ActiveSync Autodiscover not working

Similar Messages

• ActiveSync autodiscover not working for iPhone but for Android and Windows Phone

  Hi
  We have setup an Exchange 2013 hosted environment, where different mail domains are running on it.
  The main domain is mydomain.com. One of the client domains is customer.com.
  Autodiscover for customer.com has a cname which points to autodiscover.mydomain.com, on our firewall this url is redirected to autodiscover-s.mydomain.com, where our public certificate for mydomain.com is applied. Autodiscover for all
  our customers finally ends at autodiscover-s.mydomain.com.
  Outlook WebApp, Outlook Anywhere and ActiveSync for all customers is reachable through mail.mydomain.com.
  Everything works fine, except of autodiscover for iPhones. I always have to enter the server name mail.mydomain.com manually. After that ActiveSync works on iPhones as well.
  The Problem doesn’t exist on Androids and Windows Phones.
  Any suggestion?
  Regards
  Peter

  Yes, Interestingly same configuration is working in my home lab, but not working at customer. The version is 10.5
  Cannot say wireless issue as jabber for windows is working from wireless

• Autodiscover not working internally

  Hi
  So far this has driven me crazy. I cannot seem to get this to work. I am going to try and explain the situation fully. What we have is a hosted Exchange environment where we have
  multiple tenants with their own domains. We have a SSL certificate for our own domain domain.com. It has the following domain names linked to it:
  webmail.domain.com (Primary) 
  autodiscover.domain.com (SAN) 
  mail.domain.com (SAN)
  We have multiple tenants with each a unique domain (i.e. tenant.com). We have setup CNAME records for this domains so that they point to our HTTP redirection website which in turn
  redirects them to our autodiscover website (= autodiscover.domain.com). This is to avoid having to buy an SSL certificate with several SAN hostnames. Our domain domain.local or domain.com (= externally) also hosts a series of other servers including terminal
  servers which are tenants/clients use. 
  The autodiscovery service works externally (which means devices that are not within our domain.local domain). It is able to use the autodiscover service for i.e. autodiscover.tenant.com Internally it does not work for some strange reason. It is able to reach
  the redirect website and it is able to get to the right web server hosting the autodiscover website but it fails when it tries to find the hostname autodiscover.domain.com in the SSL certificate webmail.domain.com. Even though the hostname autodiscover.domain.com
  is included in the SAN. It says that they can't validate the certificate name. Externally it is able to find this and validate the certificate but not internally for some strange reason. Why would this be?
  Thanks again for all your help. It is much appreciated.
  Daniel

  Hi,
  According to your description, the name Autodiscover.domain.com can be resolved externally while it cannot be resolved internally. If I misunderstabd your meaning, please feel free to let me know.
  If yes, I'd like to recommend you check if there is an internal DNS entry about the name Autodiscover.domain.com. Additionally, we can also check the result of directly accessing the URL:
  https://autodiscover.domain.com/autodiscover/autodiscover.xml on a internal client machine.
  Thanks,
  Angela Shi
  TechNet Community Support

• Mac Mail autodiscover not working?

  When trying to create an Exchange mail account on Mac Mail 6.5, I enter the username, e-mail address, and password.  However the autodiscovery service is not working as it should.  It's polling autodiscover.<companydomain>.com when in fact it should be polling autodiscover.outlook.com.
  Any ideas?
  (Crazy thing is that Macs must be configured differently because my iMacs in house work fine, but the Macbooks out in field do not).

  how to add the account manually, this article explains. good luck, I wish you.
  http://support.apple.com/kb/HT1277
  may the force be with you.

• € Euro Currency symbol in ActiveSync password not working.

  Are there any known issues when using the € Euro Currency symbol as a password for ActiveSync on an iOS device? It appears ActiveSync does not accept the  € Euro Currency symbol when used in a password sent from an iPad/iPhone.
  Are there any known issues with special characters and ActiveSync?
  Thanks for your help.
  Regards,
  Dennis

  ActiveSync was developed for Windows.  You'd have to know what code page the Windows device was using to make sure you understood how the character should be coded.
  Generally speaking, I wouldn't use any character in a password that didn't have an ASCII code.  We've even had trouble with accented characters.

