I can not get through the final setup of exchange can't connect from phone or exchange on a non domain computer. this is my report from testexchangeconnectivity.com Testing RPC/HTTP connectivity. The RPC/HTTP test failed. Test Steps ExRCA is attempting to test Autodiscover for administrator@gsmith.biz. Testing Autodiscover failed. Test Steps Attempting each method of contacting the Autodiscover service. The Autodiscover service couldn't be contacted successfully by any method. Test Steps Attempting to test potential Autodiscover URL https://gsmith.biz/AutoDiscover/AutoDiscover.xml Testing of this potential Autodiscover URL failed. Test Steps Attempting to resolve the host name gsmith.biz in DNS. The host name resolved successfully. Additional Details IP addresses returned: 123.243.73.235 Testing TCP port 443 on host gsmith.biz to ensure it's listening and open. The port was opened successfully. Testing the SSL certificate to make sure it's valid. The SSL certificate failed one or more certificate validation checks. Test Steps ExRCA is attempting to obtain the SSL certificate from remote server gsmith.biz on port 443. ExRCA successfully obtained the remote SSL certificate. Additional Details Remote Certificate Subject: CN=VMMAIL, Issuer: CN=VMMAIL. Validating the certificate name. Certificate name validation failed. Tell me more about this issue and how to resolve it Additional Details Host name gsmith.biz doesn't match any name found on the server certificate CN=VMMAIL. Attempting to test potential Autodiscover URL https://autodiscover.gsmith.biz/AutoDiscover/AutoDiscover.xml Testing of this potential Autodiscover URL failed. Test Steps Attempting to resolve the host name autodiscover.gsmith.biz in DNS. The host name resolved successfully. Additional Details IP addresses returned: 123.243.73.235 Testing TCP port 443 on host autodiscover.gsmith.biz to ensure it's listening and open. The port was opened successfully. Testing the SSL certificate to make sure it's valid. The SSL certificate failed one or more certificate validation checks. Test Steps ExRCA is attempting to obtain the SSL certificate from remote server autodiscover.gsmith.biz on port 443. ExRCA successfully obtained the remote SSL certificate. Additional Details Remote Certificate Subject: CN=VMMAIL, Issuer: CN=VMMAIL. Validating the certificate name. Certificate name validation failed. Tell me more about this issue and how to resolve it Additional Details Host name autodiscover.gsmith.biz doesn't match any name found on the server certificate CN=VMMAIL. Attempting to contact the Autodiscover service using the HTTP redirect method. The attempt to contact Autodiscover using the HTTP Redirect method failed. Test Steps Attempting to resolve the host name autodiscover.gsmith.biz in DNS. The host name resolved successfully. Additional Details IP addresses returned: 123.243.73.235 Testing TCP port 80 on host autodiscover.gsmith.biz to ensure it's listening and open. The port was opened successfully. ExRCA is checking the host autodiscover.gsmith.biz for an HTTP redirect to the Autodiscover service. ExRCA failed to get an HTTP redirect response for Autodiscover. Additional Details An HTTP 403 forbidden response was received. The response appears to have come from Unknown. Body of the response: Attempting to contact the Autodiscover service using the DNS SRV redirect method. ExRCA failed to contact the Autodiscover service using the DNS SRV redirect method. Test Steps Attempting to locate SRV record _autodiscover._tcp.gsmith.biz in DNS. The Autodiscover SRV record wasn't found in DNS. Tell me more about this issue and how to resolve it I tried to setup autoconfigure in DNS but not sure how exactly to do it. any help would be great. 

Is that your SMTP Address? @gsmith.biz ? If so, simply create a record in external DNS for autodiscover.gsmith.biz that points to the external IP address for the external client access to your servers.

I tried that but something must be wrong as it still does not work. This is whats in my GoDaddy DNS: And I have this in my internal DNS. This is where I think I have gone wrong. I also manage to get incoming mail working so will try to get a instantssl certificate today (if they are still free) or could I just use a self signed one?

Right, so you need 2 things here: A valid DNS entry and a trusted cert with the FQDN of that entry as one of the subject names on it. self-signed certs should not be used. Go with the 3rd party trusted.

Right so there is an issue with my local autoconfugure. Is it the domain that is the issue when I fill out the fields i thought that the domain had to be _autoconfigure._tcp.gsmith.biz but I can not change it from the below. For the SSL must I have one? This is only a test\lab server so that I can try out exchange and server 2013, I don't really want to pay for one if I can help it (I don't care about the prompt if that is the difference.) Thanks for you quick help.

