Solved

Autodiscover for exchange 2013 problem

Posted on 2014-11-18
9
90 Views
Last Modified: 2016-03-11
Hi All

             I have a exchange 2013 with SRV record created for autodiscover.domain.com in my external DNS Server, no ssl certificated installed and A record for autodiscover.domain.com on the external DNS server, and when i try to perform the microsoft connectivity analyzer i,m getting below, and it show blank screen when i access to below link   https://domain.hk/autodiscover/autodiscover.xml, any idea what causes such problem ?



The Microsoft Connectivity Analyzer is attempting to test Autodiscover for keith@domain.hk.
 Testing Autodiscover failed.
 
Additional Details
 
Elapsed Time: 5374 ms.


 
Test Steps
 
Attempting each method of contacting the Autodiscover service.
 The Autodiscover service couldn't be contacted successfully by any method.
 
Additional Details
 
Elapsed Time: 5374 ms.


 
Test Steps
 
Attempting to test potential Autodiscover URL https://domain.hk:443/Autodiscover/Autodiscover.xml
 Testing of this potential Autodiscover URL failed.
 
Additional Details
 
Elapsed Time: 3758 ms.


 
Test Steps
 
Attempting to resolve the host name domain.hk in DNS.
 The host name resolved successfully.
 
Additional Details
 
IP addresses returned: 113.28.54.219

Elapsed Time: 2913 ms.



Testing TCP port 443 on host domain.hk to ensure it's listening and open.
 The port was opened successfully.
 
Additional Details
 
Elapsed Time: 462 ms.



Testing the SSL certificate to make sure it's valid.
 The SSL certificate failed one or more certificate validation checks.
 
Additional Details
 
Elapsed Time: 382 ms.


 
Test Steps
 
The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server domain.hk on port 443.
 The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
 
Additional Details
 
Remote Certificate Subject: CN=WMSvc-EXSERVER, Issuer: CN=WMSvc-EXSERVER.

Elapsed Time: 313 ms.



Validating the certificate name.
 Certificate name validation failed.
  Tell me more about this issue and how to resolve it
 
Additional Details
 
Host name domain.hk doesn't match any name found on the server certificate CN=WMSvc-EXSERVER.

Elapsed Time: 1 ms.







Attempting to test potential Autodiscover URL https://autodiscover.domain.hk:443/Autodiscover/Autodiscover.xml
 Testing of this potential Autodiscover URL failed.
 
Additional Details
 
Elapsed Time: 235 ms.


 
Test Steps
 
Attempting to resolve the host name autodiscover.domain.hk in DNS.
 The host name couldn't be resolved.
  Tell me more about this issue and how to resolve it
 
Additional Details
 
Host autodiscover.domain.hk couldn't be resolved in DNS InfoDomainNonexistent.

Elapsed Time: 235 ms.





Attempting to contact the Autodiscover service using the HTTP redirect method.
 The attempt to contact Autodiscover using the HTTP Redirect method failed.
 
Additional Details
 
Elapsed Time: 35 ms.


 
Test Steps
 
Attempting to resolve the host name autodiscover.domain.hk in DNS.
 The host name couldn't be resolved.
  Tell me more about this issue and how to resolve it
 
Additional Details
 
Host autodiscover.domain.hk couldn't be resolved in DNS InfoDomainNonexistent.

Elapsed Time: 35 ms.





Attempting to contact the Autodiscover service using the DNS SRV redirect method.
 The Microsoft Connectivity Analyzer failed to contact the Autodiscover service using the DNS SRV redirect method.
 
Additional Details
 
Elapsed Time: 1344 ms.


 
Test Steps
 
Attempting to locate SRV record _autodiscover._tcp.domain.hk in DNS.
 The Autodiscover SRV record was successfully retrieved from DNS.
 
Additional Details
 
The Service Location (SRV) record lookup returned host webmail.domain.hk.

Elapsed Time: 232 ms.



Attempting to test potential Autodiscover URL https://webmail.domain.hk:443/Autodiscover/Autodiscover.xml
 Testing of this potential Autodiscover URL failed.
 
Additional Details
 
Elapsed Time: 1112 ms.


 
Test Steps
 
Attempting to resolve the host name webmail.domain.hk in DNS.
 The host name resolved successfully.
 
