Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Outlook Autodiscover Failing for Single User

Posted on 2016-07-22
4
Medium Priority
?
569 Views
Last Modified: 2016-08-16
Outlook Autodisover is failing for a single user in our domain, Outlook won't resolve the server to connect.

If I run the following powershell command here is what I get:

Test-OutlookWebServices -Identity User@domain.com -MailboxCredential (get-credential)

Source                              ServiceEndpoint                    Scenario                                             Result  Latency
                                                                                                                                                                        (MS)
------                                    ---------------                              --------                                                  ------         -------
SRVEX13.domain.com    autodiscover.domain.com       Autodiscover: Outlook Provider    Failure     159
SRVEX13.domain.com                                                          Exchange Web Services                  Skipped       0
SRVEX13.domain.com                                                          Availability Service                           Skipped       0
SRVEX13.domain.com                                                          Offline Address Book                      Skipped       0

If I run it against other users, I get success across the board.

Full Error is here:
RunspaceId          : 2661e5f6-6ad2-4204-bd5a-4dd5ce92a4c5
Source              : SRVEX13.domain.com
ServiceEndpoint     : autodiscover.domain.com
Scenario            : AutoDiscoverOutlookProvider
ScenarioDescription : Autodiscover: Outlook Provider
Result              : Failure
Latency             : 114
Error               : Microsoft.Exchange.Management.Tasks.ServiceValidatorException: The Autodiscover response did not return a URL for Exchange Web Services. Response details:
                      <Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
                        <Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">
                          <User>
                            <DisplayName>User</DisplayName>
                            <LegacyDN>/o=ORG/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=User</LegacyDN>
                            <AutoDiscoverSMTPAddress>User@domain.com</AutoDiscoverSMTPAddress>
                            <DeploymentId>e3c75af6-a0b6-422c-aa21-c807481eb678</DeploymentId>
                          </User>
                          <Account>
                            <AccountType>email</AccountType>
                            <Action>settings</Action>
                            <MicrosoftOnline>False</MicrosoftOnline>
                            <Protocol>
                              <Type>WEB</Type>
                              <Internal>
                                <OWAUrl AuthenticationMethod="Basic, Fba">https://mail.domain.com/owa/</OWAUrl>
                              </Internal>
                              <External>
                                <OWAUrl AuthenticationMethod="Fba">https://mail.domain.com/owa/</OWAUrl>
                              </External>
                            </Protocol>
                          </Account>
                        </Response>
                      </Autodiscover>
Verbose             : [2016-07-22 16:14:57Z] Autodiscover connecting to 'https://autodiscover.domain.com/Autodiscover/Autodiscover.xml'.
                      [2016-07-22 16:14:57Z] Test account: User@domain.com Password: ******
                      [2016-07-22 16:14:57Z] Autodiscover request:
                      User-Agent: SRVEX13/Test-OutlookWebServices/User@domain.com
                      Content-Type: text/xml; charset=utf-8
                      Authorization: Negotiate TlRMTVNTUAADAAAAGAAYAJQAAAA+AT4BrAAAAAAAAABYAAAAKgAqAFgAAAASABIAggAAABAAEADqAQAAFYKI4gYDgCUAAAAPHCzAzgFNsPUMWilan2gG2mEAZABtAF8AZABkAGUAbABvAHI
                      AZQB5AEAAbgB0AHAAYwAuAGMAbwBtAEgAUgBTAFIAVgBFAFgAMQAzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALwAcJiiv4JhVUPJrnLNcKkBAQAAAAAAAPTsVjA05NEBlZt9i/roCPkAAAAAAgAIAE4AVABQAEMAAQASAFk
                      ASwBTAFIAVgBFAFgAMQAzAAQAEABuAHQAcABjAC4AYwBvAG0AAwAkAFkASwBTAFIAVgBFAFgAMQAzAC4AbgB0AHAAYwAuAGMAbwBtAAUAEABuAHQAcABjAC4AYwBvAG0ABwAIAPTsVjA05NEBBgAEAAIAAAAIADAAMAAAAAA
                      AAAAAAAAAAEAAADCjn39tC5WkvkL6GYaipL/gLodxt8yUENMy6UDEJU3DCgAQAAAAAAAAAAAAAAAAAAAAAAAJADQASABUAFQAUAAvAGEAdQB0AG8AZABpAHMAYwBvAHYAZQByAC4AbgB0AHAAYwAuAGMAbwBtAAAAAAAAAAA
                      AAAAAAEvYKBfS/OoFxZk76p75lRk=
                      Host: autodiscover.domain.com
                      Cookie: ClientId=E43B873C7C624E1F958835195A00BC5B
                      Content-Length: 453
                      Expect: 100-continue
                      [2016-07-22 16:14:57Z] Autodiscover request:
                      <?xml version="1.0"?>
                      <Autodiscover xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                      xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/requestschema/2006">
                        <Request>
                          <EMailAddress>User@domain.com</EMailAddress>
                          <AcceptableResponseSchema>http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a</AcceptableResponseSchema>
                        </Request>
                      </Autodiscover>
                      [2016-07-22 16:14:57Z] Autodiscover response:
                      request-id: 3a68e909-f467-495a-a72d-7729b6465b40
                      X-CalculatedBETarget: srvex13.domain.com
                      X-DiagInfo: SRVEX13
                      X-BEServer: SRVEX13
                      Persistent-Auth: true
                      X-FEServer: SRVEX13
                      Content-Length: 1060
                      Cache-Control: private
                      Content-Type: text/xml; charset=utf-8
                      Date: Fri, 22 Jul 2016 16:14:57 GMT
                      Set-Cookie: X-BackEndCookie=S-1-5-21-2660971776-2703906875-1903747800-6170=u56Lnp2ejJqBmZ7NxpqdzMjSnJnMy9LLnsvG0sbNz5vSzcfOy5vIy8adypzKgYHNz87J0s/H0s3Oq87Jxc7LxcrI;
                      expires=Sun, 21-Aug-2016 16:14:57 GMT; path=/Autodiscover; secure; HttpOnly
                      Server: Microsoft-IIS/8.5
                      X-AspNet-Version: 4.0.30319
                      X-Powered-By: ASP.NET
                      [2016-07-22 16:14:57Z] Autodiscover response:
                      <?xml version="1.0" encoding="utf-8"?>
                      <Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
                        <Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">
                          <User>
                            <DisplayName>User</DisplayName>
                            <LegacyDN>/o=Org/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=User</LegacyDN>
                            <AutoDiscoverSMTPAddress>User@domain.com</AutoDiscoverSMTPAddress>
                            <DeploymentId>e3c75af6-a0b6-422c-aa21-c807481eb678</DeploymentId>
                          </User>
                          <Account>
                            <AccountType>email</AccountType>
                            <Action>settings</Action>
                            <MicrosoftOnline>False</MicrosoftOnline>
                            <Protocol>
                              <Type>WEB</Type>
                              <Internal>
                                <OWAUrl AuthenticationMethod="Basic, Fba">https://mail.domain.com/owa/</OWAUrl>
                              </Internal>
                              <External>
                                <OWAUrl AuthenticationMethod="Fba">https://mail.domain.com/owa/</OWAUrl>
                              </External>
                            </Protocol>
                          </Account>
                        </Response>
                      </Autodiscover>
                      [2016-07-22 16:14:57Z] Autodiscover response:
                      Microsoft.Exchange.Management.Tasks.ServiceValidatorException: The Autodiscover response did not return a URL for Exchange Web Services. Response details:
                      <Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
                        <Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">
                          <User>
                            <DisplayName>User</DisplayName>
                            <LegacyDN>/o=Org/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=User</LegacyDN>
                            <AutoDiscoverSMTPAddress>User@domain.com</AutoDiscoverSMTPAddress>
                            <DeploymentId>e3c75af6-a0b6-422c-aa21-c807481eb678</DeploymentId>
                          </User>
                          <Account>
                            <AccountType>email</AccountType>
                            <Action>settings</Action>
                            <MicrosoftOnline>False</MicrosoftOnline>
                            <Protocol>
                              <Type>WEB</Type>
                              <Internal>
                                <OWAUrl AuthenticationMethod="Basic, Fba">https://mail.domain.com/owa/</OWAUrl>
                              </Internal>
                              <External>
                                <OWAUrl AuthenticationMethod="Fba">https://mail.domain.com/owa/</OWAUrl>
                              </External>
                            </Protocol>
                          </Account>
                        </Response>
                      </Autodiscover>
MonitoringEventId   : 6001

