Autodiscover issues

Dear Experts,

We have created a multitenant exchange environment.
And with the new Office 2016 version it is important that the autodiscover funtion works property.
So what i did so far is the following

- I have bought a wildcard Certificate *.
- Created another external IP and forwarded port 80 to my exchange server.
- add a additional internal IP adres tot the exchange server
- I have created a a record on my exchange domains autodiscoverredirect.domain.nl to IP Adress
- I have created a CNAME in the customers domain autodiscover.customer.nl to autodiscoverredirect.domain.nl
- have created a page in IIS on the exchange server named Autodiscoverredirect. with in it a HTTP redirect to the orginal OWA. https://exchange.domain.nl/Autodiscover/autodiscover.xml
- Also set the binding to the newly created internal additional adres port 80.
- For testing purposes i have edited my own registry and removed all resolving methods except the HTTP redirection option.

the Microsoft Connectivity Analyzer checks the host on autodiscover.domain.com for a HTTP-redirecion on autodiscover-service.
 	The Microsoft Connectivity Analyzer could not retreive a HTTP-redirection awnser for http autodiscover
 	
	details
 	
The awnser HTTP 403 forbidden was recieved. The awnser is comes from Unknown. index of awnser:
HTTP-awnserheaders:
X-FEServer: XXX-XXX-001https://secure.experts-exchange.com/askQuestion.jsp?taid=5480#
Content-Length: 0
Date: Wed, 28 Oct 2015 10:39:59 GMT
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET

Open in new window


I can not fix this. the autodiscover in outlook 2016 is not working.
I am missing something.
See my exchange connectivity test below
jav_sevenofnineAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

dan_blagutCommented:
Hello

In fact you just redirect the name and http traffic, but you must be sure that your autodiscover.xml file is visible from customer.nl location.
Presuming that your autodiscover.xml is visible from customer location, a much abordable maner is to set  autodiscover.customer.nl to autodiscover.domain.nl.



Dan
0
Carol ChisholmCommented:
You probably also need to redirect https on port 443 as well as http on port 80
There may be other issues.
0
Jamie McKillopIT ManagerCommented:
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

jav_sevenofnineAuthor Commented:
@ jamie. not anymore. it worked at first. but i cannot find out why it worked..
0
Jamie McKillopIT ManagerCommented:
So, what happens? Do you get an error?
0
jav_sevenofnineAuthor Commented:
XML-parseerror: no element found
location: http://autodiscover.customer.com/autodiscover/autodiscover.xml
rulenumber1, column1:
0
Jamie McKillopIT ManagerCommented:
0
dan_blagutCommented:
Hello

if you go to https://exchange.domain.nl/Autodiscover/autodiscover.xml from client site what is happening?

Normally you should have:
 <?xml version="1.0" encoding="utf-8" ?>
- <Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
- <Response>
- <Error Time="16:41:03.5734636" Id="2499570211">
  <ErrorCode>600</ErrorCode>
  <Message>Invalid Request</Message>
  <DebugData />
  </Error>
  </Response>
  </Autodiscover>

Dan
0
jav_sevenofnineAuthor Commented:
Dear, Dan,

That is true i get

<Autodiscover><Response><Error Time="10:41:24.4559990" Id="1451164763"><ErrorCode>600</ErrorCode><Message>Invalid Request</Message><DebugData/></Error></Response></Autodiscover>
0
jav_sevenofnineAuthor Commented:
Dear Jamie,

I get

XML-parsefout: geen element gevonden
Locatie: http://autodiscoverredirect.Domain.nl/autodiscover/autodiscover.xml
Regelnummer 1, kolom 1:
0
jav_sevenofnineAuthor Commented:
mmm everything works now. in the http redirect settings i have entered the complete url. https://autodiscover.domain.nl/autodiscover/autodiscover.xml. with the connectivity analyser i Checked it automatically configures /autodiscover/autodiscover.xml.
So i reconfigured the url to onloy https://autodiscover.domain.nl and it worked! the only thing is that outlook still comes up with an ssl security alert, because autodiscover.customerdomain.com has an invalid ssl cerfticitate *.domain.nl.

Is there a way to bypass this setting?
0
jav_sevenofnineAuthor Commented:
It also takes up to 5 minutes when the account resolves. is there any way we can improve this?
0
Carol ChisholmCommented:
Get a certificate with the right name :(
Autodiscover tries several methods in a fixed order, so if you method is the last on the list then it will be slow. It will also be slow depending on the configuration of the Exchange and network service the information.

This link for developer will help you understand how it works
https://msdn.microsoft.com/en-us/library/office/jj900169(v=exchg.150).aspx

Here's another article about when the certificate does not match:
https://dirteam.com/dave/2014/08/13/optimizing-the-autodiscover-process-by-skipping-the-root-domain-query/
0
jav_sevenofnineAuthor Commented:
Its a multitenant environment. so the ssl never matches with the original. :).
Any suggestions beside that
0
Jamie McKillopIT ManagerCommented:
You shouldn't be getting a cert error on autodiscover.customerdomain.com because it should be using HTTP. Make sure you do not have HTTPS enabled on your redirect virtual directory.

-JJ
0
jav_sevenofnineAuthor Commented:
@ jamie, these are my redirect settings

Capture1.PNG
These are my redirect binding settings

Capture2.PNG
these are my bindings on the default website

Capture3.png
These are my local ip settings on the exchange server

Capture4.PNG
These are my firewall rules for the secondary ip adres fo autodiscover. i have forwarded 443 and 80.

Capture5.PNG
On the DNS siste of the customer i have created a cname from autodiscover.customer.com to autodiscoverredirect.domain.nl

on our own DNS i have created 2 a records. 1 for autodiscoverredirect and 1 for the normal autodiscover
0
jav_sevenofnineAuthor Commented:
Any ideas? experts?
0
Jamie McKillopIT ManagerCommented:
On your default site, remove the binding for 443 that maps to * for IP Address.

-JJ
0
jav_sevenofnineAuthor Commented:
Done,

the microsoft connectivity analyser tries to obtain a SSL certificate from the external server autodiscover.domain.nl on port 443.
the microsoft connectivity analyser cannot gain a SSL certificate.

The certificate cannot be validated because the SSL negotiation was not succesvol. Perhaps because of a network error or the certificate installation.

??? no idea
0
jav_sevenofnineAuthor Commented:
Oke found it out. i forgot to add the original exchange.domain.nl internal ip binding.
0
jav_sevenofnineAuthor Commented:
Well after i created another binding autodiscover.domain.nl to internal 443. it seems to work.
Still the resolving on the outlook clients take up to 5 minutes to configure itself.
It first goes throught all the steps 443 local etc etc. any ideas besides the known registry edits. to increase the performance?
0
jav_sevenofnineAuthor Commented:
Update : 4 minutes to resolve. acceptable. still long. is there any solution?
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
jav_sevenofnineAuthor Commented:
it is working bot very slow!
0
TindaldoCommented:
Hi there,  was just having an issue with autodiscover from the internet taking a long time to process and I did the following to optimize it. On client machine (Office 2016) used regedit to go to HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Autodiscover. Created new Dword value with name Excludehttpsrootdomain. Modified the new key and gave it a value of 0x00000001. This reduced my wait time for autodiscover to less than 5 seconds. For Office 2013 go to HKEY_CURRENT_USER\software\policies\microsoft\office\15.0\outlook\autodiscover.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.