Autodiscover for exchange 2013 problem

piaakit
piaakit used Ask the Experts™
on
Hi All

             I have a exchange 2013 with SRV record created for autodiscover.domain.com in my external DNS Server, no ssl certificated installed and A record for autodiscover.domain.com on the external DNS server, and when i try to perform the microsoft connectivity analyzer i,m getting below, and it show blank screen when i access to below link   https://domain.hk/autodiscover/autodiscover.xml, any idea what causes such problem ?



The Microsoft Connectivity Analyzer is attempting to test Autodiscover for keith@domain.hk.
 Testing Autodiscover failed.
 
Additional Details
 
Elapsed Time: 5374 ms.


 
Test Steps
 
Attempting each method of contacting the Autodiscover service.
 The Autodiscover service couldn't be contacted successfully by any method.
 
Additional Details
 
Elapsed Time: 5374 ms.


 
Test Steps
 
Attempting to test potential Autodiscover URL https://domain.hk:443/Autodiscover/Autodiscover.xml
 Testing of this potential Autodiscover URL failed.
 
Additional Details
 
Elapsed Time: 3758 ms.


 
Test Steps
 
Attempting to resolve the host name domain.hk in DNS.
 The host name resolved successfully.
 
Additional Details
 
IP addresses returned: 113.28.54.219

Elapsed Time: 2913 ms.



Testing TCP port 443 on host domain.hk to ensure it's listening and open.
 The port was opened successfully.
 
Additional Details
 
Elapsed Time: 462 ms.



Testing the SSL certificate to make sure it's valid.
 The SSL certificate failed one or more certificate validation checks.
 
Additional Details
 
Elapsed Time: 382 ms.


 
Test Steps
 
The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server domain.hk on port 443.
 The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
 
Additional Details
 
Remote Certificate Subject: CN=WMSvc-EXSERVER, Issuer: CN=WMSvc-EXSERVER.

Elapsed Time: 313 ms.



Validating the certificate name.
 Certificate name validation failed.
  Tell me more about this issue and how to resolve it
 
Additional Details
 
Host name domain.hk doesn't match any name found on the server certificate CN=WMSvc-EXSERVER.

Elapsed Time: 1 ms.







Attempting to test potential Autodiscover URL https://autodiscover.domain.hk:443/Autodiscover/Autodiscover.xml
 Testing of this potential Autodiscover URL failed.
 
Additional Details
 
Elapsed Time: 235 ms.


 
Test Steps
 
Attempting to resolve the host name autodiscover.domain.hk in DNS.
 The host name couldn't be resolved.
  Tell me more about this issue and how to resolve it
 
Additional Details
 
Host autodiscover.domain.hk couldn't be resolved in DNS InfoDomainNonexistent.

Elapsed Time: 235 ms.





Attempting to contact the Autodiscover service using the HTTP redirect method.
 The attempt to contact Autodiscover using the HTTP Redirect method failed.
 
Additional Details
 
Elapsed Time: 35 ms.


 
Test Steps
 
Attempting to resolve the host name autodiscover.domain.hk in DNS.
 The host name couldn't be resolved.
  Tell me more about this issue and how to resolve it
 
Additional Details
 
Host autodiscover.domain.hk couldn't be resolved in DNS InfoDomainNonexistent.

Elapsed Time: 35 ms.





Attempting to contact the Autodiscover service using the DNS SRV redirect method.
 The Microsoft Connectivity Analyzer failed to contact the Autodiscover service using the DNS SRV redirect method.
 
Additional Details
 
Elapsed Time: 1344 ms.


 
Test Steps
 
Attempting to locate SRV record _autodiscover._tcp.domain.hk in DNS.
 The Autodiscover SRV record was successfully retrieved from DNS.
 
Additional Details
 
The Service Location (SRV) record lookup returned host webmail.domain.hk.

Elapsed Time: 232 ms.



