Solved

Autodiscover not working internal or external Exchange 2010

Posted on 2014-12-11
27
164 Views
Last Modified: 2014-12-15
Need a hand.  Had to remove and reinstall AutoDiscover VDir on Exchange 2010.  I went back and setup all the EWS and autodiscover links via the applet.  

Now I cannot get to the autodiscover.xml file via a web browser.  I get 404, "file not found".  I also do not get a credential login prompt.  SSL and permissions seem to be correct.  External and Internal DNS are setup.  3rd party cert installed.

Fails the Outlook test and the MS Connectivity Test for autodiscover.

Thanks.......
0
Comment
Question by:yellaboyla
  • 14
  • 13
27 Comments
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
If you fire up the Exchange Management Console and go to Server Config> Client Access then in the right-hand pane (Actons) select the Reset Virtual Directory Wizard.

Browse and choose the Autodiscover virtual directory and let the Wizard finish.

Is it working now?

Alan
0
 

Author Comment

by:yellaboyla
Comment Utility
I have done that twice.  No difference.  I also deleted the Virtual via powershell, and same issue.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
Using IIS Manager, is the autodiscover Virtual Directory present under the Default website and does Autodiscover.xml appear using the Content View (not the Features View in the middle pane at the bottom)?

Alan
0
 

Author Comment

by:yellaboyla
Comment Utility
Yes...thx  So after digging, there was a redirect setup.  I removed that, and not I am getting the proper login prompt and 600 error page.

So I just ran Email test via Outlook for autodiscover.  It is prompting me for my internal credentials.  My external credentials are not authenticating the autodiscover settings.  The company is "xxx.loca"l inside, and "yyy.com" outside.  If i recall, I need to change this ADUC??
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
What names are included on your SSL certificate?

If you have autodiscover.publicdomain.com then run the following EMS command:

Set-AutodiscoverVirtualDirectory -Identity * -internalurl “https://mail.publicdomain.com/autodiscover/autodiscover.xml”

Alan
0
 

Author Comment

by:yellaboyla
Comment Utility
Connectivity test still fails on autodiscover......

 
 Attempting the Autodiscover and Exchange ActiveSync test (if requested).
  Testing of Autodiscover for Exchange ActiveSync failed.
 
 Additional Details
 
Elapsed Time: 3196 ms.  

 
 
 Test Steps
 
 Attempting each method of contacting the Autodiscover service.
  The Autodiscover service couldn't be contacted successfully by any method.
 
 Additional Details
 
Elapsed Time: 3196 ms.  

 
 
 Test Steps
 
 Attempting to test potential Autodiscover URL https://company.com:443/Autodiscover/Autodiscover.xml
  Testing of this potential Autodiscover URL failed.
 
 Additional Details
 
Elapsed Time: 1605 ms.  

 
 
 Test Steps
 
 Attempting to resolve the host name company.com in DNS.
  The host name resolved successfully.
 
 Additional Details
 
IP addresses returned: 00.000.000.00

Elapsed Time: 169 ms.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
Well OWA is working and autodiscover.domain.com resolves to the same IP Address as your OWA URL and the SSL certificate includes autodiscover.domain.com so it's an IIS issue me thinks.

Have you run iisreset from and Administrative command prompt on the Exchange Server?

Alan
0
 

Author Comment

by:yellaboyla
Comment Utility
yea..........

The problem is the external and internal dns names.  The test is trying to use the external credentials, but only the internal ones will allow access.  Where do I change that?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
Check the Authentication settings configured in IIS Manager for the Autodiscover virtual directory.  Should be Anonymous / Basic and Windows Auth.
0
 

Author Comment

by:yellaboyla
Comment Utility
All good
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
Have you re-run the https://testexchangeconnectivity.com Autodiscover test since removing the redirection using your domain credentials?

Alan
0
 

Author Comment

by:yellaboyla
Comment Utility
The active fails active but passes autodiscovery.

The 2nd test fails as posted earlier.  it ha to be tied to this domain login mismatch.  I did find a typo in external dns srv and fixed that
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
Not sure I understood your last comment.

Can you post the results of the Outlook Anywhere test please.

What Firewall / Router do you have too?

Alan
0
Don't lose your head updating email signatures!

Do your end users still have the wrong email signature? Do email signature updates bore you or fill you with a sense of dread? You can make this a whole lot easier on yourself by trusting an Exclaimer email signature management solution. Over 50 million users do...so should you!

 

Author Comment

by:yellaboyla
Comment Utility
Ok.  So the weird thing is;

Autodiscover fails on the activesync connectivity test but passes on the Outlook tests.  

OUTLOOK TEST

The Microsoft Connectivity Analyzer is attempting to test Autodiscover for tuser@domain.com.
  Autodiscover was tested successfully.
 
 Additional Details
 
Elapsed Time: 1657 ms.  

 
 
 Test Steps
 
 Attempting each method of contacting the Autodiscover service.
  The Autodiscover service was tested successfully.
 
