Autodiscover for exchange 2013 problem

Hi All

             I have a exchange 2013 with SRV record created for autodiscover.domain.com in my external DNS Server, no ssl certificated installed and A record for autodiscover.domain.com on the external DNS server, and when i try to perform the microsoft connectivity analyzer i,m getting below, and it show blank screen when i access to below link   https://domain.hk/autodiscover/autodiscover.xml, any idea what causes such problem ?



The Microsoft Connectivity Analyzer is attempting to test Autodiscover for keith@domain.hk.
 Testing Autodiscover failed.
 
Additional Details
 
Elapsed Time: 5374 ms.


 
Test Steps
 
Attempting each method of contacting the Autodiscover service.
 The Autodiscover service couldn't be contacted successfully by any method.
 
Additional Details
 
Elapsed Time: 5374 ms.


 
Test Steps
 
Attempting to test potential Autodiscover URL https://domain.hk:443/Autodiscover/Autodiscover.xml
 Testing of this potential Autodiscover URL failed.
 
Additional Details
 
Elapsed Time: 3758 ms.


 
Test Steps
 
Attempting to resolve the host name domain.hk in DNS.
 The host name resolved successfully.
 
Additional Details
 
IP addresses returned: 113.28.54.219

Elapsed Time: 2913 ms.



Testing TCP port 443 on host domain.hk to ensure it's listening and open.
 The port was opened successfully.
 
Additional Details
 
Elapsed Time: 462 ms.



Testing the SSL certificate to make sure it's valid.
 The SSL certificate failed one or more certificate validation checks.
 
Additional Details
 
Elapsed Time: 382 ms.


 
Test Steps
 
The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server domain.hk on port 443.
 The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
 
Additional Details
 
Remote Certificate Subject: CN=WMSvc-EXSERVER, Issuer: CN=WMSvc-EXSERVER.

Elapsed Time: 313 ms.



Validating the certificate name.
 Certificate name validation failed.
  Tell me more about this issue and how to resolve it
 
Additional Details
 
Host name domain.hk doesn't match any name found on the server certificate CN=WMSvc-EXSERVER.

Elapsed Time: 1 ms.







Attempting to test potential Autodiscover URL https://autodiscover.domain.hk:443/Autodiscover/Autodiscover.xml
 Testing of this potential Autodiscover URL failed.
 
Additional Details
 
Elapsed Time: 235 ms.


 
Test Steps
 
Attempting to resolve the host name autodiscover.domain.hk in DNS.
 The host name couldn't be resolved.
  Tell me more about this issue and how to resolve it
 
Additional Details
 
Host autodiscover.domain.hk couldn't be resolved in DNS InfoDomainNonexistent.

Elapsed Time: 235 ms.





Attempting to contact the Autodiscover service using the HTTP redirect method.
 The attempt to contact Autodiscover using the HTTP Redirect method failed.
 
Additional Details
 
Elapsed Time: 35 ms.


 
Test Steps
 
Attempting to resolve the host name autodiscover.domain.hk in DNS.
 The host name couldn't be resolved.
  Tell me more about this issue and how to resolve it
 
Additional Details
 
Host autodiscover.domain.hk couldn't be resolved in DNS InfoDomainNonexistent.

Elapsed Time: 35 ms.





Attempting to contact the Autodiscover service using the DNS SRV redirect method.
 The Microsoft Connectivity Analyzer failed to contact the Autodiscover service using the DNS SRV redirect method.
 
Additional Details
 
Elapsed Time: 1344 ms.


 
Test Steps
 
Attempting to locate SRV record _autodiscover._tcp.domain.hk in DNS.
 The Autodiscover SRV record was successfully retrieved from DNS.
 
Additional Details
 
The Service Location (SRV) record lookup returned host webmail.domain.hk.

Elapsed Time: 232 ms.



Attempting to test potential Autodiscover URL https://webmail.domain.hk:443/Autodiscover/Autodiscover.xml
 Testing of this potential Autodiscover URL failed.
 
Additional Details
 
Elapsed Time: 1112 ms.


 
Test Steps
 
Attempting to resolve the host name webmail.domain.hk in DNS.
 The host name resolved successfully.
 
Additional Details
 
IP addresses returned: 113.28.54.219

Elapsed Time: 272 ms.



Testing TCP port 443 on host webmail.domain.hk to ensure it's listening and open.
 The port was opened successfully.
 
Additional Details
 
Elapsed Time: 454 ms.



Testing the SSL certificate to make sure it's valid.
 The SSL certificate failed one or more certificate validation checks.
 
Additional Details
 
Elapsed Time: 384 ms.


 
Test Steps
 
The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server webmail.domain.hk on port 443.
 The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
 
Additional Details
 
Remote Certificate Subject: CN=WMSvc-EXSERVER, Issuer: CN=WMSvc-EXSERVER.

Elapsed Time: 321 ms.



Validating the certificate name.
 Certificate name validation failed.
  Tell me more about this issue and how to resolve it
 
Additional Details
 
Host name webmail.domain.hk doesn't match any name found on the server certificate CN=WMSvc-EXSERVER.

Elapsed Time: 1 ms.
piaakitAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

tshearonCommented:
You are going to have to have an ssl cert.
0
Adam FarageEnterprise ArchCommented:
Setup an A record for autodiscover.company.hk and then get a valid SSL certificate. If you chose whatever reason not to setup the Autodiscover namespace make sure you setup the SRV record in Public DNS properly.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
piaakitAuthor Commented:
if I don't plan to get a ssl cert for autodiscover (coz testing purpose) and I have created a SRV record for autodiscover.domain.com in my external DNS server already, and without A record in my external dns, am my concept correct ? but don't know why I still getting below error, may I know why it shows blank when I access below link

Attempting to test potential Autodiscover URL https://webmail.domain.hk:443/Autodiscover/Autodiscover.xml
  Testing of this potential Autodiscover URL failed.

is the SRV record correct ?

DNS
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

Gareth GudgerCommented:
That looks correct internally. But did you also create an SRV autodiscover record with your external DNS provider?

Regardless of whether you use SRV or a CNAME for autodiscover you still need a cert. While the SRV method doesn't need the pricier UC/SAN cert, it will still need an SSL cert. For testing you "could" try a self-signed certificate but those are more headache than they are worth.
0
piaakitAuthor Commented:
sorry the screenshot above is from extneral dns server for SRV record, do i need to create SRV in internal dns as well ? and also i do need a ssl cert, does it needs to contain autodiscover.domain.com within the ssl cert ?
0
Gareth GudgerCommented:
If you are using an SRV record you can get away with just a single-name standard SSL certificate.

http://supertekboy.com/certificates-for-microsoft-exchange/

UC / SAN certificates would only be needed if you plan to use more than one name in Exchange. So yep. Single SSL cert is all that is needed in your case.

SRV record only needs to be external. Exchange uses SCP internally in the domain. You can create an SRV record internally if you have any non-domain joined devices.
0
piaakitAuthor Commented:
Hi Gareth

understand, my plan to enable outlook anywhere for 2 users, and they are locate in remote site, and the remote site has no any vpn connection between the exchange server site, also the 2 computer are non-domain joined devices, and now i will apply a single ssl cert from supertekboy first, by the way what is mean of SCP ?
0
Gareth GudgerCommented:
Internally you don't need to do anything in DNS for Exchange. Because Exchange creates an SCP record on install.

More info on SCP here.
http://technet.microsoft.com/en-us/library/bb124251(v=exchg.150).aspx
0
piaakitAuthor Commented:
let me check that thanks !
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.