Autodiscover issues - root domain

Hi all!

I have a really strange one here...
First of all, everything is working just fine, Exchange 2013 CU9 and outlook client 2013 latest updates. We use MAPI over HTTP.

Now the problem is and only with non domain joined PC`s with autodiscover and root domain query.
I have my root doain on port 443 CLOSED on my firewall and we do not use it at all.

When I add outlook profile it takes almost 10 minutes to set up an account.

If I use registry to disable root domain autodiscover lookup, account sets up INSTANTLY.

Isn`t Outlook supposed to connect to root domain and if it fails to autodiscover.rootdomain ?
In my case outlooks (2013 and I tested with 2016 aswell) keeps connecting to root autodiscover domain for 5-10 minutes even though I have port 443 closed.

Any idea?

July 30th, 2015 3:46am

Hello 

Autodiscover for non domain joined comouter always try to connect to root domain for SCP information.

Please let us know if you are trying to connect from internet or within company network. 

it used email address fileds are @ like in XXXX@mydomain.com, it will search for mydomain.com for the autodiscover xml file and same information is stored in registry we call SCP.

Free Windows Admin Tool Kit Click here and download it now
July 30th, 2015 3:55am

Hi!

I try to connect from outside network which has nothing to do with company network.

Problem is, that this root query takes a very long time before it figures out that it is not available and then go to autodiscover.rootdomain query which works instantly.I have to add like 10 delegate mailboxes and imagine how long it takes to proccess each mailbox. I waited almost 2 hours to add all of them.

When I disabled root domain query in registry it took 2 minutes to configure outlook with 10 delegate mailboxes...

July 30th, 2015 4:07am

Hello

You need to check the public url for Autodiscover. Let say it is 

"https://" + domain + "/autodiscover/autodiscover" + fileExtension

Check your Autodiscover SRV record using nslookup as below:

Type cmd in run, and enter nslookup

>Set q=srv

> _autodiscover._tcp.yourdomain.com

check the server it is hitting. Now you can go to that server and manually specify a domain controller using the powershell to be used by exchange query.

Set-ADServerSettings -SetPreferredDomainControllers DC.yourdomain.com

Let me know if this helps.

Free Windows Admin Tool Kit Click here and download it now
July 30th, 2015 9:17am

How could this help?

Any why should I set SRV record if I have autodiscover.domain.com and this is outside client, not inside...

Please read my post again.

July 30th, 2015 10:01am

Hello

if you check in nslookup

>server 8.8.8.8

>autodiscover.yourdomain.com

you will find a public IP. That will be NAT to you internet facing CAS server. Did you check if this is corectly configured. 

also check which domain controller is set primary for exchange using below command

Get-ADServerSetting

Free Windows Admin Tool Kit Click here and download it now
July 30th, 2015 10:52am

I have 1 DC.

Autodiscover works just fine, problem is just that when it is doing root domain check it takes forever to move to next check which is autodiscover.domain.com

July 31st, 2015 3:31am

Hi,

Do you add relevant A or CNAME record for yourdomain.com?

Please clarify how Autodiscover works for no-domain joined client(using contoso.com as their domain):
1. HTTPS root domain query for an A or CNAME record for contoso.com. If it resolves this, it then attempts to make a connection to https://example.com/autodiscover/autodiscover.xml.
2. HTTPS AutoDiscover domain query for an A or CNAME record for autodiscover.contoso.com. If it resolves this, it then attempts to make a connection to https://autodiscover.contoso.com/autodiscover/autodiscover.xml.
3. HTTP redirect method where a request is made to http://autodiscover.contoso.com and a 301 or a 302 response should redirect to the proper Autodiscover endpoint. This method is useful when you have more domains than you want to include in a certificate.
4. SRV record query where a DNS query for an SRV record is made. The SRV record should be in the format _autodiscover._tcp.contoso.com, resolving to the FQDN of the Autodiscover endpoint.

However, the first URL https://contoso.com/autodiscover always fails because nobody ever uses the domain for Autodiscover. For your question and your expection, we can remove this record and try again.

Thanks

Free Windows Admin Tool Kit Click here and download it now
July 31st, 2015 4:28am

Yeah all is added.

For my non domain joined clients it works like you described but step 1. takes a very long time. It`s like it`s stuck on step 1.

If I remove root domain lookup it works instantly but this means editing registry on all non joined machines which is not ok.

July 31st, 2015 5:48am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics