Hosted Exchange 2013 problem with third domain setting up profile in outlook

We have a windows server 2012 r2 server running Microsoft Exchange 2013.   There is multiple domains added to the server to host multiple companies Exchange.  The first two domains work with no problems.  But when we added the third domain we cannot setup a user profile in outlook.  

To enable the multiple domains to have their own OWA we used an HTTP redirection setup in IIS.  Each domain has their own SSL cert for their OWA also.
johnpatbullockAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

K BCommented:
What is the error that you receive in setting up outlook?  Have you set up autodiscover records publicly?  Are these domain-joined computers and do they sit inside the corporate AD boundaries?
0
johnpatbullockAuthor Commented:
the only error outlook will tell you is that an encrypted connection cannot be established.  Yes, the autodiscover records are publicly know and had days to propagate down.  This is an outlook anywhere setup so it does not matter where the pc is.  I can setup email for all other domains except the new one.
0
K BCommented:
Autodiscover looks to the SCP first when the computer is inside and domain-joined...that's why I asked.

Can you please post the results of the Outlook Autodiscover test (redacted) from https://testconnectivity.microsoft.com ?
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

AmitIT ArchitectCommented:
What is the outlook version used by client?
0
johnpatbullockAuthor Commented:
2010 and 2013 are both in question as neither are working for this domain.
0
K BCommented:
0
johnpatbullockAuthor Commented:
The Microsoft Connectivity Analyzer is attempting to test Autodiscover for accounting@boggspoole.com.

Testing Autodiscover failed.
Additional Details
Elapsed Time: 43384 ms.

Test Steps

Attempting each method of contacting the Autodiscover service.
The Autodiscover service couldn't be contacted successfully by any method.

Additional Details
Elapsed Time: 43384 ms.

Test Steps

Attempting to test potential Autodiscover URL https://boggspoole.com:443/Autodiscover/Autodiscover.xml

Testing of this potential Autodiscover URL failed.

Additional Details
Elapsed Time: 480 ms.

Test Steps

Attempting to resolve the host name boggspoole.com in DNS.
The host name resolved successfully.

Additional Details
IP addresses returned: 184.168.41.1

Elapsed Time: 182 ms.

Testing TCP port 443 on host boggspoole.com to ensure it's listening and open.
The port was opened successfully.

Additional Details
Elapsed Time: 151 ms.


Testing the SSL certificate to make sure it's valid.
The SSL certificate failed one or more certificate validation checks.

Additional Details
Elapsed Time: 147 ms.

Test Steps

The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server boggspoole.com on port 443.
The Microsoft Connectivity Analyzer wasn't able to obtain the remote SSL certificate.

Additional Details

The certificate couldn't be validated because SSL negotiation wasn't successful. This could have occurred as a result of a network error or because of a problem with the certificate installation.

Elapsed Time: 90 ms.

Attempting to test potential Autodiscover URL https://autodiscover.boggspoole.com:443/Autodiscover/Autodiscover.xml
Testing of this potential Autodiscover URL failed.

Additional Details
Elapsed Time: 21570 ms.


Test Steps

Attempting to resolve the host name autodiscover.boggspoole.com in DNS.
The host name resolved successfully.

Additional Details
IP addresses returned: 208.61.202.201
Elapsed Time: 432 ms.




Testing TCP port 443 on host autodiscover.boggspoole.com to ensure it's listening and open.
The specified port is either blocked, not listening, or not producing the expected response.

Tell me more about this issue and how to resolve it

Additional Details

A network error occurred while communicating with the remote host.
Elapsed Time: 21137 ms.

Attempting to contact the Autodiscover service using the HTTP redirect method.
The attempt to contact Autodiscover using the HTTP Redirect method failed.

Additional Details
Elapsed Time: 21093 ms.

Test Steps

Attempting to resolve the host name autodiscover.boggspoole.com in DNS.
The host name resolved successfully.

Additional Details

IP addresses returned: 208.61.202.201
Elapsed Time: 30 ms.


Testing TCP port 80 on host autodiscover.boggspoole.com to ensure it's listening and open.
The specified port is either blocked, not listening, or not producing the expected response.

Tell me more about this issue and how to resolve it

Additional Details
A network error occurred while communicating with the remote host.
Elapsed Time: 21062 ms.

Attempting to contact the Autodiscover service using the DNS SRV redirect method.
The Microsoft Connectivity Analyzer failed to contact the Autodiscover service using the DNS SRV redirect method.

Additional Details
Elapsed Time: 82 ms.

Test Steps

Attempting to locate SRV record _autodiscover._tcp.boggspoole.com in DNS.
The Autodiscover SRV record wasn't found in DNS.

Tell me more about this issue and how to resolve it

Additional Details
Elapsed Time: 82 ms.
RCATestResult.html
0
K BCommented:
can you get to https://autodiscover.boggspoole.com/ or https://boggspoole.com/ and see a certificate presented?  I would start by making sure you can telnet to port 443 of those addresses and then verify there is a certificate there

Untitled.png
0
johnpatbullockAuthor Commented:
yes both websites are accessible.
0
K BCommented:
from outside your network?  a certificate is there?  Are these the real domains in the test?  If so, I cannot get to them.
0
johnpatbullockAuthor Commented:
they are both accessible from behind my firewall for now and they are real clients
0
K BCommented:
You are saying I should be able to
telnet autodiscover.boggspoole.com 443
0
K BCommented:
2015-07-13-1712.png
0
johnpatbullockAuthor Commented:
no you should not be able to. we have all access blocked for unknown public ip's.  when i telnet it appears to connect as it just goes away and sits with a black box
0
K BCommented:
I can telnet to boggspoole.com 443

after the SCP the next step for autodiscover is:

1. https://boggspoole.com/autodiscover/autodiscover.xml

In a browser I see this:

2015-07-13-1714.png
0
johnpatbullockAuthor Commented:
since this is a multi domain system i was told to use a http redirect for autodiscover and the owa in iis.  should i do something different?
0
K BCommented:
Let's see....
If you have it blocked by IP then the remote connectivity analyzer won't provide you any valid data.

So with the control key held down, right click the Outlook Icon in the system tray and select "Test Email Auto-Configuration"  Enter email address and password of user in question and Uncheck the two Guessmart checkboxes ... post the results of both tabs (via screenshot) please.  

2015-07-13-1722.png
0
johnpatbullockAuthor Commented:
i have attached in a word doc and there was only info in one tab
testconfig.docx
0
K BCommented:
Check out the instructions here http://www.msexchange.org/articles-tutorials/exchange-server-2010/mobility-client-access/using-autodiscover-large-numbers-accepted-domains-part1.html 

notably:

Select the following checkboxes:
Redirect all requests to exact destination (instead of relative to destination)
Only redirect requests to content in this directory (not subdirectories)

2015-07-13-1810.png
I am presuming that the .xml in the middle of the URL is not resolving when you test it in a browser?
0
johnpatbullockAuthor Commented:
that is correct. so that did fix part of the issue.  we can now get to autodiscover site and log into owa.  

so now i will share the new logs
autodiscover.docx
0
K BCommented:
Need to redirect to a URL that is secure and with a valid certificate (you should see the certificate in the browser if you browse to the redirected URL)

2015-07-14-1508.png
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.