We help IT Professionals succeed at work.

Hybrid AutoDiscover issue

Kundan Gupta
Kundan Gupta asked
on
289 Views
Last Modified: 2019-07-10
Any one has suggestion on below. how to fix. this is office365 hybrid server

The Microsoft Connectivity Analyzer is attempting to test Autodiscover for email@domain.com.
       Testing Autodiscover failed.
       
      Additional Details
       
Elapsed Time: 47185 ms.
       
      Test Steps
       
      Attempting each method of contacting the Autodiscover service.
       The Autodiscover service couldn't be contacted successfully by any method.
       
      Additional Details
       
Elapsed Time: 47185 ms.
       
      Test Steps
       
      Attempting to test potential Autodiscover URL https://domain.com:443/Autodiscover/Autodiscover.xml
       Testing of this potential Autodiscover URL failed.
       
      Additional Details
       
Elapsed Time: 971 ms.
       
      Test Steps
       
      Attempting to resolve the host name domain.com in DNS.
       The host name resolved successfully.
       
      Additional Details
       
IP addresses returned: 54.252.148.134
Elapsed Time: 133 ms.
      Testing TCP port 443 on host domain.com to ensure it's listening and open.
       The port was opened successfully.
       
      Additional Details
       
Elapsed Time: 210 ms.
      Testing the SSL certificate to make sure it's valid.
       The SSL certificate failed one or more certificate validation checks.
       
      Additional Details
       
Elapsed Time: 627 ms.
       
      Test Steps
       
      The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server domain.com on port 443.
       The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
       
      Additional Details
       
Elapsed Time: 595 ms.
      Validating the certificate name.
       Certificate name validation failed.
        Tell me more about this issue and how to resolve it
       
      Additional Details
       
Host name domain.com doesn't match any name found on the server certificate CN=businesscatalyst.com, OU=Hosting Services, O=Adobe Systems Incorporated, L=San Jose, S=California, C=US.
Elapsed Time: 1 ms.
      Attempting to test potential Autodiscover URL https://autodiscover.domain.com:443/Autodiscover/Autodiscover.xml
       Testing of this potential Autodiscover URL failed.
       
      Additional Details
       
Elapsed Time: 4095 ms.
       
      Test Steps
       
      Attempting to resolve the host name autodiscover.domain.com in DNS.
       The host name resolved successfully.
       
      Additional Details
       
IP addresses returned: 13.XXX.XXX.XXX, 13.XXX.XX.XX
Elapsed Time: 83 ms.
      Testing TCP port 443 on host autodiscover.domain.com to ensure it's listening and open.
       The port was opened successfully.
       
      Additional Details
       
Elapsed Time: 213 ms.
      Testing the SSL certificate to make sure it's valid.
       The certificate passed all validation requirements.
       
      Additional Details
       
Elapsed Time: 629 ms.
       
      Test Steps
       
      The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server autodiscover.domain.com on port 443.
       The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
       
      Additional Details
       
Remote Certificate Subject: CN=webmailnz.domain.com, OU=IT, O=company PTY LTD, Issuer: CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US.
Elapsed Time: 606 ms.
      Validating the certificate name.
       The certificate name was validated successfully.
       
      Additional Details
       
Host name autodiscover.domain.com was found in the Certificate Subject Alternative Name entry.
Elapsed Time: 0 ms.
      Testing the certificate date to confirm the certificate is valid.
       Date validation passed. The certificate hasn't expired.
       
      Additional Details
       
The certificate is valid. NotBefore = 1/14/2019 12:00:00 AM, NotAfter = 1/15/2020 12:00:00 PM
Elapsed Time: 0 ms.
      Checking the IIS configuration for client certificate authentication.
       Client certificate authentication wasn't detected.
       
      Additional Details
       
Accept/Require Client Certificates isn't configured.
Elapsed Time: 807 ms.
      Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
       Autodiscover settings weren't obtained when the Autodiscover POST request was sent.
       
      Additional Details
       
Elapsed Time: 2360 ms.
       
      Test Steps
       
      The Microsoft Connectivity Analyzer is attempting to retrieve an XML Autodiscover response from URL https://autodiscover.domain.com:443/Autodiscover/Autodiscover.xml for user kundan.gupta@domain.com.
       The Microsoft Connectivity Analyzer failed to obtain an Autodiscover XML response.
       