You can use a self-signed cert however, you will need to either add it to the mobile device or tell to ignore the fact its not trusted. Note its autodiscover.gsmith.biz not _autoconfigure._tcp.gsmith.biz and its really used for external autodiscover, not internal. Domain-joined clients use the SCP record in AD to find autodiscovery URLs.

OH crap! that is a dumb mistake, let me change it and try again.

I have changed it but still have same issue. When I try to connect from my phone does it first use public DNS autodiscover to look at my internal dns autodiscover then pass the info back to my phone?

External non-domain joined clients will only refer to external DNS Try running the test-exchangeconnectivity tests again

OK well that's the important one for me then. I can ping autodiscover.gsmith.biz so looks like DNS is OK. I'm not %100 sure that I filled in godaddys autodiscover correctly but it looks right to me. I ran the testexchangeconnectivity.com test again and this is the response (sorry it loses color when I put it in as HTML but at least its not all one parragraph) ExRCA is attempting to test Autodiscover for administrator@gsmith.biz. Testing Autodiscover failed. Test Steps Attempting each method of contacting the Autodiscover service. The Autodiscover service couldn't be contacted successfully by any method. Test Steps Attempting to test potential Autodiscover URL https://gsmith.biz/AutoDiscover/AutoDiscover.xml Testing of this potential Autodiscover URL failed. Test Steps Attempting to resolve the host name gsmith.biz in DNS. The host name resolved successfully. Additional Details IP addresses returned: 123.243.73.235 Testing TCP port 443 on host gsmith.biz to ensure it's listening and open. The port was opened successfully. Testing the SSL certificate to make sure it's valid. The SSL certificate failed one or more certificate validation checks. Test Steps ExRCA is attempting to obtain the SSL certificate from remote server gsmith.biz on port 443. ExRCA successfully obtained the remote SSL certificate. Additional Details Remote Certificate Subject: CN=VMMAIL, Issuer: CN=VMMAIL. Validating the certificate name. Certificate name validation failed. Tell me more about this issue and how to resolve it Additional Details Host name gsmith.biz doesn't match any name found on the server certificate CN=VMMAIL. Attempting to test potential Autodiscover URL https://autodiscover.gsmith.biz/AutoDiscover/AutoDiscover.xml Testing of this potential Autodiscover URL failed. Test Steps Attempting to resolve the host name autodiscover.gsmith.biz in DNS. The host name resolved successfully. Additional Details IP addresses returned: 123.243.73.235 Testing TCP port 443 on host autodiscover.gsmith.biz to ensure it's listening and open. The port was opened successfully. Testing the SSL certificate to make sure it's valid. The SSL certificate failed one or more certificate validation checks. Test Steps ExRCA is attempting to obtain the SSL certificate from remote server autodiscover.gsmith.biz on port 443. ExRCA successfully obtained the remote SSL certificate. Additional Details Remote Certificate Subject: CN=VMMAIL, Issuer: CN=VMMAIL. Validating the certificate name. Certificate name validation failed. Tell me more about this issue and how to resolve it Additional Details Host name autodiscover.gsmith.biz doesn't match any name found on the server certificate CN=VMMAIL. Attempting to contact the Autodiscover service using the HTTP redirect method. The attempt to contact Autodiscover using the HTTP Redirect method failed. Test Steps Attempting to resolve the host name autodiscover.gsmith.biz in DNS. The host name resolved successfully. Additional Details IP addresses returned: 123.243.73.235 Testing TCP port 80 on host autodiscover.gsmith.biz to ensure it's listening and open. The port was opened successfully. ExRCA is checking the host autodiscover.gsmith.biz for an HTTP redirect to the Autodiscover service. ExRCA failed to get an HTTP redirect response for Autodiscover. Additional Details An HTTP 403 forbidden response was received. The response appears to have come from Unknown. Body of the response: Attempting to contact the Autodiscover service using the DNS SRV redirect method. ExRCA failed to contact the Autodiscover service using the DNS SRV redirect method. Test Steps Attempting to locate SRV record _autodiscover._tcp.gsmith.biz in DNS. The Autodiscover SRV record wasn't found in DNS. Tell me more about this issue and how to resolve it

Host name autodiscover.gsmith.biz doesn't match any name found on the server You need that on the cert. Note that since this is a self-signed cert, you will fail any trust test and the phones wont work unless you use a trusted cert or bypass that on the phone. Or use HTTP ( not recommened)

So for exchange I just need a SSL cert with the name autodiscover.gsmith.biz I don't need any other one like mail.gsmith.biz or pop.gsmith.biz?

