• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 275
  • Last Modified:

Autodiscover for exchange 2013 problem

Hi All

             I have a exchange 2013 with SRV record created for autodiscover.domain.com in my external DNS Server, no ssl certificated installed and A record for autodiscover.domain.com on the external DNS server, and when i try to perform the microsoft connectivity analyzer i,m getting below, and it show blank screen when i access to below link   https://domain.hk/autodiscover/autodiscover.xml, any idea what causes such problem ?



The Microsoft Connectivity Analyzer is attempting to test Autodiscover for keith@domain.hk.
 Testing Autodiscover failed.
 
Additional Details
 
Elapsed Time: 5374 ms.


 
Test Steps
 
Attempting each method of contacting the Autodiscover service.
 The Autodiscover service couldn't be contacted successfully by any method.
 
Additional Details
 
Elapsed Time: 5374 ms.


 
Test Steps
 
Attempting to test potential Autodiscover URL https://domain.hk:443/Autodiscover/Autodiscover.xml
 Testing of this potential Autodiscover URL failed.
 
Additional Details
 
Elapsed Time: 3758 ms.


 
Test Steps
 
Attempting to resolve the host name domain.hk in DNS.
 The host name resolved successfully.
 
Additional Details
 
IP addresses returned: 113.28.54.219

Elapsed Time: 2913 ms.



Testing TCP port 443 on host domain.hk to ensure it's listening and open.
 The port was opened successfully.
 
Additional Details
 
Elapsed Time: 462 ms.



Testing the SSL certificate to make sure it's valid.
 The SSL certificate failed one or more certificate validation checks.
 
Additional Details
 
Elapsed Time: 382 ms.


 
Test Steps
 
The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server domain.hk on port 443.
 The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
 
Additional Details
 
Remote Certificate Subject: CN=WMSvc-EXSERVER, Issuer: CN=WMSvc-EXSERVER.

Elapsed Time: 313 ms.



Validating the certificate name.
 Certificate name validation failed.
  Tell me more about this issue and how to resolve it
 
Additional Details
 
Host name domain.hk doesn't match any name found on the server certificate CN=WMSvc-EXSERVER.

Elapsed Time: 1 ms.







Attempting to test potential Autodiscover URL https://autodiscover.domain.hk:443/Autodiscover/Autodiscover.xml
 Testing of this potential Autodiscover URL failed.
 
Additional Details
 
Elapsed Time: 235 ms.


 
Test Steps
 
Attempting to resolve the host name autodiscover.domain.hk in DNS.
 The host name couldn't be resolved.
  Tell me more about this issue and how to resolve it
 
Additional Details
 
Host autodiscover.domain.hk couldn't be resolved in DNS InfoDomainNonexistent.

Elapsed Time: 235 ms.





Attempting to contact the Autodiscover service using the HTTP redirect method.
 The attempt to contact Autodiscover using the HTTP Redirect method failed.
 
Additional Details
 
Elapsed Time: 35 ms.


 
Test Steps
 
Attempting to resolve the host name autodiscover.domain.hk in DNS.
 The host name couldn't be resolved.
  Tell me more about this issue and how to resolve it
 
Additional Details
 
Host autodiscover.domain.hk couldn't be resolved in DNS InfoDomainNonexistent.

Elapsed Time: 35 ms.





Attempting to contact the Autodiscover service using the DNS SRV redirect method.
 The Microsoft Connectivity Analyzer failed to contact the Autodiscover service using the DNS SRV redirect method.
 
Additional Details
 
Elapsed Time: 1344 ms.


 
Test Steps
 
Attempting to locate SRV record _autodiscover._tcp.domain.hk in DNS.
 The Autodiscover SRV record was successfully retrieved from DNS.
 
Additional Details
 
The Service Location (SRV) record lookup returned host webmail.domain.hk.

Elapsed Time: 232 ms.



