ActiveSync Autodiscover not working
When testing autodiscover for activesync I get the following error:
An error message was returned from the Autodiscover service
XML response:
<?xml version="1.0"?>
<Autodiscover xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
<Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/mobilesync/responseschema/2006">
<Culture>en:us</Culture>
<Action>
<Error>
<Status>1</Status>
<Message>No external URL is available to access this mailbox with Exchange ActiveSync. Your Exchange server configuration needs to be changed to allow access.</Message>
<DebugData>UserMailbox</DebugData>
</Error>
</Action>
</Response>
I've confirmed that my external url is set correctly. I've found some other comments about it being a corrupt setting in web.config and I've tried that as well. Still get
the same error. Any ideas?
Hi Scott
Looks like the issue might be due to DNS or srv record not configured correctly.
Ensure that you have autodiscover,activesync entry on the SAN certificate.
Ensure that Internal URL & External URL of EWS , OAB should match entries on SAN.
Also you can cross verify if the external url is set correctly if you have multiple sites.
Remember to mark as helpful if you find my contribution useful or as an answer if it does answer your question.That will encourage me - and others - to take time out to help you Check out my latest blog posts on http://exchangequery.com
Similar Messages
-
ActiveSync autodiscover not working for iPhone but for Android and Windows Phone
Hi
We have setup an Exchange 2013 hosted environment, where different mail domains are running on it.
The main domain is mydomain.com. One of the client domains is customer.com.
Autodiscover for customer.com has a cname which points to autodiscover.mydomain.com, on our firewall this url is redirected to autodiscover-s.mydomain.com, where our public certificate for mydomain.com is applied. Autodiscover for all
our customers finally ends at autodiscover-s.mydomain.com.
Outlook WebApp, Outlook Anywhere and ActiveSync for all customers is reachable through mail.mydomain.com.
Everything works fine, except of autodiscover for iPhones. I always have to enter the server name mail.mydomain.com manually. After that ActiveSync works on iPhones as well.
The Problem doesn’t exist on Androids and Windows Phones.
Any suggestion?
Regards
PeterYes, Interestingly same configuration is working in my home lab, but not working at customer. The version is 10.5
Cannot say wireless issue as jabber for windows is working from wireless -
Autodiscover not working internally
Hi
So far this has driven me crazy. I cannot seem to get this to work. I am going to try and explain the situation fully. What we have is a hosted Exchange environment where we have
multiple tenants with their own domains. We have a SSL certificate for our own domain domain.com. It has the following domain names linked to it:
webmail.domain.com (Primary)
autodiscover.domain.com (SAN)
mail.domain.com (SAN)
We have multiple tenants with each a unique domain (i.e. tenant.com). We have setup CNAME records for this domains so that they point to our HTTP redirection website which in turn
redirects them to our autodiscover website (= autodiscover.domain.com). This is to avoid having to buy an SSL certificate with several SAN hostnames. Our domain domain.local or domain.com (= externally) also hosts a series of other servers including terminal
servers which are tenants/clients use.
The autodiscovery service works externally (which means devices that are not within our domain.local domain). It is able to use the autodiscover service for i.e. autodiscover.tenant.com Internally it does not work for some strange reason. It is able to reach
the redirect website and it is able to get to the right web server hosting the autodiscover website but it fails when it tries to find the hostname autodiscover.domain.com in the SSL certificate webmail.domain.com. Even though the hostname autodiscover.domain.com
is included in the SAN. It says that they can't validate the certificate name. Externally it is able to find this and validate the certificate but not internally for some strange reason. Why would this be?
Thanks again for all your help. It is much appreciated.
DanielHi,
According to your description, the name Autodiscover.domain.com can be resolved externally while it cannot be resolved internally. If I misunderstabd your meaning, please feel free to let me know.
If yes, I'd like to recommend you check if there is an internal DNS entry about the name Autodiscover.domain.com. Additionally, we can also check the result of directly accessing the URL:
https://autodiscover.domain.com/autodiscover/autodiscover.xml on a internal client machine.
Thanks,
Angela Shi
TechNet Community Support -
Mac Mail autodiscover not working?
When trying to create an Exchange mail account on Mac Mail 6.5, I enter the username, e-mail address, and password. However the autodiscovery service is not working as it should. It's polling autodiscover.<companydomain>.com when in fact it should be polling autodiscover.outlook.com.
Any ideas?
(Crazy thing is that Macs must be configured differently because my iMacs in house work fine, but the Macbooks out in field do not).how to add the account manually, this article explains. good luck, I wish you.
http://support.apple.com/kb/HT1277
may the force be with you. -
€ Euro Currency symbol in ActiveSync password not working.
