Autodiscover exchange 2016

Hi, we are running 2012 R2 with EX2016 (all up to date) we configured autodiscover following this http://www.mustbegeek.com/configure-autodiscover-in-exchange-2016/ to no avail.

Running "Get-ClientAccessService | fl AutoDiscoverServiceInternalUri" returns "AutoDiscoverServiceInternalUri : https://autodiscover.mydomain.com/Autodiscover/Autodiscover.xml"

"test-outlookwebservices" returns "Unable to find the client accesss monitoring user."

"get-outlookprovider" returns

Name                          Server                        CertPrincipalName             TTL
----                          ------                        -----------------             ---
EXCH                                                                                                              1
EXPR                                                                                                              1
WEB                                                                                                               1

Test-OutlookWebServices -Identity:user1@mydomain.com -MailboxCredential:(Get-Credential mydomain\user1) returns

Source                                                 ServiceEndpoint                                    Scenario                                             Result    Latency
                                                                                                                                                                                                              (MS)
------                              ---------------                     --------                       ------  -------
Exserver1.mydomain.com              autodiscover.mydomain.com             Autodiscover: Outlook Provider       Failure      30
Exserver1.mydomain.com                                                                               Exchange Web Services                     Skipped       0
Exserver1.mydomain.com                                                                               Availability Service                              Skipped       0
Exserver1.mydomain.com                                                                               Offline Address Book                         Skipped       0

Getting lost now, where do I go from here?

Thanks
Leigh2004Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

MaheshArchitectCommented:
What about other urls?

Did u set ews external url?

Try exchange remote connectivity analyzer tool online from Microsoft and run outlook autodiscover and outlook mapi test to isolate the issue
Leigh2004Author Commented:
https://mail.mydomain.com/owa & https://mail.mydomain.com/ecp both work fine if thats what you mean, I have attached the results of Microsoft connectivity analyzer tool.
AutodiscoverRCATestResult.html
IvanSystem EngineerCommented:
Hi,

you have configured DNS A or SRV record for autodiscover.mydomain.com on public DNS and it resolves to correct public IP?
Port 443 is NATed to Exchange?

Regards,
Ivan.
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

Leigh2004Author Commented:
Yes autodiscover.mydomain.com resolves to our static ip, however if we put https://autodiscover.mydomain.com in a web browser we get HTTP error 404, but https://mail.mydomain.com opens Outlook Web access as it should.

Everything works, mobile devices etc, all email, autodiscover used to work in fact, only found out it wasn't yesterday trying to set up a new user.
Leigh2004Author Commented:
Could it be an update? this is the first new user added in about a year, and a few weeks ago we finally restarted the server to install almost 100 updates.
MaheshArchitectCommented:
Actually you should point all exchange virtual directories external url including autodiscoverinternal uri to mail.domain.com

In short dedicate all traffic to this url
Actually autodiscover.domain.com should be able to open owa by adding /owa to url
Leigh2004Author Commented:
https://autodiscover.mydomain.com/owa also gives 404

You mean as here? http://www.mustbegeek.com/configure-external-and-internal-url-in-exchange-2016/

Sorry to ask but right on the limit of my knowledge here.

Internal is currently https://servername.domain.com/owa
External is currently https://mail.domain.com/owa
MaheshArchitectCommented:
Yes, set internal and external urls to mail.domain.com
This includes ews urls as well
Leigh2004Author Commented:
OK done that, no change, would a server restart be required?
MaheshArchitectCommented:
no, its not required, check exchange rca website if your outlook autodiscover and other outlook test getting successful?
Leigh2004Author Commented:
RCA Test results exactly the same.
Leigh2004Author Commented:
OK here is what I have tried so far,
[PS] C:\Windows\system32>Get-WebServicesVirtualDirectory

Name                                    Server                                  InternalUrl
----                                    ------                                  -----------
EWS (Default Web Site)                  EXSERVER1                               https://mail.mydomain.com/ews/exc...


[PS] C:\Windows\system32>Get-OabVirtualDirectory

Server                        Name                          Internal Url                  External Url
------                        ----                          ------------                  ------------
EXSERVER1                     OAB (Default Web Site)        https://mail.mydomain.c... https://mail.mydomain.c...


