Autodiscover and SRV records

Status
Not open for further replies.
K

KiwiCam

Hi All,

I"m hoping someone out there will be able to help with the following configuration issue that I"m having with setting up the Autodiscover service for Exchange 2007.

I"ve configured the Autodiscover service to use SRV records to locate the Exchange Autodiscover service.

I"ve tested the config via the Exchange Remote Connectivity Analyzer and this test out ok, no issue found (results at the bottom).

Internal clients connect ok.

The issue I have is when trying to self configure an Outlook profile (external user) for the first time the outlook client is unable to connect, however on an already configured client I can now use the Out of Office and the OAB (outlook client patched with hotfix to allow SRV record lookups) which I was unable to do before I configured the Autodiscover.

Note: the internal URL for Autodiscover is “webmail.domain.com” whereas the issue I"m having is users connecting externally. Outlook Anywhere is setup on “eoa.domain.com”.

********************************

Environment as it stands

Exchange 2007 SP1 rollup 10

CCR

2 x CAS in NLB (webmail.domain.com)

2 x HubT

OWA web address: webmail.domain.com

Split DNS Internal users go to CAS NLB
External users go to SSL Appliance

Outlook Anywhere: eoa.domain.com (only available externally)

Externally goes to ISA 2006 (not the SSL Appliance use for webmail.domain.com)

Get-OabVirtualDirectory -Identity " CAS001\oab (Default Web Site)"

InternalUrl : https://webmail.domain.com/OA

InternalAuthenticationMethods : {WindowsIntegrated}

ExternalUrl : http://eoa.domain.com/OAB

ExternalAuthenticationMethods : {WindowsIntegrated}

Get-ClientAccessServer -Identity CAS001

OutlookAnywhereEnabled : True

AutoDiscoverServiceCN : CAS001

AutoDiscoverServiceClassName : ms-Exchange-AutoDiscover-Service

AutoDiscoverServiceInternalUri : https://webmail.domain.com/Autodiscover/Autodiscover.xml

Get-WebServicesVirtualDirectory -Identity " CAS001\EWS (Default Web Site)"

InternalUrl : https://webmail.domain.com/EWS/Exchange.asmx

ExternalUrl : https://eoa.domain.com/EWS/Exchange.asmx

********************************

Do I need to make the AutoDiscoverServiceInternalURl “eoa.domain.com” instead of “webmail.domain.com”? And If I do this what will break?

AutoDiscoverServiceInternalUri : https://webmail.domain.com/Autodiscover/Autodiscover.xml

TEST Results from Exchange Remote Connectivity Analyzer

Attempting to test Autodiscover for user.name@domain.com
Autodiscover was tested successfully.
Test Steps

ExRCA is attempting to contact the Autodiscover service using the DNS SRV redirect method.
Successfully contacted AutoDiscover using the DNS SRV redirect method.
Test Steps
Attempting to locate SRV record _autodiscover._tcp.domain.com in DNS.
The Autodiscover SRV record was successfully retrieved from DNS.
Additional Details
Srv Record returned host: eoa.domain.com

Attempting to test potential AutoDiscover URL https://eoa.domain.com/Autodiscover/Autodiscover.xml
Testing of the Autodiscover URL was successful.
Test Steps
Attempting to resolve the host name eoa.domain.com in DNS.
Host successfully resolved
Additional Details
IP(s) returned: 203.xx.xx.xx

Testing TCP Port 443 on host eoa.domain.com to ensure it is listening and open.
The port was opened successfully.

ExRCA is testing the SSL certificate to make sure it's valid.
The certificate passed all validation requirements.
Test Steps
The certificate name is being validated.
Successfully validated the certificate name
Additional Details
Found hostname eoa.domain.com in Certificate Subject Alternative Name entry

Certificate trust is being validated.
The certificate is trusted and all certificates are present in the chain.
Additional Details
The Certificate chain has be validated up to a trusted root. Root = CN=Entrust.net Secure Server Certification Authority, OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), O=Entrust.net, C=US

The certificate date is being confirmed to ensure the certificate is valid.
Date validation passed. The certificate hasn't expired.
Additional Details
Certificate is valid: NotBefore = 5/3/2010 12:00:00 AM, NotAfter = 8/3/2011 11:59:59 PM"

The IIS configuration is being checked for client certificate authentication.
Client certificate authentication wasn't detected.
Additional Details
Accept/Require Client Certificates not configured.

