Announcement

Collapse
No announcement yet.

Autodiscover fails internally Possible SSL cert issue

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Autodiscover fails internally Possible SSL cert issue

    Trying to install SunBelt's Ninja Email Security on an SBS standard box 64 bit Exchange 2007. Sunbelt requires the Test-OutlookWebServices | FL to return with no errors.

    I have purchased and installed a UCC SSL cert from GoDaddy and followed the instructions in setting up the intermediate certificate correctly. I have tried other Certificate Providers but those providers like register.com and they need more info in the CSR than the "add trusted certificate" wizard provided. ( I learnt the hard way to always use the wizards they provide in SBS 2008 as much as possible)

    Test-OutlookWebServices | FL fails

    External Site successfull

    see below

    [PS] C:\>Test-OutlookWebServices | FL

    Id : 1003
    Type : Information
    Message : About to test AutoDiscover with the e-mail address [email protected]

    Id : 1007
    Type : Information
    Message : Testing server SERVER.domain.local with the published name https://remote.domain.com/EWS/Exchange.asmx & https://remote.domain.com/EWS/Exchange.asmx.

    Id : 1019
    Type : Information
    Message : Found a valid AutoDiscover service connection point. The AutoDiscover
    URL on this object is https://remote.domain.com/Autodiscover/Autodiscover.xml.

    Id : 1013
    Type : Error
    Message : When contacting https://remote.domain.com/Autodiscover/Autodiscover.xml received the error The remote server returned an error
    : (401) Unauthorized.

    Id : 1006
    Type : Error
    Message : The Autodiscover service could not be contacted.


    AutoDiscover test results from https://www.testexchangeconnectivity.com/ Warning in Bold

    Attempting each method of contacting the AutoDiscover Service
    The AutoDiscover Service was successfully tested.
    Test Steps
    Attempting to test potential AutoDiscover URL https://domain.com/AutoDiscover/AutoDiscover.xml
    Testing AutoDiscover URL succeeded
    Test Steps
    Attempting to Resolve the host name domain.com in DNS.
    Host successfully Resolved
    Additional Details
    IP(s) returned: xxx.xxx.xxx.xxx
    Testing TCP Port 443 on host domain.com to ensure it is listening/open.
    The port was opened successfully.
    Testing SSL Certificate for validity.
    The certificate passed all validation requirements.
    Test Steps
    Validating certificate name
    Successfully validated the certificate name
    Additional Details
    Found hostname domain.com in Certificate Subject Alternative Name entry
    Validating certificate trust
    The test passed with some warnings encountered. Please expand additional details.
    Additional Details
    Only able to build certificate chain when using the Root Certificate Update functionality from Windows Update. Your server may not be properly configured to send down the required intermediate certificates to complete the chain. Consult the certificate installation instructions or FAQ's from your Certificate Authority for more information
    Testing certificate date to ensure validity
    Date Validation passed. The certificate is not expired.
    Additional Details
    Certificate is valid: NotBefore = 6/15/2009 12:00:00 AM, NotAfter = 6/15/2010 12:00:00 AM


    Attempting to Retrieve XML AutoDiscover Response from url https://domain.com/AutoDiscover/AutoDiscover.xml for user [email protected]
    Successfully Retrieved AutoDiscover XML Response
    Additional Details
    AutoDiscover Account Settings - XML Response:<?xml version="1.0"?>
    <Autodiscover xmlnssi="http://www.w3.org/2001/XMLSchema-instance" xmlnssd="http://www.w3.org/2001/XMLSchema" xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
    <Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">
    <User>
    <DisplayName>Administrator</DisplayName>
    <LegacyDN>/o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=Administrator</LegacyDN>
    <DeploymentId>a1e97f0f-d3b3-469d-835d-9c0a7ca3dc41</DeploymentId>
    </User>
    <Account>
    <AccountType>email</AccountType>
    <Action>settings</Action>
    <Protocol>
    <Type>EXCH</Type>
    <Server>server.domain.local</Server>
    <ServerDN>/o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=server</ServerDN>
    <ServerVersion>720180F0</ServerVersion>
    <MdbDN>/o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=server/cn=Microsoft Private MDB</MdbDN>
    <ASUrl>https://remote.domain.com/EWS/Exchange.asmx</ASUrl>
    <OOFUrl>https://remote.domain.com/EWS/Exchange.asmx</OOFUrl>
    <OABUrl>https://remote.domain.com/OAB/5ffcd03f-8e4a-4a86-b6e5-2dd0378683d2/</OABUrl>
    <UMUrl>https://remote.domain.com/UnifiedMessaging/Service.asmx</UMUrl>
    <Port>0</Port>
    <DirectoryPort>0</DirectoryPort>
    <ReferralPort>0</ReferralPort>
    <PublicFolderServer>server.domain.local</PublicFolderServer>
    <AD>server.domain.local</AD>
    <EwsUrl>https://remote.domain.com/EWS/Exchange.asmx</EwsUrl>
    </Protocol>
    <Protocol>
    <Type>EXPR</Type>
    <Server>autodiscover.domain.com</Server>
    <ASUrl>https://remote.domain.com/EWS/Exchange.asmx</ASUrl>
    <OOFUrl>https://remote.domain.com/EWS/Exchange.asmx</OOFUrl>
    <OABUrl>https://remote.domain.com/OAB/5ffcd03f-8e4a-4a86-b6e5-2dd0378683d2/</OABUrl>
    <UMUrl>https://remote.domain.com/UnifiedMessaging/Service.asmx</UMUrl>
    <Port>0</Port>
    <DirectoryPort>0</DirectoryPort>
    <ReferralPort>0</ReferralPort>
    <SSL>On</SSL>
    <AuthPackage>Ntlm</AuthPackage>
    <EwsUrl>https://remote.domain.com/EWS/Exchange.asmx</EwsUrl>
    </Protocol>
    <Protocol>
    <Type>WEB</Type>
    <Port>0</Port>
    <DirectoryPort>0</DirectoryPort>
    <ReferralPort>0</ReferralPort>
    <External>
    <OWAUrl AuthenticationMethod="Fba">https://remote.domain.com/owa/</OWAUrl>
    <Protocol>
    <Type>EXPR</Type>
    <ASUrl>https://remote.domain.com/EWS/Exchange.asmx</ASUrl>
    </Protocol>
    </External>
    <Internal>
    <OWAUrl AuthenticationMethod="Basic, Fba">https://remote.domain.com/owa/</OWAUrl>
    <Protocol>
    <Type>EXCH</Type>
    <ASUrl>https://remote.domain.com/EWS/Exchange.asmx</ASUrl>
    </Protocol>
    </Internal>
    </Protocol>
    </Account>
    </Response>
    </Autodiscover>


    To me this error in exchange shell looks like an Authentication issue

    Any ideas welcome

  • #2
    Re: Autodiscover fails internally Possible SSL cert issue

    I have what looks to be the same situation.
    Did you find a solution?
    Joel

    Comment

    Working...
    X