Autodiscover exchange 2016

Leigh2004
Leigh2004 used Ask the Experts™
on
Hi, we are running 2012 R2 with EX2016 (all up to date) we configured autodiscover following this http://www.mustbegeek.com/configure-autodiscover-in-exchange-2016/ to no avail.

Running "Get-ClientAccessService | fl AutoDiscoverServiceInternalUri" returns "AutoDiscoverServiceInternalUri : https://autodiscover.mydomain.com/Autodiscover/Autodiscover.xml"

"test-outlookwebservices" returns "Unable to find the client accesss monitoring user."

"get-outlookprovider" returns

Name                          Server                        CertPrincipalName             TTL
----                          ------                        -----------------             ---
EXCH                                                                                                              1
EXPR                                                                                                              1
WEB                                                                                                               1

Test-OutlookWebServices -Identity:user1@mydomain.com -MailboxCredential:(Get-Credential mydomain\user1) returns

Source                                                 ServiceEndpoint                                    Scenario                                             Result    Latency
                                                                                                                                                                                                              (MS)
------                              ---------------                     --------                       ------  -------
Exserver1.mydomain.com              autodiscover.mydomain.com             Autodiscover: Outlook Provider       Failure      30
Exserver1.mydomain.com                                                                               Exchange Web Services                     Skipped       0
Exserver1.mydomain.com                                                                               Availability Service                              Skipped       0
Exserver1.mydomain.com                                                                               Offline Address Book                         Skipped       0

Getting lost now, where do I go from here?

Thanks
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
MaheshArchitect
Distinguished Expert 2018

Commented:
What about other urls?

Did u set ews external url?

Try exchange remote connectivity analyzer tool online from Microsoft and run outlook autodiscover and outlook mapi test to isolate the issue

Author

Commented:
https://mail.mydomain.com/owa & https://mail.mydomain.com/ecp both work fine if thats what you mean, I have attached the results of Microsoft connectivity analyzer tool.
AutodiscoverRCATestResult.html
IvanSystem Engineer

Commented:
Hi,

you have configured DNS A or SRV record for autodiscover.mydomain.com on public DNS and it resolves to correct public IP?
Port 443 is NATed to Exchange?

Regards,
Ivan.
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Author

Commented:
Yes autodiscover.mydomain.com resolves to our static ip, however if we put https://autodiscover.mydomain.com in a web browser we get HTTP error 404, but https://mail.mydomain.com opens Outlook Web access as it should.

Everything works, mobile devices etc, all email, autodiscover used to work in fact, only found out it wasn't yesterday trying to set up a new user.

Author

Commented:
Could it be an update? this is the first new user added in about a year, and a few weeks ago we finally restarted the server to install almost 100 updates.
MaheshArchitect
Distinguished Expert 2018

Commented:
Actually you should point all exchange virtual directories external url including autodiscoverinternal uri to mail.domain.com

In short dedicate all traffic to this url
Actually autodiscover.domain.com should be able to open owa by adding /owa to url

Author

Commented:
https://autodiscover.mydomain.com/owa also gives 404

You mean as here? http://www.mustbegeek.com/configure-external-and-internal-url-in-exchange-2016/

Sorry to ask but right on the limit of my knowledge here.

Internal is currently https://servername.domain.com/owa
External is currently https://mail.domain.com/owa
MaheshArchitect
Distinguished Expert 2018

Commented:
Yes, set internal and external urls to mail.domain.com
This includes ews urls as well

Author

Commented:
OK done that, no change, would a server restart be required?
MaheshArchitect
Distinguished Expert 2018

Commented:
no, its not required, check exchange rca website if your outlook autodiscover and other outlook test getting successful?

Author

Commented:
RCA Test results exactly the same.

Author

Commented:
OK here is what I have tried so far,
[PS] C:\Windows\system32>Get-WebServicesVirtualDirectory

Name                                    Server                                  InternalUrl
----                                    ------                                  -----------
EWS (Default Web Site)                  EXSERVER1                               https://mail.mydomain.com/ews/exc...


[PS] C:\Windows\system32>Get-OabVirtualDirectory

Server                        Name                          Internal Url                  External Url
------                        ----                          ------------                  ------------
EXSERVER1                     OAB (Default Web Site)        https://mail.mydomain.c... https://mail.mydomain.c...