ExRCA is attempting to send an Autodiscover POST request to potential Autodiscover URLs.
Successfully Retrieved AutoDiscover Settings by sending AutoDiscover POST.
Test Steps
Attempting to Retrieve XML AutoDiscover Response from url https://eoa.domain.com/Autodiscover/Autodiscover.xml for user user.name@domain.com
The Autodiscover XML response was successfully retrieved.
Additional Details
AutoDiscover Account Settings

XML Response:

<?xml version=" 1.0" ?>

<Autodiscover xmlns:xsi=" http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd=" http://www.w3.org/2001/XMLSchema" xmlns=" http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006" >

<Response xmlns=" http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a" >

<User>

<DisplayName>Cameron Matson</DisplayName>

<LegacyDN>/o=abcdefg/ou=COM AG/cn=RECIPIENTS/cn=C83DF806-39A42788-CC2570B6-6B4137</LegacyDN>

<DeploymentId>e64b2be4-39f0-403e-b158-4e1c7482bbb2</DeploymentId>

</User>

<Account>

<AccountType>email</AccountType>

<Action>settings</Action>

<Protocol>

<Type>EXCH</Type>

<Server>MAILBOXSERVER01</Server>

<ServerDN>/o=abcdefg/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn= MAILBOXSERVER01</ServerDN>

<ServerVersion>720180F0</ServerVersion>

<MdbDN>/o=abcdefg/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn= MAILBOXSERVER01/cn=Microsoft Private MDB</MdbDN>

<ASUrl>https://eoa.domain.com/ews/Exchange.asmx</ASUrl>

<OOFUrl>https://eoa.domain.com/ews/Exchange.asmx</OOFUrl>

<OABUrl>Public Folder</OABUrl>

<UMUrl>https://eoa.domain.com/unifiedmessaging/Service.asmx</UMUrl>

<Port>0</Port>

<DirectoryPort>0</DirectoryPort>

<ReferralPort>0</ReferralPort>

<PublicFolderServer>Publicfolderserver004.APN.NZ</PublicFolderServer>

<AD>rootforest.ROOT.LOCAL</AD>

<EwsUrl>https://eoa.domain.com/ews/Exchange.asmx</EwsUrl>

</Protocol>

<Protocol>

<Type>EXPR</Type>

<Server>eoa.domain.com</Server>

<ASUrl>https://eoa.domain.com /ews/Exchange.asmx</ASUrl>

<OOFUrl>https://eoa.domain.com /ews/Exchange.asmx</OOFUrl>

<OABUrl>Public Folder</OABUrl>

<Port>0</Port>

<DirectoryPort>0</DirectoryPort>

<ReferralPort>0</ReferralPort>

<SSL>On</SSL>

<AuthPackage>Ntlm</AuthPackage>

<EwsUrl>https://eoa.domain.com /ews/Exchange.asmx</EwsUrl>

</Protocol>

<Protocol>

<Type>WEB</Type>

<Port>0</Port>

<DirectoryPort>0</DirectoryPort>

<ReferralPort>0</ReferralPort>

<Internal>

<OWAUrl AuthenticationMethod=" Ntlm, WindowsIntegrated" >https://CAS001.local/owa</OWAUrl>

<OWAUrl AuthenticationMethod=" Ntlm, WindowsIntegrated" >https://CAS002.local/owa</OWAUrl>

<Protocol>

<Type>EXCH</Type>

<ASUrl>https://eoa. domain.com /ews/Exchange.asmx</ASUrl>

</Protocol>

</Internal>

</Protocol>

</Account>

</Response>

</Autodiscover>
 
E

Ed Crowley [MVP]

The AutoDiscoverServiceInternalUri property defines what goes in the AD service connection point and therefore only applies to domain-joined clients. That should point to a URL that resolves internally as yours does.

What do you see if you get an Outlook client connected externally and run the Test E-mail AutoConfiguration? Are all the URLs correct?
Ed Crowley MVP " There are seldom good technological solutions to behavioral problems."
 
K

KiwiCam

Hi Ed,

Thansk for the reply, I'll test an external client shortly, on a side note when I run the TEST-OutlookWebServices I get the following:

Id : 1003
Type : Information
Message : About to test AutoDiscover with the e-mail address user.names@domain.com

Id : 1007
Type : Information
Message : Testing server CAS002 with the published name https:/
/webmail.domain.com/EWS/Exchange.asmx & https://eoa.domain.com/EWS/Exch
ange.asmx.

Id : 1019
Type : Information
Message : Found a valid AutoDiscover service connection point. The AutoDiscover
URL on this object is https://webmail.domain.com/Autodiscover/Autodis
cover.xml.

