Avatar of Leigh2004
Leigh2004
Flag for United Kingdom of Great Britain and Northern Ireland asked on

Autodiscover exchange 2016

Hi, we are running 2012 R2 with EX2016 (all up to date) we configured autodiscover following this http://www.mustbegeek.com/configure-autodiscover-in-exchange-2016/ to no avail.

Running "Get-ClientAccessService | fl AutoDiscoverServiceInternalUri" returns "AutoDiscoverServiceInternalUri : https://autodiscover.mydomain.com/Autodiscover/Autodiscover.xml"

"test-outlookwebservices" returns "Unable to find the client accesss monitoring user."

"get-outlookprovider" returns

Name                          Server                        CertPrincipalName             TTL
----                          ------                        -----------------             ---
EXCH                                                                                                              1
EXPR                                                                                                              1
WEB                                                                                                               1

Test-OutlookWebServices -Identity:user1@mydomain.com -MailboxCredential:(Get-Credential mydomain\user1) returns

Source                                                 ServiceEndpoint                                    Scenario                                             Result    Latency
                                                                                                                                                                                                              (MS)
------                              ---------------                     --------                       ------  -------
Exserver1.mydomain.com              autodiscover.mydomain.com             Autodiscover: Outlook Provider       Failure      30
Exserver1.mydomain.com                                                                               Exchange Web Services                     Skipped       0
Exserver1.mydomain.com                                                                               Availability Service                              Skipped       0
Exserver1.mydomain.com                                                                               Offline Address Book                         Skipped       0

Getting lost now, where do I go from here?

Thanks
ExchangeOutlookEmail Servers

Avatar of undefined
Last Comment
Mahesh

8/22/2022 - Mon
Mahesh

What about other urls?

Did u set ews external url?

Try exchange remote connectivity analyzer tool online from Microsoft and run outlook autodiscover and outlook mapi test to isolate the issue
Leigh2004

ASKER
https://mail.mydomain.com/owa & https://mail.mydomain.com/ecp both work fine if thats what you mean, I have attached the results of Microsoft connectivity analyzer tool.
AutodiscoverRCATestResult.html
Ivan

Hi,

you have configured DNS A or SRV record for autodiscover.mydomain.com on public DNS and it resolves to correct public IP?
Port 443 is NATed to Exchange?

Regards,
Ivan.
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck
Leigh2004

ASKER
Yes autodiscover.mydomain.com resolves to our static ip, however if we put https://autodiscover.mydomain.com in a web browser we get HTTP error 404, but https://mail.mydomain.com opens Outlook Web access as it should.

Everything works, mobile devices etc, all email, autodiscover used to work in fact, only found out it wasn't yesterday trying to set up a new user.
Leigh2004

ASKER
Could it be an update? this is the first new user added in about a year, and a few weeks ago we finally restarted the server to install almost 100 updates.
Mahesh

Actually you should point all exchange virtual directories external url including autodiscoverinternal uri to mail.domain.com

In short dedicate all traffic to this url
Actually autodiscover.domain.com should be able to open owa by adding /owa to url
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Leigh2004

ASKER
https://autodiscover.mydomain.com/owa also gives 404

You mean as here? http://www.mustbegeek.com/configure-external-and-internal-url-in-exchange-2016/

Sorry to ask but right on the limit of my knowledge here.

Internal is currently https://servername.domain.com/owa
External is currently https://mail.domain.com/owa
Mahesh

Yes, set internal and external urls to mail.domain.com
This includes ews urls as well
Leigh2004

ASKER
OK done that, no change, would a server restart be required?
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes
Mahesh

no, its not required, check exchange rca website if your outlook autodiscover and other outlook test getting successful?
Leigh2004

ASKER
RCA Test results exactly the same.
Leigh2004

ASKER
OK here is what I have tried so far,
[PS] C:\Windows\system32>Get-WebServicesVirtualDirectory

Name                                    Server                                  InternalUrl
----                                    ------                                  -----------
EWS (Default Web Site)                  EXSERVER1                               https://mail.mydomain.com/ews/exc...


