autodiscover broken since ISA replaced with TMG
Hi there,
Our ISA server died around a month ago so we replaced it with a new TMG server. Exchange appeared to be running fine until late last week and now it only runs normally internally / while also connected via VPN. Around this time our wildcard cert was replaced
with a new one (which has different private key) and this replacement seems to be applied to exchange correctly (shows new freindly name in IIS > RpcWithCert site> properties> certificate).
I'm not sure if anything else has been changed, and I don't think we had SRV setup when it was working before
Running the www.testexchangeconnectivity.com tool externally / disconnected from VPN gives the below output which failed on all 5x tests. Where would be the best place to start troubleshooting this?
ExRCA is attempting to test Autodiscover for ouruser@ourdomain.com. Testing Autodiscover failed.
Test Steps
Attempting each method of contacting the Autodiscover service.
The Autodiscover service couldn't be contacted successfully by any method.
Test Steps
Attempting to test potential Autodiscover URL https://ourdomain.com/AutoDiscover/AutoDiscover.xml
Testing of this potential Autodiscover URL failed.
Test Steps
Attempting to resolve the host name ourdomain.com in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 60.234.64.106
Testing TCP port 443 on host ourdomain.com to ensure it's listening and open.
The specified port is either blocked, not listening, or not producing the expected response.
Additional Details
A network error occurred while communicating with the remote host.
Exception details:
Message: No connection could be made because the target machine actively refused it 60.234.64.106:443
Type: System.Net.Sockets.SocketException
Stack trace:
at System.Net.Sockets.TcpClient.Connect(String hostname, Int32 port)
at Microsoft.Exchange.Tools.ExRca.Tests.TcpPortTest.PerformTestReally()
Attempting to test potential Autodiscover URL https://autodiscover.ourdomain.com/AutoDiscover/AutoDiscover.xml
Testing of this potential Autodiscover URL failed.
Test Steps
Attempting to resolve the host name autodiscover.ourdomain.com in DNS.
The host name couldn't be resolved.
Additional Details
Host autodiscover.ourdomain.com couldn't be resolved in DNS Exception details:
Message: The requested name is valid, but no data of the requested type was found
Type: System.Net.Sockets.SocketException
Stack trace:
at System.Net.Dns.GetAddrInfo(String name)
at System.Net.Dns.InternalGetHostByName(String hostName, Boolean includeIPv6)
at System.Net.Dns.GetHostAddresses(String hostNameOrAddress)
at Microsoft.Exchange.Tools.ExRca.Tests.ResolveHostTest.PerformTestReally()
.
Attempting to contact the Autodiscover service using the HTTP redirect method.
The attempt to contact Autodiscover using the HTTP Redirect method failed.
Test Steps
Attempting to resolve the host name autodiscover.ourdomain.com in DNS.
The host name couldn't be resolved.
Additional Details
Host autodiscover.ourdomain.com couldn't be resolved in DNS Exception details:
Message: The requested name is valid, but no data of the requested type was found
Type: System.Net.Sockets.SocketException
Stack trace:
at System.Net.Dns.GetAddrInfo(String name)
at System.Net.Dns.InternalGetHostByName(String hostName, Boolean includeIPv6)
at System.Net.Dns.GetHostAddresses(String hostNameOrAddress)
at Microsoft.Exchange.Tools.ExRca.Tests.ResolveHostTest.PerformTestReally()
.
Attempting to contact the Autodiscover service using the DNS SRV redirect method.
ExRCA failed to contact the Autodiscover service using the DNS SRV redirect method.
Test Steps
Attempting to locate SRV record _autodiscover._tcp.ourdomain.com in DNS.
The Autodiscover SRV record wasn't found in DNS.
May 30th, 2011 5:31pm
On Mon, 30 May 2011 21:17:57 +0000, JeremyA6 wrote:
>
>
>Hi there,
>
>Our ISA server died around a month ago so we replaced it with a new TMG server. Exchange appeared to be running fine until late last week and now it only runs normally internally / while also connected via VPN. Around this time our wildcard cert was replaced
with a new one (which has different private key) and this replacement seems to be applied to exchange correctly (shows new freindly name in IIS > RpcWithCert site> properties> certificate). I'm not sure if anything else has been changed, and I don't think
we had SRV setup when it was working before
>
>Running the www.testexchangeconnectivity.com tool externally / disconnected from VPN gives the below output which failed on all 5x tests. Where would be the best place to start troubleshooting this?
>
> ExRCA is attempting to test Autodiscover for ouruser@ourdomain.com. Testing Autodiscover failed.
>
>Test Steps
>
>Attempting each method of contacting the Autodiscover service.
> The Autodiscover service couldn't be contacted successfully by any method.
>
>Test Steps
>
>Attempting to test potential Autodiscover URL https://ourdomain.com/AutoDiscover/AutoDiscover.xml
>
> Testing of this potential Autodiscover URL failed.
>
>Test Steps
>
>Attempting to resolve the host name ourdomain.com in DNS.
> The host name resolved successfully.
>
>Additional Details
> IP addresses returned: 60.234.64.106
>
>
>Testing TCP port 443 on host ourdomain.com to ensure it's listening and open.
> The specified port is either blocked, not listening, or not producing the expected response.
I don't thinkthis has anything to do with your certificate.
The IP address is listening on port 80. It's not listening on port
443.
The IP address PTR record returns mail dot xmail dot co dot nz.
There's no A record for autodiscover dot xmail dot co dot nz. And your
domain probably isn't "ourdomain.com". So, unless you're goint to
state whatr your domain name is, the assumption has to be that you've
simply neglected to publish the autodiscover dot xmail dot co dot nz
rule in TMZ and the associated A record in your DNS.
If that's not the case, then you've neglected to publish the xmail dot
co dot nz / autodiscover URL in TMZ.
Either way, there's "nobody home" to answer the door when somone
knocks on 60.234.64.106:443.
---
Rich Matheisen
MCSE+I, Exchange MVP
--- Rich Matheisen MCSE+I, Exchange MVP
Free Windows Admin Tool Kit Click here and download it now
May 30th, 2011 5:57pm