Solved

Autodiscover not working when outside the organization

Posted on 2016-11-15
5
128 Views
Last Modified: 2016-11-16
I have a client who have a Exchange 2013 server. When they are on their TS the Outlook works just fine. But if they try to connect when they are outside the organization they cannot. So I run the Connectivity check and I get several errors:



Attempting the Autodiscover and Exchange ActiveSync test (if requested).
       Testing of Autodiscover for Exchange ActiveSync failed.
       
      Additional Details
       
      Test Steps
       
      Attempting each method of contacting the Autodiscover service.
       The Autodiscover service couldn't be contacted successfully by any method.
       
      Additional Details
       
      Test Steps
       
      Attempting to test potential Autodiscover URL https://contoso.no:443/Autodiscover/Autodiscover.xml
       Testing of this potential Autodiscover URL failed.
       
      Additional Details
       
      Test Steps
       
      Attempting to resolve the host name contoso.no in DNS.
       The host name resolved successfully.
       
      Additional Details
      Testing TCP port 443 on host contoso.no to ensure it's listening and open.
       The port was opened successfully.
       
      Additional Details
      Testing the SSL certificate to make sure it's valid.
       The SSL certificate failed one or more certificate validation checks.
       
      Additional Details
       
Elapsed Time: 454 ms.
       
      Test Steps
       
      The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server contoso.no on port 443.
       The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
       
      Additional Details
      Validating the certificate name.
       Certificate name validation failed.
        Tell me more about this issue and how to resolve it
       
      Additional Details
      Attempting to test potential Autodiscover URL https://autodiscover.contoso.no:443/Autodiscover/Autodiscover.xml
       Testing of this potential Autodiscover URL failed.
       
      Additional Details
       
      Test Steps
       
      Attempting to resolve the host name autodiscover.contoso.no in DNS.
       The host name resolved successfully.
       
      Additional Details
      Testing TCP port 443 on host autodiscover.contoso.no to ensure it's listening and open.
       The port was opened successfully.
       
      Additional Details
       
Elapsed Time: 230 ms.
      Testing the SSL certificate to make sure it's valid.
       The SSL certificate failed one or more certificate validation checks.
       
      Additional Details
       
Elapsed Time: 455 ms.
       
      Test Steps
       
      The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server autodiscover.contoso.no on port 443.
       The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
       
      Additional Details
       
Remote Certificate Subject: CN=*.iterumasp.no, OU=Domain Control Validated, Issuer: CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US.
Elapsed Time: 431 ms.
      Validating the certificate name.
       Certificate name validation failed.
        Tell me more about this issue and how to resolve it
       
      Additional Details
       
Host name autodiscover.contoso.no doesn't match any name found on the server certificate CN=*.iterumasp.no, OU=Domain Control Validated.
Elapsed Time: 0 ms.
      Attempting to contact the Autodiscover service using the HTTP redirect method.
       The attempt to contact Autodiscover using the HTTP Redirect method failed.
       
      Additional Details
       
      Test Steps
       
      Attempting to resolve the host name autodiscover.contoso.no in DNS.
       The host name resolved successfully.
       
      Additional Details
       
IP addresses returned: 188.92.82.137
Elapsed Time: 7 ms.
      Testing TCP port 80 on host autodiscover.contoso.no to ensure it's listening and open.
       The specified port is either blocked, not listening, or not producing the expected response.
        Tell me more about this issue and how to resolve it
       
      Additional Details
       
A network error occurred while communicating with the remote host.
Elapsed Time: 1688 ms.
      Attempting to contact the Autodiscover service using the DNS SRV redirect method.
       The Microsoft Connectivity Analyzer failed to contact the Autodiscover service using the DNS SRV redirect method.
       
      Additional Details
       
Elapsed Time: 2 ms.
       
      Test Steps
       
      Attempting to locate SRV record _autodiscover._tcp.contoso.no in DNS.
       The Autodiscover SRV record wasn't found in DNS.
        Tell me more about this issue and how to resolve it
       
      Additional Details
       
Elapsed Time: 2 ms.


The DNS is configured like this:

Name      Type      Content      Priority      TTL
autodiscover.contoso.no      CNAME      domain.ispvendor.no             3600
mx.contoso.no      A      192.168.100.100             600
oldaepost.contoso.no      TXT      "192.168.100.200"             7200
oldmail.contoso.no      TXT      "192.168.100.300"             7200
oldmx10.contoso.no      TXT      "email.contoso.no."             7200
contoso.no      SOA      ns1.idium.net. hostmaster.idium.net. 2016101700 86400 900 1814400 3600             7200
contoso.no      NS      ns1.idium.net             7200
contoso.no      NS      ns2.idium.net             7200
contoso.no      MX      gw1.security.comendo.com      10      1200
contoso.no      MX      gw1.security.comendo.com      20      1200
contoso.no      A      192.168.100.800                   7200
www.contoso.no      CNAME      contoso.no


I'm not sure if the problem is DNS or Certificate, any tip?
0
Comment
Question by:Tomas Bjerved
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 49

Expert Comment

by:Akhater
ID: 41887687
The certificate you have on exchange is *.iterumasp.no and your autodiscover is autodiscover.contoso.no this won't work for you.

You need to change the certificate on your exchange server to include your autodiscover
0
 
LVL 1

Author Comment

by:Tomas Bjerved
ID: 41887692
ah, I forgot to change this detail. The iterumasp.no is part of the network, the contoso is actually pointing to this adress.
0
 
LVL 18

Accepted Solution

by:
LesterClayton earned 500 total points
ID: 41887696
Without knowing your actual domain, it's hard for me to verify this, but autodiscover will not work using any of the first 3 methods if your ISP uses a wildcard certificate (*.iterumasp.no), and this is not your actual mail domain.  You need to create SRV records to point to your autodiscover server for it to be considered valid.  The 4th test - SRV records - will need to succeed.

In which case your SRV record should look like this:

_autodiscover._tcp.contoso.no        SRV service location:
          priority       = 0
          weight         = 0
          port           = 443
          svr hostname   = something.iterumasp.no
1
 
LVL 49

Expert Comment

by:Akhater
ID: 41887698
autodiscover.iterumasp.no does not exist your mail domain is not @ iterumasp.no is it ?

Lester's proposition will also work
0
 
LVL 1

Author Closing Comment

by:Tomas Bjerved
ID: 41889581
After cehcking in the DNS settings we see that this record is needed.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Unified and professional email signatures help maintain a consistent company brand image to the outside world. This article shows how to create an email signature in Exchange Server 2010 using a transport rule and how to overcome native limitations …
Check out this step-by-step guide for using the newly updated Experts Exchange mobile app—released on May 30.
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
This Experts Exchange video Micro Tutorial shows how to tell Microsoft Office that a word is NOT spelled correctly. Microsoft Office has a built-in, main dictionary that is shared by Office apps, including Excel, Outlook, PowerPoint, and Word. When …
Suggested Courses

615 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question