 Additional Details
 
Elapsed Time: 1657 ms.  

 
 
 Test Steps
 
 Attempting to test potential Autodiscover URL https://domain.com:443/Autodiscover/Autodiscover.xml
  Testing of the Autodiscover URL was successful.
 
 Additional Details
 
Elapsed Time: 1657 ms.  

ACTIVESYNC TEST

 Attempting the Autodiscover and Exchange ActiveSync test (if requested).
  Testing of Autodiscover for Exchange ActiveSync failed.
 
 Additional Details
 
Elapsed Time: 2996 ms.  

 
 
 Test Steps
 
 Attempting each method of contacting the Autodiscover service.
  The Autodiscover service couldn't be contacted successfully by any method.
 
 Additional Details
 
Elapsed Time: 2996 ms.  

 
 
 Test Steps
 
 Attempting to test potential Autodiscover URL https://thermotemp.com:443/Autodiscover/Autodiscover.xml
  Testing of this potential Autodiscover URL failed.
 
 Additional Details
 
Elapsed Time: 1302 ms.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
Are you testing using the same FQDN's / credentials?

If not - why not?

Alan
0
 

Author Comment

by:yellaboyla
Comment Utility
yes......exactly

email: user@external.com
authorized acct: user@internal.local
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
Please use domain\userid not user@internal.local and test again.
0
 

Author Comment

by:yellaboyla
Comment Utility
ok...that worked.  Passed, thx...Here is the issue.  My Android is failing trying to connect.  Even using the same naming convention.  I get, "Server error occurred.  Check your username and password, and try again."

Here is the only erro I get in Connectivity tester;

 
 The Microsoft Connectivity Analyzer is testing Exchange ActiveSync.  
  The Exchange ActiveSync test failed.
 
 Additional Details
 
Elapsed Time: 2836 ms.  

 
 
 Test Steps
 
 Attempting the Autodiscover and Exchange ActiveSync test (if requested).
  Autodiscover was successfully tested for Exchange ActiveSync.
 
 Additional Details
 
Elapsed Time: 1434 ms.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
Okay - so Autodiacover is fine.

If you are having problems with Activesync - are you using an account that is also an admin account?

Alan
0
 

Author Comment

by:yellaboyla
Comment Utility
I just used my admin account to test activesync, and no love..................
same error as before
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
Admin accounts won't work properly with Activesync!

Please have a read of my article for more info:

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_2861-Activesync-Working-But-Only-For-Some-Users-On-Exchange-2007-2010.html

Alan
0
 

Author Comment

by:yellaboyla
Comment Utility
at first, I just used a regular account.  Thought you needed me to check with a admin account.  Both accounts, same issue.  I am deleting and recreating the activesync virtual folder right now.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
Probably not necessary but if you do - use the wizard.

Alan
0
 

Author Comment

by:yellaboyla
Comment Utility
ok...So I deleted it via powershell.  It's gone from Exchange, but is still listed in IIS.  What do you recommend?
0
 

Author Comment

by:yellaboyla
Comment Utility
Had to do the following to get the virtual back in place.

To remove it from AD and IIS: (Run from Exchange of course)

$Site = [ADSI]"IIS://localhost/W3SVC/1/Root"
 $site.Delete("IIsWebVirtualDir","Microsoft-Server-ActiveSync")
 $site.SetInfo()

To recreate it

=> I then ran iisreset
 => I checked IIS Manager, and the Microsdt-Server-ActiveSync is now gone, and the application is still there.
 => I ran the EMS command:  New-ActiveSyncVirtualDirectory -WebSiteName "Default Web Site"
 Results:  Successfully recreated.
 => ran iisreset
 = Checked IIS Manager 7.5, and the ActiveSync is recreated
 = Checked the EMC, and the Exchange ActiveSync (under Server COnfig, Client Access) is recreated.  I added the External URL.
0
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 500 total points
Comment Utility
Okay - so is the Activesync test working from the test site using a non-admin account and using domain\userid as the credentials?
0
 

Author Comment

by:yellaboyla
Comment Utility
All working now.  I inherited this from another consultant.  It was a migration from SBS 2003 to Exchange 2010 \ Win 2008.  Well, I should have known to go through the setup.  The old SBS went offline last night, and the virtuals went crazy.  Exchange crashed.So I went and checked IP configs on the DNS boxes and it was all messed up.  The SBS box was acting as the PDC and other DC's pointed to it.  Anyways, once that was fixed, I think it allowed autodiscover to pass from the firewall to the EX without hopping around.

One question.   would like activesync to be seamless.  Their internal and external FQDN are different.  The internal FQDN is not listed in the SAN as the new rules say.  Can I just adjust ADUC so when the phones login, it won't stop and prompt them for a second login?
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

Resolve Outlook connectivity issues after moving mailbox to new Exchange 2016 server
Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
In this video we show how to create a User Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Mailb…
This video discusses moving either the default database or any database to a new volume.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now