Tomas Bjerved
asked on
Autodiscover not working when outside the organization
I have a client who have a Exchange 2013 server. When they are on their TS the Outlook works just fine. But if they try to connect when they are outside the organization they cannot. So I run the Connectivity check and I get several errors:
Attempting the Autodiscover and Exchange ActiveSync test (if requested).
Testing of Autodiscover for Exchange ActiveSync failed.
Additional Details
Test Steps
Attempting each method of contacting the Autodiscover service.
The Autodiscover service couldn't be contacted successfully by any method.
Additional Details
Test Steps
Attempting to test potential Autodiscover URL https://contoso.no:443/Autodiscover/Autodiscover.xml
Testing of this potential Autodiscover URL failed.
Additional Details
Test Steps
Attempting to resolve the host name contoso.no in DNS.
The host name resolved successfully.
Additional Details
Testing TCP port 443 on host contoso.no to ensure it's listening and open.
The port was opened successfully.
Additional Details
Testing the SSL certificate to make sure it's valid.
The SSL certificate failed one or more certificate validation checks.
Additional Details
Elapsed Time: 454 ms.
Test Steps
The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server contoso.no on port 443.
The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
Additional Details
Validating the certificate name.
Certificate name validation failed.
Tell me more about this issue and how to resolve it
Additional Details
Attempting to test potential Autodiscover URL https://autodiscover.contoso.no:443/Autodiscover/Autodiscover.xml
Testing of this potential Autodiscover URL failed.
Additional Details
Test Steps
Attempting to resolve the host name autodiscover.contoso.no in DNS.
The host name resolved successfully.
Additional Details
Testing TCP port 443 on host autodiscover.contoso.no to ensure it's listening and open.
The port was opened successfully.
Additional Details
Elapsed Time: 230 ms.
Testing the SSL certificate to make sure it's valid.
The SSL certificate failed one or more certificate validation checks.
Additional Details
Elapsed Time: 455 ms.
Test Steps
The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server autodiscover.contoso.no on port 443.
The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
Additional Details
Remote Certificate Subject: CN=*.iterumasp.no, OU=Domain Control Validated, Issuer: CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US.
Elapsed Time: 431 ms.
Validating the certificate name.
Certificate name validation failed.
Tell me more about this issue and how to resolve it
Additional Details
Host name autodiscover.contoso.no doesn't match any name found on the server certificate CN=*.iterumasp.no, OU=Domain Control Validated.
Elapsed Time: 0 ms.
Attempting to contact the Autodiscover service using the HTTP redirect method.
The attempt to contact Autodiscover using the HTTP Redirect method failed.
Additional Details
Test Steps
Attempting to resolve the host name autodiscover.contoso.no in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 188.92.82.137
Elapsed Time: 7 ms.
Testing TCP port 80 on host autodiscover.contoso.no to ensure it's listening and open.
The specified port is either blocked, not listening, or not producing the expected response.
Tell me more about this issue and how to resolve it
Additional Details
A network error occurred while communicating with the remote host.
Elapsed Time: 1688 ms.
Attempting to contact the Autodiscover service using the DNS SRV redirect method.
The Microsoft Connectivity Analyzer failed to contact the Autodiscover service using the DNS SRV redirect method.
Additional Details
Elapsed Time: 2 ms.
Test Steps
Attempting to locate SRV record _autodiscover._tcp.contoso .no in DNS.
The Autodiscover SRV record wasn't found in DNS.
Tell me more about this issue and how to resolve it
Additional Details
Elapsed Time: 2 ms.
The DNS is configured like this:
Name Type Content Priority TTL
autodiscover.contoso.no CNAME domain.ispvendor.no 3600
mx.contoso.no A 192.168.100.100 600
oldaepost.contoso.no TXT "192.168.100.200" 7200
oldmail.contoso.no TXT "192.168.100.300" 7200
oldmx10.contoso.no TXT "email.contoso.no." 7200
contoso.no SOA ns1.idium.net. hostmaster.idium.net. 2016101700 86400 900 1814400 3600 7200
contoso.no NS ns1.idium.net 7200
contoso.no NS ns2.idium.net 7200
contoso.no MX gw1.security.comendo.com 10 1200
contoso.no MX gw1.security.comendo.com 20 1200
contoso.no A 192.168.100.800 7200
www.contoso.no CNAME contoso.no
I'm not sure if the problem is DNS or Certificate, any tip?
Attempting the Autodiscover and Exchange ActiveSync test (if requested).
