
Resetting it should have no effect - as I wrote above, the default settings should be fine.
The virtual directory is used for Autodiscover information. Autodiscover configures the client and is also how the availability information is found.

Simon.
0
 
LVL 2

Author Closing Comment

by:ChiIT
ID: 40324431
thanks Simon, great help
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Outlook Free & Paid Tools
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
The viewer will learn how to create two correlated normally distributed random variables in Excel, use a normal distribution to simulate the return on different levels of investment in each of the two funds over a period of ten years, and, create a …

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now