[PS] C:\Windows\system32>Get-OutlookAnywhere


RunspaceId                         : 5cc772bf-a074-4959-bcc9-5c467bf488c4
ServerName                         : EXSERVER1
SSLOffloading                      : True
ExternalHostname                   : mail.mydomain.com
InternalHostname                   : mail.mydomain.com
ExternalClientAuthenticationMethod : Negotiate
InternalClientAuthenticationMethod : Ntlm
IISAuthenticationMethods           : {Basic, Ntlm, Negotiate}
XropUrl                            :
ExternalClientsRequireSsl          : True
InternalClientsRequireSsl          : True
MetabasePath                       : IIS://EXSERVER1.mydomain.com/W3SVC/1/ROOT/Rpc
Path                               : C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\rpc
ExtendedProtectionTokenChecking    : None
ExtendedProtectionFlags            : {}
ExtendedProtectionSPNList          : {}
AdminDisplayVersion                : Version 15.1 (Build 396.30)
Server                             : EXSERVER1
AdminDisplayName                   :
ExchangeVersion                    : 0.20 (15.0.0.0)
Name                               : Rpc (Default Web Site)
DistinguishedName                  : CN=Rpc (Default Web
                                     Site),CN=HTTP,CN=Protocols,CN=EXSERVER1,CN=Servers,CN=Exchange Administrative
                                     Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=WestOneUK,CN=Microsoft
                                     Exchange,CN=Services,CN=Configuration,DC=mydomain,DC=com
Identity                           : EXSERVER1\Rpc (Default Web Site)
Guid                               : 71b0492c-de0d-4155-888a-74bec1e4a8d4
ObjectCategory                     : mydomain.com/Configuration/Schema/ms-Exch-Rpc-Http-Virtual-Directory
ObjectClass                        : {top, msExchVirtualDirectory, msExchRpcHttpVirtualDirectory}
WhenChanged                        : 09/11/2018 10:30:24
WhenCreated                        : 01/10/2017 17:24:17
WhenChangedUTC                     : 09/11/2018 10:30:24
WhenCreatedUTC                     : 01/10/2017 16:24:17
OrganizationId                     :
Id                                 : EXSERVER1\Rpc (Default Web Site)
OriginatingServer                  : DCSERVER1.mydomain.com
IsValid                            : True
ObjectState                        : Changed



[PS] C:\Windows\system32>Get-MapiVirtualDirectory

Name                          Server                        InternalUrl                   ExternalUrl
----                          ------                        -----------                   -----------
mapi (Default Web Site)       EXSERVER1                     https://mail.mydomain.c... https://mail.mydomain.c...

Open in new window


If I ping mail.mydomain.com & autodiscover.mydomain.com it returns the servers local ip 192.168.0.101

At a complete loss now.
MaheshArchitectCommented:
I see autodiscover response

The Microsoft Connectivity Analyzer is attempting to retrieve an XML Autodiscover response from URL https://autodiscover.mydomain.com:443/Autodiscover/Autodiscover.xml for user myemail@mydomain.com.
The Microsoft Connectivity Analyzer failed to obtain an Autodiscover XML response.

here is the issue, check from internal network, for autodiscover url if you are getting prompted for username and password and upon provision you are getting any autodiscover response? if not you have some issue with autodiscover virtual directory

and you actually ran active sync test, did you set active sync virtual directory external url to mail.domain.com?

U need to run outlook autodiscover and outlook connectivity tests from RCA web site to actually isolate  issue, please run those tests and post results here
Leigh2004Author Commented:
Leigh2004Author Commented:
Get-ActiveSyncVirtualDirectory only shows Internal URL, is this right?

Browsing to https://autodiscover.mydomain.com/Autodiscover/Autodiscover.xml gives 404 not found on internal network as well as external.

[PS] C:\Windows\system32>Get-ActiveSyncVirtualDirectory

Name                                    Server                                  InternalUrl
----                                    ------                                  -----------
Microsoft-Server-ActiveSync (Default... EXSERVER1                               https://mail.mydomain.com/Microso...

Open in new window

Leigh2004Author Commented:
If go to https://127.0.0.1/Autodiscover/Autodiscover.xml on the exchange server I get,

<?xml version="1.0" encoding="UTF-8"?>

-<Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">

-<Response>

-<Error Id="3310321934" Time="17:43:03.7187230">

<ErrorCode>600</ErrorCode>

<Message>Invalid Request</Message>

<DebugData/>

</Error>

</Response>

</Autodiscover>

Open in new window


Thats good? right?
MaheshArchitectCommented:
above is correct..but it should resolve with actual FQDN..

active sync v dir should contains both internal and external urls point to mail.domain.com

check your dns if its having multiple records of autodiscover pointing to multiple IP addresses or chweck if autodiscover name resolution is working correctly
Leigh2004Author Commented:
Get-ActiveSyncVirtualDirectory |Select InternalUrl,ExternalUrl returns,
InternalUrl                                                 ExternalUrl
-----------                                                 -----------
https://mail.mydomain.com/Microsoft-Server-ActiveSync    https://mail.mydomain.com/Microsoft-Server-ActiveSync


[PS] C:\Windows\system32>

Open in new window


Only one DNS record for autodiscover, CNAME record pointing to FQDN mail.mydomain.com

Now, daft question time, how do I check if autodiscover name resolution is working correctly?
Leigh2004Author Commented:
I tried nslookup

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Users\user1>nslookup -type=a autodiscover.mydomain.com
Server:  mydomain.com
Address:  192.168.0.201

Name:    mail.mydomain.com
Address:  192.168.0.202
Aliases:  autodiscover.mydomain.com

Open in new window

Leigh2004Author Commented:
And I try the same from outside the network I get,

C:\Users\user1>nslookup -type=a autodiscover.mydomain.com
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Non-authoritative answer:
Name:    mail.mydomain.com
Address:  195.12.x.x
Aliases:  autodiscover.mydomain.com

Open in new window

MaheshArchitectCommented:
CNAME record pointing to FQDN mail.mydomain.com

which cname record?

do not point autodiscover to mail.domain.com?

autodiscover should directly point to exchange CAS servers

mail.domain.com also should point to exchange cas servers

This is true for internal and external both records, make those changes, flush dns and try rerun rca tests for outlook autodiscover and outlook connectivity
Leigh2004Author Commented:
This is where things get really vague for me, I have a dns record called forward as below
Name	Type	Data	Timestamp
(same as parent folder)	Start of Authority (SOA)	[3], serverdc.mydomain.com., hostmaster.mydomain.com.	static
(same as parent folder)	Name Server (NS)	serverdc.mydomain.com.	static
serverDC	Host (A)	192.168.0.201	static

Open in new window

Next one called mail.mydomain.com
Name	Type	Data	Timestamp
(same as parent folder)	Start of Authority (SOA)	[11], serverdc.mydomain.com., hostmaster.mydomain.com.	static
(same as parent folder)	Name Server (NS)	mail.mydomain.com.	static
(same as parent folder)	Name Server (NS)	serverdc.mydomain.com.	static
(same as parent folder)	Host (A)	192.168.0.202	static

Open in new window

And the last called mydomain.com
Name	Type	Data	Timestamp
(same as parent folder)	Start of Authority (SOA)	[1122], serverdc.mydomian.com., hostmaster.mydomian.com.	static
(same as parent folder)	Name Server (NS)	serverdc.mydomian.com.	static
(same as parent folder)	Host (A)	192.168.0.201	?04/?11/?2018 10:00:00
_msdcs			
_sites			
_tcp			
_udp			
autodiscover	Alias (CNAME)	serverEX.mydomian.com	
DomainDnsZones			
ForestDnsZones			
mail	Host (A)	192.168.0.202	static
serverdc	Host (A)	192.168.0.201	static
serverEX	Host (A)	192.168.0.202	?04/?11/?2018 12:00:00

Open in new window

MaheshArchitectCommented:
do you have ad domain with same name as mail domain?

I see autodiscover with cname pointing serverex.mydomain.com

where is mail.domain.com?

You have some problem with DNS, unable to understand how your dns is configured?

what is mail.mydomain.com?
Leigh2004Author Commented:
Yes I changed autodiscover with cname from mail.mydomain.com to serverex.mydomain.com

You mean the 2nd record mail.mydomain.com?

What is ad domain?

Starting to think I should start again with the dns setup, evrything else works as it should.
MaheshArchitectCommented:
ad stands for active directory domain name...

you don't need any cname

your smtp domain and active directory domain name is same or different?
Leigh2004Author Commented:
One domain name, 2 hyper-v 2012 r2 servers,
192.168.0.201 called serverdc as domain controller, active directory, dns, dhcp, and one called serverex 192.168.0.202 running exchange 2016 only.
MaheshArchitectCommented:
your smtp domain and active directory domain name is same or different?
Leigh2004Author Commented:
Both the same.
MaheshArchitectCommented:
now correct you dns setup

mail.domain.com should point to exchange server cas ip internally and externally

autodiscover.domain.com also point to exchange cas server ip interbally and externally

remove any cname records created for this purpose

I also saw mail.mydomain.com, just remove that pointing to NS record in dns..thats creating problem,
Leigh2004Author Commented:
mail.domain.com should point to exchange server cas ip internally and externally - Done

autodiscover.domain.com also point to exchange cas server ip interbally and externally - Done

remove any cname records created for this purpose - Done

I also saw mail.mydomain.com, just remove that pointing to NS record in dns..thats creating problem,  - you mean the whole zone mail.mydomain.com or the record on line 3 above in that zone?
MaheshArchitectCommented:
under mail.mydomain.com (assuming it is same for active directory and email as well) you only should have autodiscover.mydomain.com and mail.mydomain.com in that as host (A) records and if you have any other web servers pointing to there respective host records

apart from there should not any ns , srv records etc except soa record
Leigh2004Author Commented:
Just to clarify, remove autodiscover.mydomain.com & mail.mydomain.com from the 3rd zone mydomain.com, and place in the 2nd zone mail.mydomain.com?
Also when I try to delete the NS records in the 2nd zone mail.mydomain.com it won't let me, shall I remove the whole zone and recreate?
MaheshArchitectCommented:
what is you domain controller hostnames?

can you paste output of below command:

nltest /dclist:mydomain.com
Leigh2004Author Commented:
C:\Users\username>nltest /dclist:mydomain.com
Get list of DCs in domain 'mydomain.com' from '\\serverdc.mydomain.com'.
    serverdc.mydomain.com [PDC]  [DS] Site: Default-First-Site-Name
The command completed successfully

Open in new window


DC host name is serverdc.mydomain.com
Exchnage server name is serverex.mydomain.com
MaheshArchitectCommented:
do you have any DC named mail.mydomain.com, please check entire AD infra?


The problem is how come NS record points to mail.mydomain.com

better you could delete mail.mydomain.com zone from dns and just keep autodiscover and mail records under myserver.com zone pointing to Exchange CAS servers -- but only if you don't have any DC server with hostname as mail.mydomain.com

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Leigh2004Author Commented:
Only 2 servers as above, probably should come clean here, I copied the records from the old SBS2008 server when I built this one from scratch (no migration of any kind)  I'll delete zone mail.mydomain.com and report back later.
Leigh2004Author Commented:
mail,mydomain.com zone deleted, 2 A records for mail & autodiscover created pointing to exchange servers IP, ran the Microsoft RCA and results exactly the same, and still getting 404 not found for https://autodiscover.mydomain.com/Autodiscover/Autodiscover.xml

I have flushed DNS and removed browser cache.
MaheshArchitectCommented:
Please log call with Microsoft, unless view environment on remote session cannot isolate issue
Leigh2004Author Commented:
If i go to https://mail.mydomain.com/Autodiscover/Autodiscover.xml

I get the 600 error page, just not with https://autodiscover.mydomain.com/Autodiscover/Autodiscover.xml
Leigh2004Author Commented:
could it be anything to do with iis? in bindings for default web site I see a record,

https   mail.mydomain.com   443   *

Open in new window


Should there be one for autodiscover?
Leigh2004Author Commented:
Working now, added the binding and all good, thank you Mahesh I could not have done with out your help, and my DNS is nice and tidy now.
Leigh2004Author Commented:
Thank you very much for your time it's very much appreciated.
MaheshArchitectCommented:
Its glad to here that you resolved issue

It's you.. U have resolved it

Congratulations!!!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.