Exchange 2016 AutoDiscover Outlook 2013 Connectivity

I recently upgraded from Exchange 2010 to 2016. I am having a weird issue. I have configured a dozen 2016 servers for other environments without issue, so I am almost certain the server side is correct. That being said, all Outlook 2013 clients will only connect via cached mode. When I create a new profile without cached mode, Outlook will only open the initial time. After that, I get this error every time:

Cannot start MS Outlook. Cannot open the Outlook Window. The set of folders cannot be opened. The information store could not be opened.

I am also getting a certificate error:

The name on the security certificate is invalid or does not match the name of the site.

I ran the internal certificate test however, and the server side is correct.
Matthew GalianoCTOAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Scott CSenior EngineerCommented:
Run the Connectivity Analyzer and see what comes back.

https://testconnectivity.microsoft.com/

The answer most likely will be in there.
1
MaheshArchitectCommented:
0
Matthew GalianoCTOAuthor Commented:
Mahesh, tried all that. No good.
0
Check Out How Miercom Evaluates Wi-Fi Security!

It's not just about Wi-Fi connectivity anymore. A wireless security breach can cost your business large amounts of time, trouble, and expense. Plus, hear first-hand from Miercom on how WatchGuard's Wi-Fi security stacks up against the competition plus a LIVE demo!

Scott CSenior EngineerCommented:
Did you try the Connectivity Analyzer?
0
Matthew GalianoCTOAuthor Commented:
Scott Yes. For some reason Outlook is trying to resolve the internal server name even though I set it to the external URL listed in the certificate.
0
Todd NelsonSystems EngineerCommented:
To me, it sounds like the autodiscover SCP is not configured properly on the new server.  Run the following command and post the results displayed for all servers.

Get-ExchangeServer | Get-ClientAccessServer | fl Identity,AutoDiscoverServiceInternalUri

Open in new window

0
Matthew GalianoCTOAuthor Commented:
Identity                       : ***-EX-2016
AutoDiscoverServiceInternalUri : https://webmail.*********.org/autodiscover/autodiscover.xml

Looks correct to me.

It's almost as if outlook is not talking to the server to pull this information.
0
Matthew GalianoCTOAuthor Commented:
Validating the certificate name.
  Certificate name validation failed.
   Tell me more about this issue and how to resolve it
 
 Additional Details
 
Host name ***-ex-2016.XXX.org doesn't match any name found on the server certificate CN=*.dot5hosting.com, OU=COMODO SSL Wildcard, OU=Domain Control Validated.

Elapsed Time: 0 ms.  

I also do not recognize that CA. I am using GoDaddy. I don't know where it is pulling that information.
0
RoninCommented:
let's see the certificate you have on the server:
Get-ExchangeCertificate | fl FriendlyName, Subject, CertificateDomains, Thumbprint, Services, Issuer, *not*

Open in new window

0
Matthew GalianoCTOAuthor Commented:
FriendlyName       : webmail.xxxxxxxxx.org
Subject            : CN=webmail.xxxxxxxxxx.org, OU=Domain Control Validated
CertificateDomains : {webmail.xxxxxxxxxx.org, www.webmail.xxxxxxxxxxxx.org,
                     autodiscover.xxxxxxxxxxxx.org, mail.xxxxxxxxxxxxxxx.org, xxxxxxxxxxxxx.org}
Thumbprint         : D963FD9DABC7556CA026F71220E37ED0D87C76FA
Services           : IIS, SMTP
Issuer             : CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/,
                     O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US
NotAfter           : 11/22/2018 6:42:01 PM
NotBefore          : 11/22/2017 6:42:01 PM
0
Matthew GalianoCTOAuthor Commented:
Looks right to me, and outlook does see that certificate, but for some reason it is looking for another one.
0
Todd NelsonSystems EngineerCommented:
Is there a certificate from COMODO showing in the certificate store on the server?

What about the https bindings for Default Web Site or Exchange Back End in IIS?
0
Matthew GalianoCTOAuthor Commented:
I fixed it. It was a MAPI setting. Thanks for your help.
0
Scott CSenior EngineerCommented:
What was the MAPI setting?  Your solution may benefit others.
0
Matthew GalianoCTOAuthor Commented:
Get-MAPIVirtualDirectory -Server xxx-ex-2016 | Set-MAPIVirtualDirectory -InternalURL https://webmail.XXXXXXXXX.org/MAPI -ExternalURL https://webmail.XXXXXXXXX.org/MAPI -IISAuthenticationMethods NTLM,Negotiate
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Seth SimmonsSr. Systems AdministratorCommented:
No comment has been added to this question in more than 21 days, so it is now classified as abandoned.

I have recommended this question be closed as follows:

Accept: TJacoberger1 (https:#a42440778)

If you feel this question should be closed differently, post an objection and the moderators will review all objections and close it as they feel fit. If no one objects, this question will be closed automatically the way described above.

seth2740
Experts-Exchange Cleanup Volunteer
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.