[PS] C:\Windows\system32>Get-OabVirtualDirectory

Server                        Name                          Internal Url                  External Url
------                        ----                          ------------                  ------------
EXSERVER1                     OAB (Default Web Site)        https://mail.mydomain.c... https://mail.mydomain.c...


[PS] C:\Windows\system32>Get-OutlookAnywhere


RunspaceId                         : 5cc772bf-a074-4959-bcc9-5c467bf488c4
ServerName                         : EXSERVER1
SSLOffloading                      : True
ExternalHostname                   : mail.mydomain.com
InternalHostname                   : mail.mydomain.com
ExternalClientAuthenticationMethod : Negotiate
InternalClientAuthenticationMethod : Ntlm
IISAuthenticationMethods           : {Basic, Ntlm, Negotiate}
XropUrl                            :
ExternalClientsRequireSsl          : True
InternalClientsRequireSsl          : True
MetabasePath                       : IIS://EXSERVER1.mydomain.com/W3SVC/1/ROOT/Rpc
Path                               : C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\rpc
ExtendedProtectionTokenChecking    : None
ExtendedProtectionFlags            : {}
ExtendedProtectionSPNList          : {}
AdminDisplayVersion                : Version 15.1 (Build 396.30)
Server                             : EXSERVER1
AdminDisplayName                   :
ExchangeVersion                    : 0.20 (15.0.0.0)
Name                               : Rpc (Default Web Site)
DistinguishedName                  : CN=Rpc (Default Web
                                     Site),CN=HTTP,CN=Protocols,CN=EXSERVER1,CN=Servers,CN=Exchange Administrative
                                     Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=WestOneUK,CN=Microsoft
                                     Exchange,CN=Services,CN=Configuration,DC=mydomain,DC=com
Identity                           : EXSERVER1\Rpc (Default Web Site)
Guid                               : 71b0492c-de0d-4155-888a-74bec1e4a8d4
ObjectCategory                     : mydomain.com/Configuration/Schema/ms-Exch-Rpc-Http-Virtual-Directory
ObjectClass                        : {top, msExchVirtualDirectory, msExchRpcHttpVirtualDirectory}
WhenChanged                        : 09/11/2018 10:30:24
WhenCreated                        : 01/10/2017 17:24:17
WhenChangedUTC                     : 09/11/2018 10:30:24
WhenCreatedUTC                     : 01/10/2017 16:24:17
OrganizationId                     :
Id                                 : EXSERVER1\Rpc (Default Web Site)
OriginatingServer                  : DCSERVER1.mydomain.com
IsValid                            : True
ObjectState                        : Changed



[PS] C:\Windows\system32>Get-MapiVirtualDirectory

Name                          Server                        InternalUrl                   ExternalUrl
----                          ------                        -----------                   -----------
mapi (Default Web Site)       EXSERVER1                     https://mail.mydomain.c... https://mail.mydomain.c...

Open in new window


If I ping mail.mydomain.com & autodiscover.mydomain.com it returns the servers local ip 192.168.0.101

At a complete loss now.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Mahesh

I see autodiscover response

The Microsoft Connectivity Analyzer is attempting to retrieve an XML Autodiscover response from URL https://autodiscover.mydomain.com:443/Autodiscover/Autodiscover.xml for user myemail@mydomain.com.
The Microsoft Connectivity Analyzer failed to obtain an Autodiscover XML response.

here is the issue, check from internal network, for autodiscover url if you are getting prompted for username and password and upon provision you are getting any autodiscover response? if not you have some issue with autodiscover virtual directory

and you actually ran active sync test, did you set active sync virtual directory external url to mail.domain.com?

U need to run outlook autodiscover and outlook connectivity tests from RCA web site to actually isolate  issue, please run those tests and post results here
Leigh2004

ASKER
Leigh2004

ASKER
Get-ActiveSyncVirtualDirectory only shows Internal URL, is this right?

Browsing to https://autodiscover.mydomain.com/Autodiscover/Autodiscover.xml gives 404 not found on internal network as well as external.

[PS] C:\Windows\system32>Get-ActiveSyncVirtualDirectory

Name                                    Server                                  InternalUrl
----                                    ------                                  -----------
Microsoft-Server-ActiveSync (Default... EXSERVER1                               https://mail.mydomain.com/Microso...