• Exchange AutoDiscover not working correctly in 2010/2013 environment

  Here's my setup:
  Mixed environment transitioning:
  Exchange 2010 running on Server 2008 in a VM
  Exchange 2013 running on Server 2012 in a VM
  I have split dns so that autodiscover.domain.com points to my 2013 server internally and my 2010 server externally.  When setting up new profiles in outlook internally, autodiscover seems to work fine.  However, when I try moving the public autodiscover.domain.com
  DNS record over to the 2013, things stop working (like auto profile setup). 
  I know that the 2013 server is reachable from the outside because mail.domain.com will to go owa and ecp without a problem.  I can log in to both without an issue.
  If I point public DNS back to my 2010 server, then all is well again with outlook anywhere and mobile connectivity.
  I'm not really sure what needs to be tweaked for the 2013 server to be ready to take over the day to day communications so that I can decommission my 2010 server.
  Here are the results of the connectivity analyzer:
  The Microsoft Connectivity Analyzer is attempting to test Autodiscover for me.
  Testing Autodiscover failed.
  Additional Details
  Elapsed Time: 1774 ms.
  Test Steps
  Attempting each method of contacting the Autodiscover service.
  The Autodiscover service couldn't be contacted successfully by any method.
  Additional Details
  Elapsed Time: 1773 ms.
  Test Steps
  Attempting to test potential Autodiscover URL https://domain.com:443/Autodiscover/Autodiscover.xml
  Testing of this potential Autodiscover URL failed.
  Additional Details
  Elapsed Time: 489 ms.
  Test Steps
  Attempting to resolve the host name domain.com in DNS.
  The host name resolved successfully.
  Additional Details
  IP addresses returned: 98.129.228.152
  Elapsed Time: 165 ms.
  Testing TCP port 443 on host domain.com to ensure it's listening and open.
  The port was opened successfully.
  Additional Details
  Elapsed Time: 97 ms.
  Testing the SSL certificate to make sure it's valid.
  The SSL certificate failed one or more certificate validation checks.
  Additional Details
  Elapsed Time: 225 ms.
  Test Steps
  The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server domain.com on port 443.
  The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
  Additional Details
  Remote Certificate Subject: CN=www.domain.com, OU=Domain Control Validated - RapidSSL(R), OU=See www.rapidssl.com/resources/cps (c)09, OU=2150198723, O=www.domain.com, C=US, Issuer: CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure Inc., C=US.
  Elapsed Time: 170 ms.
  Validating the certificate name.
  Certificate name validation failed.
  Tell me more about this issue and how to resolve it
  Additional Details
  Host name domain.com doesn't match any name found on the server certificate CN=www.domain.com, OU=Domain Control Validated - RapidSSL(R), OU=See www.rapidssl.com/resources/cps (c)09, OU=2150198723, O=www.domain.com, C=US.
  Elapsed Time: 1 ms.
  Attempting to test potential Autodiscover URL https://autodiscover.domain.com:443/Autodiscover/Autodiscover.xml
  Testing of this potential Autodiscover URL failed.
  Additional Details
  Elapsed Time: 1009 ms.
  Test Steps
  Attempting to resolve the host name autodiscover.domain.com in DNS.
  The host name resolved successfully.
  Additional Details
  IP addresses returned: x.x.x.x
  Elapsed Time: 70 ms.
  Testing TCP port 443 on host autodiscover.domain.com to ensure it's listening and open.
  The port was opened successfully.
  Additional Details
  Elapsed Time: 189 ms.
  Testing the SSL certificate to make sure it's valid.
  The certificate passed all validation requirements.
  Additional Details
  Elapsed Time: 300 ms.
  Test Steps
  The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server autodiscover.domain.com on port 443.
  The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
  Additional Details
  Remote Certificate Subject: CN=mail.domain.com, OU=PositiveSSL Multi-Domain, OU=Domain Control Validated, Issuer: CN=PositiveSSL CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB.
  Elapsed Time: 220 ms.
  Validating the certificate name.
  The certificate name was validated successfully.
  Additional Details
  Host name autodiscover.domain.com was found in the Certificate Subject Alternative Name entry.
  Elapsed Time: 1 ms.
  Certificate trust is being validated.
  The certificate is trusted and all certificates are present in the chain.
  Test Steps
  The Microsoft Connectivity Analyzer is attempting to build certificate chains for certificate CN=mail.domain.com, OU=PositiveSSL Multi-Domain, OU=Domain Control Validated.
  One or more certificate chains were constructed successfully.
  Additional Details
  A total of 1 chains were built. The highest quality chain ends in root certificate CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE.
  Elapsed Time: 34 ms.
  Analyzing the certificate chains for compatibility problems with versions of Windows.
  Potential compatibility problems were identified with some versions of Windows.
  Additional Details
  The Microsoft Connectivity Analyzer can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the "Update Root Certificates" feature isn't enabled.
  Elapsed Time: 5 ms.
  Testing the certificate date to confirm the certificate is valid.
  Date validation passed. The certificate hasn't expired.
  Additional Details
  The certificate is valid. NotBefore = 5/19/2014 12:00:00 AM, NotAfter = 5/18/2016 11:59:59 PM
  Elapsed Time: 0 ms.
  Checking the IIS configuration for client certificate authentication.
  Client certificate authentication wasn't detected.
  Additional Details
  Accept/Require Client Certificates isn't configured.
  Elapsed Time: 276 ms.
  Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
  Autodiscover settings weren't obtained when the Autodiscover POST request was sent.
  Additional Details
  Elapsed Time: 172 ms.
  Test Steps
  The Microsoft Connectivity Analyzer is attempting to retrieve an XML Autodiscover response from URL https://autodiscover.domain.com:443/Autodiscover/Autodiscover.xml for user [email protected].
  The Microsoft Connectivity Analyzer failed to obtain an Autodiscover XML response.
  Additional Details
  A Web exception occurred because an HTTP 404 - NotFound response was received from Unknown.HTTP Response Headers:
  Connection: close
  Content-Length: 315
  Content-Type: text/html; charset=us-ascii
  Date: Sat, 19 Jul 2014 03:44:42 GMT
  Server: Microsoft-HTTPAPI/2.0
  Elapsed Time: 171 ms.
  Attempting to contact the Autodiscover service using the HTTP redirect method.
  The attempt to contact Autodiscover using the HTTP Redirect method failed.
  Additional Details
  Elapsed Time: 207 ms.
  Test Steps
  Attempting to resolve the host name autodiscover.domain.com in DNS.
  The host name resolved successfully.
  Additional Details
  IP addresses returned: x.x.x.x
  Elapsed Time: 15 ms.
  Testing TCP port 80 on host autodiscover.domain.com to ensure it's listening and open.
  The port was opened successfully.
  Additional Details
  Elapsed Time: 76 ms.
  The Microsoft Connectivity Analyzer is checking the host autodiscover.domain.com for an HTTP redirect to the Autodiscover service.
  The Microsoft Connectivity Analyzer failed to get an HTTP redirect response for Autodiscover.
  Additional Details
  An HTTP 403 forbidden response was received. The response appears to have come from Unknown. Body of the response: HTTP Response Headers:
  X-FEServer: SMSE2013
  Content-Length: 0
  Date: Sat, 19 Jul 2014 03:44:42 GMT
  Server: Microsoft-IIS/8.0
  X-Powered-By: ASP.NET
  Elapsed Time: 115 ms.
  Attempting to contact the Autodiscover service using the DNS SRV redirect method.
  The Microsoft Connectivity Analyzer failed to contact the Autodiscover service using the DNS SRV redirect method.
  Additional Details
  Elapsed Time: 39 ms.
  Test Steps
  Attempting to locate SRV record _autodiscover._tcp.domain.com in DNS.
  The Autodiscover SRV record wasn't found in DNS.
  Tell me more about this issue and how to resolve it
  Additional Details
  Elapsed Time: 39 ms.
  Checking if there is an autodiscover CNAME record in DNS for your domain 'domain.com' for Office 365.
  Failed to validate autodiscover CNAME record in DNS. If your mailbox isn't in Office 365, you can ignore this warning.
  Tell me more about this issue and how to resolve it
  Additional Details
  There is no Autodiscover CNAME record for your domain 'domain.com'.
  Elapsed Time: 28 ms.
  I just double checked my SSL cert and it has the three typical entries:
  DNS Name=mail.domain.com
  DNS Name=AutoDiscover.domian.com
  DNS Name=domain.com
  I have assembled the output for the following commands
  HERE
  Get-OutlookProvider | fl
  Get-OutlookAnywhere | fl
  Get-ActiveSyncVirtualDirectory | fl
  Get-AutodiscoverVirtualDirectory | fl
  Get-EcpVirtualDirectory | fl
  Get-OabVirtualDirectory | fl
  Get-OwaVirtualDirectory | fl
  Get-PowerShellVirtualDirectory | fl
  Get-WebServicesVirtualDirectory | fl
  Text
  I have gone through the Exchange Server Deployment Assistant.  Almost everything was as it should have been.  I made some changes in the "Enable and configure Outlook Anywhere" and "Configure
  service connection point."
  I have switched external DNS over to my 2013 server, and the connectivity test is still failing.  It is also not proxying the 2010 mailboxes through 2013 as it should (according to the Deployment Assistant).
  I have a 2010 test account and a 2013 test account.  Both work fine in their respective WebMail's, but the 2010 mailbox will not pull up through the 2013 WebMail.
  Just for the heck of it, I have checked my SonicWall and it is configured the same for the 2010 host and the 2013 host.  I knew that ports 80 and 443 were passing on both hosts anyway because the port 80 redirect works and https webmail works
  on both hosts.
  If I try to access the xml file directly on both hosts:
  https://mail.domain.com/Autodiscover/Autodiscover.xml (2013)
  https://webmail.domain.com/Autodiscover/Autodiscover.xml
  (2010)
  I do get an xml response from both of them after authenticating like this:
  <Autodiscover>
  <Response>
  <Error Time="18:17:41.0173284" Id="2526055628">
  ErrorCode>600</ErrorCode>
  <Message>Invalid Request</Message>
  <DebugData/>
  </Error>
  </Response>
  </Autodiscover>
  Sooo...I'm stuck.

  Update since my last post.
  I have all mailboxes migrated off of 2010 and onto 2013.  I'm ready to turn 2010 off as soon as I can figure out this autodiscover problem and get mail flow going in and out of the 2013 server instead of the 2010 one.
  Brian, I had a http redirect enabled in 2013.  I disabled that redirect and checked for any others.  There is currently no redirect in place anywhere under the default web site (the root site now goes to an IIS 8 page).  AutoDiscover is still
  failing according to the Exchange Connectivity site.
  When I switch autodiscover.domain.com over to the 2013 server I still get failures:
  Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
  Autodiscover settings weren't obtained when the Autodiscover POST request was sent.
  Additional Details
  Elapsed Time: 146 ms.
  Test Steps
  The Microsoft Connectivity Analyzer is attempting to retrieve an XML Autodiscover response from URL https://autodiscover.domain.com:443/Autodiscover/Autodiscover.xml for user [email protected].
  The Microsoft Connectivity Analyzer failed to obtain an Autodiscover XML response.
  Additional Details
  A Web exception occurred because an HTTP 404 - NotFound response was received from Unknown.HTTP Response Headers:
  Connection: close
  Content-Length: 315
  Content-Type: text/html; charset=us-ascii
  Date: Mon, 11 Aug 2014 16:50:27 GMT
  Server: Microsoft-HTTPAPI/2.0
  Elapsed Time: 145 ms.
  If I try to hit the xml manually, I get the expected 600 error after providing a username and password.  Should IIS be prompting for credentials when hitting the path for AutoDiscover.xml directly?
  <Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
  <Response>
  <Error Time="10:53:38.3228589" Id="36607859">
  <ErrorCode>600</ErrorCode>
  <Message>Invalid
  Request</Message>
  <DebugData/>
  </Error>
  </Response>
  </Autodiscover>
  If I switch autodiscover.domain.com back over to my 2010 server the test passes:
  Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
  The Microsoft Connectivity Analyzer successfully retrieved Autodiscover settings by sending an Autodiscover POST.
  Additional Details
  Elapsed Time: 444 ms.
  Test Steps
  The Microsoft Connectivity Analyzer is attempting to retrieve an XML Autodiscover response from URL https://autodiscover.domain.com:443/Autodiscover/Autodiscover.xml for user [email protected].
  The Autodiscover XML response was successfully retrieved.
  Additional Details
  Autodiscover Account Settings
  XML response:
  <?xml version="1.0"?>
  <Autodiscover xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
  <Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/mobilesync/responseschema/2006">
  <Culture>en:us</Culture>
  <User>
  <DisplayName>Exchange 2013. Test</DisplayName>
  <EMailAddress>[email protected]</EMailAddress>
  </User>
  <Action>
  <Settings>
  <Server>
  <Type>MobileSync</Type>
  <Name>https://mail.domain.com/Microsoft-Server-ActiveSync</Name>
  </Server>
  </Settings>
  </Action>
  </Response>
  </Autodiscover>HTTP Response Headers:
  Persistent-Auth: true
  Content-Length: 736
  Cache-Control: private
  Content-Type: text/xml; charset=utf-8
  Date: Mon, 11 Aug 2014 17:08:12 GMT
  Server: Microsoft-IIS/7.5
  X-AspNet-Version: 2.0.50727
  X-Powered-By: ASP.NET
  Elapsed Time: 444 ms.
  One interesting thing to note, is that <Url>https://mail.domain.com/Microsoft-Server-ActiveSync</Url>
  is my 2013 server, not my 2010 server