OK so I added a startssl cert for autodiscover.gsmith.biz and this is the output. ExRCA is attempting to test Autodiscover for administrator@gsmith.biz. Testing Autodiscover failed. Test Steps Attempting each method of contacting the Autodiscover service. The Autodiscover service couldn't be contacted successfully by any method. Test Steps Attempting to test potential Autodiscover URL https://gsmith.biz/AutoDiscover/AutoDiscover.xml Testing of this potential Autodiscover URL failed. Test Steps Attempting to resolve the host name gsmith.biz in DNS. The host name resolved successfully. Additional Details IP addresses returned: 123.243.73.235 Testing TCP port 443 on host gsmith.biz to ensure it's listening and open. The port was opened successfully. Testing the SSL certificate to make sure it's valid. The SSL certificate failed one or more certificate validation checks. Test Steps ExRCA is attempting to obtain the SSL certificate from remote server gsmith.biz on port 443. ExRCA successfully obtained the remote SSL certificate. Additional Details Remote Certificate Subject: CN=VMMAIL, Issuer: CN=VMMAIL. Validating the certificate name. Certificate name validation failed. Tell me more about this issue and how to resolve it Additional Details Host name gsmith.biz doesn't match any name found on the server certificate CN=VMMAIL. Attempting to test potential Autodiscover URL https://autodiscover.gsmith.biz/AutoDiscover/AutoDiscover.xml Testing of this potential Autodiscover URL failed. Test Steps Attempting to resolve the host name autodiscover.gsmith.biz in DNS. The host name resolved successfully. Additional Details IP addresses returned: 123.243.73.235 Testing TCP port 443 on host autodiscover.gsmith.biz to ensure it's listening and open. The port was opened successfully. Testing the SSL certificate to make sure it's valid. The SSL certificate failed one or more certificate validation checks. Test Steps ExRCA is attempting to obtain the SSL certificate from remote server autodiscover.gsmith.biz on port 443. ExRCA successfully obtained the remote SSL certificate. Additional Details Remote Certificate Subject: CN=VMMAIL, Issuer: CN=VMMAIL. Validating the certificate name. Certificate name validation failed. Tell me more about this issue and how to resolve it Additional Details Host name autodiscover.gsmith.biz doesn't match any name found on the server certificate CN=VMMAIL. Attempting to contact the Autodiscover service using the HTTP redirect method. The attempt to contact Autodiscover using the HTTP Redirect method failed. Test Steps Attempting to resolve the host name autodiscover.gsmith.biz in DNS. The host name resolved successfully. Additional Details IP addresses returned: 123.243.73.235 Testing TCP port 80 on host autodiscover.gsmith.biz to ensure it's listening and open. The port was opened successfully. ExRCA is checking the host autodiscover.gsmith.biz for an HTTP redirect to the Autodiscover service. ExRCA failed to get an HTTP redirect response for Autodiscover. Additional Details An HTTP 403 forbidden response was received. The response appears to have come from Unknown. Body of the response: Attempting to contact the Autodiscover service using the DNS SRV redirect method. ExRCA failed to contact the Autodiscover service using the DNS SRV redirect method. Test Steps Attempting to locate SRV record _autodiscover._tcp.gsmith.biz in DNS. The Autodiscover SRV record wasn't found in DNS. Tell me more about this issue and how to resolve it

On Wed, 31 Oct 2012 03:09:17 +0000, theawkward wrote: >OK so I added a startssl cert for autodiscover.gsmith.biz and this is the output. Try this to get the information about the certificate (it all goes on one line): Get-ExchangeCertificate <thumbprint> | fl Issuer,CertificateDomains,Subject If you have multiple certificates make sure you enabled the correct one! Your problem is stated pretty clearly: Host name autodiscover.gsmith.biz doesn't match any name found on the server certificate CN=VMMAIL. --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP

I tried that command in Exchange Management shell (also tried PS) but I get this error. But I think that you may have solved it anyway. I didn't know that I had to have one as the default so went back to admin center and saw that I can change the services. I was going to tick the boxes for SMNP, IMAP, POP, IIS but I get this error and I am unsure if I want to do it. I had a look on the internet but couldn't find anything that was helpful. Is this where I went wrong? Shoudl I say yes?

when i clicked cancel it showed as having added those services so tested again and it all looks good. Thanks everyone! Now to see if it really works :)

On Wed, 31 Oct 2012 04:21:40 +0000, theawkward wrote: >I tried that command in Exchange Management shell (also tried PS) but I get this error. Well, sure . . . "<thumbprint>" is what you'd replace with the thumprint of your certificate. >But I think that you may have solved it anyway. I didn't know that I had to have one as the default so went back to admin center and saw that I can change the services. > >I was going to tick the boxes for SMNP, IMAP, POP, IIS but I get this error and I am unsure if I want to do it. I had a look on the internet but couldn't find anything that was helpful. > >Is this where I went wrong? Shoudl I say yes? If the certificate with the thumbprint "805A3...." is the one you want to use, sure. It isn't going to remove the other certificate from the certificate store so you always enable the one that you replace (at least until it's removed from the certificate store). --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP

:D Oh, that makes more sense. I've never used exchange or power shell before so was not sure what I was doing. I really just wanted to use a self signed certificate as its just a test server so that I can get used to exchange and server 2012 (technet). I ended up setting my self signed cert for SMNP, IMAP, POP, IIS (I left UM as I didn't know what it was) but I am still getting errors. When I run the PS command I get this [PS] C:\Windows\system32>Get-ExchangeCertificate EAD28B78253E49C9A480C7BBDADE8378DA50F17F | fl Issuer,CertificateDomains ,Subject Issuer : CN=vmmail.gsmith.biz CertificateDomains : {vmmail.gsmith.biz, AutoDiscover.gsmith.biz, mail.gsmith.biz, gsmith.biz} Subject : CN=vmmail.gsmith.biz That looks OK to me but I have other certificates that are assigned to the same services (exchange made these I think) Microsoft Exchange: IIS, SMTP Microsoft Exchange Server Auth Certificate: SMTP WMSVC: None So I tried to turn off these services but they are greyed out and I don't think I should just delete the certificates. If I try to setup mail in outlook 2013 (host, on non domain computer) then it looks like autodiscover is working as I get a prompt for Security certificate. and If i say yes then I all green ticks saying that it connected to the server But when I restart outlook I get this I have been trying to Google it but nothing seems related as its such a general error. Oh and I should say I am doing all this in the Exchange admin center not in IIS (i think this is where it used to go)

On Wed, 31 Oct 2012 23:12:12 +0000, theawkward wrote: [ snip ] >But when I restart outlook I get this Try running the Exchange Best Practices Analyzer. That GUID for the server name and the "=SMTP:" in the account name have, in the past, been caused by DNS and/or Outlook client issues. If the server's accessible from the Internet you can visit https://testexchangeconnectivity.com and verify that things are working correctly. --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP

I have been doing this and so far I have this. Outbound: OK, but get this warning that I am ignoring Performing Sender ID validation. Sender ID validation was performed successfully. Test Steps Attempting to find the SPF record using a DNS TEXT record query. ExRCA wasn't able to find the SPF record. Additional Details No records were found. Inbound: Completely OK Outlook Autodiscover: Completely OK Outlook Anywhere (RPC over HTTP): This one not so good. I am trying to work out how to do the Autodiscover.xml right now cause that looks like most of the damage. Testing RPC/HTTP connectivity. The RPC/HTTP test failed. Test Steps ExRCA is attempting to test Autodiscover for Administrator@gsmith.biz. Testing Autodiscover failed. Test Steps Attempting each method of contacting the Autodiscover service. The Autodiscover service couldn't be contacted successfully by any method. Test Steps Attempting to test potential Autodiscover URL https://gsmith.biz/AutoDiscover/AutoDiscover.xml Testing of this potential Autodiscover URL failed. Test Steps Attempting to resolve the host name gsmith.biz in DNS. The host name resolved successfully. Additional Details IP addresses returned: 123.243.73.235 Testing TCP port 443 on host gsmith.biz to ensure it's listening and open. The port was opened successfully. Testing the SSL certificate to make sure it's valid. The SSL certificate failed one or more certificate validation checks. Test Steps ExRCA is attempting to obtain the SSL certificate from remote server gsmith.biz on port 443. ExRCA successfully obtained the remote SSL certificate. Additional Details Remote Certificate Subject: CN=vmmail.gsmith.biz, Issuer: CN=vmmail.gsmith.biz. Validating the certificate name. The certificate name was validated successfully. Additional Details Host name gsmith.biz was found in the Certificate Subject Alternative Name entry. Certificate trust is being validated. Certificate trust validation failed. Test Steps ExRCA is attempting to build certificate chains for certificate CN=vmmail.gsmith.biz. A certificate chain couldn't be constructed for the certificate. Tell me more about this issue and how to resolve it Additional Details The certificate chain didn't end in a trusted root. Root = CN=vmmail.gsmith.biz Attempting to test potential Autodiscover URL https://autodiscover.gsmith.biz/AutoDiscover/AutoDiscover.xml Testing of this potential Autodiscover URL failed. Test Steps Attempting to resolve the host name autodiscover.gsmith.biz in DNS. The host name resolved successfully. Additional Details IP addresses returned: 123.243.73.235 Testing TCP port 443 on host autodiscover.gsmith.biz to ensure it's listening and open. The port was opened successfully. Testing the SSL certificate to make sure it's valid. The SSL certificate failed one or more certificate validation checks. Test Steps ExRCA is attempting to obtain the SSL certificate from remote server autodiscover.gsmith.biz on port 443. ExRCA successfully obtained the remote SSL certificate. Additional Details Remote Certificate Subject: CN=vmmail.gsmith.biz, Issuer: CN=vmmail.gsmith.biz. Validating the certificate name. The certificate name was validated successfully. Additional Details Host name autodiscover.gsmith.biz was found in the Certificate Subject Alternative Name entry. Certificate trust is being validated. Certificate trust validation failed. Test Steps ExRCA is attempting to build certificate chains for certificate CN=vmmail.gsmith.biz. A certificate chain couldn't be constructed for the certificate. Tell me more about this issue and how to resolve it Additional Details The certificate chain didn't end in a trusted root. Root = CN=vmmail.gsmith.biz Attempting to contact the Autodiscover service using the HTTP redirect method. The attempt to contact Autodiscover using the HTTP Redirect method failed. Test Steps Attempting to resolve the host name autodiscover.gsmith.biz in DNS. The host name resolved successfully. Additional Details IP addresses returned: 123.243.73.235 Testing TCP port 80 on host autodiscover.gsmith.biz to ensure it's listening and open. The port was opened successfully. ExRCA is checking the host autodiscover.gsmith.biz for an HTTP redirect to the Autodiscover service. ExRCA failed to get an HTTP redirect response for Autodiscover. Additional Details An HTTP 403 forbidden response was received. The response appears to have come from Unknown. Body of the response: Attempting to contact the Autodiscover service using the DNS SRV redirect method. ExRCA failed to contact the Autodiscover service using the DNS SRV redirect method. Test Steps Attempting to locate SRV record _autodiscover._tcp.gsmith.biz in DNS. The Autodiscover SRV record wasn't found in DNS. Tell me more about this issue and how to resolve it

On Thu, 1 Nov 2012 00:23:42 +0000, theawkward wrote: >I have been doing this and so far I have this. [ snip ] >Outlook Anywhere (RPC over HTTP): This one not so good. I am trying to work out how to do the Autodiscover.xml right now cause that looks like most of the damage. > >Testing RPC/HTTP connectivity. The RPC/HTTP test failed. [ snip ] Additional Details Remote Certificate Subject: CN=vmmail.gsmith.biz, Issuer: CN=vmmail.gsmith.biz. Validating the certificate name. [ snip ] Certificate trust validation failed. Test Steps ExRCA is attempting to build certificate chains for certificate CN=vmmail.gsmith.biz. A certificate chain couldn't be constructed for the certificate. Additional Details The certificate chain didn't end in a trusted root. Root = CN=vmmail.gsmith.biz The certificate isn't trusted by any public CA so you're not going to get this to work (well, maybe if you put the necessary information on an internet-facing machine you could). What infrmation did the ExBPA turn up? --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP

Oh forgot it has been retired, still looking to see if it was replaced with something else. In Exchange 2010, the Exchange Best Practice Analyzer examined your Exchange deployment and determined whether the configuration was in line with Microsoft best practices. In Exchange 2013, the Exchange Best Practice Analyzer has been retired.

Do I have to create AutoDiscover.xml because I can't really find any information on how to set it up or create it.