Solved

Autodiscover not working when outside the organization

Posted on 2016-11-15
5
63 Views
Last Modified: 2016-11-16
I have a client who have a Exchange 2013 server. When they are on their TS the Outlook works just fine. But if they try to connect when they are outside the organization they cannot. So I run the Connectivity check and I get several errors:



Attempting the Autodiscover and Exchange ActiveSync test (if requested).
       Testing of Autodiscover for Exchange ActiveSync failed.
       
      Additional Details
       
      Test Steps
       
      Attempting each method of contacting the Autodiscover service.
       The Autodiscover service couldn't be contacted successfully by any method.
       
      Additional Details
       
      Test Steps
       
      Attempting to test potential Autodiscover URL https://contoso.no:443/Autodiscover/Autodiscover.xml
       Testing of this potential Autodiscover URL failed.
       
      Additional Details
       
      Test Steps
       
      Attempting to resolve the host name contoso.no in DNS.
       The host name resolved successfully.
       
      Additional Details
      Testing TCP port 443 on host contoso.no to ensure it's listening and open.
       The port was opened successfully.
       
      Additional Details
      Testing the SSL certificate to make sure it's valid.
       The SSL certificate failed one or more certificate validation checks.
       
      Additional Details
       
Elapsed Time: 454 ms.
       
      Test Steps
       
      The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server contoso.no on port 443.
       The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
       
      Additional Details
      Validating the certificate name.
       Certificate name validation failed.
        Tell me more about this issue and how to resolve it
       
      Additional Details
      Attempting to test potential Autodiscover URL https://autodiscover.contoso.no:443/Autodiscover/Autodiscover.xml
       Testing of this potential Autodiscover URL failed.
       
      Additional Details
       
      Test Steps
       
      Attempting to resolve the host name autodiscover.contoso.no in DNS.
       The host name resolved successfully.
       
      Additional Details
      Testing TCP port 443 on host autodiscover.contoso.no to ensure it's listening and open.
       The port was opened successfully.
       
      Additional Details
       
Elapsed Time: 230 ms.
      Testing the SSL certificate to make sure it's valid.
       The SSL certificate failed one or more certificate validation checks.
       
      Additional Details
       
Elapsed Time: 455 ms.
       
      Test Steps
       
      The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server autodiscover.contoso.no on port 443.
       The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
       
      Additional Details
       
Remote Certificate Subject: CN=*.iterumasp.no, OU=Domain Control Validated, Issuer: CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US.
Elapsed Time: 431 ms.
      Validating the certificate name.
       Certificate name validation failed.
        Tell me more about this issue and how to resolve it
       
      Additional Details
       
Host name autodiscover.contoso.no doesn't match any name found on the server certificate CN=*.iterumasp.no, OU=Domain Control Validated.
Elapsed Time: 0 ms.
      Attempting to contact the Autodiscover service using the HTTP redirect method.
       The attempt to contact Autodiscover using the HTTP Redirect method failed.
       
      Additional Details
       
      Test Steps
       
      Attempting to resolve the host name autodiscover.contoso.no in DNS.
       The host name resolved successfully.
       
      Additional Details
       
IP addresses returned: 188.92.82.137
Elapsed Time: 7 ms.
      Testing TCP port 80 on host autodiscover.contoso.no to ensure it's listening and open.
       The specified port is either blocked, not listening, or not producing the expected response.
        Tell me more about this issue and how to resolve it
       
      Additional Details
       
A network error occurred while communicating with the remote host.
Elapsed Time: 1688 ms.
      Attempting to contact the Autodiscover service using the DNS SRV redirect method.
       The Microsoft Connectivity Analyzer failed to contact the Autodiscover service using the DNS SRV redirect method.
       
      Additional Details
       
Elapsed Time: 2 ms.
       
      Test Steps
       
      Attempting to locate SRV record _autodiscover._tcp.contoso.no in DNS.
       The Autodiscover SRV record wasn't found in DNS.
        Tell me more about this issue and how to resolve it
       
      Additional Details
       
Elapsed Time: 2 ms.


The DNS is configured like this:

Name      Type      Content      Priority      TTL
autodiscover.contoso.no      CNAME      domain.ispvendor.no             3600
mx.contoso.no      A      192.168.100.100             600
oldaepost.contoso.no      TXT      "192.168.100.200"             7200
oldmail.contoso.no      TXT      "192.168.100.300"             7200
oldmx10.contoso.no      TXT      "email.contoso.no."             7200
contoso.no      SOA      ns1.idium.net. hostmaster.idium.net. 2016101700 86400 900 1814400 3600             7200
contoso.no      NS      ns1.idium.net             7200
contoso.no      NS      ns2.idium.net             7200
contoso.no      MX      gw1.security.comendo.com      10      1200
contoso.no      MX      gw1.security.comendo.com      20      1200
contoso.no      A      192.168.100.800                   7200
www.contoso.no      CNAME      contoso.no


I'm not sure if the problem is DNS or Certificate, any tip?
0
Comment
Question by:Tomas Bjerved
  • 2
  • 2
5 Comments
 
LVL 49

Expert Comment

by:Akhater
ID: 41887687
The certificate you have on exchange is *.iterumasp.no and your autodiscover is autodiscover.contoso.no this won't work for you.

You need to change the certificate on your exchange server to include your autodiscover
0
 
LVL 1

Author Comment

by:Tomas Bjerved
ID: 41887692
ah, I forgot to change this detail. The iterumasp.no is part of the network, the contoso is actually pointing to this adress.
0
 
LVL 18

Accepted Solution

by:
LesterClayton earned 500 total points
ID: 41887696
Without knowing your actual domain, it's hard for me to verify this, but autodiscover will not work using any of the first 3 methods if your ISP uses a wildcard certificate (*.iterumasp.no), and this is not your actual mail domain.  You need to create SRV records to point to your autodiscover server for it to be considered valid.  The 4th test - SRV records - will need to succeed.

In which case your SRV record should look like this:

_autodiscover._tcp.contoso.no        SRV service location:
          priority       = 0
          weight         = 0
          port           = 443
          svr hostname   = something.iterumasp.no
1
 
LVL 49

Expert Comment

by:Akhater
ID: 41887698
autodiscover.iterumasp.no does not exist your mail domain is not @ iterumasp.no is it ?

Lester's proposition will also work
0
 
LVL 1

Author Closing Comment

by:Tomas Bjerved
ID: 41889581
After cehcking in the DNS settings we see that this record is needed.
0

Featured Post

DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Utilizing an array to gracefully append to a list of EmailAddresses
Large Outlook files lead to various unwanted errors and corruption issues. Furthermore, large outlook files can also make Outlook take longer to start-up, search, navigate, and shut-down. So, In this article, i will discuss a method to make your Out…
This video discusses moving either the default database or any database to a new volume.
CodeTwo Sync for iCloud (http://www.codetwo.com/sync-for-icloud?sts=6554) automatically synchronizes your Outlook 2016, 2013, 2010 or 2007 folders with iCloud folders available via iCloud Control Panel. This lets you automatically sync them with…

896 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now