adrecal
asked on
Autodiscover works externally with Outlook 2016, but not works with Outlook 2013
I have a hybrid env with Exchange 2010 and Office 365.
When I create a mailbox on Exchange 2010 onpremises and create a new profile on Oultook 2013 (or Outlook 2016) inside my domain organization my autodiscover works fine.
When I create a mailbox on Exchange 2010 onpremises and create a new profile on Oultook 2013 outside my domain organization (across internet, without VPN) my autodiscover works fine on Outlook 2016, but not on Outlook 2013. My Outlook 2013 display the certificate popup, and I accept. And the message "server not could be found" appear. When I ping autodiscover.mydomain.com and mail.mydomain.com outside my organization the ping resolves OK.
What I miss??
When I create a mailbox on Exchange 2010 onpremises and create a new profile on Oultook 2013 (or Outlook 2016) inside my domain organization my autodiscover works fine.
When I create a mailbox on Exchange 2010 onpremises and create a new profile on Oultook 2013 outside my domain organization (across internet, without VPN) my autodiscover works fine on Outlook 2016, but not on Outlook 2013. My Outlook 2013 display the certificate popup, and I accept. And the message "server not could be found" appear. When I ping autodiscover.mydomain.com and mail.mydomain.com outside my organization the ping resolves OK.
What I miss??
Enable ADAL on your 2013 outlook client. This should solve the problem.
https://support.office.com/en-us/article/enable-modern-authentication-for-office-2013-on-windows-devices-7dc1c01a-090f-4971-9677-f1b192d6c910
https://support.office.com/en-us/article/enable-modern-authentication-for-office-2013-on-windows-devices-7dc1c01a-090f-4971-9677-f1b192d6c910
ASKER
Thanks for the rapid answer :)
The output:
step by step:
Open Outlook 2013;
New Profile;
Then this popup in loop:
if I click Cancel:
"An encrypted connection to your mail services is not available"
OR
New Profile;
Firts Option
After some seconds, Outlloks freeze and return:
"Connection to Microsoft Exchange is unavailable"
"The name could not be resolved. The connection to the Microsoft Exchange Server is unavailable. Outlook must be online or connected to complete this action."
OR:
New Profile:
Second option
008.GIF
The output:
step by step:
Open Outlook 2013;
New Profile;
Then this popup in loop:if I click Cancel:
"An encrypted connection to your mail services is not available"
OR
New Profile;
Firts Option
After some seconds, Outlloks freeze and return:
"Connection to Microsoft Exchange is unavailable"
"The name could not be resolved. The connection to the Microsoft Exchange Server is unavailable. Outlook must be online or connected to complete this action."
OR:
New Profile:
Second option
008.GIF
ASKER
Mohammad Ishtyaq Khatri the mailbox is a Exchange 2010 mailbox, not a Office365 mailbox. The ADAL workaround not works
OK looks good for 2010 (since 2010 doesn't have the mapi folder that's why u get that error in the script).
Now, Please run this:
Get-ExchangeCertificate and post the result and make sure to mask the thumbprints.
Now, Please run this:
Get-ExchangeCertificate and post the result and make sure to mask the thumbprints.
ASKER
Jose Gabriel my certificate is a SAN certificate assigned to IMAP, POP, IIS, SMTP services.
My DNS names:
DNS Name=www.mydomain.com
DNS Name=mydomain.com
DNS Name=correio.mydomain.com >>> This is the servername used to configure my mail and my OWA internal/external address)
DNS Name=mail.mydomain.com
DNS Name=webmail.mydomain.com
Yes, I forgot autodiscover.mydomain.com.
My DNS names:
DNS Name=www.mydomain.com
DNS Name=mydomain.com
DNS Name=correio.mydomain.com >>> This is the servername used to configure my mail and my OWA internal/external address)
DNS Name=mail.mydomain.com
DNS Name=webmail.mydomain.com
Yes, I forgot autodiscover.mydomain.com.
ASKER
Jose Gabriel look this:
if I configure the mailbox internally the autodiscover works, and I set the Outlook Anywere to:
https://correio.mydomain.com
msstd:correio.mydomain.com
Basic authentication
So I export the profile registry from regedit and import on the external computer.
The popup to login/pass appear. Cancel.
The profile works even the servername on profile configuration is my local server FQDN, not resolvable across internet.
This scenário is the most confuse i've ever seen :P
if I configure the mailbox internally the autodiscover works, and I set the Outlook Anywere to:
https://correio.mydomain.com
msstd:correio.mydomain.com
Basic authentication
So I export the profile registry from regedit and import on the external computer.
The popup to login/pass appear. Cancel.
The profile works even the servername on profile configuration is my local server FQDN, not resolvable across internet.
This scenário is the most confuse i've ever seen :P
I don't need to see ur certificates, what I need to see are the "services" assigned to all the certificates so I can figure out what is the certificate you are using in the IIS. and I can determine what to do next.
Looking at that you only need to rekey that certificate to include just:
correio.<yourdomain>.com
autodiscover.<yourdomain>.
That's it .
Looking at that you only need to rekey that certificate to include just:
correio.<yourdomain>.com
autodiscover.<yourdomain>.
That's it .
ASKER
Good afternoon, gentlemen, I've been away for health reasons.
Today I realized that my account can be configured via autodiscover correctly when the client is Outlook 2016. However an authentication popup repeatedly appears requesting the credentials of the configured account. How to solve this question definitively? I have already cleared the credentials in the Windows credential manager and the popup keeps popping up. The clients is outside my domain. The UPN is the same value from my smtp address on ProxyAddresses ActiveDirectory attribute.
Today I realized that my account can be configured via autodiscover correctly when the client is Outlook 2016. However an authentication popup repeatedly appears requesting the credentials of the configured account. How to solve this question definitively? I have already cleared the credentials in the Windows credential manager and the popup keeps popping up. The clients is outside my domain. The UPN is the same value from my smtp address on ProxyAddresses ActiveDirectory attribute.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Internally and externally on the Exchange server Virtual Folders?
Check with this script run it from the exchange server powershell console:
https://gallery.technet.microsoft.com/office/Script-to-configure-the-5a58558b
With the option -get
What error do you get the certificate? (2 checks greens and 1 red?)