Attempting to test potential Autodiscover URL https://webmail.domain.hk:443/Autodiscover/Autodiscover.xml
 Testing of this potential Autodiscover URL failed.
 
Additional Details
 
Elapsed Time: 1112 ms.


 
Test Steps
 
Attempting to resolve the host name webmail.domain.hk in DNS.
 The host name resolved successfully.
 
Additional Details
 
IP addresses returned: 113.28.54.219

Elapsed Time: 272 ms.



Testing TCP port 443 on host webmail.domain.hk to ensure it's listening and open.
 The port was opened successfully.
 
Additional Details
 
Elapsed Time: 454 ms.



Testing the SSL certificate to make sure it's valid.
 The SSL certificate failed one or more certificate validation checks.
 
Additional Details
 
Elapsed Time: 384 ms.


 
Test Steps
 
The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server webmail.domain.hk on port 443.
 The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
 
Additional Details
 
Remote Certificate Subject: CN=WMSvc-EXSERVER, Issuer: CN=WMSvc-EXSERVER.

Elapsed Time: 321 ms.



Validating the certificate name.
 Certificate name validation failed.
  Tell me more about this issue and how to resolve it
 
Additional Details
 
Host name webmail.domain.hk doesn't match any name found on the server certificate CN=WMSvc-EXSERVER.

Elapsed Time: 1 ms.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

Commented:
You are going to have to have an ssl cert.
Sr. Enterprise Architect
Most Valuable Expert 2014
Commented:
Setup an A record for autodiscover.company.hk and then get a valid SSL certificate. If you chose whatever reason not to setup the Autodiscover namespace make sure you setup the SRV record in Public DNS properly.

Author

Commented:
if I don't plan to get a ssl cert for autodiscover (coz testing purpose) and I have created a SRV record for autodiscover.domain.com in my external DNS server already, and without A record in my external dns, am my concept correct ? but don't know why I still getting below error, may I know why it shows blank when I access below link

Attempting to test potential Autodiscover URL https://webmail.domain.hk:443/Autodiscover/Autodiscover.xml
  Testing of this potential Autodiscover URL failed.

is the SRV record correct ?

DNS
Should you be charging more for IT Services?

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Gareth GudgerSolution Architect
Most Valuable Expert 2014
Top Expert 2014

Commented:
That looks correct internally. But did you also create an SRV autodiscover record with your external DNS provider?

Regardless of whether you use SRV or a CNAME for autodiscover you still need a cert. While the SRV method doesn't need the pricier UC/SAN cert, it will still need an SSL cert. For testing you "could" try a self-signed certificate but those are more headache than they are worth.

Author

Commented:
sorry the screenshot above is from extneral dns server for SRV record, do i need to create SRV in internal dns as well ? and also i do need a ssl cert, does it needs to contain autodiscover.domain.com within the ssl cert ?
Gareth GudgerSolution Architect
Most Valuable Expert 2014
Top Expert 2014

Commented:
If you are using an SRV record you can get away with just a single-name standard SSL certificate.

http://supertekboy.com/certificates-for-microsoft-exchange/

UC / SAN certificates would only be needed if you plan to use more than one name in Exchange. So yep. Single SSL cert is all that is needed in your case.

SRV record only needs to be external. Exchange uses SCP internally in the domain. You can create an SRV record internally if you have any non-domain joined devices.

Author

Commented:
Hi Gareth

understand, my plan to enable outlook anywhere for 2 users, and they are locate in remote site, and the remote site has no any vpn connection between the exchange server site, also the 2 computer are non-domain joined devices, and now i will apply a single ssl cert from supertekboy first, by the way what is mean of SCP ?
Gareth GudgerSolution Architect
Most Valuable Expert 2014
Top Expert 2014

Commented:
Internally you don't need to do anything in DNS for Exchange. Because Exchange creates an SCP record on install.

More info on SCP here.
http://technet.microsoft.com/en-us/library/bb124251(v=exchg.150).aspx

Author

Commented:
let me check that thanks !

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial