Autodiscover Failure in exchange 2010 sp3

Autodiscover is failing to work.  I am not sure what has changed that has caused it to fail.  Here are the results from remote connectivity analyzer:



Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
  Autodiscover settings weren't obtained when the Autodiscover POST request was sent.
 
 Additional Details
 
 

 
 
 Test Steps
 
 The Microsoft Connectivity Analyzer is attempting to retrieve an XML Autodiscover response from URL https://autodiscover.domain.com:443/Autodiscover/Autodiscover.xml for user xx@domain.com.
  The Microsoft Connectivity Analyzer failed to obtain an Autodiscover XML response.
 
 Additional Details
 
The Autodiscover XML response received by the Microsoft Connectivity Analyzer was invalid. Exception: Exception details:
Message: There is an error in XML document (2, 2).
Type: System.InvalidOperationException
Stack trace:
 at System.Xml.Serialization.XmlSerializer.Deserialize(XmlReader xmlReader, String encodingStyle, XmlDeserializationEvents events)
 at System.Xml.Serialization.XmlSerializer.Deserialize(XmlReader xmlReader, String encodingStyle)
 at Microsoft.Exchange.Tools.ExRca.Tests.AutoDiscover.AutoDiscoverGetXMLBase`2.Discover()
Exception details:
Message: <Autodiscover xmlns='https://schemas.microsoft.com/exchange/autodiscover/responseschema/2006'> was not expected.
Type: System.InvalidOperationException
Stack trace:
 at Microsoft.Xml.Serialization.GeneratedAssembly.XmlSerializationReaderMobileAutoDiscoverResponseXML.Read8_Autodiscover()
HTTP Response Headers:
Persistent-Auth: true
Transfer-Encoding: chunked
Cache-Control: private
Content-Type: text/xml; charset=utf-8
Date: Fri, 14 Sep 2018 14:49:22 GMT
Server: Microsoft-IIS/8.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET


Elapsed Time: 449 ms.  

 
 
 
 
 

 Attempting to contact the Autodiscover service using
joebass47Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

MAS (MVE)EE Solution Guide - Technical Dept HeadCommented:
Hi joebass47,
Please check this article. This will help you fix autodiscover.
https://www.experts-exchange.com/articles/29657/Exchange-2010-Fix-for-an-Invalid-certificate-and-related-issues.html
0
joebass47Author Commented:
That doesn't work.  THe cert is working and tests ok in exRCA but I get the error on the attempting to send an autodiscover post request.
0
MAS (MVE)EE Solution Guide - Technical Dept HeadCommented:
Can you configure an outlook account by typing only Email address and password?
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

joebass47Author Commented:
no.   We used to be able to but i am not sure what changed.  I had to recreate the OAB several months ago for a separate issue but thats the only thing i can think of that has changed.
0
Edward van BiljonMessaging and Collaboration Technical Lead (Exchange MVP)Commented:
Hi

Check your bindings in IIS if it is set to use your cert.

Can you check your URL for autodiscover?

Any changes made to SCP?
1
MAS (MVE)EE Solution Guide - Technical Dept HeadCommented:
Ping autodiscover.email.com  from internal network and external network
You should get  internal IP from internal network and external IP from external network.
Please try resetting  autodiscover virtual directory as well
http://exchange.sembee.info/2010/cas/reset-virtualdirectory.asp

Please post the result of the below command
Get-clientAccessServer | fl Name,AutoDiscoverServiceInternalUri
Get-ExchangeCertificate | fl Issuer,CertificateDomains,services

Open in new window

0
joebass47Author Commented:
URL works externally for autodiscover.  
We do use a barracuda load balancer which has the cert on it.  
I can ping autodiscover.domain.com and it resolves externally and internally.
I have already reset the autodiscover virtual directory.