      Additional Details
       
A Web exception occurred because an HTTP 503 - ServiceUnavailable response was received from Unknown.
HTTP Response Headers:
request-id: b0014cad-6e57-40aa-b0d3-59dd24cd5bb6
X-CalculatedBETarget: servername.production.domain.com
Persistent-Auth: true
X-FEServer: servername2
Content-Length: 0
Cache-Control: private
Date: Wed, 13 Mar 2019 12:36:28 GMT
Set-Cookie: ClientId=OYIVUMFJKCAHBJRG; expires=Thu, 12-Mar-2020 12:36:28 GMT; path=/; HttpOnly
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Elapsed Time: 2360 ms.
      Attempting to contact the Autodiscover service using the HTTP redirect method.
       The attempt to contact Autodiscover using the HTTP Redirect method failed.
       
      Additional Details
       
Elapsed Time: 42095 ms.
       
      Test Steps
       
      Attempting to resolve the host name autodiscover.domain.com in DNS.
       The host name resolved successfully.
       
      Additional Details
       
IP addresses returned: 13.XX.XX.XX, 13.237.XX.XX
Elapsed Time: 17 ms.
      Testing TCP port 80 on host autodiscover.domain.com to ensure it's listening and open.
       The specified port is either blocked, not listening, or not producing the expected response.
        Tell me more about this issue and how to resolve it
       
      Additional Details
       
A network error occurred while communicating with the remote host.
Elapsed Time: 42077 ms.
      Attempting to contact the Autodiscover service using the DNS SRV redirect method.
       The Microsoft Connectivity Analyzer failed to contact the Autodiscover service using the DNS SRV redirect method.
       
      Additional Details
       
Elapsed Time: 21 ms.
       
      Test Steps
       
      Attempting to locate SRV record _autodiscover._tcp.domain.com in DNS.
       The Autodiscover SRV record wasn't found in DNS.
        Tell me more about this issue and how to resolve it
       
      Additional Details
       
Elapsed Time: 20 ms.
Comment
Watch Question

MaheshArchitect
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
There is issue with SSL certificate hostnames as autodiscover.domain.com and mail.domain.com did not found in certificate used for exchange or either certificate is expired or its not from well know public CA

Can you check exchange server for public certificate and let me know what are SAN entries, who is publisher of certificate, if its not expired etc?
Bruno PACIIT Consultant
CERTIFIED EXPERT

Commented:
Hi,

What we can see with this log is that the DNS name "autodiscover.domain.com" is successfully resolved, that the HTTPS TCP 443 port is listening on autodiscover.domain.com, and that the certificate is matching with the name requested... and then the analyzer fails to get the autodiscover.xml file !

It looks like you have issue on the equipment that is supposed to publish the internal autodiscover virtual directory. It may be a reverse proxy, or a firewall... anyway, you're not able to reach the internal autodiscover file from Internet. You must take a look on how you publish autodiscover.


By the way, in Hybrid mode, you should publish your Exchange On-Premise autodiscover virtual directory. Your internal Exchange autodiscover file will redirect the client to the Office 365 URLs in case the user mailbox is migrated on o365.
O365 autodiscover file is not able to redirect client to your internal Exchange server, so while you still have mailboxes in your on-premise server you MUST publish your internal Autodiscover.

Have a good day
Ahmed AbdelbasetInfrastructure Architect

Commented:
To have green output result, Make sure DNS names below included in Exchanhe certificate.

autodiscover.domain.com
domain.com
Kundan GuptaTechnology Consultant
CERTIFIED EXPERT

Author

Commented:
I have certificate installed on EXCH server with SAN names as below

autodiscover.domain.com
domain.com

in DNS domain autodiscover.domain.com points to a load balancer.
MaheshArchitect
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
Normally mail.domain.com also should be added to certificate and it should point to the exchange server
Anyways, did you configured ssl decryption on load balancer?
U can pass through traffic from load balancer and let exchange handle decryption and check what happens
Ahmed AbdelbasetInfrastructure Architect

Commented:
Make sure alsi that EWS and external URL is published and configured.
CEO Faru Bonon IT&Agency /Top-Rated Freelancer (Upwork)/Photographer
CERTIFIED EXPERT
Awarded 2018
Distinguished Expert 2018
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.