• Exchange 2013 autodiscover not working from Externally

  Hi 
  i have exchange 2010 sp3(2Mb, 2hub/cas). I installed exchange 2013 servers(2MB, 2CAS). For coexistence i generated new certifcate with new cas from third party. I installed that certificate in that cas and assigned all services. i changed all my virtual
  directories service url. I didnt import the new certificate to exchange 2010 cas server and i didnt change url to legacy link.But still iam able to check exchange 2010 user mailbox owa, activesync and autodiscover without any certificate error. 
  If i try to browse owa, its going to 2013 server, if user is exchange 2010 user and its redirecting to exchange 2010 owa with same link.
  But i dont know how above things is working without importing to new certificate...
  Main problem is i am not able to configure exchange 2013 users outlookanywhere, Autodiscover from externally...
  So in tmg i pointed the outlook anywhere ip address new cas server, now both exchange 2010 and exchange 2013 users while OA from external, its keep on asking password... Not accepting it...
  Please help me to fix this issue..

  Hi ,
  On TMG please have the outlook anywhere rule like below and check the status.
  Step
  1 :
  On the TMG rule - >authentication delegation ---> select the option "no delegation users can authenticate directly"
  Step
  2 :
  on the users tab in the TMG rule - just add "all users" group on that rule.
  By having the above settings we have avoided the issues in your environment.
  Note : Based on the above setting's , Each and everyone in exchange will have a access to the outlook anywhere from external world , because there would not be having any restriction on the TMG rules.
  Please have a look in to the below link , it will give you some ideas which is related to TMG
  http://blogs.technet.com/b/exchange/archive/2012/11/21/publishing-exchange-server-2013-using-tmg.aspx
  Thanks & Regards S.Nithyanandham

• Autodiscover not working

  I am using Exchange 2007 SP1. Exchange ActiveSync doesnot work.
  autodiscover DNS Records
  Get-ClientAccessServer | fl Name,AutoDiscoverServiceInternalUri
  Name                           : MAIL
  AutoDiscoverServiceInternalUri : https://mail.mydomain.com/autodiscover/autodiscover.xml
  Get-ClientAccessServer | fl Name,AutoDiscoverServiceExternalUri
  Name : MAIL
  In my Dns I can see records
  (same as parent folder)  Host(A) 192.168.1.2 (local exchange IP)
  (same as parent folder)  Text(TXT) v=spf1 mx ptr mx:mail.mydomain.com ip4:10.1.1.1-all (here 10.1.1.1 is public Ip of my server)
  (same as parent folder) Alias(CNAME) mail.mydomain.com 
  I am trying to create host record for autodiscover pointing to my public ip i am getting error
  The host record autodiscover.mydomain.com cannot be created Node is a CNAME DNS record
  Please do guide me how to setup autodiscover record and SRV records for my exchange so that
  active sync works. i use digicert for OWA
  Get-ActiveSyncVirtualDirectory | fl
  MobileClientFlags                                         : BadItemReportingEnabled
  MobileClientCertificateProvisioningEnabled : False
  BadItemReportingEnabled                           : True
  MobileClientCertificateAuthorityURL             :
  MobileClientCertTemplateName                   :
  ActiveSyncServer                                         : https://mail.mydomain.com/
  RemoteDocumentsActionForUnknownServers     : Allow
  RemoteDocumentsInternalDomainSuffixList    : {mydomain.com}
  MetabasePath                                              : IIS://MAIL.mydomain.com/W3SVC/1/ROOT/Microsoft-Server-ActiveSync
  BasicAuthEnabled                                        : True
  WindowsAuthEnabled                                 : False
  CompressionEnabled                                  : True
  ClientCertAuth                                            : Ignore
  WebsiteName                                             : Default Web Site
  WebSiteSSLEnabled                                   : True
  VirtualDirectoryName                                  : Microsoft-Server-ActiveSync
  Path                                       :
  Server                                     : MAIL
  InternalUrl                                : https://mail.mydomain.com/Microsoft-Server-ActiveSync
  InternalAuthenticationMethods              : {}
  ExternalUrl                                : https://mail.mydomain.com/
  ExternalAuthenticationMethods              : {}
  AdminDisplayName                           :
  ExchangeVersion                            : 0.1 (8.0.535.0)
  Name                                       : Microsoft-Server-ActiveSync (Default Web Site)
  DistinguishedName                          : CN=Microsoft-Server-ActiveSync (Default Web Site),CN=HTTP,CN=Protocols,CN=MAIL,CN=Servers,CN=Exchange Administrati
                                               ve Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Con
                                               figuration,DC=,DC=,DC=
  Identity                                   : MAIL\Microsoft-Server-ActiveSync (Default Web Site)
  ObjectCategory                             : mydomain.com/Configuration/Schema/ms-Exch-Mobile-Virtual-Directory
  ObjectClass                                : {top, msExchVirtualDirectory, msExchMobileVirtualDirectory}
  OriginatingServer                          : MAIL.mydomain.com
  IsValid                                    : True

  Hi,
  Please check whether there is any Exchange service which is still using blgexchserv1.blg.local as the namespace of internal URL.
  In Outlook client, please follow the steps below to check Exchange service for the problematic users :
  Open Outlook - press CTRL key - right click on the Outlook icon from right bottom corner taskbar -
  Test Email AutoConfiguration. Put the email address - uncheck use guessmart and secure guessmart authentication - click Test to check your Autodiscover service.
  Please collect the information in the Log tab and Results tab. In Results tab, please confirm the blgexchserv1.blg.local name is not used in OWA URL, Availability Service URL, OOF URL, OAB URL. If the .local is still used,
  please refer to the following KB to change the Internal URL for the service to match the name in your certificate with IIS service:
  Outlook 2007 security warning: "The name of the security certificate is invalid or does not match the name of the site"
  Regards,
  Winnie Liang
  TechNet Community Support

• ActiveSync is not working properly after migrating to new Exchange 2013 SP1 server?!

  Few weeks ago we have added new Exchange 2013 SP1 onto our existing Exchange 2007 environment. I have migrated my mailbox to the new Ex2013 server. Everything (send/receive - internally/externally, OWA, OutlookAnywhere) for me and the existing Ex2007
  users works fine. The only thing I have trouble with is the ActiveSync! After migrating to the new Ex2013 server my phone stops getting new emails…, existing Ex2007 users don’t have any problems with their mobile phones.
  I did ActiveSync test for my user account with ActiveSync Tester and here is what I have:
  As you can see from the error above  ActiveSync Tester detects ActiveSync on Ex2013 server however something wrong there with form-based auth?! I can’t see any differences in settings for ActiveSync virtual folders in Ex2007 and Ex2013
  virtual folders?!
  What I’m missing here?! Please help.

  Check if the Exchange Servers group does not have the appropriate permission to the mailbox object in Active Directory.
  To check whether inheritance is disabled on the user:
  1.Open Active Directory Users and Computers.
  2.On the menu at the top of the console, click View > Advanced Features.
  3.Locate and right-click the mailbox account in the console, and then click Properties.
  4.Click the Security tab.
  5.Click Advanced.
  6.Make sure that the check box for "Include inheritable permissions from this object's parent" is selected.
  Ref:
  http://technet.microsoft.com/en-us/library/dd439375(v=exchg.80).aspx
  Also check the Virtual directory authentication
  Microsoft-Server-ActiveSync
   •Basic authentication
   •SSL required
   •Requires 128-bit encryption
  Ref:
  http://technet.microsoft.com/en-us/library/gg247612(v=exchg.150).aspx
  Check the IIS log if you are able to find any error message on it
  Exchange Queries

• Autodiscover not working correctly when Office 365 integrated with Server Essentials 2012 R2

  Hello!
  This last weekend I setup our server as new and to ease the creation of users, integrated with our Office 365 (which to this point has worked fine) and imported the users. This had a somewhat unexpected side effect in that the import used the email address
  as for the user forename and then synced that change back to Office 365 and so needed to enter this information back in on the dashboard which synced back to Office 365. This may or may not have any relevance to our issue below.
  I should also point out that we have our own domain name so within the original Office 365 setup we had just one .onmicrosoft.com user with all the rest setup with our own domain name.
  At the weekend when it came to the client install, Outlook (2010 or 2013) would fail on the autodiscover with it asking again for credentials but critically displaying a server name of .contoso.com rather than the office365srvr.contoso.com . As I mention,
  Office 365 had been operating fine for some time and DNS records where checked and have been set for sometime. I spoke to Office 365 support and after a while come up with a temporary solution (so that I could complete the client installs) of assigning each
  user a onmicrosoft address, using that in the new account wizard to pick up the server correctly and then signing in the the Office 365 .contoso.com credentials.
  This worked OK to get us past the weekend (although I am having to reset up profiles on quite number of users where they get disconnected but with no credentials box appearing) but isn't a solution. The clients do not see public folders or their archives
  and of course we don't want to keep having to reset the profiles.
  I'm think that there must be something in the internal network that needs reconfiguring but I don't know what. I have tried pointing the client to an external DNS server just in case the internal DNS server was throwing the autodiscover out but this has
  made no difference.

  Ah - solved my own problem.
  Despite the domain DNS record looking OK and the Office 365 Portal domain checker not highlighting any issue, it looks as though the autodiscover is picking up an imap account provided by the web host.
  I've added an alias on the local DNS server to point to the Office 365 autodiscover server and this has solved the problem.

