Exchange 2010 autodiscover will only work for Administrator

Background:
Autodiscover has been setup for years and working fine. I had to rebuild one of the Exchange 2010 mailservers last week, but it's been functioning correctly since then. Rebooted last night after updates - all OS updates (Windows 2008 R2) server. Pretty sure I installed Roll Up 8v2 last week but ECM is showing Exchange 2010 SP3 (14.3.123.4)

The Problem
Outlook users are working and connected to exchange, but get a password popup on startup and about once an hour, apparently when Outlook is checking the autodiscover. Outlook stays connected to Exchange the whole time and sends and receives even if you just cancel the password prompt close this box, so I'm pretty sure it's just trying to check in with the autodiscover. The only credentials that do work are the administrator account.

Also, when I connect to https://myexchangeserver/autodiscover/autodiscover.xml, the only credentials that work are the administrator credentials. I've verified that I can log in using normal user credentials on other exchange servers.

Have gone through and checked all the filesystem, IIS and authentication settings and permissions and everything looks good. Does anybody have any idea what to check next?
LVL 2
JuanLocoAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Simon Butler (Sembee)ConsultantCommented:
Logging in to the virtual directory as a test is pretty much a waste of time.
The first thing you need to do is check that the URL is configured correctly:

get-clientaccessserver | select identity, autodiscoverserviceinternaluri

Ensure that it is a host name that resolves to the Exchange server and is on the SSL certificate that is installed on it.
If either of those are incorrect, then you need to correct them.

With a multi server implementation, the usual practise is the same URL across all servers in the AD site.

If you have split CAS and MBX role, then ensure that the CAS is at the same or higher version than the mailbox server. For example, if you rebuilt a MBX only server and installed Rollup 8 on to it, but the CAS are still on Rollup 7 or older, then you can see these sorts of problems.

Simon.
0
JuanLocoAuthor Commented:
Thanks for the info Simon, just for the record, it looks like it was this update:

https://support.microsoft.com/en-us/kb/3002657?wa=wsignin1.0

Uninstalling it from my DCs fixed the issue
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Simon Butler (Sembee)ConsultantCommented:
Lots of noise coming out on that in the last 24 hours. It is only when you have the patch installed on Windows 2003 domain controllers that the problem occurs.

You got caught by a completely new bug.

Simon.
0
JuanLocoAuthor Commented:
This MS update was the culprit
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.