Link to home
Start Free TrialLog in
Avatar of Tomas Bjerved
Tomas BjervedFlag for Norway

asked on

Autodiscover not working when outside the organization

I have a client who have a Exchange 2013 server. When they are on their TS the Outlook works just fine. But if they try to connect when they are outside the organization they cannot. So I run the Connectivity check and I get several errors:



Attempting the Autodiscover and Exchange ActiveSync test (if requested).
       Testing of Autodiscover for Exchange ActiveSync failed.
       
      Additional Details
       
      Test Steps
       
      Attempting each method of contacting the Autodiscover service.
       The Autodiscover service couldn't be contacted successfully by any method.
       
      Additional Details
       
      Test Steps
       
      Attempting to test potential Autodiscover URL https://contoso.no:443/Autodiscover/Autodiscover.xml
       Testing of this potential Autodiscover URL failed.
       
      Additional Details
       
      Test Steps
       
      Attempting to resolve the host name contoso.no in DNS.
       The host name resolved successfully.
       
      Additional Details
      Testing TCP port 443 on host contoso.no to ensure it's listening and open.
       The port was opened successfully.
       
      Additional Details
      Testing the SSL certificate to make sure it's valid.
       The SSL certificate failed one or more certificate validation checks.
       
      Additional Details
       
Elapsed Time: 454 ms.
       
      Test Steps
       
      The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server contoso.no on port 443.
       The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
       
      Additional Details
      Validating the certificate name.
       Certificate name validation failed.
        Tell me more about this issue and how to resolve it
       
      Additional Details
      Attempting to test potential Autodiscover URL https://autodiscover.contoso.no:443/Autodiscover/Autodiscover.xml
       Testing of this potential Autodiscover URL failed.
       
      Additional Details
       
      Test Steps
       
      Attempting to resolve the host name autodiscover.contoso.no in DNS.
       The host name resolved successfully.
       
      Additional Details
      Testing TCP port 443 on host autodiscover.contoso.no to ensure it's listening and open.
       The port was opened successfully.
       
      Additional Details
       
Elapsed Time: 230 ms.
      Testing the SSL certificate to make sure it's valid.
       The SSL certificate failed one or more certificate validation checks.
       
      Additional Details
       
Elapsed Time: 455 ms.
       
      Test Steps
       
      The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server autodiscover.contoso.no on port 443.
       The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
       
      Additional Details
       
Remote Certificate Subject: CN=*.iterumasp.no, OU=Domain Control Validated, Issuer: CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US.
Elapsed Time: 431 ms.
      Validating the certificate name.
       Certificate name validation failed.
        Tell me more about this issue and how to resolve it
       
      Additional Details
       
Host name autodiscover.contoso.no doesn't match any name found on the server certificate CN=*.iterumasp.no, OU=Domain Control Validated.
Elapsed Time: 0 ms.
      Attempting to contact the Autodiscover service using the HTTP redirect method.
       The attempt to contact Autodiscover using the HTTP Redirect method failed.
       
      Additional Details
       
      Test Steps
       
      Attempting to resolve the host name autodiscover.contoso.no in DNS.
       The host name resolved successfully.
       
      Additional Details
       
IP addresses returned: 188.92.82.137
Elapsed Time: 7 ms.
      Testing TCP port 80 on host autodiscover.contoso.no to ensure it's listening and open.
       The specified port is either blocked, not listening, or not producing the expected response.
        Tell me more about this issue and how to resolve it
       
      Additional Details
       
A network error occurred while communicating with the remote host.
Elapsed Time: 1688 ms.
      Attempting to contact the Autodiscover service using the DNS SRV redirect method.
       The Microsoft Connectivity Analyzer failed to contact the Autodiscover service using the DNS SRV redirect method.
       
      Additional Details
       
Elapsed Time: 2 ms.
       
      Test Steps
       
      Attempting to locate SRV record _autodiscover._tcp.contoso.no in DNS.
       The Autodiscover SRV record wasn't found in DNS.
        Tell me more about this issue and how to resolve it
       
      Additional Details
       
Elapsed Time: 2 ms.


The DNS is configured like this:

Name      Type      Content      Priority      TTL
autodiscover.contoso.no      CNAME      domain.ispvendor.no             3600
mx.contoso.no      A      192.168.100.100             600
oldaepost.contoso.no      TXT      "192.168.100.200"             7200
oldmail.contoso.no      TXT      "192.168.100.300"             7200
oldmx10.contoso.no      TXT      "email.contoso.no."             7200
contoso.no      SOA      ns1.idium.net. hostmaster.idium.net. 2016101700 86400 900 1814400 3600             7200
contoso.no      NS      ns1.idium.net             7200
contoso.no      NS      ns2.idium.net             7200
contoso.no      MX      gw1.security.comendo.com      10      1200
contoso.no      MX      gw1.security.comendo.com      20      1200
contoso.no      A      192.168.100.800                   7200
www.contoso.no      CNAME      contoso.no


I'm not sure if the problem is DNS or Certificate, any tip?
Avatar of Akhater
Akhater
Flag of Lebanon image

The certificate you have on exchange is *.iterumasp.no and your autodiscover is autodiscover.contoso.no this won't work for you.

You need to change the certificate on your exchange server to include your autodiscover
Avatar of Tomas Bjerved

ASKER

ah, I forgot to change this detail. The iterumasp.no is part of the network, the contoso is actually pointing to this adress.
ASKER CERTIFIED SOLUTION
Avatar of LesterClayton
LesterClayton
Flag of Norway image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
autodiscover.iterumasp.no does not exist your mail domain is not @ iterumasp.no is it ?

Lester's proposition will also work
After cehcking in the DNS settings we see that this record is needed.