• Exchange Server 2007 external autodiscover not working

  Dears
  I need help to resolve my autodiscover issue externally. Internally everything works fine like auto discover, free-busy, out of office etc.
  Our Exchange is 2007 CCR clustered with one CAS and HUB server (both in one) and 2 mailbox servers (active & passive) with a mail gateway appliance instead of Edge Server.
  Externally nothing of the above are working but Outlook Anywhere is working and more number of uses are working without any issue. For all these users who connected with Outlook-Anywhere they cannot see free-busy, out of office etc.
  Please let me know how I can check the settings for internal and external settings and what all details need to be provided for external autodiscover through cmdlet or GUI. 

  I am getting a XML file when accessing above link from external source.
  The beginning is as detailed below 
    <?xml
  version="1.0" encoding="utf-8" ?>
  - <wsdl:definitions
  xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:tns="http://schemas.microsoft.com/exchange/services/2006/messages" xmlns:s="http://www.w3.org/2001/XMLSchema"
  targetNamespace="http://schemas.microsoft.com/exchange/services/2006/messages" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"
  xmlns:t="http://schemas.microsoft.com/exchange/services/2006/types">
  - <wsdl:types>
  - <xs:schema
  xmlns:xs="http://www.w3.org/2001/XMLSchema">
    <xs:import
  namespace="http://schemas.microsoft.com/exchange/services/2006/messages" schemaLocation="messages.xsd"
  />
    </xs:schema>
    </wsdl:types>
  - <wsdl:message
  name="ConvertIdSoapIn">
    <wsdl:part
  name="request"
  element="tns:ConvertId" />
    <wsdl:part
  name="RequestVersion"
  element="t:RequestServerVersion" />
    </wsdl:message>
  - <wsdl:message
  name="ConvertIdSoapOut">
    <wsdl:part
  name="ConvertIdResult"
  element="tns:ConvertIdResponse" />
    <wsdl:part
  name="ServerVersion"
  element="t:ServerVersionInfo" />
    </wsdl:message>
  - <wsdl:message
  name="GetFolderSoapIn">
    <wsdl:part
  name="request"
  element="tns:GetFolder" />
    <wsdl:part
  name="Impersonation"
  element="t:ExchangeImpersonation" />
    <wsdl:part
  name="S2SAuth"
  element="t:SerializedSecurityContext" />
    <wsdl:part
  name="MailboxCulture"
  element="t:MailboxCulture" />
    <wsdl:part
  name="RequestVersion"
  element="t:RequestServerVersion" />
    </wsdl:message>
  - <wsdl:message
  name="GetFolderSoapOut">
    <wsdl:part
  name="GetFolderResult"
  element="tns:GetFolderResponse" />
    <wsdl:part
  name="ServerVersion"
  element="t:ServerVersionInfo" />
    </wsdl:message>

• AutoDiscover not working after Exchange 2010 SP2 - SP3 update.

  Hi Everyone, 
  I'm sorry if this is a really simple thing, but i've played around for hours and exhausted google.
  I run a 2010 exchange server for everyone at the office, and today I updated from 2010 SP2 to SP3.
  The problem I have is auto discover no longer accepts anyones username or password. If you set the account up on the client machine by manually entering the details everything works great.
  All the DNS records are correct and have been working for 2+ years. I have recreated the Autodiscovery virtual directory in EMC.
  If i manually browse to mydomain/Autodiscover/Autodiscover.xml, when asked for a username and password it says it incorrect. I can then log in to OWA with the same credentials and it works. 
  Thanks,
  Garrett
  The Microsoft Connectivity Analyzer is attempting to retrieve an XML Autodiscover response from URL https://mydomaincom.au:443/Autodiscover/Autodiscover.xml for user mydomain.com.au.
  The Microsoft Connectivity Analyzer failed to obtain an Autodiscover XML response.
  Additional Details
  An HTTP 401 Unauthorized response was received from the remote Unknown server. This is usually the result of an incorrect username or password. If you are attempting to log onto an Office 365 service, ensure you are using your full User Principal Name (UPN).
  HTTP Response Headers:
  Transfer-Encoding: chunked
  Connection: keep-alive
  Content-Type: text/html
  Date: Wed, 22 Apr 2015 00:44:51 GMT
  Set-Cookie: __cfduid=dc0261b4643b5dbe27f750bbc28bfef7c1429663490; expires=Thu, 21-Apr-16 00:44:50 GMT; path=/; domain=.macarthurcs.com.au; HttpOnly
  Server: cloudflare-nginx
  WWW-Authenticate: Negotiate,NTLM,Basic realm="mydomain.com.au"
  X-Powered-By: ASP.NET
  CF-RAY: 1dad4d701ae911c5-SJC
  Elapsed Time: 3357 ms.
  Attempting to test potential Autodiscover URL https://autodiscover.mydomain.com.au:443/Autodiscover/Autodiscover.xml
  Testing of this potential Autodiscover URL failed.

  Hi,
  Based on my knowledge, the above issue is caused by the loopback check being enabled. Please follow the steps below to disable loopback on the CAS servers:
  1. Run regedit, in Registry Editor, locate and then click the following registry key:
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
  2. Right-click Lsa, point to New, and then click DWORD Value.
  3. Type DisableLoopbackCheck, and then press ENTER.
  4. Right-click DisableLoopbackCheck, and then click Modify.
  5. In the Value data box, type 1, and then click OK.
  6. Quit Registry Editor, and then restart your computer.
  Hope this can be helpful to you.
  Best regards,
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
  Amy Wang
  TechNet Community Support

• CSS and Exchange Mobile ActiveSync not working

  I have a question relating to a CSS and Exchange Mobile devices The customer has 2 Exchange Client Access Servers CAS1 and CAS2 and has problems with ActiveSync on mobile devices. (OWA is working fine) I am trying to test Exchange ActiveSync (using the Microsoft test site https://www.testexchangeconnectivity.com) When I perform an ‘Exchange ActiveSync Autodiscover’ it works fine, but when I use the test ‘Exchange ActiveSync’, it fails Has anyone had this problem before or can suggest a fix please http://mobile.thamesriver.co.uk The config is underneath Any help would be appreciated Kind Regards Tony !*********************** SSL PROXY LIST *********************** ssl-proxy-list TRC_List   ssl-server 10   ssl-server 10 vip address x.x.x.x   ssl-server 10 cipher rsa-with-rc4-128-md5 x.x.x.x 80   ssl-server 10 rsakey myrsakey   ssl-server 10 rsacert myrsacert   active !************************** SERVICE ************************** service mobile1   ip address 10.1.230.200   keepalive type tcp   protocol tcp   port 80   active service mobile2   ip address 10.1.230.201   keepalive type tcp   protocol tcp   port 80   active service CASservice1_HTTP   protocol tcp   port 80   keepalive type tcp   ip address 10.1.230.200   string cashttp1   active   service CASservice2_HTTP   protocol tcp   port 80   keepalive type tcp   ip address 10.1.230.201   string cashttp2   active   service CASservice1_EPM   protocol tcp   port 135   keepalive type tcp   ip address 10.1.230.200   string EPM1   active service RPC_Address1   port 59533   keepalive type tcp   ip address 10.1.230.200   protocol tcp   active service RPC_Address2   port 59533   keepalive type tcp   ip address 10.1.230.201   protocol tcp   active service RPC_Mailbox1   protocol tcp   keepalive type tcp   ip address 10.1.230.200   port 59532   active service RPC_Mailbox2   protocol tcp   keepalive type tcp   ip address 10.1.230.201   port 59532   active service ssl_module1   keepalive type none   add ssl-proxy-list TRC_List   type ssl-accel   slot 3   active !*************************** OWNER *************************** owner TRC   content AuthHead     add service mobile1     add service mobile2     vip address x.x.x.x     protocol tcp     port 80     url "//mobile.thamesriver.co.uk/Microsoft-Server-ActiveSync"     active   content EPM     balance aca     add service CASservice1_EPM     add service CASservice2_EPM     protocol tcp     port 135     url "/*"     vip address x.x.x.x     advanced-balance sticky-srcip     sticky-inact-timeout 1     active   content OWA     balance aca     add service CASservice1_HTTP     add service CASservice2_HTTP     protocol tcp     port 80     url "/*"     vip address x.x.x.x     advanced-balance sticky-srcip-dstport     active   content RPC-Address     balance aca     add service RPC_Address1     add service RPC_Address2     port 59533     protocol tcp     advanced-balance sticky-srcip     vip address x.x.x.x     active   content RPC-Mailbox     balance aca     add service RPC_Mailbox1     add service RPC_Mailbox2     advanced-balance sticky-srcip     vip address x.x.x.x     port 59532     protocol tcp     active     content ssl-rule     vip address x.x.x.x     protocol tcp     port 443     add service ssl_module1     active !*************************** GROUP *************************** group RDP   add service TSservice1   add service TSservice2   add service TSservice3   add service TSservice4   add service TSservice5   add service TSservice6   add service TSservice7   vip address 172.26.100.190   active group WWW   add service CASservice1_HTTP   add service CASservice2_HTTP   vip address x.x.x.x   active TRC_CSS#

