Autodiscover Failure in exchange 2010 sp3

joebass47
joebass47 used Ask the Experts™
on
Autodiscover is failing to work.  I am not sure what has changed that has caused it to fail.  Here are the results from remote connectivity analyzer:



Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
  Autodiscover settings weren't obtained when the Autodiscover POST request was sent.
 
 Additional Details
 
 

 
 
 Test Steps
 
 The Microsoft Connectivity Analyzer is attempting to retrieve an XML Autodiscover response from URL https://autodiscover.domain.com:443/Autodiscover/Autodiscover.xml for user xx@domain.com.
  The Microsoft Connectivity Analyzer failed to obtain an Autodiscover XML response.
 
 Additional Details
 
The Autodiscover XML response received by the Microsoft Connectivity Analyzer was invalid. Exception: Exception details:
Message: There is an error in XML document (2, 2).
Type: System.InvalidOperationException
Stack trace:
 at System.Xml.Serialization.XmlSerializer.Deserialize(XmlReader xmlReader, String encodingStyle, XmlDeserializationEvents events)
 at System.Xml.Serialization.XmlSerializer.Deserialize(XmlReader xmlReader, String encodingStyle)
 at Microsoft.Exchange.Tools.ExRca.Tests.AutoDiscover.AutoDiscoverGetXMLBase`2.Discover()
Exception details:
Message: <Autodiscover xmlns='https://schemas.microsoft.com/exchange/autodiscover/responseschema/2006'> was not expected.
Type: System.InvalidOperationException
Stack trace:
 at Microsoft.Xml.Serialization.GeneratedAssembly.XmlSerializationReaderMobileAutoDiscoverResponseXML.Read8_Autodiscover()
HTTP Response Headers:
Persistent-Auth: true
Transfer-Encoding: chunked
Cache-Control: private
Content-Type: text/xml; charset=utf-8
Date: Fri, 14 Sep 2018 14:49:22 GMT
Server: Microsoft-IIS/8.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET


Elapsed Time: 449 ms.  

 
 
 
 
 

 Attempting to contact the Autodiscover service using
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
MASEE Solution Guide - Technical Dept Head
Most Valuable Expert 2017

Commented:
Hi joebass47,
Please check this article. This will help you fix autodiscover.
https://www.experts-exchange.com/articles/29657/Exchange-2010-Fix-for-an-Invalid-certificate-and-related-issues.html

Author

Commented:
That doesn't work.  THe cert is working and tests ok in exRCA but I get the error on the attempting to send an autodiscover post request.
MASEE Solution Guide - Technical Dept Head
Most Valuable Expert 2017

Commented:
Can you configure an outlook account by typing only Email address and password?
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Author

Commented:
no.   We used to be able to but i am not sure what changed.  I had to recreate the OAB several months ago for a separate issue but thats the only thing i can think of that has changed.
Edward van BiljonMessaging and Collaboration Technical Lead (Exchange MVP & MCT)

Commented:
Hi

Check your bindings in IIS if it is set to use your cert.

Can you check your URL for autodiscover?

Any changes made to SCP?
MASEE Solution Guide - Technical Dept Head
Most Valuable Expert 2017

Commented:
Ping autodiscover.email.com  from internal network and external network
You should get  internal IP from internal network and external IP from external network.
Please try resetting  autodiscover virtual directory as well
http://exchange.sembee.info/2010/cas/reset-virtualdirectory.asp

Please post the result of the below command
Get-clientAccessServer | fl Name,AutoDiscoverServiceInternalUri
Get-ExchangeCertificate | fl Issuer,CertificateDomains,services

Open in new window

Author

Commented:
URL works externally for autodiscover.  
We do use a barracuda load balancer which has the cert on it.  
I can ping autodiscover.domain.com and it resolves externally and internally.
I have already reset the autodiscover virtual directory.

Creating a new session for implicit remoting of "Get-ClientAccessServer" command...
Results of the below commands:

Get-clientAccessServer | fl Name,AutoDiscoverServiceInternalUri

Name                           : EX1
AutoDiscoverServiceInternalUri : https://ex1.domain.com/Autodiscover/autodiscover.xml

Name                           : EX2
AutoDiscoverServiceInternalUri : https://ex2.domain.com/Autodiscover/Autodiscover.xml


Get-ExchangeCertificate | fl Issuer,CertificateDomains

[PS] C:\Windows\system32>Get-ExchangeCertificate | fl Issuer,CertificateDomains


Issuer             : CN=Federation
CertificateDomains : {Federation}

Issuer             : CN=domain-SKYLINE-CA, DC=domain, DC=com
CertificateDomains : {EX2.domnain.com}

Issuer             : CN=EX2
CertificateDomains : {EX2, EX2.domain.com}
EE Solution Guide - Technical Dept Head
Most Valuable Expert 2017
Commented:
Get-clientAccessServer | fl Name,AutoDiscoverServiceInternalUri

Name                           : EX1
AutoDiscoverServiceInternalUri : https://ex1.domain.com/Autodiscover/autodiscover.xml

Name                           : EX2
AutoDiscoverServiceInternalUri : https://ex2.domain.com/Autodiscover/Autodiscover.xml

Please check my article and follow the step 5. Set it to autodiscover.emaildomain.com
https://www.experts-exchange.com/articles/29657/Exchange-2010-Fix-for-an-Invalid-certificate-and-related-issues.html

Author

Commented:
[PS] C:\Windows\system32>Set-ClientAccessServer -Identity ex1 -AutoDiscoverServiceInternalUri "https://autodiscover.domain.com/autodiscover/autodiscover.xml"
[PS] C:\Windows\system32>Set-ClientAccessServer -Identity ex2 -AutoDiscoverServiceInternalUri "https://autodiscover.domain.com/autodiscover/autodiscover.xml"

[PS] C:\Windows\system32>iisreset

I did the above commands but Internally it seems to be working ok just fyi.  Its when I am not connected to our network internally as well as the exchange remote connectivity analyzer that fails.
MASEE Solution Guide - Technical Dept Head
Most Valuable Expert 2017

Commented:
Can you post the result of autodiscover test from ExRca?

Author

Commented:
The Microsoft Connectivity Analyzer is attempting to test Autodiscover for user@domain.com.
 Testing Autodiscover failed.
 
Additional Details
 
Elapsed Time: 27618 ms.


 
Test Steps
 
Attempting each method of contacting the Autodiscover service.
 The Autodiscover service couldn't be contacted successfully by any method.
 
Additional Details
 
Elapsed Time: 27618 ms.


 
Test Steps
 
Attempting to test potential Autodiscover URL https://domain.com:443/Autodiscover/Autodiscover.xml
 Testing of this potential Autodiscover URL failed.
 
Additional Details
 
Elapsed Time: 2497 ms.


 
Test Steps
 
Attempting to resolve the host name domain.com in DNS.
 The host name resolved successfully.
 
Additional Details
 
IP addresses returned: x.x.x.25

Elapsed Time: 36 ms.



Testing TCP port 443 on host domain.com to ensure it's listening and open.
 The port was opened successfully.
 
Additional Details
 
Elapsed Time: 247 ms.



Testing the SSL certificate to make sure it's valid.
 The certificate passed all validation requirements.
 
Additional Details
 
Elapsed Time: 531 ms.


 
Test Steps
 
The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server domain.com on port 443.
 The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
 
Additional Details
 
Remote Certificate Subject: CN=www.domain.com, OU=Secure Link EV SSL, OU=IT, O="xxx, OID.1.3.6.1.4.1.311.60.2.1.3=US, SERIALNUMBER=xxxxxx, Issuer: CN=Network Solutions EV Server CA 2, O=Network Solutions L.L.C., L=Herndon, S=VA, C=US.

Elapsed Time: 480 ms.



Validating the certificate name.
 The certificate name was validated successfully.
 
Additional Details
 
Host name domain.com was found in the Certificate Subject Alternative Name entry.

Elapsed Time: 0 ms.



Certificate trust is being validated.
 The certificate is trusted and all certificates are present in the chain.
 
Test Steps
 
The Microsoft Connectivity Analyzer is attempting to build certificate chains for certificate CN=www.domain.com, OU=Secure Link EV SSL, OU=IT, O="xxx, OID.1.3.6.1.4.1.311.60.2.1.3=US, SERIALNUMBER=xxxxxx.
 One or more certificate chains were constructed successfully.
 