Id : 1013
Type : Error
Message : When contacting https://webmail.domain.com/Autodiscover/Autodiscover.x
ml received the error The remote server returned an error: (401) Unau
thorized.

Id : 1006
Type : Error
Message : The Autodiscover service could not be contacted.
 
K

KiwiCam

I've tested from an external outlook client and run the test email autoconfiguration...results are:

SRV Record lookup for domain.com starting

autodiscover URL redirection to https://eoa.domain.com/autodiscover/autodiscover.xml

autodiscover to https://eoa.domain.com/autodiscover/autodiscover.xml starting

autodiscover request completed with http status code 500

autodiscover to https://eoa.domain.com/autodiscover/autodiscover.xml FAILED (0x8004005)

SRV Record lookup for domain.com FAILED (0x8004005)
 
E

Ed Crowley [MVP]

What happens if you try that URL in a browser from the outside?Ed Crowley MVP " There are seldom good technological solutions to behavioral problems."
 
K

KiwiCam

Hi Ed,

From the outside using a browser:

URL - https://eoa.domain.com/autodiscover/autodiscover.xml

Get to ISA - Login and then get " 600 Invalid Request" .

Internally (URL - https://eoa.domain.com/autodiscover/autodiscover.xml) I get:
<?xml version=" 1.0" encoding=" utf-8" ?>

- <Autodiscover xmlns=" http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006" >

- <Response>

- <Error Time=" 09:24:04.8667130" Id=" 1412281288" >
<ErrorCode>600</ErrorCode>
<Message>Invalid Request</Message>
<DebugData />
</Error>
</Response>
</Autodiscover>
 
E

Ed Crowley [MVP]

Actually, that's what's expected, so that's good. You don't get a certificate error, do you? When you look at the certificate does it look like the valid external one?Ed Crowley MVP " There are seldom good technological solutions to behavioral problems."
 
K

KiwiCam

Hi Ed,

The SAN cert looks good, both addresses are listed e.g:

webmail.domain.com & eoa.domain.com
 
G

Gavin-Zhang

Hi KiwiCam,
Per your above information, you exchange external URL is :
https://webmail.domain.com/...
So why do you want to set the other one url like: https://eoa.domain.com/...
As we known, when we set the external rul linke webmail.domain.com, and the autodiscover would be used as autodiscover.domain.com, and the CERT would must contain them in the SAN.
That is , you must correctly configure your Exchange services, such as the Availability service, before the Autodiscover service can provide the correct external URLs to clients. You could refer to below:
http://technet.microsoft.com/en-us/library/bb201695(EXCHG.80).aspx
And about how to configure the SSL CERT, you could refer to below:
http://technet.microsoft.com/en-us/library/aa995942(EXCHG.80).aspx
You could learn more about the outlook automatic configuration process refer to:
http://go.microsoft.com/fwlink/?LinkId=79065
When the outlook automatically configured, it would according to the email address and lookfor the
Https://autodiscover.domain.com/autodiscover/autodiscover.xml by default, but not he eoa.domain.com
If you still want to use it, you could add other cname for the autodiscover.domain.com as eoa.domain.com
Regards!
Gavin
 
K

KiwiCam

Hi Gavin,

Webmail.domain.com goes to a dfferent SSL system to authenicate (different security requirements).

eoa.domain.com goes via ISA (2006domains.)

The SAN cert contains both domains.

Testing via the Exchange Remote Connectivity Analyzer from microsoft (https://www.testexchangeconnectivity.com/) works. the test completes successfully (see orginal post).

We use SRV records on our external DNS to point Outlook clients to ISA:

Successfully contacted AutoDiscover using the DNS SRV redirect method.
Test Steps
Attempting to locate SRV record _autodiscover._tcp.domain.com in DNS.
The Autodiscover SRV record was successfully retrieved from DNS.
Additional Details
Srv Record returned host: eoa.domain.com

Attempting to test potential AutoDiscover URL https://eoa.domain.com/Autodiscover/Autodiscover.xml
Testing of the Autodiscover URL was successful.
Test Steps
Attempting to resolve the host name eoa.domain.com in DNS.
Host successfully resolved
Additional Details
IP(s) returned: 203.xx.xx.xx

Issue as it stands, Out of office works & Offline Address book downloads work for external existing Outlook clients (using SRV records) the only part that does not work is the ability to automatically configure a new clients.
 
