Exchange 2016 AutoDiscover Outlook 2013 Connectivity

I recently upgraded from Exchange 2010 to 2016. I am having a weird issue. I have configured a dozen 2016 servers for other environments without issue, so I am almost certain the server side is correct. That being said, all Outlook 2013 clients will only connect via cached mode. When I create a new profile without cached mode, Outlook will only open the initial time. After that, I get this error every time:

Cannot start MS Outlook. Cannot open the Outlook Window. The set of folders cannot be opened. The information store could not be opened.

I am also getting a certificate error:

The name on the security certificate is invalid or does not match the name of the site.

I ran the internal certificate test however, and the server side is correct.
Matthew GalianoCTOAsked:
Who is Participating?
 
Matthew GalianoCTOAuthor Commented:
Get-MAPIVirtualDirectory -Server xxx-ex-2016 | Set-MAPIVirtualDirectory -InternalURL https://webmail.XXXXXXXXX.org/MAPI -ExternalURL https://webmail.XXXXXXXXX.org/MAPI -IISAuthenticationMethods NTLM,Negotiate
0
 
Scott CSenior Systems EnginerCommented:
Run the Connectivity Analyzer and see what comes back.

https://testconnectivity.microsoft.com/

The answer most likely will be in there.
1
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
Matthew GalianoCTOAuthor Commented:
Mahesh, tried all that. No good.
0
 
Scott CSenior Systems EnginerCommented:
Did you try the Connectivity Analyzer?
0
 
Matthew GalianoCTOAuthor Commented:
Scott Yes. For some reason Outlook is trying to resolve the internal server name even though I set it to the external URL listed in the certificate.
0
 
Todd NelsonSystems EngineerCommented:
To me, it sounds like the autodiscover SCP is not configured properly on the new server.  Run the following command and post the results displayed for all servers.

Get-ExchangeServer | Get-ClientAccessServer | fl Identity,AutoDiscoverServiceInternalUri

Open in new window

0
 
Matthew GalianoCTOAuthor Commented:
Identity                       : ***-EX-2016
AutoDiscoverServiceInternalUri : https://webmail.*********.org/autodiscover/autodiscover.xml

Looks correct to me.

It's almost as if outlook is not talking to the server to pull this information.
0
 
Matthew GalianoCTOAuthor Commented:
Validating the certificate name.
  Certificate name validation failed.
   Tell me more about this issue and how to resolve it
 
 Additional Details
 
Host name ***-ex-2016.XXX.org doesn't match any name found on the server certificate CN=*.dot5hosting.com, OU=COMODO SSL Wildcard, OU=Domain Control Validated.

Elapsed Time: 0 ms.  

I also do not recognize that CA. I am using GoDaddy. I don't know where it is pulling that information.
0
 
RoninCommented:
let's see the certificate you have on the server:
Get-ExchangeCertificate | fl FriendlyName, Subject, CertificateDomains, Thumbprint, Services, Issuer, *not*

Open in new window

0
 
Matthew GalianoCTOAuthor Commented:
FriendlyName       : webmail.xxxxxxxxx.org
Subject            : CN=webmail.xxxxxxxxxx.org, OU=Domain Control Validated
CertificateDomains : {webmail.xxxxxxxxxx.org, www.webmail.xxxxxxxxxxxx.org,
                     autodiscover.xxxxxxxxxxxx.org, mail.xxxxxxxxxxxxxxx.org, xxxxxxxxxxxxx.org}
Thumbprint         : D963FD9DABC7556CA026F71220E37ED0D87C76FA
Services           : IIS, SMTP
Issuer             : CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/,
                     O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US
NotAfter           : 11/22/2018 6:42:01 PM
NotBefore          : 11/22/2017 6:42:01 PM
0
 
Matthew GalianoCTOAuthor Commented:
Looks right to me, and outlook does see that certificate, but for some reason it is looking for another one.
0
 
Todd NelsonSystems EngineerCommented:
Is there a certificate from COMODO showing in the certificate store on the server?

What about the https bindings for Default Web Site or Exchange Back End in IIS?
0
 
Matthew GalianoCTOAuthor Commented:
I fixed it. It was a MAPI setting. Thanks for your help.
0
 
Scott CSenior Systems EnginerCommented:
What was the MAPI setting?  Your solution may benefit others.
0
 
Seth SimmonsSr. Systems AdministratorCommented:
No comment has been added to this question in more than 21 days, so it is now classified as abandoned.

I have recommended this question be closed as follows:

Accept: TJacoberger1 (https:#a42440778)

If you feel this question should be closed differently, post an objection and the moderators will review all objections and close it as they feel fit. If no one objects, this question will be closed automatically the way described above.

seth2740
Experts-Exchange Cleanup Volunteer
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.