Attempting to test potential Autodiscover URL https://webmail.domain.hk:443/Autodiscover/Autodiscover.xml
 Testing of this potential Autodiscover URL failed.
 
Additional Details
 
Elapsed Time: 1112 ms.


 
Test Steps
 
Attempting to resolve the host name webmail.domain.hk in DNS.
 The host name resolved successfully.
 
Additional Details
 
IP addresses returned: 113.28.54.219

Elapsed Time: 272 ms.



Testing TCP port 443 on host webmail.domain.hk to ensure it's listening and open.
 The port was opened successfully.
 
Additional Details
 
Elapsed Time: 454 ms.



Testing the SSL certificate to make sure it's valid.
 The SSL certificate failed one or more certificate validation checks.
 
Additional Details
 
Elapsed Time: 384 ms.


 
Test Steps
 
The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server webmail.domain.hk on port 443.
 The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
 
Additional Details
 
Remote Certificate Subject: CN=WMSvc-EXSERVER, Issuer: CN=WMSvc-EXSERVER.

Elapsed Time: 321 ms.



Validating the certificate name.
 Certificate name validation failed.
  Tell me more about this issue and how to resolve it
 
Additional Details
 
Host name webmail.domain.hk doesn't match any name found on the server certificate CN=WMSvc-EXSERVER.

Elapsed Time: 1 ms.
0
piaakit
Asked:
piaakit
1 Solution
 
tshearonCommented:
You are going to have to have an ssl cert.
0
 
Adam FarageEnterprise ArchCommented:
Setup an A record for autodiscover.company.hk and then get a valid SSL certificate. If you chose whatever reason not to setup the Autodiscover namespace make sure you setup the SRV record in Public DNS properly.
0
 
piaakitAuthor Commented:
if I don't plan to get a ssl cert for autodiscover (coz testing purpose) and I have created a SRV record for autodiscover.domain.com in my external DNS server already, and without A record in my external dns, am my concept correct ? but don't know why I still getting below error, may I know why it shows blank when I access below link

Attempting to test potential Autodiscover URL https://webmail.domain.hk:443/Autodiscover/Autodiscover.xml
  Testing of this potential Autodiscover URL failed.

is the SRV record correct ?

DNS
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
Gareth GudgerCommented:
That looks correct internally. But did you also create an SRV autodiscover record with your external DNS provider?

Regardless of whether you use SRV or a CNAME for autodiscover you still need a cert. While the SRV method doesn't need the pricier UC/SAN cert, it will still need an SSL cert. For testing you "could" try a self-signed certificate but those are more headache than they are worth.
0
 
piaakitAuthor Commented:
sorry the screenshot above is from extneral dns server for SRV record, do i need to create SRV in internal dns as well ? and also i do need a ssl cert, does it needs to contain autodiscover.domain.com within the ssl cert ?
0
 
Gareth GudgerCommented:
If you are using an SRV record you can get away with just a single-name standard SSL certificate.

http://supertekboy.com/certificates-for-microsoft-exchange/

UC / SAN certificates would only be needed if you plan to use more than one name in Exchange. So yep. Single SSL cert is all that is needed in your case.

SRV record only needs to be external. Exchange uses SCP internally in the domain. You can create an SRV record internally if you have any non-domain joined devices.
0
 
piaakitAuthor Commented:
Hi Gareth

understand, my plan to enable outlook anywhere for 2 users, and they are locate in remote site, and the remote site has no any vpn connection between the exchange server site, also the 2 computer are non-domain joined devices, and now i will apply a single ssl cert from supertekboy first, by the way what is mean of SCP ?
0
 
Gareth GudgerCommented:
Internally you don't need to do anything in DNS for Exchange. Because Exchange creates an SCP record on install.

More info on SCP here.
http://technet.microsoft.com/en-us/library/bb124251(v=exchg.150).aspx
0
 
piaakitAuthor Commented:
let me check that thanks !
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now