Open in new window

Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy
Leigh2004

ASKER
If go to https://127.0.0.1/Autodiscover/Autodiscover.xml on the exchange server I get,

<?xml version="1.0" encoding="UTF-8"?>

-<Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">

-<Response>

-<Error Id="3310321934" Time="17:43:03.7187230">

<ErrorCode>600</ErrorCode>

<Message>Invalid Request</Message>

<DebugData/>

</Error>

</Response>

</Autodiscover>

Open in new window


Thats good? right?
Mahesh

above is correct..but it should resolve with actual FQDN..

active sync v dir should contains both internal and external urls point to mail.domain.com

check your dns if its having multiple records of autodiscover pointing to multiple IP addresses or chweck if autodiscover name resolution is working correctly
Leigh2004

ASKER
Get-ActiveSyncVirtualDirectory |Select InternalUrl,ExternalUrl returns,
InternalUrl                                                 ExternalUrl
-----------                                                 -----------
https://mail.mydomain.com/Microsoft-Server-ActiveSync    https://mail.mydomain.com/Microsoft-Server-ActiveSync


[PS] C:\Windows\system32>

Open in new window


Only one DNS record for autodiscover, CNAME record pointing to FQDN mail.mydomain.com

Now, daft question time, how do I check if autodiscover name resolution is working correctly?
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Leigh2004

ASKER
I tried nslookup

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Users\user1>nslookup -type=a autodiscover.mydomain.com
Server:  mydomain.com
Address:  192.168.0.201

Name:    mail.mydomain.com
Address:  192.168.0.202
Aliases:  autodiscover.mydomain.com

Open in new window

Leigh2004

ASKER
And I try the same from outside the network I get,

C:\Users\user1>nslookup -type=a autodiscover.mydomain.com
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Non-authoritative answer:
Name:    mail.mydomain.com
Address:  195.12.x.x
Aliases:  autodiscover.mydomain.com

Open in new window

Mahesh

CNAME record pointing to FQDN mail.mydomain.com

which cname record?

do not point autodiscover to mail.domain.com?

autodiscover should directly point to exchange CAS servers

mail.domain.com also should point to exchange cas servers

This is true for internal and external both records, make those changes, flush dns and try rerun rca tests for outlook autodiscover and outlook connectivity
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.
rwheeler23
Leigh2004

ASKER
This is where things get really vague for me, I have a dns record called forward as below
Name	Type	Data	Timestamp
(same as parent folder)	Start of Authority (SOA)	[3], serverdc.mydomain.com., hostmaster.mydomain.com.	static
(same as parent folder)	Name Server (NS)	serverdc.mydomain.com.	static
serverDC	Host (A)	192.168.0.201	static

Open in new window

Next one called mail.mydomain.com
Name	Type	Data	Timestamp
(same as parent folder)	Start of Authority (SOA)	[11], serverdc.mydomain.com., hostmaster.mydomain.com.	static
(same as parent folder)	Name Server (NS)	mail.mydomain.com.	static
(same as parent folder)	Name Server (NS)	serverdc.mydomain.com.	static
(same as parent folder)	Host (A)	192.168.0.202	static

Open in new window

And the last called mydomain.com
Name	Type	Data	Timestamp
(same as parent folder)	Start of Authority (SOA)	[1122], serverdc.mydomian.com., hostmaster.mydomian.com.	static
(same as parent folder)	Name Server (NS)	serverdc.mydomian.com.	static
(same as parent folder)	Host (A)	192.168.0.201	?04/?11/?2018 10:00:00
_msdcs			
_sites			
_tcp			
_udp			
autodiscover	Alias (CNAME)	serverEX.mydomian.com	
DomainDnsZones			
ForestDnsZones			
mail	Host (A)	192.168.0.202	static
serverdc	Host (A)	192.168.0.201	static
serverEX	Host (A)	192.168.0.202	?04/?11/?2018 12:00:00

Open in new window

Mahesh

do you have ad domain with same name as mail domain?

I see autodiscover with cname pointing serverex.mydomain.com

where is mail.domain.com?