[PS] C:\Windows\system32>Get-OutlookAnywhere


RunspaceId                         : 5cc772bf-a074-4959-bcc9-5c467bf488c4
ServerName                         : EXSERVER1
SSLOffloading                      : True
ExternalHostname                   : mail.mydomain.com
InternalHostname                   : mail.mydomain.com
ExternalClientAuthenticationMethod : Negotiate
InternalClientAuthenticationMethod : Ntlm
IISAuthenticationMethods           : {Basic, Ntlm, Negotiate}
XropUrl                            :
ExternalClientsRequireSsl          : True
InternalClientsRequireSsl          : True
MetabasePath                       : IIS://EXSERVER1.mydomain.com/W3SVC/1/ROOT/Rpc
Path                               : C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\rpc
ExtendedProtectionTokenChecking    : None
ExtendedProtectionFlags            : {}
ExtendedProtectionSPNList          : {}
AdminDisplayVersion                : Version 15.1 (Build 396.30)
Server                             : EXSERVER1
AdminDisplayName                   :
ExchangeVersion                    : 0.20 (15.0.0.0)
Name                               : Rpc (Default Web Site)
DistinguishedName                  : CN=Rpc (Default Web
                                     Site),CN=HTTP,CN=Protocols,CN=EXSERVER1,CN=Servers,CN=Exchange Administrative
                                     Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=WestOneUK,CN=Microsoft
                                     Exchange,CN=Services,CN=Configuration,DC=mydomain,DC=com
Identity                           : EXSERVER1\Rpc (Default Web Site)
Guid                               : 71b0492c-de0d-4155-888a-74bec1e4a8d4
ObjectCategory                     : mydomain.com/Configuration/Schema/ms-Exch-Rpc-Http-Virtual-Directory
ObjectClass                        : {top, msExchVirtualDirectory, msExchRpcHttpVirtualDirectory}
WhenChanged                        : 09/11/2018 10:30:24
WhenCreated                        : 01/10/2017 17:24:17
WhenChangedUTC                     : 09/11/2018 10:30:24
WhenCreatedUTC                     : 01/10/2017 16:24:17
OrganizationId                     :
Id                                 : EXSERVER1\Rpc (Default Web Site)
OriginatingServer                  : DCSERVER1.mydomain.com
IsValid                            : True
ObjectState                        : Changed



[PS] C:\Windows\system32>Get-MapiVirtualDirectory

Name                          Server                        InternalUrl                   ExternalUrl
----                          ------                        -----------                   -----------
mapi (Default Web Site)       EXSERVER1                     https://mail.mydomain.c... https://mail.mydomain.c...

Open in new window


If I ping mail.mydomain.com & autodiscover.mydomain.com it returns the servers local ip 192.168.0.101

At a complete loss now.
MaheshArchitect
Distinguished Expert 2018

Commented:
I see autodiscover response

The Microsoft Connectivity Analyzer is attempting to retrieve an XML Autodiscover response from URL https://autodiscover.mydomain.com:443/Autodiscover/Autodiscover.xml for user myemail@mydomain.com.
The Microsoft Connectivity Analyzer failed to obtain an Autodiscover XML response.

here is the issue, check from internal network, for autodiscover url if you are getting prompted for username and password and upon provision you are getting any autodiscover response? if not you have some issue with autodiscover virtual directory

and you actually ran active sync test, did you set active sync virtual directory external url to mail.domain.com?

U need to run outlook autodiscover and outlook connectivity tests from RCA web site to actually isolate  issue, please run those tests and post results here

Author

Commented:
Get-ActiveSyncVirtualDirectory only shows Internal URL, is this right?

Browsing to https://autodiscover.mydomain.com/Autodiscover/Autodiscover.xml gives 404 not found on internal network as well as external.

[PS] C:\Windows\system32>Get-ActiveSyncVirtualDirectory

Name                                    Server                                  InternalUrl
----                                    ------                                  -----------
Microsoft-Server-ActiveSync (Default... EXSERVER1                               https://mail.mydomain.com/Microso...

Open in new window

Author

Commented:
If go to https://127.0.0.1/Autodiscover/Autodiscover.xml on the exchange server I get,

<?xml version="1.0" encoding="UTF-8"?>

-<Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">

-<Response>

-<Error Id="3310321934" Time="17:43:03.7187230">

<ErrorCode>600</ErrorCode>

<Message>Invalid Request</Message>

<DebugData/>

</Error>

</Response>

</Autodiscover>

Open in new window


Thats good? right?
MaheshArchitect
Distinguished Expert 2018

Commented:
above is correct..but it should resolve with actual FQDN..

active sync v dir should contains both internal and external urls point to mail.domain.com

check your dns if its having multiple records of autodiscover pointing to multiple IP addresses or chweck if autodiscover name resolution is working correctly

Author

Commented:
Get-ActiveSyncVirtualDirectory |Select InternalUrl,ExternalUrl returns,
InternalUrl                                                 ExternalUrl
-----------                                                 -----------
https://mail.mydomain.com/Microsoft-Server-ActiveSync    https://mail.mydomain.com/Microsoft-Server-ActiveSync


[PS] C:\Windows\system32>

Open in new window


Only one DNS record for autodiscover, CNAME record pointing to FQDN mail.mydomain.com

Now, daft question time, how do I check if autodiscover name resolution is working correctly?

Author

Commented:
I tried nslookup

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Users\user1>nslookup -type=a autodiscover.mydomain.com
Server:  mydomain.com
Address:  192.168.0.201

Name:    mail.mydomain.com
Address:  192.168.0.202
Aliases:  autodiscover.mydomain.com

Open in new window

Author

Commented:
And I try the same from outside the network I get,

C:\Users\user1>nslookup -type=a autodiscover.mydomain.com
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Non-authoritative answer:
Name:    mail.mydomain.com
Address:  195.12.x.x
Aliases:  autodiscover.mydomain.com

Open in new window

MaheshArchitect
Distinguished Expert 2018

Commented:
CNAME record pointing to FQDN mail.mydomain.com

which cname record?

do not point autodiscover to mail.domain.com?

autodiscover should directly point to exchange CAS servers

mail.domain.com also should point to exchange cas servers

This is true for internal and external both records, make those changes, flush dns and try rerun rca tests for outlook autodiscover and outlook connectivity

Author

Commented:
This is where things get really vague for me, I have a dns record called forward as below
Name	Type	Data	Timestamp
(same as parent folder)	Start of Authority (SOA)	[3], serverdc.mydomain.com., hostmaster.mydomain.com.	static
(same as parent folder)	Name Server (NS)	serverdc.mydomain.com.	static
serverDC	Host (A)	192.168.0.201	static

Open in new window

Next one called mail.mydomain.com
Name	Type	Data	Timestamp
(same as parent folder)	Start of Authority (SOA)	[11], serverdc.mydomain.com., hostmaster.mydomain.com.	static
(same as parent folder)	Name Server (NS)	mail.mydomain.com.	static
(same as parent folder)	Name Server (NS)	serverdc.mydomain.com.	static
(same as parent folder)	Host (A)	192.168.0.202	static

Open in new window

And the last called mydomain.com
Name	Type	Data	Timestamp
(same as parent folder)	Start of Authority (SOA)	[1122], serverdc.mydomian.com., hostmaster.mydomian.com.	static
(same as parent folder)	Name Server (NS)	serverdc.mydomian.com.	static
(same as parent folder)	Host (A)	192.168.0.201	?04/?11/?2018 10:00:00
_msdcs			
_sites			
_tcp			
_udp			
autodiscover	Alias (CNAME)	serverEX.mydomian.com	
DomainDnsZones			
ForestDnsZones			
mail	Host (A)	192.168.0.202	static
serverdc	Host (A)	192.168.0.201	static
serverEX	Host (A)	192.168.0.202	?04/?11/?2018 12:00:00

Open in new window

MaheshArchitect
Distinguished Expert 2018

Commented:
do you have ad domain with same name as mail domain?

I see autodiscover with cname pointing serverex.mydomain.com

where is mail.domain.com?

You have some problem with DNS, unable to understand how your dns is configured?

what is mail.mydomain.com?

Author

Commented:
Yes I changed autodiscover with cname from mail.mydomain.com to serverex.mydomain.com

You mean the 2nd record mail.mydomain.com?

What is ad domain?