Additional Details
 
IP addresses returned: 113.28.54.219

Elapsed Time: 272 ms.



Testing TCP port 443 on host webmail.domain.hk to ensure it's listening and open.
 The port was opened successfully.
 
Additional Details
 
Elapsed Time: 454 ms.



Testing the SSL certificate to make sure it's valid.
 The SSL certificate failed one or more certificate validation checks.
 
Additional Details
 
Elapsed Time: 384 ms.


 
Test Steps
 
The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server webmail.domain.hk on port 443.
 The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
 
Additional Details
 
Remote Certificate Subject: CN=WMSvc-EXSERVER, Issuer: CN=WMSvc-EXSERVER.

Elapsed Time: 321 ms.



Validating the certificate name.
 Certificate name validation failed.
  Tell me more about this issue and how to resolve it
 
Additional Details
 
Host name webmail.domain.hk doesn't match any name found on the server certificate CN=WMSvc-EXSERVER.

Elapsed Time: 1 ms.
0
Comment
Question by:piaakit
9 Comments
 
LVL 8

Expert Comment

by:tshearon
ID: 40449323
You are going to have to have an ssl cert.
0
 
LVL 19

Accepted Solution

by:
Adam Farage earned 500 total points
ID: 40449793
Setup an A record for autodiscover.company.hk and then get a valid SSL certificate. If you chose whatever reason not to setup the Autodiscover namespace make sure you setup the SRV record in Public DNS properly.
0
 

Author Comment

by:piaakit
ID: 40450177
if I don't plan to get a ssl cert for autodiscover (coz testing purpose) and I have created a SRV record for autodiscover.domain.com in my external DNS server already, and without A record in my external dns, am my concept correct ? but don't know why I still getting below error, may I know why it shows blank when I access below link

Attempting to test potential Autodiscover URL https://webmail.domain.hk:443/Autodiscover/Autodiscover.xml
  Testing of this potential Autodiscover URL failed.

is the SRV record correct ?

DNS
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 40451608
That looks correct internally. But did you also create an SRV autodiscover record with your external DNS provider?

Regardless of whether you use SRV or a CNAME for autodiscover you still need a cert. While the SRV method doesn't need the pricier UC/SAN cert, it will still need an SSL cert. For testing you "could" try a self-signed certificate but those are more headache than they are worth.
0
Do email signature updates give you a headache?

Do you spend too much time managing email signatures? Hate visiting every user’s desk to make updates? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Well, let Exclaimer give your company the email signature it deserves!

 

Author Comment

by:piaakit
ID: 40451628
sorry the screenshot above is from extneral dns server for SRV record, do i need to create SRV in internal dns as well ? and also i do need a ssl cert, does it needs to contain autodiscover.domain.com within the ssl cert ?
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 40452920
If you are using an SRV record you can get away with just a single-name standard SSL certificate.

http://supertekboy.com/certificates-for-microsoft-exchange/

UC / SAN certificates would only be needed if you plan to use more than one name in Exchange. So yep. Single SSL cert is all that is needed in your case.

SRV record only needs to be external. Exchange uses SCP internally in the domain. You can create an SRV record internally if you have any non-domain joined devices.
0
 

Author Comment

by:piaakit
ID: 40454488
Hi Gareth

understand, my plan to enable outlook anywhere for 2 users, and they are locate in remote site, and the remote site has no any vpn connection between the exchange server site, also the 2 computer are non-domain joined devices, and now i will apply a single ssl cert from supertekboy first, by the way what is mean of SCP ?
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 40454784
Internally you don't need to do anything in DNS for Exchange. Because Exchange creates an SCP record on install.

More info on SCP here.
http://technet.microsoft.com/en-us/library/bb124251(v=exchg.150).aspx
0
 

Author Comment

by:piaakit
ID: 40462445
let me check that thanks !
0

Featured Post

Free book by J.Peter Bruzzese, Microsoft MVP

Are you using Office 365? Trying to set up email signatures but you’re struggling with transport rules and connectors? Let renowned Microsoft MVP J.Peter Bruzzese show you how in this exclusive e-book on Office 365 email signatures. Better yet, it’s free!

Join & Write a Comment

Utilizing an array to gracefully append to a list of EmailAddresses
We are happy to announce a brand new addition to our line of acclaimed email signature management products – CodeTwo Email Signatures for Office 365.
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now