Are there any known issues when using the € Euro Currency symbol as a password for ActiveSync on an iOS device? It appears ActiveSync does not accept the € Euro Currency symbol when used in a password sent from an iPad/iPhone.
Are there any known issues with special characters and ActiveSync?
Thanks for your help.
Regards,
DennisActiveSync was developed for Windows. You'd have to know what code page the Windows device was using to make sure you understood how the character should be coded.
Generally speaking, I wouldn't use any character in a password that didn't have an ASCII code. We've even had trouble with accented characters. -
Exchange AutoDiscover not working correctly in 2010/2013 environment
Here's my setup:
Mixed environment transitioning:
Exchange 2010 running on Server 2008 in a VM
Exchange 2013 running on Server 2012 in a VM
I have split dns so that autodiscover.domain.com points to my 2013 server internally and my 2010 server externally. When setting up new profiles in outlook internally, autodiscover seems to work fine. However, when I try moving the public autodiscover.domain.com
DNS record over to the 2013, things stop working (like auto profile setup).
I know that the 2013 server is reachable from the outside because mail.domain.com will to go owa and ecp without a problem. I can log in to both without an issue.
If I point public DNS back to my 2010 server, then all is well again with outlook anywhere and mobile connectivity.
I'm not really sure what needs to be tweaked for the 2013 server to be ready to take over the day to day communications so that I can decommission my 2010 server.
Here are the results of the connectivity analyzer:
The Microsoft Connectivity Analyzer is attempting to test Autodiscover for me.
Testing Autodiscover failed.
Additional Details
Elapsed Time: 1774 ms.
Test Steps
Attempting each method of contacting the Autodiscover service.
The Autodiscover service couldn't be contacted successfully by any method.
Additional Details
Elapsed Time: 1773 ms.
Test Steps
Attempting to test potential Autodiscover URL https://domain.com:443/Autodiscover/Autodiscover.xml
Testing of this potential Autodiscover URL failed.
Additional Details
Elapsed Time: 489 ms.
Test Steps
Attempting to resolve the host name domain.com in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 98.129.228.152
Elapsed Time: 165 ms.
Testing TCP port 443 on host domain.com to ensure it's listening and open.
The port was opened successfully.
Additional Details
Elapsed Time: 97 ms.
Testing the SSL certificate to make sure it's valid.
The SSL certificate failed one or more certificate validation checks.
Additional Details
Elapsed Time: 225 ms.
Test Steps
The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server domain.com on port 443.
The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
Additional Details
Remote Certificate Subject: CN=www.domain.com, OU=Domain Control Validated - RapidSSL(R), OU=See www.rapidssl.com/resources/cps (c)09, OU=2150198723, O=www.domain.com, C=US, Issuer: CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure Inc., C=US.
Elapsed Time: 170 ms.
Validating the certificate name.
Certificate name validation failed.
Tell me more about this issue and how to resolve it
Additional Details
Host name domain.com doesn't match any name found on the server certificate CN=www.domain.com, OU=Domain Control Validated - RapidSSL(R), OU=See www.rapidssl.com/resources/cps (c)09, OU=2150198723, O=www.domain.com, C=US.
Elapsed Time: 1 ms.
Attempting to test potential Autodiscover URL https://autodiscover.domain.com:443/Autodiscover/Autodiscover.xml
Testing of this potential Autodiscover URL failed.
Additional Details
Elapsed Time: 1009 ms.
Test Steps
Attempting to resolve the host name autodiscover.domain.com in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: x.x.x.x
Elapsed Time: 70 ms.
Testing TCP port 443 on host autodiscover.domain.com to ensure it's listening and open.
The port was opened successfully.
Additional Details
Elapsed Time: 189 ms.
Testing the SSL certificate to make sure it's valid.
The certificate passed all validation requirements.
Additional Details
Elapsed Time: 300 ms.
Test Steps
The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server autodiscover.domain.com on port 443.
The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
Additional Details
Remote Certificate Subject: CN=mail.domain.com, OU=PositiveSSL Multi-Domain, OU=Domain Control Validated, Issuer: CN=PositiveSSL CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB.
Elapsed Time: 220 ms.
Validating the certificate name.
The certificate name was validated successfully.
Additional Details
Host name autodiscover.domain.com was found in the Certificate Subject Alternative Name entry.
Elapsed Time: 1 ms.
Certificate trust is being validated.
The certificate is trusted and all certificates are present in the chain.
Test Steps
The Microsoft Connectivity Analyzer is attempting to build certificate chains for certificate CN=mail.domain.com, OU=PositiveSSL Multi-Domain, OU=Domain Control Validated.
One or more certificate chains were constructed successfully.
Additional Details
A total of 1 chains were built. The highest quality chain ends in root certificate CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE.