Starting to think I should start again with the dns setup, evrything else works as it should.
MaheshArchitect
Distinguished Expert 2018

Commented:
ad stands for active directory domain name...

you don't need any cname

your smtp domain and active directory domain name is same or different?

Author

Commented:
One domain name, 2 hyper-v 2012 r2 servers,
192.168.0.201 called serverdc as domain controller, active directory, dns, dhcp, and one called serverex 192.168.0.202 running exchange 2016 only.
MaheshArchitect
Distinguished Expert 2018

Commented:
your smtp domain and active directory domain name is same or different?

Author

Commented:
Both the same.
MaheshArchitect
Distinguished Expert 2018

Commented:
now correct you dns setup

mail.domain.com should point to exchange server cas ip internally and externally

autodiscover.domain.com also point to exchange cas server ip interbally and externally

remove any cname records created for this purpose

I also saw mail.mydomain.com, just remove that pointing to NS record in dns..thats creating problem,

Author

Commented:
mail.domain.com should point to exchange server cas ip internally and externally - Done

autodiscover.domain.com also point to exchange cas server ip interbally and externally - Done

remove any cname records created for this purpose - Done

I also saw mail.mydomain.com, just remove that pointing to NS record in dns..thats creating problem,  - you mean the whole zone mail.mydomain.com or the record on line 3 above in that zone?
MaheshArchitect
Distinguished Expert 2018

Commented:
under mail.mydomain.com (assuming it is same for active directory and email as well) you only should have autodiscover.mydomain.com and mail.mydomain.com in that as host (A) records and if you have any other web servers pointing to there respective host records

apart from there should not any ns , srv records etc except soa record

Author

Commented:
Just to clarify, remove autodiscover.mydomain.com & mail.mydomain.com from the 3rd zone mydomain.com, and place in the 2nd zone mail.mydomain.com?
Also when I try to delete the NS records in the 2nd zone mail.mydomain.com it won't let me, shall I remove the whole zone and recreate?
MaheshArchitect
Distinguished Expert 2018

Commented:
what is you domain controller hostnames?

can you paste output of below command:

nltest /dclist:mydomain.com

Author

Commented:
C:\Users\username>nltest /dclist:mydomain.com
Get list of DCs in domain 'mydomain.com' from '\\serverdc.mydomain.com'.
    serverdc.mydomain.com [PDC]  [DS] Site: Default-First-Site-Name
The command completed successfully

Open in new window


DC host name is serverdc.mydomain.com
Exchnage server name is serverex.mydomain.com
Architect
Distinguished Expert 2018
Commented:
do you have any DC named mail.mydomain.com, please check entire AD infra?


The problem is how come NS record points to mail.mydomain.com

better you could delete mail.mydomain.com zone from dns and just keep autodiscover and mail records under myserver.com zone pointing to Exchange CAS servers -- but only if you don't have any DC server with hostname as mail.mydomain.com

Author

Commented:
Only 2 servers as above, probably should come clean here, I copied the records from the old SBS2008 server when I built this one from scratch (no migration of any kind)  I'll delete zone mail.mydomain.com and report back later.

Author

Commented:
mail,mydomain.com zone deleted, 2 A records for mail & autodiscover created pointing to exchange servers IP, ran the Microsoft RCA and results exactly the same, and still getting 404 not found for https://autodiscover.mydomain.com/Autodiscover/Autodiscover.xml

I have flushed DNS and removed browser cache.
MaheshArchitect
Distinguished Expert 2018

Commented:
Please log call with Microsoft, unless view environment on remote session cannot isolate issue

Author

Commented:
If i go to https://mail.mydomain.com/Autodiscover/Autodiscover.xml

I get the 600 error page, just not with https://autodiscover.mydomain.com/Autodiscover/Autodiscover.xml

Author

Commented:
could it be anything to do with iis? in bindings for default web site I see a record,

https   mail.mydomain.com   443   *

Open in new window


Should there be one for autodiscover?

Author

Commented:
Working now, added the binding and all good, thank you Mahesh I could not have done with out your help, and my DNS is nice and tidy now.

Author

Commented:
Thank you very much for your time it's very much appreciated.
MaheshArchitect
Distinguished Expert 2018

Commented:
Its glad to here that you resolved issue

It's you.. U have resolved it

Congratulations!!!

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial