Link to home
Start Free TrialLog in
Avatar of yellaboyla
yellaboyla

asked on

Autodiscover not working internal or external Exchange 2010

Need a hand.  Had to remove and reinstall AutoDiscover VDir on Exchange 2010.  I went back and setup all the EWS and autodiscover links via the applet.  

Now I cannot get to the autodiscover.xml file via a web browser.  I get 404, "file not found".  I also do not get a credential login prompt.  SSL and permissions seem to be correct.  External and Internal DNS are setup.  3rd party cert installed.

Fails the Outlook test and the MS Connectivity Test for autodiscover.

Thanks.......
Avatar of Alan Hardisty
Alan Hardisty
Flag of United Kingdom of Great Britain and Northern Ireland image

If you fire up the Exchange Management Console and go to Server Config> Client Access then in the right-hand pane (Actons) select the Reset Virtual Directory Wizard.

Browse and choose the Autodiscover virtual directory and let the Wizard finish.

Is it working now?

Alan
Avatar of yellaboyla
yellaboyla

ASKER

I have done that twice.  No difference.  I also deleted the Virtual via powershell, and same issue.
Using IIS Manager, is the autodiscover Virtual Directory present under the Default website and does Autodiscover.xml appear using the Content View (not the Features View in the middle pane at the bottom)?

Alan
Yes...thx  So after digging, there was a redirect setup.  I removed that, and not I am getting the proper login prompt and 600 error page.

So I just ran Email test via Outlook for autodiscover.  It is prompting me for my internal credentials.  My external credentials are not authenticating the autodiscover settings.  The company is "xxx.loca"l inside, and "yyy.com" outside.  If i recall, I need to change this ADUC??
What names are included on your SSL certificate?

If you have autodiscover.publicdomain.com then run the following EMS command:

Set-AutodiscoverVirtualDirectory -Identity * -internalurl “https://mail.publicdomain.com/autodiscover/autodiscover.xml”

Alan
Connectivity test still fails on autodiscover......

 
 Attempting the Autodiscover and Exchange ActiveSync test (if requested).
  Testing of Autodiscover for Exchange ActiveSync failed.
 
 Additional Details
 
Elapsed Time: 3196 ms.  

 
 
 Test Steps
 
 Attempting each method of contacting the Autodiscover service.
  The Autodiscover service couldn't be contacted successfully by any method.
 
 Additional Details
 
Elapsed Time: 3196 ms.  

 
 
 Test Steps
 
 Attempting to test potential Autodiscover URL https://company.com:443/Autodiscover/Autodiscover.xml 
  Testing of this potential Autodiscover URL failed.
 
 Additional Details
 
Elapsed Time: 1605 ms.  

 
 
 Test Steps
 
 Attempting to resolve the host name company.com in DNS.
  The host name resolved successfully.
 
 Additional Details
 
IP addresses returned: 00.000.000.00

Elapsed Time: 169 ms.
Well OWA is working and autodiscover.domain.com resolves to the same IP Address as your OWA URL and the SSL certificate includes autodiscover.domain.com so it's an IIS issue me thinks.

Have you run iisreset from and Administrative command prompt on the Exchange Server?

Alan
yea..........

The problem is the external and internal dns names.  The test is trying to use the external credentials, but only the internal ones will allow access.  Where do I change that?
Check the Authentication settings configured in IIS Manager for the Autodiscover virtual directory.  Should be Anonymous / Basic and Windows Auth.
All good
Have you re-run the https://testexchangeconnectivity.com Autodiscover test since removing the redirection using your domain credentials?

Alan
The active fails active but passes autodiscovery.

The 2nd test fails as posted earlier.  it ha to be tied to this domain login mismatch.  I did find a typo in external dns srv and fixed that
Not sure I understood your last comment.

Can you post the results of the Outlook Anywhere test please.

What Firewall / Router do you have too?

Alan
Ok.  So the weird thing is;

Autodiscover fails on the activesync connectivity test but passes on the Outlook tests.  

OUTLOOK TEST

The Microsoft Connectivity Analyzer is attempting to test Autodiscover for tuser@domain.com.
  Autodiscover was tested successfully.
 
 Additional Details
 
Elapsed Time: 1657 ms.  

