Autodiscover issues

Dear Experts,

We have created a multitenant exchange environment.
And with the new Office 2016 version it is important that the autodiscover funtion works property.
So what i did so far is the following

- I have bought a wildcard Certificate *.
- Created another external IP and forwarded port 80 to my exchange server.
- add a additional internal IP adres tot the exchange server
- I have created a a record on my exchange domains to IP Adress
- I have created a CNAME in the customers domain to
- have created a page in IIS on the exchange server named Autodiscoverredirect. with in it a HTTP redirect to the orginal OWA.
- Also set the binding to the newly created internal additional adres port 80.
- For testing purposes i have edited my own registry and removed all resolving methods except the HTTP redirection option.

the Microsoft Connectivity Analyzer checks the host on for a HTTP-redirecion on autodiscover-service.
 	The Microsoft Connectivity Analyzer could not retreive a HTTP-redirection awnser for http autodiscover
The awnser HTTP 403 forbidden was recieved. The awnser is comes from Unknown. index of awnser:
X-FEServer: XXX-XXX-001
Content-Length: 0
Date: Wed, 28 Oct 2015 10:39:59 GMT
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET

Open in new window

I can not fix this. the autodiscover in outlook 2016 is not working.
I am missing something.
See my exchange connectivity test below
jav_sevenofnineIT ConsultantAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.


In fact you just redirect the name and http traffic, but you must be sure that your autodiscover.xml file is visible from location.
Presuming that your autodiscover.xml is visible from customer location, a much abordable maner is to set to

Carol ChisholmCommented:
You probably also need to redirect https on port 443 as well as http on port 80
There may be other issues.
Jamie McKillopIT ManagerCommented:
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

jav_sevenofnineIT ConsultantAuthor Commented:
@ jamie. not anymore. it worked at first. but i cannot find out why it worked..
Jamie McKillopIT ManagerCommented:
So, what happens? Do you get an error?
jav_sevenofnineIT ConsultantAuthor Commented:
XML-parseerror: no element found
rulenumber1, column1:
Jamie McKillopIT ManagerCommented:

if you go to from client site what is happening?

Normally you should have:
 <?xml version="1.0" encoding="utf-8" ?>
- <Autodiscover xmlns="">
- <Response>
- <Error Time="16:41:03.5734636" Id="2499570211">
  <Message>Invalid Request</Message>
  <DebugData />

jav_sevenofnineIT ConsultantAuthor Commented:
Dear, Dan,

That is true i get

<Autodiscover><Response><Error Time="10:41:24.4559990" Id="1451164763"><ErrorCode>600</ErrorCode><Message>Invalid Request</Message><DebugData/></Error></Response></Autodiscover>
jav_sevenofnineIT ConsultantAuthor Commented:
Dear Jamie,

I get

XML-parsefout: geen element gevonden
Regelnummer 1, kolom 1:
jav_sevenofnineIT ConsultantAuthor Commented:
mmm everything works now. in the http redirect settings i have entered the complete url. with the connectivity analyser i Checked it automatically configures /autodiscover/autodiscover.xml.
So i reconfigured the url to onloy and it worked! the only thing is that outlook still comes up with an ssl security alert, because has an invalid ssl cerfticitate *

Is there a way to bypass this setting?
jav_sevenofnineIT ConsultantAuthor Commented:
It also takes up to 5 minutes when the account resolves. is there any way we can improve this?
Carol ChisholmCommented:
Get a certificate with the right name :(
Autodiscover tries several methods in a fixed order, so if you method is the last on the list then it will be slow. It will also be slow depending on the configuration of the Exchange and network service the information.

This link for developer will help you understand how it works

Here's another article about when the certificate does not match:
jav_sevenofnineIT ConsultantAuthor Commented:
Its a multitenant environment. so the ssl never matches with the original. :).
Any suggestions beside that
Jamie McKillopIT ManagerCommented:
You shouldn't be getting a cert error on because it should be using HTTP. Make sure you do not have HTTPS enabled on your redirect virtual directory.

jav_sevenofnineIT ConsultantAuthor Commented:
@ jamie, these are my redirect settings

These are my redirect binding settings

these are my bindings on the default website

These are my local ip settings on the exchange server

These are my firewall rules for the secondary ip adres fo autodiscover. i have forwarded 443 and 80.

On the DNS siste of the customer i have created a cname from to

on our own DNS i have created 2 a records. 1 for autodiscoverredirect and 1 for the normal autodiscover
jav_sevenofnineIT ConsultantAuthor Commented:
Any ideas? experts?
Jamie McKillopIT ManagerCommented:
On your default site, remove the binding for 443 that maps to * for IP Address.

jav_sevenofnineIT ConsultantAuthor Commented:

the microsoft connectivity analyser tries to obtain a SSL certificate from the external server on port 443.
the microsoft connectivity analyser cannot gain a SSL certificate.

The certificate cannot be validated because the SSL negotiation was not succesvol. Perhaps because of a network error or the certificate installation.

??? no idea
jav_sevenofnineIT ConsultantAuthor Commented:
Oke found it out. i forgot to add the original internal ip binding.
jav_sevenofnineIT ConsultantAuthor Commented:
Well after i created another binding to internal 443. it seems to work.
Still the resolving on the outlook clients take up to 5 minutes to configure itself.
It first goes throught all the steps 443 local etc etc. any ideas besides the known registry edits. to increase the performance?
jav_sevenofnineIT ConsultantAuthor Commented:
Update : 4 minutes to resolve. acceptable. still long. is there any solution?

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
jav_sevenofnineIT ConsultantAuthor Commented:
it is working bot very slow!
Hi there,  was just having an issue with autodiscover from the internet taking a long time to process and I did the following to optimize it. On client machine (Office 2016) used regedit to go to HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Autodiscover. Created new Dword value with name Excludehttpsrootdomain. Modified the new key and gave it a value of 0x00000001. This reduced my wait time for autodiscover to less than 5 seconds. For Office 2013 go to HKEY_CURRENT_USER\software\policies\microsoft\office\15.0\outlook\autodiscover.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.