You have some problem with DNS, unable to understand how your dns is configured?

what is mail.mydomain.com?
Leigh2004

ASKER
Yes I changed autodiscover with cname from mail.mydomain.com to serverex.mydomain.com

You mean the 2nd record mail.mydomain.com?

What is ad domain?

Starting to think I should start again with the dns setup, evrything else works as it should.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Mahesh

ad stands for active directory domain name...

you don't need any cname

your smtp domain and active directory domain name is same or different?
Leigh2004

ASKER
One domain name, 2 hyper-v 2012 r2 servers,
192.168.0.201 called serverdc as domain controller, active directory, dns, dhcp, and one called serverex 192.168.0.202 running exchange 2016 only.
Mahesh

your smtp domain and active directory domain name is same or different?
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck
Leigh2004

ASKER
Both the same.
Mahesh

now correct you dns setup

mail.domain.com should point to exchange server cas ip internally and externally

autodiscover.domain.com also point to exchange cas server ip interbally and externally

remove any cname records created for this purpose

I also saw mail.mydomain.com, just remove that pointing to NS record in dns..thats creating problem,
Leigh2004

ASKER
mail.domain.com should point to exchange server cas ip internally and externally - Done

autodiscover.domain.com also point to exchange cas server ip interbally and externally - Done

remove any cname records created for this purpose - Done

I also saw mail.mydomain.com, just remove that pointing to NS record in dns..thats creating problem,  - you mean the whole zone mail.mydomain.com or the record on line 3 above in that zone?
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Mahesh

under mail.mydomain.com (assuming it is same for active directory and email as well) you only should have autodiscover.mydomain.com and mail.mydomain.com in that as host (A) records and if you have any other web servers pointing to there respective host records

apart from there should not any ns , srv records etc except soa record
Leigh2004

ASKER
Just to clarify, remove autodiscover.mydomain.com & mail.mydomain.com from the 3rd zone mydomain.com, and place in the 2nd zone mail.mydomain.com?
Also when I try to delete the NS records in the 2nd zone mail.mydomain.com it won't let me, shall I remove the whole zone and recreate?
Mahesh

what is you domain controller hostnames?

can you paste output of below command:

nltest /dclist:mydomain.com
Your help has saved me hundreds of hours of internet surfing.
fblack61
Leigh2004

ASKER
C:\Users\username>nltest /dclist:mydomain.com
Get list of DCs in domain 'mydomain.com' from '\\serverdc.mydomain.com'.
    serverdc.mydomain.com [PDC]  [DS] Site: Default-First-Site-Name
The command completed successfully

Open in new window


DC host name is serverdc.mydomain.com
Exchnage server name is serverex.mydomain.com
ASKER CERTIFIED SOLUTION
Mahesh

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
Leigh2004

ASKER
Only 2 servers as above, probably should come clean here, I copied the records from the old SBS2008 server when I built this one from scratch (no migration of any kind)  I'll delete zone mail.mydomain.com and report back later.
Leigh2004

ASKER
mail,mydomain.com zone deleted, 2 A records for mail & autodiscover created pointing to exchange servers IP, ran the Microsoft RCA and results exactly the same, and still getting 404 not found for https://autodiscover.mydomain.com/Autodiscover/Autodiscover.xml

I have flushed DNS and removed browser cache.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Mahesh

Please log call with Microsoft, unless view environment on remote session cannot isolate issue
Leigh2004

ASKER
If i go to https://mail.mydomain.com/Autodiscover/Autodiscover.xml

I get the 600 error page, just not with https://autodiscover.mydomain.com/Autodiscover/Autodiscover.xml
Leigh2004

ASKER
could it be anything to do with iis? in bindings for default web site I see a record,

https   mail.mydomain.com   443   *

Open in new window


Should there be one for autodiscover?
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck
Leigh2004

ASKER
Working now, added the binding and all good, thank you Mahesh I could not have done with out your help, and my DNS is nice and tidy now.
Leigh2004

ASKER
Thank you very much for your time it's very much appreciated.
Mahesh

Its glad to here that you resolved issue

It's you.. U have resolved it

Congratulations!!!
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.