Things I've tried so far:
Disabling the Mailbox and reconnecting to user account to recreate all exchange user properties
Clearing the msExchDelegateListBL attribute.  It was clear I added a delegate mailbox and then removed it to test as well.
Ensure the LegacyExchangeDN was pointing to right place.

I'm out of options, any suggestions?
0
Comment
Question by:D'arcy Delorey
  • 3
4 Comments
 
LVL 44

Expert Comment

by:Adam Brown
ID: 41725081
Make sure the user object is configured to Inherit permissions. This is done by enabled advanced view in ADUC, then going to the security tab on the object. Advanced security window will let you determine if inheritance is enabled. If it isn't, then the Exchange servers will have difficulty reading the exchange properties needed to determine the right mailbox server to use for his account. I would look at that first, since it is a very common issue. Let us know the result.
0
 

Author Comment

by:D'arcy Delorey
ID: 41725085
Inheritance is indeed enabled and I can see the various Exchange permissions applied to user object.

A couple of other thoughts I should have included.

- User can access mailbox through OWA no problem, just not Outlook
- This is a returning user who was reenabled.  Exchange migration from 2007 to 2013 took place while user was away - though the LegacyExchangeDN and msExchHomeServerName are correctly listed.
0
 

Accepted Solution

by:
D'arcy Delorey earned 0 total points
ID: 41752513
I've figured out the issue, it was due to entries in the users 'protocolSettings' attribute in their Active Directory Properties.  The user had entries for MAPI, HTTPS, OWA, POP3, IMAP, etc.  I cleared the entries out and made them similar to other standard users and connectivity was restored.

I assume this was done when we were still on 2007 and user was terminated.

https://blogs.technet.microsoft.com/exchange/2005/07/27/enabling-and-disabling-mapi-andor-non-cached-access-per-user-in-exchange-2003-sp2/

http://www.msexchange.org/articles-tutorials/exchange-server-2003/management-administration/New-MAPI-Access-feature-Exchange-Server-2003-Service-Pack2.html
0
 

Author Closing Comment

by:D'arcy Delorey
ID: 41757586
I discovered the solution on my own through troubleshooting.
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A few solutions to a problem some of us have been having when trying to add Hostgator email accounts to Outlook 2016 (will probably work with Outlook 2013 as well).
I’m willing to make a bet that your organization stores sensitive data in your Windows File Servers; files and folders that you really don’t want making it into the wrong hands.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.
Suggested Courses
Course of the Month13 days, 1 hour left to enroll

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question