exchange autodiscover doesnot work

  • Thread starter douha-it
  • Start date Views 5,383
D

douha-it

#1
hello, i have installed exchange 2010 on windows 2k8 r2

i test it with testexchangeconnectivity.com give me
https://autodiscover.centos.com/AutoDiscover/AutoDiscover.xml for user test@centos.com
Failed to obtain AutoDiscover XML response.
Tell me more about this issue and how to resolve it
Additional Details
An HTTP 403 was received because ISA denied the specified
i try to browse the link internally give me:

<?xml version=" 1.0" encoding=" utf-8" ?>

- <Autodiscover xmlns=" http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006" >

- <Response>

- <Error Time=" 16:48:17.6221876" Id=" 1170893205" >
<ErrorCode>600</ErrorCode>
<Message>Invalid Request</Message>
<DebugData />
</Error>
</Response>
</Autodiscover>

i set permission read/execute for all authenticated users

here is get-AutodiscoverVirtualDirectory

RunspaceId : c8dcec33-d13f-4316-9cf5-ea0de621d444
Name : Autodiscover (Default Web Site)
InternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated, WSSecurity}
ExternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated, WSSecurity}
LiveIdSpNegoAuthentication : False
WSSecurityAuthentication : True
LiveIdBasicAuthentication : False
BasicAuthentication : True
DigestAuthentication : False
WindowsAuthentication : True
MetabasePath : IIS://exch2010-mail.centoso.local/W3SVC/1/ROOT/Autodiscover
Path : D:\program files\Microsoft\Exchange Server\V14\ClientAccess\Autodiscover
Server : TRIMAR-MAIL
InternalUrl : https://autodiscover.centoso.com/Autodiscover/Autodiscover.xml
ExternalUrl : https://autodiscover.centoso.com/Autodiscover/Autodiscover.xml
AdminDisplayName :
ExchangeVersion : 0.10 (14.0.100.0)
DistinguishedName : CN=Autodiscover (Default Web Site),CN=HTTP,CN=Protocols,CN=TRIMAR-MAIL,CN=Servers,CN=Ex
change Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=centoso,CN=Mic
rosoft Exchange,CN=Services,CN=Configuration,DC=trimar,DC=local
Identity : exch2010-MAIL\Autodiscover (Default Web Site)
Guid : fad99db5-f437-405a-abc5-adab4859eeb9
ObjectCategory : Centoso.local/Configuration/Schema/ms-Exch-Auto-Discover-Virtual-Directory
ObjectClass : {top, msExchVirtualDirectory, msExchAutoDiscoverVirtualDirectory}
WhenChanged : 4/20/2010 4:42:01 PM
WhenCreated : 4/20/2010 3:07:08 PM
WhenChangedUTC : 4/20/2010 2:42:01 PM
WhenCreatedUTC : 4/20/2010 1:07:08 PM
OrganizationId :
OriginatingServer : centoso-pdc.centoso.local
IsValid : True

and here is " test-outlookwebservices | fl " errors

RunspaceId : 25729486-f3ed-4b0d-be6e-4fd4258d56f6
Id : 1013
Type : Error
Message : When contacting https://exch2010-mail.centos.local/Autodiscover/Autodiscover.xml received the error The remo
te server returned an error: (401) Unauthorized.

RunspaceId : 25729486-f3ed-4b0d-be6e-4fd4258d56f6
Id : 1023
Type : Error
Message : The Autodiscover service couldn't be contacted.

RunspaceId : 25729486-f3ed-4b0d-be6e-4fd4258d56f6
Id : 1013
Type : Error
Message : When contacting https://exch2010-mail.centos.local/EWS/Exchange.asmx received the error The request failed w
ith HTTP status 401: Unauthorized.

RunspaceId : 25729486-f3ed-4b0d-be6e-4fd4258d56f6
Id : 1025
Type : Error
Message : [EXCH] Error contacting the AS service at https://exch2010-mail.centos.local/EWS/Exchange.asmx. Elapsed time
was 46 milliseconds.

RunspaceId : 25729486-f3ed-4b0d-be6e-4fd4258d56f6
Id : 1013
Type : Error
Message : When contacting https://mails.centoso.com/ews/exchange.asmx received the error The request failed
with an empty response.

RunspaceId : 25729486-f3ed-4b0d-be6e-4fd4258d56f6
Id : 1025
Type : Error
Message : [EXPR] Error contacting the AS service at https://mails.centoso.com/ews/exchange.asmx. Elapsed ti
me was 0 milliseconds.
RunspaceId : 25729486-f3ed-4b0d-be6e-4fd4258d56f6
Id : 1113
Type : Error
Message : When contacting https://exch2010-mail.centos.local/ews/exchange.asmx received the error The request failed w
ith HTTP status 401: Unauthorized.

RunspaceId : 25729486-f3ed-4b0d-be6e-4fd4258d56f6
Id : 1125
Type : Error
Message : [Server] Error contacting the AS service at https://exch2010-mail.centos.local/ews/exchange.asmx. Elapsed ti
me was 46 milliseconds.

any idea?
 
D

douha-it

#4
i tried the first link but get thes same error

i tried to open the autodiscover.xml with notepad i found this only

<%@ServiceHost Service=" Microsoft.Exchange.Autodiscover.WCF.LegacyAutodiscoverService" %>

is it right?

the second link is for srv i read it's less secure and need outlook patch to work but i will give it a try.

yes i have autodiscover record in dns point to my server ip, and it resolve

testexchangeconnectivty.com pass process
1. Attempting to resolve the host name autodiscover.centoso.com in DNS. Host successfully resolved
2. Testing TCP Port 443 on host autodiscover.centoso.com to ensure it is listening and open. The port was opened successfully.
3. Testing SSL Certificate for validity. The certificate passed all validation requirements
4. Attempting to Retrieve XML AutoDiscover Response from url https://autodiscover.centoso.com/AutoDiscover/AutoDiscover.xml for user test@centoso.com

Failed to obtain AutoDiscover XML response

Additional Details

An HTTP 403 was received because ISA denied the specified URL

thanks
 
D

douha-it

#5
here is get-outlookprovider

Name Server CertPrincipalName TTL
---- ------ ----------------- -
EXCH 1
EXPR 1
WEB 1

is it right?

do i supposed to add my server netbois name on exch, expr, web or what?
 
B

Brian Desmond -MVP-

#6
The results you got browsing to the URL manually is normal. It sounds like something is out of order with ISA. I'm not really sure how to troubleshoot that part - you might want to post a copy of your question in the ISA forum.Active Directory, 4th Edition - www.briandesmond.com/ad4/
 
D

douha-it

#7
yes you are right it was in isa

but now get other error

Validating Autodiscover Settings for Outlook Anywhere

Failed to validate Outlook Anywhere Autodiscover Settings
Additional Details : Missing EXCH Provider section in AutoDiscover Response

here is my get-outlookprovider

get-outlookprovider

Name Server CertPrincipalName TTL
---- ------ ----------------- -
EXCH 1
EXPR 1
WEB 1

do i need any modification on it?
 
#9
Hello,

I&acute;ve got an Autodiscover error that is being difficult to sort out.

Here the scenario: I have Exchange 2010, Enterprise edition servers deployed on Windows 2008 R2 Enterprise.

I got 2 CAS servers with only CAS role intalled on them in Windows NLB with CAS Array configuration. No Certificates installed.

All Ports are open on NLB. NLB name is " nlbcas.smpn.net"

Cas array name is " casarraysitea" , FQDN is " casarraysitea.smpn.net" Site Name is " SiteA"

I got a Windows 7 Machine with outlook 2010 configured. When I open Outlook I get certification errors, although I can use outlook.

The security errors complain about the names that don&acute;t match certificate. When I change the name of autodiscover it says that

the name is valid but the client does not trust the certificate.

How can I sort this out?

Thanks,

WBO
 
#10
After manually importing the certificate into the " Trusted Certification Authority" store the error was gone. But, this is not supposed the way to fix this. So, I need someone to explain me how to correct this and why this is happening.

Thanks,

WBO
 
#11
Some additional information:

When logging on with another user at the same machine the very same error happens again, where it says: " The security certificate was issued by a company you have not chosen to trust. View the certificate to determine wether you want to trust the certifying authority" . Then the user have to click on the " OK" button to proceed and then access his mailbox..

