Avatar of timb551
timb551
Flag for United Kingdom of Great Britain and Northern Ireland asked on

Exchange 2010 & Outlook 2016 Autodiscover issue

Hi

I am currently in the process of setting up some new client PCs with Outlook 2016 and I am seemingly having an autodiscover issue.

Our current setup is :
Exchange 2010 running on Server 2008 R2
Outlook 2007

which all connects fine.

When i try and get an Outlook 2016 to connect it continually asks for the user password.

If we try Outlook 2016 externally it works fine.

I have run a Test-OutlookWebServices and have got the following errors which i dont fully understand.

Would appreciate some pointers and help.

thanks


RunspaceId : 6d126fa7-6d99-470b-90b4-b45a5d2f2904
Id         : 1019
Type       : Information
Message    : A valid Autodiscover service connection point was found. The Autodiscover URL on this object is https://mail.domain.co.uk/Autodiscover/Autodiscover.xml.

RunspaceId : 6d126fa7-6d99-470b-90b4-b45a5d2f2904
Id         : 1013
Type       : Error
Message    : When contacting https://mail.domain.co.uk/Autodiscover/Autodiscover.xml received the error The remote server returned an error: (401) Unauthorized.

RunspaceId : 6d126fa7-6d99-470b-90b4-b45a5d2f2904
Id         : 1013
Type       : Error
Message    : When contacting https://mail.domain.co.uk/Autodiscover/Autodiscover.xml received the error The target principal name is incorrect

RunspaceId : 6d126fa7-6d99-470b-90b4-b45a5d2f2904
Id         : 1023
Type       : Error
Message    : The Autodiscover service couldn't be contacted.

RunspaceId : 6d126fa7-6d99-470b-90b4-b45a5d2f2904
Id         : 1104
Type       : Error
Message    : The certificate for the URL https://server.domain.local/Autodiscover/Autodiscover.xml is incorrect. For SSL to work, the certificate needs to have a subject of server.domain.local, but the subject that was found is mail.domain.co.uk. Consider correcting service discovery, or installing a correct SSL certificate.

RunspaceId : 6d126fa7-6d99-470b-90b4-b45a5d2f2904
Id         : 1106
Type       : Information
Message    : Contacted the Autodiscover service at https://server.domain.local:443/Autodiscover/Autodiscover.xml.

RunspaceId : 6d126fa7-6d99-470b-90b4-b45a5d2f2904
Id         : 1116
Type       : Information
Message    : [EXCH] The AS service is configured for this user in the Autodiscover response received from https://server.domain.local:443/Autodiscover/Autodiscover.xml.

RunspaceId : 6d126fa7-6d99-470b-90b4-b45a5d2f2904
Id         : 1115
Type       : Information
Message    : [EXCH] The OAB service is configured for this user in the Autodiscover response received from https://server.domain.local:443/Autodiscover/Autodiscover.xml.

RunspaceId : 6d126fa7-6d99-470b-90b4-b45a5d2f2904
Id         : 1114
Type       : Information
Message    : [EXCH] The UM service is configured for this user in the Autodiscover response received from https://server.domain.local:443/Autodiscover/Autodiscover.xml.

RunspaceId : 6d126fa7-6d99-470b-90b4-b45a5d2f2904
Id         : 1116
Type       : Information
Message    : [EXPR] The AS service is configured for this user in the Autodiscover response received from https://server.domain.local:443/Autodiscover/Autodiscover.xml.

RunspaceId : 6d126fa7-6d99-470b-90b4-b45a5d2f2904
Id         : 1115
Type       : Information
Message    : [EXPR] The OAB service is configured for this user in the Autodiscover response received from https://server.domain.local:443/Autodiscover/Autodiscover.xml.

RunspaceId : 6d126fa7-6d99-470b-90b4-b45a5d2f2904
Id         : 1114
Type       : Information
Message    : [EXPR] The UM service is configured for this user in the Autodiscover response received from https://server.domain.local:443/Autodiscover/Autodiscover.xml.

RunspaceId : 6d126fa7-6d99-470b-90b4-b45a5d2f2904
Id         : 1122
Type       : Success
Message    : Autodiscover was tested successfully.

RunspaceId : 6d126fa7-6d99-470b-90b4-b45a5d2f2904
Id         : 1013
Type       : Error
Message    : When contacting https://mail.domain.co.uk/ews/exchange.asmx received the error The request failed with HTTP status 401: Unauthorized.