 
 
 Test Steps
 
 Attempting each method of contacting the Autodiscover service.
  The Autodiscover service was tested successfully.
 
 Additional Details
 
Elapsed Time: 1657 ms.  

 
 
 Test Steps
 
 Attempting to test potential Autodiscover URL https://domain.com:443/Autodiscover/Autodiscover.xml 
  Testing of the Autodiscover URL was successful.
 
 Additional Details
 
Elapsed Time: 1657 ms.  

ACTIVESYNC TEST

 Attempting the Autodiscover and Exchange ActiveSync test (if requested).
  Testing of Autodiscover for Exchange ActiveSync failed.
 
 Additional Details
 
Elapsed Time: 2996 ms.  

 
 
 Test Steps
 
 Attempting each method of contacting the Autodiscover service.
  The Autodiscover service couldn't be contacted successfully by any method.
 
 Additional Details
 
Elapsed Time: 2996 ms.  

 
 
 Test Steps
 
 Attempting to test potential Autodiscover URL https://thermotemp.com:443/Autodiscover/Autodiscover.xml 
  Testing of this potential Autodiscover URL failed.
 
 Additional Details
 
Elapsed Time: 1302 ms.
Are you testing using the same FQDN's / credentials?

If not - why not?

Alan
yes......exactly

email: user@external.com
authorized acct: user@internal.local
Please use domain\userid not user@internal.local and test again.
ok...that worked.  Passed, thx...Here is the issue.  My Android is failing trying to connect.  Even using the same naming convention.  I get, "Server error occurred.  Check your username and password, and try again."

Here is the only erro I get in Connectivity tester;

 
 The Microsoft Connectivity Analyzer is testing Exchange ActiveSync.  
  The Exchange ActiveSync test failed.
 
 Additional Details
 
Elapsed Time: 2836 ms.  

 
 
 Test Steps
 
 Attempting the Autodiscover and Exchange ActiveSync test (if requested).
  Autodiscover was successfully tested for Exchange ActiveSync.
 
 Additional Details
 
Elapsed Time: 1434 ms.
Okay - so Autodiacover is fine.

If you are having problems with Activesync - are you using an account that is also an admin account?

Alan
I just used my admin account to test activesync, and no love..................
same error as before
at first, I just used a regular account.  Thought you needed me to check with a admin account.  Both accounts, same issue.  I am deleting and recreating the activesync virtual folder right now.
Probably not necessary but if you do - use the wizard.

Alan
ok...So I deleted it via powershell.  It's gone from Exchange, but is still listed in IIS.  What do you recommend?
Had to do the following to get the virtual back in place.

To remove it from AD and IIS: (Run from Exchange of course)

$Site = [ADSI]"IIS://localhost/W3SVC/1/Root"
 $site.Delete("IIsWebVirtualDir","Microsoft-Server-ActiveSync")
 $site.SetInfo()

To recreate it

=> I then ran iisreset
 => I checked IIS Manager, and the Microsdt-Server-ActiveSync is now gone, and the application is still there.
 => I ran the EMS command:  New-ActiveSyncVirtualDirectory -WebSiteName "Default Web Site"
 Results:  Successfully recreated.
 => ran iisreset
 = Checked IIS Manager 7.5, and the ActiveSync is recreated
 = Checked the EMC, and the Exchange ActiveSync (under Server COnfig, Client Access) is recreated.  I added the External URL.
ASKER CERTIFIED SOLUTION
Avatar of Alan Hardisty
Alan Hardisty
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
All working now.  I inherited this from another consultant.  It was a migration from SBS 2003 to Exchange 2010 \ Win 2008.  Well, I should have known to go through the setup.  The old SBS went offline last night, and the virtuals went crazy.  Exchange crashed.So I went and checked IP configs on the DNS boxes and it was all messed up.  The SBS box was acting as the PDC and other DC's pointed to it.  Anyways, once that was fixed, I think it allowed autodiscover to pass from the firewall to the EX without hopping around.

One question.   would like activesync to be seamless.  Their internal and external FQDN are different.  The internal FQDN is not listed in the SAN as the new rules say.  Can I just adjust ADUC so when the phones login, it won't stop and prompt them for a second login?