Avatar of Kundan Gupta
Kundan Gupta
Flag for India asked on

Hybrid AutoDiscover issue

Any one has suggestion on below. how to fix. this is office365 hybrid server

The Microsoft Connectivity Analyzer is attempting to test Autodiscover for email@domain.com.
       Testing Autodiscover failed.
       
      Additional Details
       
Elapsed Time: 47185 ms.
       
      Test Steps
       
      Attempting each method of contacting the Autodiscover service.
       The Autodiscover service couldn't be contacted successfully by any method.
       
      Additional Details
       
Elapsed Time: 47185 ms.
       
      Test Steps
       
      Attempting to test potential Autodiscover URL https://domain.com:443/Autodiscover/Autodiscover.xml
       Testing of this potential Autodiscover URL failed.
       
      Additional Details
       
Elapsed Time: 971 ms.
       
      Test Steps
       
      Attempting to resolve the host name domain.com in DNS.
       The host name resolved successfully.
       
      Additional Details
       
IP addresses returned: 54.252.148.134
Elapsed Time: 133 ms.
      Testing TCP port 443 on host domain.com to ensure it's listening and open.
       The port was opened successfully.
       
      Additional Details
       
Elapsed Time: 210 ms.
      Testing the SSL certificate to make sure it's valid.
       The SSL certificate failed one or more certificate validation checks.
       
      Additional Details
       
Elapsed Time: 627 ms.
       
      Test Steps
       
      The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server domain.com on port 443.
       The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
       
      Additional Details
       
Elapsed Time: 595 ms.
      Validating the certificate name.
       Certificate name validation failed.
        Tell me more about this issue and how to resolve it
       
      Additional Details
       
Host name domain.com doesn't match any name found on the server certificate CN=businesscatalyst.com, OU=Hosting Services, O=Adobe Systems Incorporated, L=San Jose, S=California, C=US.
Elapsed Time: 1 ms.
      Attempting to test potential Autodiscover URL https://autodiscover.domain.com:443/Autodiscover/Autodiscover.xml
       Testing of this potential Autodiscover URL failed.
       
      Additional Details
       
Elapsed Time: 4095 ms.
       
      Test Steps
       
      Attempting to resolve the host name autodiscover.domain.com in DNS.
       The host name resolved successfully.
       
      Additional Details
       
IP addresses returned: 13.XXX.XXX.XXX, 13.XXX.XX.XX
Elapsed Time: 83 ms.
      Testing TCP port 443 on host autodiscover.domain.com to ensure it's listening and open.
       The port was opened successfully.
       
      Additional Details
       
Elapsed Time: 213 ms.
      Testing the SSL certificate to make sure it's valid.
       The certificate passed all validation requirements.
       
      Additional Details
       
Elapsed Time: 629 ms.
       
      Test Steps
       
      The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server autodiscover.domain.com on port 443.
       The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
       
      Additional Details
       
Remote Certificate Subject: CN=webmailnz.domain.com, OU=IT, O=company PTY LTD, Issuer: CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US.
Elapsed Time: 606 ms.
      Validating the certificate name.
       The certificate name was validated successfully.
       
      Additional Details
       
Host name autodiscover.domain.com was found in the Certificate Subject Alternative Name entry.
Elapsed Time: 0 ms.
      Testing the certificate date to confirm the certificate is valid.
       Date validation passed. The certificate hasn't expired.
       
      Additional Details
       
The certificate is valid. NotBefore = 1/14/2019 12:00:00 AM, NotAfter = 1/15/2020 12:00:00 PM
Elapsed Time: 0 ms.
      Checking the IIS configuration for client certificate authentication.
       Client certificate authentication wasn't detected.
       
      Additional Details
       
Accept/Require Client Certificates isn't configured.
Elapsed Time: 807 ms.
      Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
       Autodiscover settings weren't obtained when the Autodiscover POST request was sent.
       
      Additional Details
       
Elapsed Time: 2360 ms.
       
      Test Steps
       
      The Microsoft Connectivity Analyzer is attempting to retrieve an XML Autodiscover response from URL https://autodiscover.domain.com:443/Autodiscover/Autodiscover.xml for user kundan.gupta@domain.com.
       The Microsoft Connectivity Analyzer failed to obtain an Autodiscover XML response.
       
      Additional Details
       
A Web exception occurred because an HTTP 503 - ServiceUnavailable response was received from Unknown.
HTTP Response Headers:
request-id: b0014cad-6e57-40aa-b0d3-59dd24cd5bb6
X-CalculatedBETarget: servername.production.domain.com
Persistent-Auth: true
X-FEServer: servername2
Content-Length: 0
Cache-Control: private
Date: Wed, 13 Mar 2019 12:36:28 GMT
Set-Cookie: ClientId=OYIVUMFJKCAHBJRG; expires=Thu, 12-Mar-2020 12:36:28 GMT; path=/; HttpOnly
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Elapsed Time: 2360 ms.
      Attempting to contact the Autodiscover service using the HTTP redirect method.
       The attempt to contact Autodiscover using the HTTP Redirect method failed.
       
      Additional Details
       
Elapsed Time: 42095 ms.
       
      Test Steps
       
      Attempting to resolve the host name autodiscover.domain.com in DNS.
       The host name resolved successfully.
       
      Additional Details
       
IP addresses returned: 13.XX.XX.XX, 13.237.XX.XX
Elapsed Time: 17 ms.
      Testing TCP port 80 on host autodiscover.domain.com to ensure it's listening and open.
       The specified port is either blocked, not listening, or not producing the expected response.
        Tell me more about this issue and how to resolve it
       
      Additional Details
       
A network error occurred while communicating with the remote host.
Elapsed Time: 42077 ms.
      Attempting to contact the Autodiscover service using the DNS SRV redirect method.
       The Microsoft Connectivity Analyzer failed to contact the Autodiscover service using the DNS SRV redirect method.
       
      Additional Details
       
Elapsed Time: 21 ms.
       
      Test Steps
       
      Attempting to locate SRV record _autodiscover._tcp.domain.com in DNS.
       The Autodiscover SRV record wasn't found in DNS.
        Tell me more about this issue and how to resolve it
       
      Additional Details
       
Elapsed Time: 20 ms.
ASP.NETExchangeXML* iis6DNS

Avatar of undefined
Last Comment
Jose Gabriel Ortega Castro

8/22/2022 - Mon
Mahesh

There is issue with SSL certificate hostnames as autodiscover.domain.com and mail.domain.com did not found in certificate used for exchange or either certificate is expired or its not from well know public CA

Can you check exchange server for public certificate and let me know what are SAN entries, who is publisher of certificate, if its not expired etc?
Bruno PACI

Hi,

What we can see with this log is that the DNS name "autodiscover.domain.com" is successfully resolved, that the HTTPS TCP 443 port is listening on autodiscover.domain.com, and that the certificate is matching with the name requested... and then the analyzer fails to get the autodiscover.xml file !

It looks like you have issue on the equipment that is supposed to publish the internal autodiscover virtual directory. It may be a reverse proxy, or a firewall... anyway, you're not able to reach the internal autodiscover file from Internet. You must take a look on how you publish autodiscover.


By the way, in Hybrid mode, you should publish your Exchange On-Premise autodiscover virtual directory. Your internal Exchange autodiscover file will redirect the client to the Office 365 URLs in case the user mailbox is migrated on o365.
O365 autodiscover file is not able to redirect client to your internal Exchange server, so while you still have mailboxes in your on-premise server you MUST publish your internal Autodiscover.

Have a good day
Ahmed Abdelbaset

To have green output result, Make sure DNS names below included in Exchanhe certificate.

autodiscover.domain.com
domain.com
Your help has saved me hundreds of hours of internet surfing.
fblack61
Kundan Gupta

ASKER
I have certificate installed on EXCH server with SAN names as below

autodiscover.domain.com
domain.com

in DNS domain autodiscover.domain.com points to a load balancer.
Mahesh

Normally mail.domain.com also should be added to certificate and it should point to the exchange server
Anyways, did you configured ssl decryption on load balancer?
U can pass through traffic from load balancer and let exchange handle decryption and check what happens
Ahmed Abdelbaset

Make sure alsi that EWS and external URL is published and configured.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
ASKER CERTIFIED SOLUTION
Jose Gabriel Ortega Castro

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question