Autodiscover exchange 2016

Hi, we are running 2012 R2 with EX2016 (all up to date) we configured autodiscover following this to no avail.

Running "Get-ClientAccessService | fl AutoDiscoverServiceInternalUri" returns "AutoDiscoverServiceInternalUri :"

"test-outlookwebservices" returns "Unable to find the client accesss monitoring user."

"get-outlookprovider" returns

Name                          Server                        CertPrincipalName             TTL
----                          ------                        -----------------             ---
EXCH                                                                                                              1
EXPR                                                                                                              1
WEB                                                                                                               1

Test-OutlookWebServices -MailboxCredential:(Get-Credential mydomain\user1) returns

Source                                                 ServiceEndpoint                                    Scenario                                             Result    Latency
------                              ---------------                     --------                       ------  -------                 Autodiscover: Outlook Provider       Failure      30                                                                               Exchange Web Services                     Skipped       0                                                                               Availability Service                              Skipped       0                                                                               Offline Address Book                         Skipped       0

Getting lost now, where do I go from here?

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

What about other urls?

Did u set ews external url?

Try exchange remote connectivity analyzer tool online from Microsoft and run outlook autodiscover and outlook mapi test to isolate the issue
Leigh2004Author Commented: & both work fine if thats what you mean, I have attached the results of Microsoft connectivity analyzer tool.
IvanSystem EngineerCommented:

you have configured DNS A or SRV record for on public DNS and it resolves to correct public IP?
Port 443 is NATed to Exchange?

Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

Leigh2004Author Commented:
Yes resolves to our static ip, however if we put in a web browser we get HTTP error 404, but opens Outlook Web access as it should.

Everything works, mobile devices etc, all email, autodiscover used to work in fact, only found out it wasn't yesterday trying to set up a new user.
Leigh2004Author Commented:
Could it be an update? this is the first new user added in about a year, and a few weeks ago we finally restarted the server to install almost 100 updates.
Actually you should point all exchange virtual directories external url including autodiscoverinternal uri to

In short dedicate all traffic to this url
Actually should be able to open owa by adding /owa to url
Leigh2004Author Commented: also gives 404

You mean as here?

Sorry to ask but right on the limit of my knowledge here.

Internal is currently
External is currently
Yes, set internal and external urls to
This includes ews urls as well
Leigh2004Author Commented:
OK done that, no change, would a server restart be required?
no, its not required, check exchange rca website if your outlook autodiscover and other outlook test getting successful?
Leigh2004Author Commented:
RCA Test results exactly the same.
Leigh2004Author Commented:
OK here is what I have tried so far,
[PS] C:\Windows\system32>Get-WebServicesVirtualDirectory

Name                                    Server                                  InternalUrl
----                                    ------                                  -----------
EWS (Default Web Site)                  EXSERVER1                     

[PS] C:\Windows\system32>Get-OabVirtualDirectory

Server                        Name                          Internal Url                  External Url
------                        ----                          ------------                  ------------
EXSERVER1                     OAB (Default Web Site)        https://mail.mydomain.c... https://mail.mydomain.c...

[PS] C:\Windows\system32>Get-OutlookAnywhere

RunspaceId                         : 5cc772bf-a074-4959-bcc9-5c467bf488c4
ServerName                         : EXSERVER1
SSLOffloading                      : True
ExternalHostname                   :
InternalHostname                   :
ExternalClientAuthenticationMethod : Negotiate
InternalClientAuthenticationMethod : Ntlm
IISAuthenticationMethods           : {Basic, Ntlm, Negotiate}
XropUrl                            :
ExternalClientsRequireSsl          : True
InternalClientsRequireSsl          : True
MetabasePath                       : IIS://
Path                               : C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\rpc
ExtendedProtectionTokenChecking    : None
ExtendedProtectionFlags            : {}
ExtendedProtectionSPNList          : {}
AdminDisplayVersion                : Version 15.1 (Build 396.30)
Server                             : EXSERVER1
AdminDisplayName                   :
ExchangeVersion                    : 0.20 (
Name                               : Rpc (Default Web Site)
DistinguishedName                  : CN=Rpc (Default Web
                                     Site),CN=HTTP,CN=Protocols,CN=EXSERVER1,CN=Servers,CN=Exchange Administrative
                                     Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=WestOneUK,CN=Microsoft
Identity                           : EXSERVER1\Rpc (Default Web Site)
Guid                               : 71b0492c-de0d-4155-888a-74bec1e4a8d4
ObjectCategory                     :
ObjectClass                        : {top, msExchVirtualDirectory, msExchRpcHttpVirtualDirectory}
WhenChanged                        : 09/11/2018 10:30:24
WhenCreated                        : 01/10/2017 17:24:17
WhenChangedUTC                     : 09/11/2018 10:30:24
WhenCreatedUTC                     : 01/10/2017 16:24:17
OrganizationId                     :
Id                                 : EXSERVER1\Rpc (Default Web Site)
OriginatingServer                  :
IsValid                            : True
ObjectState                        : Changed

[PS] C:\Windows\system32>Get-MapiVirtualDirectory

Name                          Server                        InternalUrl                   ExternalUrl
----                          ------                        -----------                   -----------
mapi (Default Web Site)       EXSERVER1                     https://mail.mydomain.c... https://mail.mydomain.c...

Open in new window

If I ping & it returns the servers local ip

At a complete loss now.
I see autodiscover response

The Microsoft Connectivity Analyzer is attempting to retrieve an XML Autodiscover response from URL for user
The Microsoft Connectivity Analyzer failed to obtain an Autodiscover XML response.

here is the issue, check from internal network, for autodiscover url if you are getting prompted for username and password and upon provision you are getting any autodiscover response? if not you have some issue with autodiscover virtual directory

and you actually ran active sync test, did you set active sync virtual directory external url to

U need to run outlook autodiscover and outlook connectivity tests from RCA web site to actually isolate  issue, please run those tests and post results here
Leigh2004Author Commented:
Leigh2004Author Commented:
Get-ActiveSyncVirtualDirectory only shows Internal URL, is this right?

Browsing to gives 404 not found on internal network as well as external.

[PS] C:\Windows\system32>Get-ActiveSyncVirtualDirectory

Name                                    Server                                  InternalUrl
----                                    ------                                  -----------
Microsoft-Server-ActiveSync (Default... EXSERVER1                     

Open in new window

Leigh2004Author Commented:
If go to on the exchange server I get,

<?xml version="1.0" encoding="UTF-8"?>

-<Autodiscover xmlns="">


-<Error Id="3310321934" Time="17:43:03.7187230">


<Message>Invalid Request</Message>





Open in new window

Thats good? right?
above is correct..but it should resolve with actual FQDN..

active sync v dir should contains both internal and external urls point to

check your dns if its having multiple records of autodiscover pointing to multiple IP addresses or chweck if autodiscover name resolution is working correctly
Leigh2004Author Commented:
Get-ActiveSyncVirtualDirectory |Select InternalUrl,ExternalUrl returns,
InternalUrl                                                 ExternalUrl
-----------                                                 -----------

[PS] C:\Windows\system32>

Open in new window

Only one DNS record for autodiscover, CNAME record pointing to FQDN

Now, daft question time, how do I check if autodiscover name resolution is working correctly?
Leigh2004Author Commented:
I tried nslookup

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Users\user1>nslookup -type=a


Open in new window

Leigh2004Author Commented:
And I try the same from outside the network I get,

C:\Users\user1>nslookup -type=a

Non-authoritative answer:
Address:  195.12.x.x

Open in new window

CNAME record pointing to FQDN

which cname record?

do not point autodiscover to

autodiscover should directly point to exchange CAS servers also should point to exchange cas servers

This is true for internal and external both records, make those changes, flush dns and try rerun rca tests for outlook autodiscover and outlook connectivity
Leigh2004Author Commented:
This is where things get really vague for me, I have a dns record called forward as below
Name	Type	Data	Timestamp
(same as parent folder)	Start of Authority (SOA)	[3],,	static
(same as parent folder)	Name Server (NS)	static
serverDC	Host (A)	static

Open in new window

Next one called
Name	Type	Data	Timestamp
(same as parent folder)	Start of Authority (SOA)	[11],,	static
(same as parent folder)	Name Server (NS)	static
(same as parent folder)	Name Server (NS)	static
(same as parent folder)	Host (A)	static

Open in new window

And the last called
Name	Type	Data	Timestamp
(same as parent folder)	Start of Authority (SOA)	[1122],,	static
(same as parent folder)	Name Server (NS)	static
(same as parent folder)	Host (A)	?04/?11/?2018 10:00:00
autodiscover	Alias (CNAME)	
mail	Host (A)	static
serverdc	Host (A)	static
serverEX	Host (A)	?04/?11/?2018 12:00:00

Open in new window

do you have ad domain with same name as mail domain?

I see autodiscover with cname pointing

where is

You have some problem with DNS, unable to understand how your dns is configured?

what is
Leigh2004Author Commented:
Yes I changed autodiscover with cname from to

You mean the 2nd record

What is ad domain?

Starting to think I should start again with the dns setup, evrything else works as it should.
ad stands for active directory domain name...

you don't need any cname

your smtp domain and active directory domain name is same or different?
Leigh2004Author Commented:
One domain name, 2 hyper-v 2012 r2 servers, called serverdc as domain controller, active directory, dns, dhcp, and one called serverex running exchange 2016 only.
your smtp domain and active directory domain name is same or different?
Leigh2004Author Commented:
Both the same.
now correct you dns setup should point to exchange server cas ip internally and externally also point to exchange cas server ip interbally and externally

remove any cname records created for this purpose

I also saw, just remove that pointing to NS record in dns..thats creating problem,
Leigh2004Author Commented: should point to exchange server cas ip internally and externally - Done also point to exchange cas server ip interbally and externally - Done

remove any cname records created for this purpose - Done

I also saw, just remove that pointing to NS record in dns..thats creating problem,  - you mean the whole zone or the record on line 3 above in that zone?
under (assuming it is same for active directory and email as well) you only should have and in that as host (A) records and if you have any other web servers pointing to there respective host records

apart from there should not any ns , srv records etc except soa record
Leigh2004Author Commented:
Just to clarify, remove & from the 3rd zone, and place in the 2nd zone
Also when I try to delete the NS records in the 2nd zone it won't let me, shall I remove the whole zone and recreate?
what is you domain controller hostnames?

can you paste output of below command:

nltest /
Leigh2004Author Commented:
C:\Users\username>nltest /
Get list of DCs in domain '' from '\\'. [PDC]  [DS] Site: Default-First-Site-Name
The command completed successfully

Open in new window

DC host name is
Exchnage server name is
do you have any DC named, please check entire AD infra?

The problem is how come NS record points to

better you could delete zone from dns and just keep autodiscover and mail records under zone pointing to Exchange CAS servers -- but only if you don't have any DC server with hostname as

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Leigh2004Author Commented:
Only 2 servers as above, probably should come clean here, I copied the records from the old SBS2008 server when I built this one from scratch (no migration of any kind)  I'll delete zone and report back later.
Leigh2004Author Commented:
mail, zone deleted, 2 A records for mail & autodiscover created pointing to exchange servers IP, ran the Microsoft RCA and results exactly the same, and still getting 404 not found for

I have flushed DNS and removed browser cache.
Please log call with Microsoft, unless view environment on remote session cannot isolate issue
Leigh2004Author Commented:
If i go to

I get the 600 error page, just not with
Leigh2004Author Commented:
could it be anything to do with iis? in bindings for default web site I see a record,

https   443   *

Open in new window

Should there be one for autodiscover?
Leigh2004Author Commented:
Working now, added the binding and all good, thank you Mahesh I could not have done with out your help, and my DNS is nice and tidy now.
Leigh2004Author Commented:
Thank you very much for your time it's very much appreciated.
Its glad to here that you resolved issue

It's you.. U have resolved it

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.