Creating a new session for implicit remoting of "Get-ClientAccessServer" command...
Results of the below commands:

Get-clientAccessServer | fl Name,AutoDiscoverServiceInternalUri

Name                           : EX1
AutoDiscoverServiceInternalUri : https://ex1.domain.com/Autodiscover/autodiscover.xml

Name                           : EX2
AutoDiscoverServiceInternalUri : https://ex2.domain.com/Autodiscover/Autodiscover.xml


Get-ExchangeCertificate | fl Issuer,CertificateDomains

[PS] C:\Windows\system32>Get-ExchangeCertificate | fl Issuer,CertificateDomains


Issuer             : CN=Federation
CertificateDomains : {Federation}

Issuer             : CN=domain-SKYLINE-CA, DC=domain, DC=com
CertificateDomains : {EX2.domnain.com}

Issuer             : CN=EX2
CertificateDomains : {EX2, EX2.domain.com}
0
MAS (MVE)EE Solution Guide - Technical Dept HeadCommented:
Get-clientAccessServer | fl Name,AutoDiscoverServiceInternalUri

Name                           : EX1
AutoDiscoverServiceInternalUri : https://ex1.domain.com/Autodiscover/autodiscover.xml

Name                           : EX2
AutoDiscoverServiceInternalUri : https://ex2.domain.com/Autodiscover/Autodiscover.xml

Please check my article and follow the step 5. Set it to autodiscover.emaildomain.com
https://www.experts-exchange.com/articles/29657/Exchange-2010-Fix-for-an-Invalid-certificate-and-related-issues.html
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
joebass47Author Commented:
[PS] C:\Windows\system32>Set-ClientAccessServer -Identity ex1 -AutoDiscoverServiceInternalUri "https://autodiscover.domain.com/autodiscover/autodiscover.xml"
[PS] C:\Windows\system32>Set-ClientAccessServer -Identity ex2 -AutoDiscoverServiceInternalUri "https://autodiscover.domain.com/autodiscover/autodiscover.xml"

[PS] C:\Windows\system32>iisreset

I did the above commands but Internally it seems to be working ok just fyi.  Its when I am not connected to our network internally as well as the exchange remote connectivity analyzer that fails.
0
MAS (MVE)EE Solution Guide - Technical Dept HeadCommented:
Can you post the result of autodiscover test from ExRca?
0
joebass47Author Commented:
The Microsoft Connectivity Analyzer is attempting to test Autodiscover for user@domain.com.
 Testing Autodiscover failed.
 
Additional Details
 
Elapsed Time: 27618 ms.


 
Test Steps
 
Attempting each method of contacting the Autodiscover service.
 The Autodiscover service couldn't be contacted successfully by any method.
 
Additional Details
 
Elapsed Time: 27618 ms.


 
Test Steps
 
Attempting to test potential Autodiscover URL https://domain.com:443/Autodiscover/Autodiscover.xml
 Testing of this potential Autodiscover URL failed.
 
Additional Details
 
Elapsed Time: 2497 ms.


 
Test Steps
 
Attempting to resolve the host name domain.com in DNS.
 The host name resolved successfully.
 
Additional Details
 
IP addresses returned: x.x.x.25

Elapsed Time: 36 ms.



Testing TCP port 443 on host domain.com to ensure it's listening and open.
 The port was opened successfully.
 
Additional Details
 
Elapsed Time: 247 ms.



Testing the SSL certificate to make sure it's valid.
 The certificate passed all validation requirements.
 
Additional Details
 
Elapsed Time: 531 ms.


 
Test Steps
 
The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server domain.com on port 443.
 The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
 
Additional Details
 
Remote Certificate Subject: CN=www.domain.com, OU=Secure Link EV SSL, OU=IT, O="xxx, OID.1.3.6.1.4.1.311.60.2.1.3=US, SERIALNUMBER=xxxxxx, Issuer: CN=Network Solutions EV Server CA 2, O=Network Solutions L.L.C., L=Herndon, S=VA, C=US.

Elapsed Time: 480 ms.



Validating the certificate name.
 The certificate name was validated successfully.
 
Additional Details
 
Host name domain.com was found in the Certificate Subject Alternative Name entry.

Elapsed Time: 0 ms.



Certificate trust is being validated.
 The certificate is trusted and all certificates are present in the chain.
 
Test Steps
 
The Microsoft Connectivity Analyzer is attempting to build certificate chains for certificate CN=www.domain.com, OU=Secure Link EV SSL, OU=IT, O="xxx, OID.1.3.6.1.4.1.311.60.2.1.3=US, SERIALNUMBER=xxxxxx.
 One or more certificate chains were constructed successfully.
 
Additional Details
 
A total of 1 chains were built. The highest quality chain ends in root certificate CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE.

Elapsed Time: 12 ms.



Analyzing the certificate chains for compatibility problems with versions of Windows.
 Potential compatibility problems were identified with some versions of Windows.
 
Additional Details
 
The Microsoft Connectivity Analyzer can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the "Update Root Certificates" feature isn't enabled.

Elapsed Time: 1 ms.





Testing the certificate date to confirm the certificate is valid.
 Date validation passed. The certificate hasn't expired.
 
Additional Details
 
The certificate is valid. NotBefore = 1/19/2018 12:00:00 AM, NotAfter = 11/16/2018 11:59:59 PM

Elapsed Time: 0 ms.





Checking the IIS configuration for client certificate authentication.
 Client certificate authentication wasn't detected.
 
Additional Details
 
Accept/Require Client Certificates isn't configured.

Elapsed Time: 971 ms.



Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
 Autodiscover settings weren't obtained when the Autodiscover POST request was sent.
 
Additional Details
 
Elapsed Time: 709 ms.


 
Test Steps
 
The Microsoft Connectivity Analyzer is attempting to retrieve an XML Autodiscover response from URL https://domain.com:443/Autodiscover/Autodiscover.xml for user user@domain.com.
 The Microsoft Connectivity Analyzer failed to obtain an Autodiscover XML response.
 
Additional Details
 
A Web exception occurred because an HTTP 405 - MethodNotAllowed response was received from IIS7.
HTTP Response Headers:
Allow: GET, HEAD, OPTIONS, TRACE
Content-Length: 5310
Cache-Control: private
Content-Type: text/html; charset=utf-8
Date: Fri, 14 Sep 2018 18:43:21 GMT
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET


Elapsed Time: 709 ms.







Attempting to test potential Autodiscover URL https://autodiscover.domain.com:443/Autodiscover/Autodiscover.xml
 Testing of this potential Autodiscover URL failed.
 
Additional Details
 
Elapsed Time: 4074 ms.


 
Test Steps
 
Attempting to resolve the host name autodiscover.domain.com in DNS.
 The host name resolved successfully.
 
Additional Details
 
IP addresses returned: x.x.x.5

Elapsed Time: 4 ms.



Testing TCP port 443 on host autodiscover.domain.com to ensure it's listening and open.
 The port was opened successfully.
 
Additional Details
 
Elapsed Time: 251 ms.



Testing the SSL certificate to make sure it's valid.
 The certificate passed all validation requirements.
 
Additional Details
 
Elapsed Time: 531 ms.


 
Test Steps
 
The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server autodiscover.domain.com on port 443.
 The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
 
Additional Details
 
Remote Certificate Subject: CN=exchange.domain.com, OU=COMODO SSL Unified Communications, OU=Domain Control Validated, Issuer: CN=COMODO RSA Domain Validation Secure Server CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB.

Elapsed Time: 479 ms.



Validating the certificate name.
 The certificate name was validated successfully.
 
Additional Details
 
Host name autodiscover.domain.com was found in the Certificate Subject Alternative Name entry.

Elapsed Time: 0 ms.



Certificate trust is being validated.
 The certificate is trusted and all certificates are present in the chain.
 
Test Steps
 
The Microsoft Connectivity Analyzer is attempting to build certificate chains for certificate CN=exchange.domain.com, OU=COMODO SSL Unified Communications, OU=Domain Control Validated.
 One or more certificate chains were constructed successfully.
 
Additional Details
 
A total of 2 chains were built. The highest quality chain ends in root certificate CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB.

Elapsed Time: 19 ms.



Analyzing the certificate chains for compatibility problems with versions of Windows.
 Potential compatibility problems were identified with some versions of Windows.
 
Additional Details
 
The Microsoft Connectivity Analyzer can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the "Update Root Certificates" feature isn't enabled.

Elapsed Time: 2 ms.





Testing the certificate date to confirm the certificate is valid.
 Date validation passed. The certificate hasn't expired.
 
Additional Details
 
The certificate is valid. NotBefore = 3/21/2017 12:00:00 AM, NotAfter = 3/20/2020 11:59:59 PM

Elapsed Time: 0 ms.





Checking the IIS configuration for client certificate authentication.
 Client certificate authentication wasn't detected.
 
Additional Details
 
Accept/Require Client Certificates isn't configured.

Elapsed Time: 948 ms.



Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
 Autodiscover settings weren't obtained when the Autodiscover POST request was sent.
 
Additional Details
 
Elapsed Time: 2338 ms.


 
Test Steps
 
The Microsoft Connectivity Analyzer is attempting to retrieve an XML Autodiscover response from URL https://autodiscover.domain.com:443/Autodiscover/Autodiscover.xml for user user@domain.com.
 The Microsoft Connectivity Analyzer failed to obtain an Autodiscover XML response.
 
Additional Details
 
The Autodiscover XML response received by the Microsoft Connectivity Analyzer was invalid. Exception: Exception details:
Message: There is an error in XML document (2, 2).
Type: System.InvalidOperationException
Stack trace:
 at System.Xml.Serialization.XmlSerializer.Deserialize(XmlReader xmlReader, String encodingStyle, XmlDeserializationEvents events)
 at System.Xml.Serialization.XmlSerializer.Deserialize(XmlReader xmlReader, String encodingStyle)
 at Microsoft.Exchange.Tools.ExRca.Tests.AutoDiscover.AutoDiscoverGetXMLBase`2.Discover()
Exception details:
Message: <Autodiscover xmlns='https://schemas.microsoft.com/exchange/autodiscover/responseschema/2006'> was not expected.
Type: System.InvalidOperationException
Stack trace:
 at Microsoft.Xml.Serialization.GeneratedAssembly.XmlSerializationReaderOutlookAutoDiscoverResponseXML.Read11_Autodiscover()
HTTP Response Headers:
Persistent-Auth: true
Transfer-Encoding: chunked
Cache-Control: private
Content-Type: text/xml; charset=utf-8
Date: Fri, 14 Sep 2018 18:43:25 GMT
Server: Microsoft-IIS/8.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET


Elapsed Time: 2338 ms.







Attempting to contact the Autodiscover service using the HTTP redirect method.
 The attempt to contact Autodiscover using the HTTP Redirect method failed.
 
Additional Details
 
Elapsed Time: 21042 ms.


 
Test Steps
 
Attempting to resolve the host name autodiscover.domain.com in DNS.
 The host name resolved successfully.
 
Additional Details
 
IP addresses returned: x.x.x.5

Elapsed Time: 5 ms.



Testing TCP port 80 on host autodiscover.domain.com to ensure it's listening and open.
 The specified port is either blocked, not listening, or not producing the expected response.
  Tell me more about this issue and how to resolve it
 
Additional Details
 
A network error occurred while communicating with the remote host.


Elapsed Time: 21037 ms.





Attempting to contact the Autodiscover service using the DNS SRV redirect method.
 The Microsoft Connectivity Analyzer failed to contact the Autodiscover service using the DNS SRV redirect method.
 
Additional Details
 
Elapsed Time: 2 ms.


 
Test Steps
 
Attempting to locate SRV record _autodiscover._tcp.domain.com in DNS.
 The Autodiscover SRV record wasn't found in DNS.
  Tell me more about this issue and how to resolve it
 
Additional Details
 
Elapsed Time: 2 ms.





Checking if there is an autodiscover CNAME record in DNS for your domain 'domain.com' for Office 365.
 Failed to validate autodiscover CNAME record in DNS. If your mailbox isn't in Office 365, you can ignore this warning.
  Tell me more about this issue and how to resolve it
 
Additional Details
 
There is no Autodiscover CNAME record for your domain 'domain.com'.

Elapsed Time: 1 ms.
0
joebass47Author Commented:
Does that help or do you need it in a different format?
0
MAS (MVE)EE Solution Guide - Technical Dept HeadCommented:
Please make sure your DNS working ok and make sure your internal and external URLs the same using my article above.
0
joebass47Author Commented:
DNS is working and internal and external urls are pointing to the same url and i still have the same result.
0
joebass47Author Commented:
This was due to a fault http redirect in our Barracuda Load balancer.  I removed that and autodiscover works successfully as it should.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.