Testing of Autodiscover for Exchange ActiveSync failed.
Additional Details
Test Steps
Attempting each method of contacting the Autodiscover service.
The Autodiscover service couldn't be contacted successfully by any method.
Additional Details
Test Steps
Attempting to test potential Autodiscover URL https://contoso.no:443/Autodiscover/Autodiscover.xml
Testing of this potential Autodiscover URL failed.
Additional Details
Test Steps
Attempting to resolve the host name contoso.no in DNS.
The host name resolved successfully.
Additional Details
Testing TCP port 443 on host contoso.no to ensure it's listening and open.
The port was opened successfully.
Additional Details
Testing the SSL certificate to make sure it's valid.
The SSL certificate failed one or more certificate validation checks.
Additional Details
Elapsed Time: 454 ms.
Test Steps
The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server contoso.no on port 443.
The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
Additional Details
Validating the certificate name.
Certificate name validation failed.
Tell me more about this issue and how to resolve it
Additional Details
Attempting to test potential Autodiscover URL https://autodiscover.contoso.no:443/Autodiscover/Autodiscover.xml
Testing of this potential Autodiscover URL failed.
Additional Details
Test Steps
Attempting to resolve the host name autodiscover.contoso.no in DNS.
The host name resolved successfully.
Additional Details
Testing TCP port 443 on host autodiscover.contoso.no to ensure it's listening and open.
The port was opened successfully.
Additional Details
Elapsed Time: 230 ms.
Testing the SSL certificate to make sure it's valid.
The SSL certificate failed one or more certificate validation checks.
Additional Details
Elapsed Time: 455 ms.
Test Steps
The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server autodiscover.contoso.no on port 443.
The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
Additional Details
Remote Certificate Subject: CN=*.iterumasp.no, OU=Domain Control Validated, Issuer: CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US.
Elapsed Time: 431 ms.
Validating the certificate name.
Certificate name validation failed.
Tell me more about this issue and how to resolve it
Additional Details
Host name autodiscover.contoso.no doesn't match any name found on the server certificate CN=*.iterumasp.no, OU=Domain Control Validated.
Elapsed Time: 0 ms.
Attempting to contact the Autodiscover service using the HTTP redirect method.
The attempt to contact Autodiscover using the HTTP Redirect method failed.
Additional Details
Test Steps
Attempting to resolve the host name autodiscover.contoso.no in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 188.92.82.137
Elapsed Time: 7 ms.
Testing TCP port 80 on host autodiscover.contoso.no to ensure it's listening and open.
The specified port is either blocked, not listening, or not producing the expected response.
Tell me more about this issue and how to resolve it
Additional Details
A network error occurred while communicating with the remote host.
Elapsed Time: 1688 ms.
Attempting to contact the Autodiscover service using the DNS SRV redirect method.
The Microsoft Connectivity Analyzer failed to contact the Autodiscover service using the DNS SRV redirect method.
Additional Details
Elapsed Time: 2 ms.
Test Steps
Attempting to locate SRV record _autodiscover._tcp.contoso
The Autodiscover SRV record wasn't found in DNS.
Tell me more about this issue and how to resolve it
Additional Details
Elapsed Time: 2 ms.
The DNS is configured like this:
Name Type Content Priority TTL
autodiscover.contoso.no CNAME domain.ispvendor.no 3600
mx.contoso.no A 192.168.100.100 600
oldaepost.contoso.no TXT "192.168.100.200" 7200
oldmail.contoso.no TXT "192.168.100.300" 7200
oldmx10.contoso.no TXT "email.contoso.no." 7200
contoso.no SOA ns1.idium.net. hostmaster.idium.net. 2016101700 86400 900 1814400 3600 7200
contoso.no NS ns1.idium.net 7200
contoso.no NS ns2.idium.net 7200
contoso.no MX gw1.security.comendo.com 10 1200
contoso.no MX gw1.security.comendo.com 20 1200
contoso.no A 192.168.100.800 7200
www.contoso.no CNAME contoso.no
I'm not sure if the problem is DNS or Certificate, any tip?
ASKER
ah, I forgot to change this detail. The iterumasp.no is part of the network, the contoso is actually pointing to this adress.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
autodiscover.iterumasp.no does not exist your mail domain is not @ iterumasp.no is it ?
Lester's proposition will also work
Lester's proposition will also work
ASKER
After cehcking in the DNS settings we see that this record is needed.
You need to change the certificate on your exchange server to include your autodiscover