  duh!
  I'll try that again....
  I have a question relating to a CSS and Exchange Mobile devices
  The customer has 2 Exchange Client Access Servers CAS1 and CAS2 and has problems with ActiveSync on mobile devices.
  OWA is working fine
  I am trying to test Exchange ActiveSync (using the Microsoft test site https://www.testexchangeconnectivity.com) I perform an ‘Exchange ActiveSync Autodiscover’ it works fine, but when I use the test ‘Exchange ActiveSync’, it fails
  When
  Has anyone had this problem before or can suggest a fix please
  http://mobile.thamesriver.co.uk config is underneath
  The
  Any help would be appreciated
  Kind Regards Tony
  !*********************** SSL PROXY LIST ***********************
  ssl-proxy-list TRC_List
    ssl-server 10
    ssl-server 10 vip address x.x.x.x
    ssl-server 10 cipher rsa-with-rc4-128-md5 x.x.x.x 80
    ssl-server 10 rsakey myrsakey
    ssl-server 10 rsacert myrsacert
    active
  !************************** SERVICE **************************
  service mobile1
    ip address 10.1.230.200
    keepalive type tcp
    protocol tcp
    port 80
    active
  service mobile2
    ip address 10.1.230.201
    keepalive type tcp
    protocol tcp
    port 80
    active
  service CASservice1_HTTP
    protocol tcp
    port 80
    keepalive type tcp
    ip address 10.1.230.200
    string cashttp1
    active
  service CASservice2_HTTP
    protocol tcp
    port 80
    keepalive type tcp
    ip address 10.1.230.201
    string cashttp2
    active
  service CASservice1_EPM
    protocol tcp
    port 135
    keepalive type tcp
    ip address 10.1.230.200
    string EPM1
    active
  service RPC_Address1
    port 59533
    keepalive type tcp
    ip address 10.1.230.200
    protocol tcp
    active
  service RPC_Address2
    port 59533
    keepalive type tcp
    ip address 10.1.230.201
    protocol tcp
    active
  service RPC_Mailbox1
    protocol tcp
    keepalive type tcp
    ip address 10.1.230.200
    port 59532
    active
  service RPC_Mailbox2
    protocol tcp
    keepalive type tcp
    ip address 10.1.230.201
    port 59532
    active
  service ssl_module1
    keepalive type none
    add ssl-proxy-list TRC_List
    type ssl-accel
    slot 3
    active
  !*************************** OWNER ***************************
  owner TRC
    content AuthHead
      add service AuthHead1
      add service AuthHead2
      vip address x.x.x.x
      protocol tcp
      port 80
      url "//mobile.thamesriver.co.uk/Microsoft-Server-ActiveSync"
      active
    content EPM
      balance aca
      add service CASservice1_EPM
      add service CASservice2_EPM
      protocol tcp
      port 135
      url "/*"
      vip address x.x.x.x
      advanced-balance sticky-srcip
      sticky-inact-timeout 1
      active
    content OWA
      balance aca
      add service CASservice1_HTTP
      add service CASservice2_HTTP
      protocol tcp
      port 80
      url "/*"
      vip address x.x.x.x
      advanced-balance sticky-srcip-dstport
      active
    content RPC-Address
      balance aca
      add service RPC_Address1
      add service RPC_Address2
      port 59533
      protocol tcp
      advanced-balance sticky-srcip
      vip address x.x.x.x
      active
    content RPC-Mailbox
      balance aca
      add service RPC_Mailbox1
      add service RPC_Mailbox2
      advanced-balance sticky-srcip
      vip address x.x.x.x
      port 59532
      protocol tcp
      active
    content ssl-rule
      vip address x.x.x.x
      protocol tcp
      port 443
      add service ssl_module1
      active
  !*************************** GROUP ***************************
  group RDP
    add service TSservice1
    add service TSservice2
    add service TSservice3
    add service TSservice4
    add service TSservice5
    add service TSservice6
    add service TSservice7
    vip address 172.26.100.190
    active
  group WWW
    add service CASservice1_HTTP
    add service CASservice2_HTTP
    vip address x.x.x.x
    active
  TRC_CSS#

• Autodiscover not providing correct server address and UPN

  Hi
  System is as follows: Server 2012R2 With Essentials Exp. + Server 2012R2 with Exchange 2013 sp1
  And everything is fine and dandy, except for autodiscover, when outside of domain.
  All virtual directories are configured as mail.mydomain.com
  PS reports: AutoDiscoverServiceInternalUri :
  https://mail.mydomain.com/Autodiscover/Autodiscover.xml
  Have installed and configured a wildcard ssl certificate, that both servers trust, and I can navigate to both servers using iexplorer:
  https://server.mydomain.com/remote and
  https://mail.mydomain.com/owa
  When I run exchangeremoteconnectivity I can succesfully connect with activesync.
  I have set up spf and srv record in external DNS
  All the users validate using domain\username
  So when I try to configure Outlook 2013 using autodiscover, it just hangs at step 1.
  And when I try using a galaxy s5, supplying email and password, it populates, but not correctly.
  UPN is set as \username, and I need to provide "domain" to make it domain\username
  Server is set as domain.com, and I need to provide "mail." to make it mail.domain.com
  The I can connect, I suspect that is also why Outlook won´t autoconfigure as well.
  I have read high and low, but I need more assistance per se.
  Please advise :)
  Regards Lars

  Hi Lars,
  Following are some common procedures to check autodiscover configuration:
  • Run Test-OutlookWebservices | fl
  • Run Test-EmailAutoConfiguration on client to find how autodiscover is connecting and where  exactly it's failing.
  • Verify URL for autodiscover. Get-ClientAccessServer | fl
  Check for AutodiscoverInternalServerUri attribute.
  Get-ClientAccessServer -Identity "CAS-01" | fl AutoDiscoverServiceInternalUri
  Set-ClientAccessServer -Identity "CAS-01" -AutoDiscoverServiceInternalUri "https://cas01.contoso.com/autodiscover/autodiscover.xml"
  • You may also access the autodiscover url from IE and in response should get "600 invalid request".
  https://cas01.contoso.com/autodiscover/autodiscover.xml
  • If autodiscover not working for external client verify authentication on Autodiscover virtual directory and if required you may recreate the virtual directory by running command:
  Remove-AutodiscoverVirtualDirectory
  New-AutodiscoverVirtualDirectory
  Regards,
  Satyajit
  Please “Vote As Helpful”
  if you find my contribution useful or “Mark As Answer” if it does answer your question. That will encourage me - and others - to take time out to help you.

• Exchange 2013 Autodiscover Android IOS not working

  Hello,
  I configured exchange 2013 in my organization. Android, thunderbird and IOS not working with autodiscover.
  Windows Phone example Lumia worked with autodiscover correctly.
  All needed DNS entry and certificate are uploaded to Exchange.
  Test on https://testconnectivity.microsoft.com/  ended successfuly.
  Can Android and IOS supported autodiscover.
  BR/Lukas

  Yes i try  https://fqdn/Microsoft-Server-ActiveSync instead
  I have White page nothing else.
  IOS, Android work after manualy configured.   Windows Phone work with autodiscover wonderfully
  Ok we added public IP address to our CAS Server. Now from Internet i can login to /OWA or /ECP.
  What next to do? Change autodiscover.domain.com Record A to point NAT IP address CAS server?
  BR/Lukas