G

Gavin-Zhang

Hi KiwiCam,
Did you check the doc : http://go.microsoft.com/fwlink/?LinkId=79065
Per your description, I learned that you want to use the redirection for the autodiscover service using EOA.domain.com.
Per my known, the outlook would looks for XML file in the following locations (in order)
1. https://domainname.com/autodiscover/autodiscover.xml
2. https://autodiscover.domainname.com/autodiscover/autodiscover.xml
I would suggest that you could add the autodiscover.domainname.com into your CERT and make a test.
Regards!
Gavin
 
Status
Not open for further replies.
Thread starter Similar threads Forum Replies Date
Q Problems with Autodiscover Outlook 2016 Using Outlook 0
B AutoDiscover Forensics Exchange Server Administration 0
EXChange2013 Exchange 2013 AutoDiscover Tweaks? Exchange Server Administration 0
A Exchange 2003 Outlook 2010 64 Bit- AutoDiscover Connection Err - Certificate Exchange Server Administration 9
M Outlook 2007 AutoDiscover Using Outlook 0
A Exchange Autodiscover SSL issue Exchange Server Administration 7
M Initial Outlook Configuration with AutoDiscover populates wrong email address Using Outlook 5
N Outlook 2007 Clients Pointed to Wrong Domain Name for Autodiscover Using Outlook 2
N Exchange 2007 SP1 + Outlook 2007/2010 - Autodiscover for Outlook Anywhere and Out of Office not working Using Outlook 1
S Load balance Autodiscover with multiple CAS servers. Exchange Server Administration 2
S Load balance Autodiscover with multiple CAS servers. Exchange Server Administration 3
K testing autodiscover and exchange coexistence Exchange Server Administration 2
D CAS Autodiscover using -rpcclientaccessserver Exchange Server Administration 5
C The Autodiscover service couldn't be located. Exchange Server Administration 8
C Exchange server 2010 error "The Autodiscover service couldn't be located." Exchange Server Administration 1
J Autodiscover accounts on exchange 2003 with Outloook 2010 not working Using Outlook 4
Z Autodiscover Points to defunct Exchange 2010 Server Exchange Server Administration 5
M Autodiscover not configuring Outlook Anywhere Using Outlook 10
B Autodiscover error 0x800c8203 and encrypted connection is not available Exchange Server Administration 3
P Autodiscover URLs Exchange Server Administration 15
C Autodiscover Exchange Server Administration 6
I Exchange 2010 Profile AutoDiscover not working for some users Exchange Server Administration 1
S Exhcange 2010 autodiscover virtual directory Exchange Server Administration 4
D External Autodiscover Exchange Server Administration 3
S Exchange 2010 Autodiscover Problems, cannot connect Outlook clients using Autodiscover / Outlook Any Exchange Server Administration 4
G Exchange 2010/Outlook 2007 Can't get autodiscover to work for some users, but others work fine Exchange Server Administration 3
S Autodiscover issue Exchange 2007 Using Outlook 4
P Autodiscover will not work Exchange Server Administration 13
K Exchange 2010 Autodiscover Exchange Server Administration 1
P Autodiscover fails (Exchange 2010) Exchange Server Administration 7
P Autodiscover issues on Exchange 2010 Exchange Server Administration 7
S Exchange 2010 Outlook 2010 Autodiscover fails Exchange Server Administration 22
C Getting Autodiscover to work with other web servers ... Using Outlook 4
C Autodiscover Service Configuration Exchange Server Administration 5
B move mailbox- autodiscover Exchange Server Administration 25
T Autodiscover authentication Exchange Server Administration 2
A autodiscover issue with OL2010 but no issue with OL2007 Exchange Server Administration 10
S Autodiscover redirected Using Outlook 2
C Autodiscover Exchange Server Administration 5
C ex2010 outlook03 autodiscover working??? Using Outlook 5
S Autodiscover two AD sites two cas arrays Exchange Server Administration 4
O Autodiscover Exchange Server Administration 4
S Autodiscover FQDN certificate for secondary domain email? Exchange Server Administration 1
K Remove AlternativeMailbox - Autodiscover Exchange Server Administration 5
S Exchange 2010 autodiscover Exchange Server Administration 4
R Autodiscover virtual directory - recreation fails Exchange Server Administration 1
J Autodiscover not issuing CAS array to Outlook Clients Exchange Server Administration 2
A share one record for autodiscover between exch 2007 and exch 2010 Exchange Server Administration 4
O SSL certificate needed for autodiscover.domain.com Exchange Server Administration 12
C Windows 7/Outlook 2010 vs Windows XP/Outlook 2007 - Autodiscover authentication looping Using Outlook 1
Similar threads


















































Top