Additional Details
 
A total of 1 chains were built. The highest quality chain ends in root certificate CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE.

Elapsed Time: 12 ms.



Analyzing the certificate chains for compatibility problems with versions of Windows.
 Potential compatibility problems were identified with some versions of Windows.
 
Additional Details
 
The Microsoft Connectivity Analyzer can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the "Update Root Certificates" feature isn't enabled.

Elapsed Time: 1 ms.





Testing the certificate date to confirm the certificate is valid.
 Date validation passed. The certificate hasn't expired.
 
Additional Details
 
The certificate is valid. NotBefore = 1/19/2018 12:00:00 AM, NotAfter = 11/16/2018 11:59:59 PM

Elapsed Time: 0 ms.





Checking the IIS configuration for client certificate authentication.
 Client certificate authentication wasn't detected.
 
Additional Details
 
Accept/Require Client Certificates isn't configured.

Elapsed Time: 971 ms.



Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
 Autodiscover settings weren't obtained when the Autodiscover POST request was sent.
 
Additional Details
 
Elapsed Time: 709 ms.


 
Test Steps
 
The Microsoft Connectivity Analyzer is attempting to retrieve an XML Autodiscover response from URL https://domain.com:443/Autodiscover/Autodiscover.xml for user user@domain.com.
 The Microsoft Connectivity Analyzer failed to obtain an Autodiscover XML response.
 
Additional Details
 
A Web exception occurred because an HTTP 405 - MethodNotAllowed response was received from IIS7.
HTTP Response Headers:
Allow: GET, HEAD, OPTIONS, TRACE
Content-Length: 5310
Cache-Control: private
Content-Type: text/html; charset=utf-8
Date: Fri, 14 Sep 2018 18:43:21 GMT
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET


Elapsed Time: 709 ms.







Attempting to test potential Autodiscover URL https://autodiscover.domain.com:443/Autodiscover/Autodiscover.xml
 Testing of this potential Autodiscover URL failed.
 
Additional Details
 
Elapsed Time: 4074 ms.


 
Test Steps
 
Attempting to resolve the host name autodiscover.domain.com in DNS.
 The host name resolved successfully.
 
Additional Details
 
IP addresses returned: x.x.x.5

Elapsed Time: 4 ms.



Testing TCP port 443 on host autodiscover.domain.com to ensure it's listening and open.
 The port was opened successfully.
 
Additional Details
 
Elapsed Time: 251 ms.



Testing the SSL certificate to make sure it's valid.
 The certificate passed all validation requirements.
 
Additional Details
 
Elapsed Time: 531 ms.


 
Test Steps
 
The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server autodiscover.domain.com on port 443.
 The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
 
Additional Details
 
Remote Certificate Subject: CN=exchange.domain.com, OU=COMODO SSL Unified Communications, OU=Domain Control Validated, Issuer: CN=COMODO RSA Domain Validation Secure Server CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB.

Elapsed Time: 479 ms.



Validating the certificate name.
 The certificate name was validated successfully.
 
Additional Details
 
Host name autodiscover.domain.com was found in the Certificate Subject Alternative Name entry.

Elapsed Time: 0 ms.



Certificate trust is being validated.
 The certificate is trusted and all certificates are present in the chain.
 
Test Steps
 
The Microsoft Connectivity Analyzer is attempting to build certificate chains for certificate CN=exchange.domain.com, OU=COMODO SSL Unified Communications, OU=Domain Control Validated.
 One or more certificate chains were constructed successfully.
 
Additional Details
 
A total of 2 chains were built. The highest quality chain ends in root certificate CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB.

Elapsed Time: 19 ms.



Analyzing the certificate chains for compatibility problems with versions of Windows.
 Potential compatibility problems were identified with some versions of Windows.
 
Additional Details
 
The Microsoft Connectivity Analyzer can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the "Update Root Certificates" feature isn't enabled.

Elapsed Time: 2 ms.





Testing the certificate date to confirm the certificate is valid.
 Date validation passed. The certificate hasn't expired.
 
Additional Details
 
The certificate is valid. NotBefore = 3/21/2017 12:00:00 AM, NotAfter = 3/20/2020 11:59:59 PM

Elapsed Time: 0 ms.