I use the following commands do set the autodiscover:

Set-ClientAccessServer -identity srpapxch03 -AutodiscoverServiceInternalUri https://srpapxch03.smpn.net/Autodiscover/Autodiscover.xml

Set-ClientAccessServer -identity srpapxch04 -AutodiscoverServiceInternalUri https://srpapxch04.smpn.net/Autodiscover/Autodiscover.xml

Am I missing an internal CA authority, or there is a powershell command that gets rid of this error?

I really need help with ths..

Thanks!

WBO
 
B

Brian Desmond -MVP-

#12
Some additional information:

When logging on with another user at the same machine the very same error happens again, where it says: " The security certificate was issued by a company you have not chosen to trust. View the certificate to determine wether you want to trust the certifying authority" . Then the user have to click on the " OK" button to proceed and then access his mailbox..

I use the following commands do set the autodiscover:

Set-ClientAccessServer -identity srpapxch03 -AutodiscoverServiceInternalUri https://srpapxch03.smpn.net/Autodiscover/Autodiscover.xml

Set-ClientAccessServer -identity srpapxch04 -AutodiscoverServiceInternalUri https://srpapxch04.smpn.net/Autodiscover/Autodiscover.xml

Am I missing an internal CA authority, or there is a powershell command that gets rid of this error?

I really need help with ths..

Thanks!

WBO
So where did you get the certificate from?Active Directory, 4th Edition - www.briandesmond.com/ad4/
 
Z

Zahir Hussain Shah

#13
Dear WBO,
Do you have Internal Certification Authority setup in your Active Directory Domain Environment?
Usually this error what your are seeing on the Clients, while running the Auto Discovery Process for configuring the User's outlook profile, becuase when we install Exchange 2010, so by default Exchange Server autometically installs the Self-Signed Certificate for securing the Transport Layer.
Resolution:
1) Install the CA in your Enviornment
2) Creating & Installing Certificate on Exchange HUB / CAS Server
NOTE:
You may also purchase a Third party certificate from the Internet, and while creating the certificate add the SAN Addresses to your certificate like, subject name of cert can be mail.abc.com, and SAN can be: abc.com, casnlb.abc.com, casserver1.abc.com & etc...
ZahirZahir Hussain Shah MCP, MCSE, MCTIP Enterprise Admini, CCNA, ITIL Senior Infrastructure Consultant zhshah@live.com United Arab Emirates
 
Z

Zahir Hussain Shah

#14
Dear WBO,
Do you have Internal Certification Authority setup in your Active Directory Domain Environment?
Usually this error what your are seeing on the Clients, while running the Auto Discovery Process for configuring the User's outlook profile, becuase when we install Exchange 2010, so by default Exchange Server autometically installs the Self-Signed Certificate for securing the Transport Layer.
Resolution:
1) Install the CA in your Enviornment
2) Creating & Installing Certificate on Exchange HUB / CAS Server
NOTE:
You may also purchase a Third party certificate from the Internet, and while creating the certificate add the SAN Addresses to your certificate like, subject name of cert can be mail.abc.com, and SAN can be: abc.com, casnlb.abc.com, casserver1.abc.com & etc...
Zahir Zahir Hussain Shah MCP, MCSE, MCTIP Enterprise Admini, CCNA, ITIL Senior Infrastructure Consultant zhshah@live.com United Arab Emirates
See how to create Certs in Exchange 2010:
http://www.digicert.com/ssl-certificate-installation-microsoft-exchange-2010.htm

Zahir Hussain Shah MCP, MCSE, MCTIP Enterprise Admini, CCNA, ITIL Senior Infrastructure Consultant zhshah@live.com United Arab Emirates
 
#15
Hello all,

Finally I got to understand what was happenning - I had no certificates installed and the self-signed certificates installed by default should not allow outlook 2010 clients to be promped with this kind of certificate trust error. Then I came acrross an article from Henrik Wather:

http://blogs.msexchange.org/walther/2010/05/18/certificate-warning-when-using-self-signed-exchange-certficate-and-outlook-2010/

This applies to the situation I describe. It is interesting that the MS Outlook PM said that there was a design change in the oultook 2010 version where the self-signed certificate will have to be replaced by an internal CA certificate or a public CA certificate to avoid this trust error to happen. Take a look at the article, which explains this in more detail.

Thanks for the efforts everybody here spent trying to help me sort out this kind of issue..

Cheers,

WBO.
 
Top