?
Solved

Outlook Autodiscover Failing for Single User

Posted on 2016-07-22
4
Medium Priority
?
323 Views
Last Modified: 2016-08-16
Outlook Autodisover is failing for a single user in our domain, Outlook won't resolve the server to connect.

If I run the following powershell command here is what I get:

Test-OutlookWebServices -Identity User@domain.com -MailboxCredential (get-credential)

Source                              ServiceEndpoint                    Scenario                                             Result  Latency
                                                                                                                                                                        (MS)
------                                    ---------------                              --------                                                  ------         -------
SRVEX13.domain.com    autodiscover.domain.com       Autodiscover: Outlook Provider    Failure     159
SRVEX13.domain.com                                                          Exchange Web Services                  Skipped       0
SRVEX13.domain.com                                                          Availability Service                           Skipped       0
SRVEX13.domain.com                                                          Offline Address Book                      Skipped       0

If I run it against other users, I get success across the board.

Full Error is here:
RunspaceId          : 2661e5f6-6ad2-4204-bd5a-4dd5ce92a4c5
Source              : SRVEX13.domain.com
ServiceEndpoint     : autodiscover.domain.com
Scenario            : AutoDiscoverOutlookProvider
ScenarioDescription : Autodiscover: Outlook Provider
Result              : Failure
Latency             : 114
Error               : Microsoft.Exchange.Management.Tasks.ServiceValidatorException: The Autodiscover response did not return a URL for Exchange Web Services. Response details:
                      <Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
                        <Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">
                          <User>
                            <DisplayName>User</DisplayName>
                            <LegacyDN>/o=ORG/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=User</LegacyDN>
                            <AutoDiscoverSMTPAddress>User@domain.com</AutoDiscoverSMTPAddress>
                            <DeploymentId>e3c75af6-a0b6-422c-aa21-c807481eb678</DeploymentId>
                          </User>
                          <Account>
                            <AccountType>email</AccountType>
                            <Action>settings</Action>
                            <MicrosoftOnline>False</MicrosoftOnline>
                            <Protocol>
                              <Type>WEB</Type>
                              <Internal>
                                <OWAUrl AuthenticationMethod="Basic, Fba">https://mail.domain.com/owa/</OWAUrl>
                              </Internal>
                              <External>
                                <OWAUrl AuthenticationMethod="Fba">https://mail.domain.com/owa/</OWAUrl>
                              </External>
                            </Protocol>
                          </Account>
                        </Response>
                      </Autodiscover>
Verbose             : [2016-07-22 16:14:57Z] Autodiscover connecting to 'https://autodiscover.domain.com/Autodiscover/Autodiscover.xml'.
                      [2016-07-22 16:14:57Z] Test account: User@domain.com Password: ******
                      [2016-07-22 16:14:57Z] Autodiscover request:
                      User-Agent: SRVEX13/Test-OutlookWebServices/User@domain.com
                      Content-Type: text/xml; charset=utf-8
                      Authorization: Negotiate TlRMTVNTUAADAAAAGAAYAJQAAAA+AT4BrAAAAAAAAABYAAAAKgAqAFgAAAASABIAggAAABAAEADqAQAAFYKI4gYDgCUAAAAPHCzAzgFNsPUMWilan2gG2mEAZABtAF8AZABkAGUAbABvAHI
                      AZQB5AEAAbgB0AHAAYwAuAGMAbwBtAEgAUgBTAFIAVgBFAFgAMQAzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALwAcJiiv4JhVUPJrnLNcKkBAQAAAAAAAPTsVjA05NEBlZt9i/roCPkAAAAAAgAIAE4AVABQAEMAAQASAFk
                      ASwBTAFIAVgBFAFgAMQAzAAQAEABuAHQAcABjAC4AYwBvAG0AAwAkAFkASwBTAFIAVgBFAFgAMQAzAC4AbgB0AHAAYwAuAGMAbwBtAAUAEABuAHQAcABjAC4AYwBvAG0ABwAIAPTsVjA05NEBBgAEAAIAAAAIADAAMAAAAAA
                      AAAAAAAAAAEAAADCjn39tC5WkvkL6GYaipL/gLodxt8yUENMy6UDEJU3DCgAQAAAAAAAAAAAAAAAAAAAAAAAJADQASABUAFQAUAAvAGEAdQB0AG8AZABpAHMAYwBvAHYAZQByAC4AbgB0AHAAYwAuAGMAbwBtAAAAAAAAAAA
                      AAAAAAEvYKBfS/OoFxZk76p75lRk=
                      Host: autodiscover.domain.com
                      Cookie: ClientId=E43B873C7C624E1F958835195A00BC5B
                      Content-Length: 453
                      Expect: 100-continue
                      [2016-07-22 16:14:57Z] Autodiscover request:
                      <?xml version="1.0"?>
                      <Autodiscover xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                      xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/requestschema/2006">
                        <Request>
                          <EMailAddress>User@domain.com</EMailAddress>
                          <AcceptableResponseSchema>http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a</AcceptableResponseSchema>
                        </Request>
                      </Autodiscover>
                      [2016-07-22 16:14:57Z] Autodiscover response:
                      request-id: 3a68e909-f467-495a-a72d-7729b6465b40
                      X-CalculatedBETarget: srvex13.domain.com
                      X-DiagInfo: SRVEX13
                      X-BEServer: SRVEX13
                      Persistent-Auth: true
                      X-FEServer: SRVEX13
                      Content-Length: 1060
                      Cache-Control: private
                      Content-Type: text/xml; charset=utf-8
                      Date: Fri, 22 Jul 2016 16:14:57 GMT
                      Set-Cookie: X-BackEndCookie=S-1-5-21-2660971776-2703906875-1903747800-6170=u56Lnp2ejJqBmZ7NxpqdzMjSnJnMy9LLnsvG0sbNz5vSzcfOy5vIy8adypzKgYHNz87J0s/H0s3Oq87Jxc7LxcrI;
                      expires=Sun, 21-Aug-2016 16:14:57 GMT; path=/Autodiscover; secure; HttpOnly
                      Server: Microsoft-IIS/8.5
                      X-AspNet-Version: 4.0.30319
                      X-Powered-By: ASP.NET
                      [2016-07-22 16:14:57Z] Autodiscover response:
                      <?xml version="1.0" encoding="utf-8"?>
                      <Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
                        <Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">
                          <User>
                            <DisplayName>User</DisplayName>
                            <LegacyDN>/o=Org/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=User</LegacyDN>
                            <AutoDiscoverSMTPAddress>User@domain.com</AutoDiscoverSMTPAddress>
                            <DeploymentId>e3c75af6-a0b6-422c-aa21-c807481eb678</DeploymentId>
                          </User>
                          <Account>
                            <AccountType>email</AccountType>
                            <Action>settings</Action>
                            <MicrosoftOnline>False</MicrosoftOnline>
                            <Protocol>
                              <Type>WEB</Type>
                              <Internal>
                                <OWAUrl AuthenticationMethod="Basic, Fba">https://mail.domain.com/owa/</OWAUrl>
                              </Internal>
                              <External>
                                <OWAUrl AuthenticationMethod="Fba">https://mail.domain.com/owa/</OWAUrl>
                              </External>
                            </Protocol>
                          </Account>
                        </Response>
                      </Autodiscover>
                      [2016-07-22 16:14:57Z] Autodiscover response:
                      Microsoft.Exchange.Management.Tasks.ServiceValidatorException: The Autodiscover response did not return a URL for Exchange Web Services. Response details:
                      <Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
                        <Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">
                          <User>
                            <DisplayName>User</DisplayName>
                            <LegacyDN>/o=Org/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=User</LegacyDN>
                            <AutoDiscoverSMTPAddress>User@domain.com</AutoDiscoverSMTPAddress>
                            <DeploymentId>e3c75af6-a0b6-422c-aa21-c807481eb678</DeploymentId>
                          </User>
                          <Account>
                            <AccountType>email</AccountType>
                            <Action>settings</Action>
                            <MicrosoftOnline>False</MicrosoftOnline>
                            <Protocol>
                              <Type>WEB</Type>
                              <Internal>
                                <OWAUrl AuthenticationMethod="Basic, Fba">https://mail.domain.com/owa/</OWAUrl>
                              </Internal>
                              <External>
                                <OWAUrl AuthenticationMethod="Fba">https://mail.domain.com/owa/</OWAUrl>
                              </External>
                            </Protocol>
                          </Account>
                        </Response>
                      </Autodiscover>
MonitoringEventId   : 6001

Things I've tried so far:
Disabling the Mailbox and reconnecting to user account to recreate all exchange user properties
Clearing the msExchDelegateListBL attribute.  It was clear I added a delegate mailbox and then removed it to test as well.
Ensure the LegacyExchangeDN was pointing to right place.

I'm out of options, any suggestions?
0
Comment
Question by:D'arcy Delorey
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 42

Expert Comment

by:Adam Brown
ID: 41725081
Make sure the user object is configured to Inherit permissions. This is done by enabled advanced view in ADUC, then going to the security tab on the object. Advanced security window will let you determine if inheritance is enabled. If it isn't, then the Exchange servers will have difficulty reading the exchange properties needed to determine the right mailbox server to use for his account. I would look at that first, since it is a very common issue. Let us know the result.
0
 

Author Comment

by:D'arcy Delorey
ID: 41725085
Inheritance is indeed enabled and I can see the various Exchange permissions applied to user object.

A couple of other thoughts I should have included.

- User can access mailbox through OWA no problem, just not Outlook
- This is a returning user who was reenabled.  Exchange migration from 2007 to 2013 took place while user was away - though the LegacyExchangeDN and msExchHomeServerName are correctly listed.
0
 

Accepted Solution

by:
D'arcy Delorey earned 0 total points
ID: 41752513
I've figured out the issue, it was due to entries in the users 'protocolSettings' attribute in their Active Directory Properties.  The user had entries for MAPI, HTTPS, OWA, POP3, IMAP, etc.  I cleared the entries out and made them similar to other standard users and connectivity was restored.

I assume this was done when we were still on 2007 and user was terminated.

https://blogs.technet.microsoft.com/exchange/2005/07/27/enabling-and-disabling-mapi-andor-non-cached-access-per-user-in-exchange-2003-sp2/

http://www.msexchange.org/articles-tutorials/exchange-server-2003/management-administration/New-MAPI-Access-feature-Exchange-Server-2003-Service-Pack2.html
0
 

Author Closing Comment

by:D'arcy Delorey
ID: 41757586
I discovered the solution on my own through troubleshooting.
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will help to fix the below error for MS Exchange server 2010 I. Out Of office not working II. Certificate error "name on the security certificate is invalid or does not match the name of the site" III. Make Internal URLs and External…
If you troubleshoot Outlook for clients, you may want to know a bit more about the OST file before doing your next job. IMAP can cause a lot of drama if removed in the accounts without backing up.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
Suggested Courses
Course of the Month13 days, 1 hour left to enroll

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question