Checking the IIS configuration for client certificate authentication.
 Client certificate authentication wasn't detected.
 
Additional Details
 
Accept/Require Client Certificates isn't configured.

Elapsed Time: 948 ms.



Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
 Autodiscover settings weren't obtained when the Autodiscover POST request was sent.
 
Additional Details
 
Elapsed Time: 2338 ms.


 
Test Steps
 
The Microsoft Connectivity Analyzer is attempting to retrieve an XML Autodiscover response from URL https://autodiscover.domain.com:443/Autodiscover/Autodiscover.xml for user user@domain.com.
 The Microsoft Connectivity Analyzer failed to obtain an Autodiscover XML response.
 
Additional Details
 
The Autodiscover XML response received by the Microsoft Connectivity Analyzer was invalid. Exception: Exception details:
Message: There is an error in XML document (2, 2).
Type: System.InvalidOperationException
Stack trace:
 at System.Xml.Serialization.XmlSerializer.Deserialize(XmlReader xmlReader, String encodingStyle, XmlDeserializationEvents events)
 at System.Xml.Serialization.XmlSerializer.Deserialize(XmlReader xmlReader, String encodingStyle)
 at Microsoft.Exchange.Tools.ExRca.Tests.AutoDiscover.AutoDiscoverGetXMLBase`2.Discover()
Exception details:
Message: <Autodiscover xmlns='https://schemas.microsoft.com/exchange/autodiscover/responseschema/2006'> was not expected.
Type: System.InvalidOperationException
Stack trace:
 at Microsoft.Xml.Serialization.GeneratedAssembly.XmlSerializationReaderOutlookAutoDiscoverResponseXML.Read11_Autodiscover()
HTTP Response Headers:
Persistent-Auth: true
Transfer-Encoding: chunked
Cache-Control: private
Content-Type: text/xml; charset=utf-8
Date: Fri, 14 Sep 2018 18:43:25 GMT
Server: Microsoft-IIS/8.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET


Elapsed Time: 2338 ms.







Attempting to contact the Autodiscover service using the HTTP redirect method.
 The attempt to contact Autodiscover using the HTTP Redirect method failed.
 
Additional Details
 
Elapsed Time: 21042 ms.


 
Test Steps
 
Attempting to resolve the host name autodiscover.domain.com in DNS.
 The host name resolved successfully.
 
Additional Details
 
IP addresses returned: x.x.x.5

Elapsed Time: 5 ms.



Testing TCP port 80 on host autodiscover.domain.com to ensure it's listening and open.
 The specified port is either blocked, not listening, or not producing the expected response.
  Tell me more about this issue and how to resolve it
 
Additional Details
 
A network error occurred while communicating with the remote host.


Elapsed Time: 21037 ms.





Attempting to contact the Autodiscover service using the DNS SRV redirect method.
 The Microsoft Connectivity Analyzer failed to contact the Autodiscover service using the DNS SRV redirect method.
 
Additional Details
 
Elapsed Time: 2 ms.


 
Test Steps
 
Attempting to locate SRV record _autodiscover._tcp.domain.com in DNS.
 The Autodiscover SRV record wasn't found in DNS.
  Tell me more about this issue and how to resolve it
 
Additional Details
 
Elapsed Time: 2 ms.





Checking if there is an autodiscover CNAME record in DNS for your domain 'domain.com' for Office 365.
 Failed to validate autodiscover CNAME record in DNS. If your mailbox isn't in Office 365, you can ignore this warning.
  Tell me more about this issue and how to resolve it
 
Additional Details
 
There is no Autodiscover CNAME record for your domain 'domain.com'.

Elapsed Time: 1 ms.

Author

Commented:
Does that help or do you need it in a different format?
MASEE Solution Guide - Technical Dept Head
Most Valuable Expert 2017

Commented:
Please make sure your DNS working ok and make sure your internal and external URLs the same using my article above.

Author

Commented:
DNS is working and internal and external urls are pointing to the same url and i still have the same result.

Author

Commented:
This was due to a fault http redirect in our Barracuda Load balancer.  I removed that and autodiscover works successfully as it should.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial