Hybrid AutoDiscover issue
Any one has suggestion on below. how to fix. this is office365 hybrid server
The Microsoft Connectivity Analyzer is attempting to test Autodiscover for email@domain.com.
Testing Autodiscover failed.
Additional Details
Elapsed Time: 47185 ms.
Test Steps
Attempting each method of contacting the Autodiscover service.
The Autodiscover service couldn't be contacted successfully by any method.
Additional Details
Elapsed Time: 47185 ms.
Test Steps
Attempting to test potential Autodiscover URL https://domain.com:443/Autodiscover/Autodiscover.xml
Testing of this potential Autodiscover URL failed.
Additional Details
Elapsed Time: 971 ms.
Test Steps
Attempting to resolve the host name domain.com in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 54.252.148.134
Elapsed Time: 133 ms.
Testing TCP port 443 on host domain.com to ensure it's listening and open.
The port was opened successfully.
Additional Details
Elapsed Time: 210 ms.
Testing the SSL certificate to make sure it's valid.
The SSL certificate failed one or more certificate validation checks.
Additional Details
Elapsed Time: 627 ms.
Test Steps
The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server domain.com on port 443.
The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
Additional Details
Elapsed Time: 595 ms.
Validating the certificate name.
Certificate name validation failed.
Tell me more about this issue and how to resolve it
Additional Details
Host name domain.com doesn't match any name found on the server certificate CN=businesscatalyst.com, OU=Hosting Services, O=Adobe Systems Incorporated, L=San Jose, S=California, C=US.
Elapsed Time: 1 ms.
Attempting to test potential Autodiscover URL https://autodiscover.domain.com:443/Autodiscover/Autodiscover.xml
Testing of this potential Autodiscover URL failed.
Additional Details
Elapsed Time: 4095 ms.
Test Steps
Attempting to resolve the host name autodiscover.domain.com in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 13.XXX.XXX.XXX, 13.XXX.XX.XX
Elapsed Time: 83 ms.
Testing TCP port 443 on host autodiscover.domain.com to ensure it's listening and open.
The port was opened successfully.
Additional Details
Elapsed Time: 213 ms.
Testing the SSL certificate to make sure it's valid.
The certificate passed all validation requirements.
Additional Details
Elapsed Time: 629 ms.
Test Steps
The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server autodiscover.domain.com on port 443.
The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
Additional Details
Remote Certificate Subject: CN=webmailnz.domain.com, OU=IT, O=company PTY LTD, Issuer: CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US.
Elapsed Time: 606 ms.
Validating the certificate name.
The certificate name was validated successfully.
Additional Details
Host name autodiscover.domain.com was found in the Certificate Subject Alternative Name entry.
Elapsed Time: 0 ms.
Testing the certificate date to confirm the certificate is valid.
Date validation passed. The certificate hasn't expired.
Additional Details
The certificate is valid. NotBefore = 1/14/2019 12:00:00 AM, NotAfter = 1/15/2020 12:00:00 PM
Elapsed Time: 0 ms.
Checking the IIS configuration for client certificate authentication.
Client certificate authentication wasn't detected.
Additional Details
Accept/Require Client Certificates isn't configured.
Elapsed Time: 807 ms.
Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
Autodiscover settings weren't obtained when the Autodiscover POST request was sent.
Additional Details
Elapsed Time: 2360 ms.
Test Steps
The Microsoft Connectivity Analyzer is attempting to retrieve an XML Autodiscover response from URL https://autodiscover.domain.com:443/Autodiscover/Autodiscover.xml for user kundan.gupta@domain.com.
The Microsoft Connectivity Analyzer failed to obtain an Autodiscover XML response.
Additional Details
A Web exception occurred because an HTTP 503 - ServiceUnavailable response was received from Unknown.
HTTP Response Headers:
request-id: b0014cad-6e57-40aa-b0d3-59
X-CalculatedBETarget: servername.production.doma
Persistent-Auth: true
X-FEServer: servername2
Content-Length: 0
Cache-Control: private
Date: Wed, 13 Mar 2019 12:36:28 GMT
Set-Cookie: ClientId=OYIVUMFJKCAHBJRG;
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Elapsed Time: 2360 ms.
Attempting to contact the Autodiscover service using the HTTP redirect method.
The attempt to contact Autodiscover using the HTTP Redirect method failed.
Additional Details
Elapsed Time: 42095 ms.
Test Steps
Attempting to resolve the host name autodiscover.domain.com in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 13.XX.XX.XX, 13.237.XX.XX
Elapsed Time: 17 ms.
Testing TCP port 80 on host autodiscover.domain.com to ensure it's listening and open.
The specified port is either blocked, not listening, or not producing the expected response.
Tell me more about this issue and how to resolve it
Additional Details
A network error occurred while communicating with the remote host.
Elapsed Time: 42077 ms.
Attempting to contact the Autodiscover service using the DNS SRV redirect method.
The Microsoft Connectivity Analyzer failed to contact the Autodiscover service using the DNS SRV redirect method.
Additional Details
Elapsed Time: 21 ms.
Test Steps
Attempting to locate SRV record _autodiscover._tcp.domain.
The Autodiscover SRV record wasn't found in DNS.
Tell me more about this issue and how to resolve it
Additional Details
Elapsed Time: 20 ms.
The Microsoft Connectivity Analyzer is attempting to test Autodiscover for email@domain.com.
Testing Autodiscover failed.
Additional Details
Elapsed Time: 47185 ms.
Test Steps
Attempting each method of contacting the Autodiscover service.
The Autodiscover service couldn't be contacted successfully by any method.
Additional Details
Elapsed Time: 47185 ms.
Test Steps
Attempting to test potential Autodiscover URL https://domain.com:443/Autodiscover/Autodiscover.xml
Testing of this potential Autodiscover URL failed.
Additional Details
Elapsed Time: 971 ms.
Test Steps
Attempting to resolve the host name domain.com in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 54.252.148.134
Elapsed Time: 133 ms.
Testing TCP port 443 on host domain.com to ensure it's listening and open.
The port was opened successfully.
Additional Details
Elapsed Time: 210 ms.
Testing the SSL certificate to make sure it's valid.
The SSL certificate failed one or more certificate validation checks.
Additional Details
Elapsed Time: 627 ms.
Test Steps
The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server domain.com on port 443.
The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
Additional Details
Elapsed Time: 595 ms.
Validating the certificate name.
Certificate name validation failed.
Tell me more about this issue and how to resolve it
Additional Details
Host name domain.com doesn't match any name found on the server certificate CN=businesscatalyst.com, OU=Hosting Services, O=Adobe Systems Incorporated, L=San Jose, S=California, C=US.
Elapsed Time: 1 ms.
Attempting to test potential Autodiscover URL https://autodiscover.domain.com:443/Autodiscover/Autodiscover.xml
Testing of this potential Autodiscover URL failed.
Additional Details
Elapsed Time: 4095 ms.
Test Steps
Attempting to resolve the host name autodiscover.domain.com in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 13.XXX.XXX.XXX, 13.XXX.XX.XX
Elapsed Time: 83 ms.
Testing TCP port 443 on host autodiscover.domain.com to ensure it's listening and open.
The port was opened successfully.
Additional Details
Elapsed Time: 213 ms.
Testing the SSL certificate to make sure it's valid.
The certificate passed all validation requirements.
Additional Details
Elapsed Time: 629 ms.
Test Steps
The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server autodiscover.domain.com on port 443.
The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
Additional Details
Remote Certificate Subject: CN=webmailnz.domain.com, OU=IT, O=company PTY LTD, Issuer: CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US.
Elapsed Time: 606 ms.
Validating the certificate name.
The certificate name was validated successfully.
Additional Details
Host name autodiscover.domain.com was found in the Certificate Subject Alternative Name entry.
Elapsed Time: 0 ms.
Testing the certificate date to confirm the certificate is valid.
Date validation passed. The certificate hasn't expired.
Additional Details
The certificate is valid. NotBefore = 1/14/2019 12:00:00 AM, NotAfter = 1/15/2020 12:00:00 PM
Elapsed Time: 0 ms.
Checking the IIS configuration for client certificate authentication.
Client certificate authentication wasn't detected.
Additional Details
Accept/Require Client Certificates isn't configured.
Elapsed Time: 807 ms.
Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
Autodiscover settings weren't obtained when the Autodiscover POST request was sent.
Additional Details
Elapsed Time: 2360 ms.
Test Steps
The Microsoft Connectivity Analyzer is attempting to retrieve an XML Autodiscover response from URL https://autodiscover.domain.com:443/Autodiscover/Autodiscover.xml for user kundan.gupta@domain.com.
The Microsoft Connectivity Analyzer failed to obtain an Autodiscover XML response.
Additional Details
A Web exception occurred because an HTTP 503 - ServiceUnavailable response was received from Unknown.
HTTP Response Headers:
request-id: b0014cad-6e57-40aa-b0d3-59
X-CalculatedBETarget: servername.production.doma
Persistent-Auth: true
X-FEServer: servername2
Content-Length: 0
Cache-Control: private
Date: Wed, 13 Mar 2019 12:36:28 GMT
Set-Cookie: ClientId=OYIVUMFJKCAHBJRG;
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Elapsed Time: 2360 ms.
Attempting to contact the Autodiscover service using the HTTP redirect method.
The attempt to contact Autodiscover using the HTTP Redirect method failed.
Additional Details
Elapsed Time: 42095 ms.
Test Steps
Attempting to resolve the host name autodiscover.domain.com in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 13.XX.XX.XX, 13.237.XX.XX
Elapsed Time: 17 ms.
Testing TCP port 80 on host autodiscover.domain.com to ensure it's listening and open.
The specified port is either blocked, not listening, or not producing the expected response.
Tell me more about this issue and how to resolve it
Additional Details
A network error occurred while communicating with the remote host.
Elapsed Time: 42077 ms.
Attempting to contact the Autodiscover service using the DNS SRV redirect method.
The Microsoft Connectivity Analyzer failed to contact the Autodiscover service using the DNS SRV redirect method.
Additional Details
Elapsed Time: 21 ms.
Test Steps
Attempting to locate SRV record _autodiscover._tcp.domain.
The Autodiscover SRV record wasn't found in DNS.
Tell me more about this issue and how to resolve it
Additional Details
Elapsed Time: 20 ms.
Hi,
What we can see with this log is that the DNS name "autodiscover.domain.com" is successfully resolved, that the HTTPS TCP 443 port is listening on autodiscover.domain.com, and that the certificate is matching with the name requested... and then the analyzer fails to get the autodiscover.xml file !
It looks like you have issue on the equipment that is supposed to publish the internal autodiscover virtual directory. It may be a reverse proxy, or a firewall... anyway, you're not able to reach the internal autodiscover file from Internet. You must take a look on how you publish autodiscover.
By the way, in Hybrid mode, you should publish your Exchange On-Premise autodiscover virtual directory. Your internal Exchange autodiscover file will redirect the client to the Office 365 URLs in case the user mailbox is migrated on o365.
O365 autodiscover file is not able to redirect client to your internal Exchange server, so while you still have mailboxes in your on-premise server you MUST publish your internal Autodiscover.
Have a good day
What we can see with this log is that the DNS name "autodiscover.domain.com" is successfully resolved, that the HTTPS TCP 443 port is listening on autodiscover.domain.com, and that the certificate is matching with the name requested... and then the analyzer fails to get the autodiscover.xml file !
It looks like you have issue on the equipment that is supposed to publish the internal autodiscover virtual directory. It may be a reverse proxy, or a firewall... anyway, you're not able to reach the internal autodiscover file from Internet. You must take a look on how you publish autodiscover.
By the way, in Hybrid mode, you should publish your Exchange On-Premise autodiscover virtual directory. Your internal Exchange autodiscover file will redirect the client to the Office 365 URLs in case the user mailbox is migrated on o365.
O365 autodiscover file is not able to redirect client to your internal Exchange server, so while you still have mailboxes in your on-premise server you MUST publish your internal Autodiscover.
Have a good day
To have green output result, Make sure DNS names below included in Exchanhe certificate.
autodiscover.domain.com
domain.com
autodiscover.domain.com
domain.com
ASKER
I have certificate installed on EXCH server with SAN names as below
autodiscover.domain.com
domain.com
in DNS domain autodiscover.domain.com points to a load balancer.
autodiscover.domain.com
domain.com
in DNS domain autodiscover.domain.com points to a load balancer.
Normally mail.domain.com also should be added to certificate and it should point to the exchange server
Anyways, did you configured ssl decryption on load balancer?
U can pass through traffic from load balancer and let exchange handle decryption and check what happens
Anyways, did you configured ssl decryption on load balancer?
U can pass through traffic from load balancer and let exchange handle decryption and check what happens
Make sure alsi that EWS and external URL is published and configured.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Can you check exchange server for public certificate and let me know what are SAN entries, who is publisher of certificate, if its not expired etc?