• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 336
  • Last Modified:

Exchange 2010 autodiscover will only work for Administrator

Background:
Autodiscover has been setup for years and working fine. I had to rebuild one of the Exchange 2010 mailservers last week, but it's been functioning correctly since then. Rebooted last night after updates - all OS updates (Windows 2008 R2) server. Pretty sure I installed Roll Up 8v2 last week but ECM is showing Exchange 2010 SP3 (14.3.123.4)

The Problem
Outlook users are working and connected to exchange, but get a password popup on startup and about once an hour, apparently when Outlook is checking the autodiscover. Outlook stays connected to Exchange the whole time and sends and receives even if you just cancel the password prompt close this box, so I'm pretty sure it's just trying to check in with the autodiscover. The only credentials that do work are the administrator account.

Also, when I connect to https://myexchangeserver/autodiscover/autodiscover.xml, the only credentials that work are the administrator credentials. I've verified that I can log in using normal user credentials on other exchange servers.

Have gone through and checked all the filesystem, IIS and authentication settings and permissions and everything looks good. Does anybody have any idea what to check next?
0
JuanLoco
Asked:
JuanLoco
  • 2
  • 2
1 Solution
 
Simon Butler (Sembee)ConsultantCommented:
Logging in to the virtual directory as a test is pretty much a waste of time.
The first thing you need to do is check that the URL is configured correctly:

get-clientaccessserver | select identity, autodiscoverserviceinternaluri

Ensure that it is a host name that resolves to the Exchange server and is on the SSL certificate that is installed on it.
If either of those are incorrect, then you need to correct them.

With a multi server implementation, the usual practise is the same URL across all servers in the AD site.

If you have split CAS and MBX role, then ensure that the CAS is at the same or higher version than the mailbox server. For example, if you rebuilt a MBX only server and installed Rollup 8 on to it, but the CAS are still on Rollup 7 or older, then you can see these sorts of problems.

Simon.
0
 
JuanLocoAuthor Commented:
Thanks for the info Simon, just for the record, it looks like it was this update:

https://support.microsoft.com/en-us/kb/3002657?wa=wsignin1.0

Uninstalling it from my DCs fixed the issue
0
 
Simon Butler (Sembee)ConsultantCommented:
Lots of noise coming out on that in the last 24 hours. It is only when you have the patch installed on Windows 2003 domain controllers that the problem occurs.

You got caught by a completely new bug.

Simon.
0
 
JuanLocoAuthor Commented:
This MS update was the culprit
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Ruby Fundamentals

This course will introduce you to Ruby, as well as teach you about classes, methods, variables, data structures, loops, enumerable methods, and finishing touches.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now