RunspaceId : 6d126fa7-6d99-470b-90b4-b45a5d2f2904
Id         : 1025
Type       : Error
Message    : [EXCH] Error contacting the AS service at https://mail.domain.co.uk/ews/exchange.asmx. Elapsed time was 26 milliseconds.

RunspaceId : 6d126fa7-6d99-470b-90b4-b45a5d2f2904
Id         : 1026
Type       : Success
Message    : [EXCH] Successfully contacted the UM service at https://mail.domain.co.uk/ews/exchange.asmx. The elapsed time was 35 milliseconds.

RunspaceId : 6d126fa7-6d99-470b-90b4-b45a5d2f2904
Id         : 1124
Type       : Success
Message    : [Server] Successfully contacted the AS service at https://server.domain.local/ews/exchange.asmx. The elapsed time was 210 milliseconds.

RunspaceId : 6d126fa7-6d99-470b-90b4-b45a5d2f2904
Id         : 1126
Type       : Success
Message    : [Server] Successfully contacted the UM service at https://server.domain.local/ews/exchange.asmx. The elapsed time was 52 milliseconds.
ExchangeOutlook

Avatar of undefined
Last Comment
Michael B. Smith

8/22/2022 - Mon
Tom Cieslik

Outlook 2016 is using autodiscover and certificate to connect to exchange.
Since your certificate is generate for outside connection for https://excahnge.domain.com address inside your network certificate is incorrect since doesn't point to internal domain https://exchange.domain.local

I had same problem so I decide to create forward lookup zone in my local DNS for exchange.domain.com and I did created A record pointing to Exchange server external name but using internal IP

So If your server name is Exchange.domain.com from outside, just create Forward Lookup Zone for that name inside your local DNS
Use your name servers inside and create A record pointed to your local Exchange IP

Refresh DNS on station with Outlook 2016 and now all should be OK
M A

timb551

ASKER
I have actually already got that as we put it in previously to stop a certificate error internally. but it still doesnt seem to work.
Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy
Tom Cieslik

Did you used this command ?

Configure Autodiscover

Get-ClientAccessServer | Set-ClientAccessServer –AutoDiscoverServiceInternalUri https://autodiscover.company.com/autodiscover/autodiscover.xml
Make sure there is A record for your autodiscover.domain.com in local and external DNS
Make sure that autodiscover.domain.com is bind to port 443 and certificate in IIS
M A

Please try adding this in a PC with Outlook2016 and monitor.
Navigate to HKEY_CURRENT_USER\Software\Microsoft\Office\x.0\Outlook\AutoDiscover
(x.0 corresponds to the Outlook version: 16.0 = Outlook 2016)
For Outlook 2016 version 16.0.6741.2017 and later versions, please add the following
DWORD: ExcludeExplicitO365Endpoint
value 1
Screenshot below
test.JPG
timb551

ASKER
Reg entry doesnt help.  Still asks for the password constantly when trying to setup the email account
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
Michael B. Smith

To verify, you have both mail.domain.co.uk and autodiscover.domain.co.uk in your INTERNAL DNS pointing to the INTERNAL IP addresses? And the SSL cert has both names on it?

These two results suggest otherwise:

RunspaceId : 6d126fa7-6d99-470b-90b4-b45a5d2f2904
Id         : 1013
Type       : Error
Message    : When contacting https://mail.domain.co.uk/Autodiscover/Autodiscover.xml received the error The target principal name is incorrect

RunspaceId : 6d126fa7-6d99-470b-90b4-b45a5d2f2904
Id         : 1023
Type       : Error
Message    : The Autodiscover service couldn't be contacted.
timb551

ASKER
No i hadnt created autodiscover.domain.co.uk only mail.domain.co.uk as we were using an SRV record.

I have create the autodiscover a record and although i am getting an ssl error due to my cert not including that outlook is now connecting which is great.

So is it just a case now to get the cert reissued with the additional name?
Michael B. Smith

Yes.
Your help has saved me hundreds of hours of internet surfing.
fblack61
ASKER CERTIFIED SOLUTION
Michael B. Smith

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
Tom Cieslik

But it must be self signed certificate since you can't have internal domain name in public certificate

I have exchange.domain.local
and
autodiscover.domain.local

in my local DNS and all is working perfectly
Michael B. Smith

@tom, sure that's certainly possible.  But it all depends on how you have the various vDirs configured.