Autodiscover failure
I have an Exchange server 2007 installed on Windows server 2008 domain controller, I cannot check mail from mobile devices (such as iphone or ipad) that using Microsoft Exchange after I change the internal static IP address of this server from 192.168.xxx to 172.17.xxx (Everything is ok before I change the ip address). I tried to test autodiscover connectivity by Microsoft Remote Connectivity Analyzer and got result as below: Attempting the Autodiscover and Exchange ActiveSync test (if requested). Testing of Autodiscover for Exchange ActiveSync failed. Attempting each method of contacting the Autodiscover service. The Autodiscover service couldn't be contacted successfully by any method. Attempting to test potential Autodiscover URL https://domain.com/AutoDiscover/AutoDiscover.xml Testing of this potential Autodiscover URL failed. Attempting to resolve the host name domain.com in DNS. The host name resolved successfully. Additional Details Testing TCP port 443 on host domain.com to ensure it's listening and open. The port was opened successfully. Testing the SSL certificate to make sure it's valid. The SSL certificate failed one or more certificate validation checks. ExRCA is attempting to obtain the SSL certificate from remote server domain.com on port 443. ExRCA wasn't able to obtain the remote SSL certificate. Additional Details The certificate couldn't be validated because SSL negotiation wasn't successful. This could have occurred as a result of a network error or because of a problem with the certificate installation. Attempting to test potential Autodiscover URL https://autodiscover. domain.com /AutoDiscover/AutoDiscover.xml Testing of this potential Autodiscover URL failed. Attempting to resolve the host name autodiscover. domain.com in DNS. The host name resolved successfully. Additional Details IP addresses returned: Testing TCP port 443 on host autodiscover. domain.com to ensure it's listening and open. The port was opened successfully. Testing the SSL certificate to make sure it's valid. The SSL certificate failed one or more certificate validation checks. ExRCA is attempting to obtain the SSL certificate from remote server autodiscover. domain.com on port 443. ExRCA wasn't able to obtain the remote SSL certificate. Additional Details The certificate couldn't be validated because SSL negotiation wasn't successful. This could have occurred as a result of a network error or because of a problem with the certificate installation. Attempting to contact the Autodiscover service using the HTTP redirect method. The attempt to contact Autodiscover using the HTTP Redirect method failed. Attempting to resolve the host name autodiscover. domain.com in DNS. The host name resolved successfully. Additional Details IP addresses returned: Testing TCP port 80 on host autodiscover. domain.com to ensure it's listening and open. The port was opened successfully. ExRCA is checking the host autodiscover. domain.com for an HTTP redirect to the Autodiscover service. ExRCA failed to get an HTTP redirect response for Autodiscover. Additional Details A Web exception occurred because an HTTP 404 - NotFound response was received from Unknown. Attempting to contact the Autodiscover service using the DNS SRV redirect method. ExRCA failed to contact the Autodiscover service using the DNS SRV redirect method. Attempting to locate SRV record _autodiscover._tcp. domain.com in DNS. The Autodiscover SRV record wasn't found in DNS. I have a valid self-sign certificate and it still works well before. I tried to recreate autodiscover virtual directory but couldn't resolve the issue. I am really stuck now. Anybody has experience with this issue please give me advice to resolve the issue. Thanks a lot.
August 23rd, 2011 5:55pm

Have you setup an SRV or DNS A record for autodiscover on public DNS servers? - http://social.technet.microsoft.com/Forums/en-US/exchange2010/thread/0fb4a33e-07e9-49d4-a48a-e794c30cb10e/ Sukh
Free Windows Admin Tool Kit Click here and download it now
August 23rd, 2011 11:57pm

On Tue, 23 Aug 2011 14:55:54 +0000, nxthanh wrote: >I have an Exchange server 2007 installed on Windows server 2008 domain controller, I cannot check mail from mobile devices (such as iphone or ipad) that using Microsoft Exchange after I change the internal static IP address of this server from 192.168.xxx to 172.17.xxx (Everything is ok before I change the ip address). I tried to test autodiscover connectivity by Microsoft Remote Connectivity Analyzer and got result as below: > > > >Attempting the Autodiscover and Exchange ActiveSync test (if requested). Testing of Autodiscover for Exchange ActiveSync failed. > Attempting each method of contacting the Autodiscover service. > > The Autodiscover service couldn't be contacted successfully by any method. > Attempting to test potential Autodiscover URL https://domain.com/AutoDiscover/AutoDiscover.xml > Testing of this potential Autodiscover URL failed. > Attempting to resolve the host name domain.com in DNS. > The host name resolved successfully. > Additional Details > Testing TCP port 443 on host domain.com to ensure it's listening and open. > The port was opened successfully. > Testing the SSL certificate to make sure it's valid. > The SSL certificate failed one or more certificate validation checks. > ExRCA is attempting to obtain the SSL certificate from remote server domain.com on port 443. > ExRCA wasn't able to obtain the remote SSL certificate. > Additional Details > The certificate couldn't be validated because SSL negotiation wasn't successful. This could have occurred as a result of a network error or because of a problem with the certificate installation. > > Attempting to test potential Autodiscover URL https://autodiscover. domain.com /AutoDiscover/AutoDiscover.xml > Testing of this potential Autodiscover URL failed. > Attempting to resolve the host name autodiscover. domain.com in DNS. > The host name resolved successfully. > Additional Details > IP addresses returned: > Testing TCP port 443 on host autodiscover. domain.com to ensure it's listening and open. > The port was opened successfully. > Testing the SSL certificate to make sure it's valid. > The SSL certificate failed one or more certificate validation checks. > ExRCA is attempting to obtain the SSL certificate from remote server autodiscover. domain.com on port 443. > ExRCA wasn't able to obtain the remote SSL certificate. > Additional Details > The certificate couldn't be validated because SSL negotiation wasn't successful. This could have occurred as a result of a network error or because of a problem with the certificate installation. > > Attempting to contact the Autodiscover service using the HTTP redirect method. > The attempt to contact Autodiscover using the HTTP Redirect method failed. > Attempting to resolve the host name autodiscover. domain.com in DNS. > The host name resolved successfully. > Additional Details > IP addresses returned: > Testing TCP port 80 on host autodiscover. domain.com to ensure it's listening and open. > The port was opened successfully. > ExRCA is checking the host autodiscover. domain.com for an HTTP redirect to the Autodiscover service. > ExRCA failed to get an HTTP redirect response for Autodiscover. > Additional Details > A Web exception occurred because an HTTP 404 - NotFound response was received from Unknown. > Attempting to contact the Autodiscover service using the DNS SRV redirect method. > ExRCA failed to contact the Autodiscover service using the DNS SRV redirect method. > Attempting to locate SRV record _autodiscover._tcp. domain.com in DNS. > The Autodiscover SRV record wasn't found in DNS. > I have a valid self-sign certificate and it still works well before. I tried to recreate autodiscover virtual directory but couldn't resolve the issue. I am really stuck now. > >Anybody has experience with this issue please give me advice to resolve the issue. Thanks a lot. Changing the IP address on the machine (which is using a NATed address on the Internet) would have no effect on the certificate. Your problem reads more like a network problem. Is the NAT device sending the packets to the correct device? Are the port mappings on the NAT device correct (if it's using port mapping)? Is the default route on the Exchange server correct? Are there any static (i.e. persistant) routes on the Exchange server? --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP
August 24th, 2011 4:06am

Hi Rich, I mapped port 443 on the router to this server already, default route is correct, no static routes on this server. After change ip address, I ran ipconfig /registerdns command to update the ip configuration into dns server on DC. I can check mail on MS Outlook and OWA on the internet, just problem occurs with iphone/ipad. When I run test email autoconfiguration of MS Outlook client, It shows the message error "Autoconfiguration was unable to determine your settings".
Free Windows Admin Tool Kit Click here and download it now
August 24th, 2011 11:43am

I would suggest that you restart the server if you haven't done that after you changed the IP address?Martin Sundstrm | Microsoft Certified Trainer | MCITP: Enterprise Messaging Administrator 2007/2010 | http://msundis.wordpress.com
August 24th, 2011 11:59am

I restarted server when changing the ip address. I check the IIS logfiles and detect that there isn't any transaction log of Iphone/Ipad in the logfile after this action, users say that they cannot check mail on their iphone/ipad (before they can). What could I do to fix this issue ?
Free Windows Admin Tool Kit Click here and download it now
August 24th, 2011 1:02pm

No redirects for HTTP in the Active Sync virtual directory? The users that can't sync, are they members of any administrative group? Any Exchange ActiveSync Policies activated for the Iphone/Ipad mailboxes?Martin Sundstrm | Microsoft Certified Trainer | MCITP: Enterprise Messaging Administrator 2007/2010 | http://msundis.wordpress.com
August 24th, 2011 4:59pm

On Wed, 24 Aug 2011 08:43:28 +0000, nxthanh wrote: >I mapped port 443 on the router to this server already, default route is correct, no static routes on this server. After change ip address, I ran ipconfig /registerdns command to update the ip configuration into dns server on DC. I can check mail on MS Outlook and OWA on the internet, just problem occurs with iphone/ipad. When you use OWA are there any certificate errors? If you try to use OWA from the mobile device are there certificate errors? >When I run test email autoconfiguration of MS Outlook client, It shows the message error "Autoconfiguration was unable to determine your settings". Is that when you're connected to the company network (or VPN), or when you're connected from outside the company network? Are you using a self-signed certificate, or a certificate issued by an internal CA? If so, the http://testexchangeconnectivity.com site won't be much help. You should verify that DNS (all of the ones used by the client and by your servers) are returning the new IP address. Chek to be sure that there are no hosts file on any of the machines that might still have the old IP address in them. What about the Active Directory? Does the new IP address belong to a defined AS Site? Check the AD to verify that the SCP is correct, too: CN=<SERVERNAME>,CN=Autodiscover,CN=Protocols,CN=<SERVERNAME>,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=<ORGNAME>,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<DOMAIN>,DC=<TLD> The property "keywords" should have the correct AD site name in it (it will look like "Site=SiteName"). --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP
Free Windows Admin Tool Kit Click here and download it now
August 25th, 2011 4:05am

any update?--------Abhi----------------- Exchange Specialist------------- ------------------ Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
August 25th, 2011 9:19am

Hello, For external autodiscover service, you need to ensure: 1. Autodiscover.domain.com can be resolved to CAS server. 2. Autodiscover.domain.com should be included in the certificate. Thanks, Simon
Free Windows Admin Tool Kit Click here and download it now
August 25th, 2011 10:11am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics