hutch_ks_itguy
asked on
Autodiscover not working, middle of Exchange 2010 to 2016 migration. Need help with DNS / URL's and SCP
Hello all, I have been migrating to Exchange 2016 from 2010, but most of my mailboxes are still on 2010. I've got OWA, and ECP working well on 2016 and ready to start migrating mailboxes over the next week or so. However, my autodiscover isn't working.
When I run the autoconfig test from my Outlook 2016, it states that Autoconfiguration was unable to determine your settings!
I've followed this guide from Adam, https://community.spiceworks.com/topic/1956009-changing-autodiscover-scp-and-client-access-urls and as far as I can tell I've got split-DNS configured correctly, although it's murky since both servers share the same external URL's.
Would be glad to submit configs, if someone can help me figure out where I've gone wrong. Thanks in advance all!
When I run the autoconfig test from my Outlook 2016, it states that Autoconfiguration was unable to determine your settings!
I've followed this guide from Adam, https://community.spiceworks.com/topic/1956009-changing-autodiscover-scp-and-client-access-urls and as far as I can tell I've got split-DNS configured correctly, although it's murky since both servers share the same external URL's.
Would be glad to submit configs, if someone can help me figure out where I've gone wrong. Thanks in advance all!
Adam Brown
Error 500 is a server connection failure error, not something that would suggest autodiscover is misconfigured. Navigate to https://autodiscover.domain.com/autodiscover/autodiscover.xml and log in. It should give you a 600 error message in XML if it works. If it doesn't, look through the server logs to determine what is causing the problem from there.
"and as far as I can tell I've got split-DNS configured correctly, although it's murky since both servers share the same external URL's."
External url for virtual directories should point only to exchange 2016 server
External urls to exchange 2010 should be kept blank
Autodiscover and mail records should point to exchange 2016 only
Refer below
Semb.ee/hostnames
External url for virtual directories should point only to exchange 2016 server
External urls to exchange 2010 should be kept blank
Autodiscover and mail records should point to exchange 2016 only
Refer below
Semb.ee/hostnames
ASKER
I wonder if it's authentication on the virtual directories? I've followed the guide as best I could, but maybe I missed something? How do I remove Autodiscover for my EX2010 box? and do you mean MX?
ASKER
Adam, I did try browsing to that URL https://autodiscover.mydomain.org/autodiscover/autodiscover.xml and it did prompt me for a username/password, however after I put in my domain credentials it immediately went to an HTTP ERROR 500 and says the page isn't working.
There is Set-ClientAccessserver cmdlet which can change autodiscover entry
I don't know if you checked link posted in my last comment
Ideally you should use exchange deployment assistant which can giide you with all steps in detailed
Hence i have provided with link
I don't know if you checked link posted in my last comment
Ideally you should use exchange deployment assistant which can giide you with all steps in detailed
Hence i have provided with link
autodiscover CNAME should point to exchange fqdn ( OWA/WebDAV IP), not an alias .
I see even an 404 error. Auth problems ?!
I see even an 404 error. Auth problems ?!
Additional steps :
1) Verify web.config
2) Verify configuration of the SSL on the Autodiscover Virtual directory ( Client Certificate = Ignore )
3) Enable Anonymous Authentication for the IIS - Autodiscover Virtual Directory and restart IIS
1) Verify web.config
2) Verify configuration of the SSL on the Autodiscover Virtual directory ( Client Certificate = Ignore )
3) Enable Anonymous Authentication for the IIS - Autodiscover Virtual Directory and restart IIS
ASKER
Hi Gerald, you said the autodiscover CNAME should point to Exchange FQDN, but also say the OWA IP? I can sure set it to either, just want to make sure I'm doing it right.
The guide I posted didn't have me set up a CNAME at all, so I'm further confused that it should be there?
Thanks!
The guide I posted didn't have me set up a CNAME at all, so I'm further confused that it should be there?
Thanks!
ASKER
Hi Mahesh,
I did follow your guide, and I believe I removed Autodiscover (set it to $null) on the old server, and then configured it on the new server with the Set-ClientAccessServer command. But it is still an HTTP ERROR 500.
Additionally, I can't even browse https://localhost/autodiscover/autodiscover.xml or https://autodiscover.domain.org/autodiscover/autodiscover.sml on the EX2016 server itself. I get the same errors. In fact I'm wondering if there is a proper way to delete and recreate the Autodiscover virtual directory?
And then make sure I have all the proper permissions and auth methods set?
I did follow your guide, and I believe I removed Autodiscover (set it to $null) on the old server, and then configured it on the new server with the Set-ClientAccessServer command. But it is still an HTTP ERROR 500.
Additionally, I can't even browse https://localhost/autodiscover/autodiscover.xml or https://autodiscover.domain.org/autodiscover/autodiscover.sml on the EX2016 server itself. I get the same errors. In fact I'm wondering if there is a proper way to delete and recreate the Autodiscover virtual directory?
And then make sure I have all the proper permissions and auth methods set?
ASKER
When I click Explore on the Autodiscover Virtual Directory, I see that it goes to C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpPr
There is no autodiscover.xml in that folder.
There is no autodiscover.xml in that folder.
on old server also set autodiscover SCP to same URL as 2016 exchange server
autodiscover record itself should point to exch 2016 server in internal and external dns
autodiscover record itself should point to exch 2016 server in internal and external dns
(mine was for troubleshooting steps ...)
Sure you can rebuild the Autodiscover :
Better use Exchange Management Console - Server Config - Client Access - Right Click on the Server - Reset Virtual Directory - Choose auto Discovery
It should Remove and recreate automatically.
I guess that you still have the old audiscover listed in Metabase Explorer.
Sure you can rebuild the Autodiscover :
Better use Exchange Management Console - Server Config - Client Access - Right Click on the Server - Reset Virtual Directory - Choose auto Discovery
It should Remove and recreate automatically.
I guess that you still have the old audiscover listed in Metabase Explorer.
ASKER
I've tried rebuilding the Autodiscover, but the fact that I can't pull it up on the server seems to be the primary issue here. I've been going over bindings in IIS, those seem OK. I've now started looking at SPN's to see if that is related?
What am I missing here? autodiscover.domain.org resolves just fine from all clients and servers, but from nowhere can I pull up https://autodiscover.domain.org/Autodiscover/Autodiscover.xml
It prompts for a username and password but no matter what I put, it just keeps prompting!!
Help!
What am I missing here? autodiscover.domain.org resolves just fine from all clients and servers, but from nowhere can I pull up https://autodiscover.domain.org/Autodiscover/Autodiscover.xml
It prompts for a username and password but no matter what I put, it just keeps prompting!!
Help!
Set Anonymous logon True on autodiscover virtual directory (iis) and restart iis.
ASKER
It is already enabled. But so is Basic Auth, and Windows Auth.
Doubke check. Should be enabled even on Default Site. Verify that autodiscover.xml has execute permission. Or rebuild vitual directory from powershell administration console, once again. Do you check the meta ?
Note: the autodiscover must have anonymous/no auth check! Otherwise how can anyone get connection info ?! But only for frontend xml and auth form on iis.
ASKER
I will include screen shot so you can see for yourself. Anon is also enabled on Default Web Site, it is the only one enabled there.
As mentioned before I have already rebuilt it at least twice, that seems to get me nowhere. What information or output can I provide that might help someone?
As mentioned before I have already rebuilt it at least twice, that seems to get me nowhere. What information or output can I provide that might help someone?
ASKER
Gerald you are a bit hard to track,
The Default Web site has Anonymous enabled, and nothing else.
Autodiscover has Anonymous, Basic and Windows Authentication enabled.
The Default Web site has Anonymous enabled, and nothing else.
Autodiscover has Anonymous, Basic and Windows Authentication enabled.
Be patient,i'll send you my settings in 8 hours or less. There is some hours between us,here is midnight... anyway,there is something that doesn't work with your settings,nothing else .
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you to those of you that helped! In the end it was due to MAPI and MAPIHTTP not being enabled
Mapi http should not be the problem
It is enabled by default with exchange 2016 and even if its not enabled client will be fall back to rpc http
I believe rpc/http (outlook anywhere) hostname was set to internal hostmes with exch 2016 and that was the reason, MS Guy must have changed it with external hostname like mail.domain.com
By default outlook anywhere enabled on exchange 2016 but with internal hostnames
We were talked about all virtual directories except outlook anywhere urls
It is enabled by default with exchange 2016 and even if its not enabled client will be fall back to rpc http
I believe rpc/http (outlook anywhere) hostname was set to internal hostmes with exch 2016 and that was the reason, MS Guy must have changed it with external hostname like mail.domain.com
By default outlook anywhere enabled on exchange 2016 but with internal hostnames
We were talked about all virtual directories except outlook anywhere urls
ASKER
I'm not 100% sure as I had them remoted in for 6 hours while we worked through the issue. It is passing all of the connectivity tests for MAPI, MAPI HTTP, and RPC HTTP tests so I'm good with that!