Elapsed Time: 34 ms.
Analyzing the certificate chains for compatibility problems with versions of Windows.
Potential compatibility problems were identified with some versions of Windows.
Additional Details
The Microsoft Connectivity Analyzer can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the "Update Root Certificates" feature isn't enabled.
Elapsed Time: 5 ms.
Testing the certificate date to confirm the certificate is valid.
Date validation passed. The certificate hasn't expired.
Additional Details
The certificate is valid. NotBefore = 5/19/2014 12:00:00 AM, NotAfter = 5/18/2016 11:59:59 PM
Elapsed Time: 0 ms.
Checking the IIS configuration for client certificate authentication.
Client certificate authentication wasn't detected.
Additional Details
Accept/Require Client Certificates isn't configured.
Elapsed Time: 276 ms.
Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
Autodiscover settings weren't obtained when the Autodiscover POST request was sent.
Additional Details
Elapsed Time: 172 ms.
Test Steps
The Microsoft Connectivity Analyzer is attempting to retrieve an XML Autodiscover response from URL https://autodiscover.domain.com:443/Autodiscover/Autodiscover.xml for user [email protected].
The Microsoft Connectivity Analyzer failed to obtain an Autodiscover XML response.
Additional Details
A Web exception occurred because an HTTP 404 - NotFound response was received from Unknown.HTTP Response Headers:
Connection: close
Content-Length: 315
Content-Type: text/html; charset=us-ascii
Date: Sat, 19 Jul 2014 03:44:42 GMT
Server: Microsoft-HTTPAPI/2.0
Elapsed Time: 171 ms.
Attempting to contact the Autodiscover service using the HTTP redirect method.
The attempt to contact Autodiscover using the HTTP Redirect method failed.
Additional Details
Elapsed Time: 207 ms.
Test Steps
Attempting to resolve the host name autodiscover.domain.com in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: x.x.x.x
Elapsed Time: 15 ms.
Testing TCP port 80 on host autodiscover.domain.com to ensure it's listening and open.
The port was opened successfully.
Additional Details
Elapsed Time: 76 ms.
The Microsoft Connectivity Analyzer is checking the host autodiscover.domain.com for an HTTP redirect to the Autodiscover service.
The Microsoft Connectivity Analyzer failed to get an HTTP redirect response for Autodiscover.
Additional Details
An HTTP 403 forbidden response was received. The response appears to have come from Unknown. Body of the response: HTTP Response Headers:
X-FEServer: SMSE2013
Content-Length: 0
Date: Sat, 19 Jul 2014 03:44:42 GMT
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
Elapsed Time: 115 ms.
Attempting to contact the Autodiscover service using the DNS SRV redirect method.
The Microsoft Connectivity Analyzer failed to contact the Autodiscover service using the DNS SRV redirect method.
Additional Details
Elapsed Time: 39 ms.
Test Steps
Attempting to locate SRV record _autodiscover._tcp.domain.com in DNS.
The Autodiscover SRV record wasn't found in DNS.
Tell me more about this issue and how to resolve it
Additional Details
Elapsed Time: 39 ms.
Checking if there is an autodiscover CNAME record in DNS for your domain 'domain.com' for Office 365.
Failed to validate autodiscover CNAME record in DNS. If your mailbox isn't in Office 365, you can ignore this warning.
Tell me more about this issue and how to resolve it
Additional Details
There is no Autodiscover CNAME record for your domain 'domain.com'.
Elapsed Time: 28 ms.
I just double checked my SSL cert and it has the three typical entries:
DNS Name=mail.domain.com
DNS Name=AutoDiscover.domian.com
DNS Name=domain.com
I have assembled the output for the following commands
HERE
Get-OutlookProvider | fl
Get-OutlookAnywhere | fl
Get-ActiveSyncVirtualDirectory | fl
Get-AutodiscoverVirtualDirectory | fl
Get-EcpVirtualDirectory | fl
Get-OabVirtualDirectory | fl
Get-OwaVirtualDirectory | fl
Get-PowerShellVirtualDirectory | fl
Get-WebServicesVirtualDirectory | fl
Text
I have gone through the Exchange Server Deployment Assistant. Almost everything was as it should have been. I made some changes in the "Enable and configure Outlook Anywhere" and "Configure
service connection point."
I have switched external DNS over to my 2013 server, and the connectivity test is still failing. It is also not proxying the 2010 mailboxes through 2013 as it should (according to the Deployment Assistant).
I have a 2010 test account and a 2013 test account. Both work fine in their respective WebMail's, but the 2010 mailbox will not pull up through the 2013 WebMail.
Just for the heck of it, I have checked my SonicWall and it is configured the same for the 2010 host and the 2013 host. I knew that ports 80 and 443 were passing on both hosts anyway because the port 80 redirect works and https webmail works
on both hosts.
If I try to access the xml file directly on both hosts:
https://mail.domain.com/Autodiscover/Autodiscover.xml (2013)
https://webmail.domain.com/Autodiscover/Autodiscover.xml
(2010)
I do get an xml response from both of them after authenticating like this:
<Autodiscover>
<Response>
<Error Time="18:17:41.0173284" Id="2526055628">
ErrorCode>600</ErrorCode>
<Message>Invalid Request</Message>
<DebugData/>
</Error>
</Response>
</Autodiscover>
Sooo...I'm stuck.Update since my last post.
I have all mailboxes migrated off of 2010 and onto 2013. I'm ready to turn 2010 off as soon as I can figure out this autodiscover problem and get mail flow going in and out of the 2013 server instead of the 2010 one.
Brian, I had a http redirect enabled in 2013. I disabled that redirect and checked for any others. There is currently no redirect in place anywhere under the default web site (the root site now goes to an IIS 8 page). AutoDiscover is still
failing according to the Exchange Connectivity site.
When I switch autodiscover.domain.com over to the 2013 server I still get failures:
Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
Autodiscover settings weren't obtained when the Autodiscover POST request was sent.
Additional Details
Elapsed Time: 146 ms.
Test Steps
The Microsoft Connectivity Analyzer is attempting to retrieve an XML Autodiscover response from URL https://autodiscover.domain.com:443/Autodiscover/Autodiscover.xml for user [email protected].
The Microsoft Connectivity Analyzer failed to obtain an Autodiscover XML response.
Additional Details
A Web exception occurred because an HTTP 404 - NotFound response was received from Unknown.HTTP Response Headers:
Connection: close
Content-Length: 315
Content-Type: text/html; charset=us-ascii
Date: Mon, 11 Aug 2014 16:50:27 GMT
Server: Microsoft-HTTPAPI/2.0
Elapsed Time: 145 ms.
If I try to hit the xml manually, I get the expected 600 error after providing a username and password. Should IIS be prompting for credentials when hitting the path for AutoDiscover.xml directly?
<Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
<Response>
<Error Time="10:53:38.3228589" Id="36607859">
<ErrorCode>600</ErrorCode>
<Message>Invalid
Request</Message>
<DebugData/>
</Error>
</Response>
</Autodiscover>
If I switch autodiscover.domain.com back over to my 2010 server the test passes:
Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
The Microsoft Connectivity Analyzer successfully retrieved Autodiscover settings by sending an Autodiscover POST.
Additional Details
Elapsed Time: 444 ms.
Test Steps
The Microsoft Connectivity Analyzer is attempting to retrieve an XML Autodiscover response from URL https://autodiscover.domain.com:443/Autodiscover/Autodiscover.xml for user [email protected].
The Autodiscover XML response was successfully retrieved.
Additional Details
Autodiscover Account Settings
XML response:
<?xml version="1.0"?>
<Autodiscover xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
<Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/mobilesync/responseschema/2006">
<Culture>en:us</Culture>
<User>
<DisplayName>Exchange 2013. Test</DisplayName>
<EMailAddress>[email protected]</EMailAddress>
</User>
<Action>
<Settings>
<Server>
<Type>MobileSync</Type>
<Name>https://mail.domain.com/Microsoft-Server-ActiveSync</Name>
</Server>
</Settings>
</Action>
</Response>
</Autodiscover>HTTP Response Headers:
Persistent-Auth: true
Content-Length: 736
Cache-Control: private
Content-Type: text/xml; charset=utf-8
Date: Mon, 11 Aug 2014 17:08:12 GMT
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Elapsed Time: 444 ms.
One interesting thing to note, is that <Url>https://mail.domain.com/Microsoft-Server-ActiveSync</Url>
is my 2013 server, not my 2010 server -
Exchange 2013 autodiscover not working from Externally
Hi
i have exchange 2010 sp3(2Mb, 2hub/cas). I installed exchange 2013 servers(2MB, 2CAS). For coexistence i generated new certifcate with new cas from third party. I installed that certificate in that cas and assigned all services. i changed all my virtual
directories service url. I didnt import the new certificate to exchange 2010 cas server and i didnt change url to legacy link.But still iam able to check exchange 2010 user mailbox owa, activesync and autodiscover without any certificate error.
If i try to browse owa, its going to 2013 server, if user is exchange 2010 user and its redirecting to exchange 2010 owa with same link.
But i dont know how above things is working without importing to new certificate...
Main problem is i am not able to configure exchange 2013 users outlookanywhere, Autodiscover from externally...
So in tmg i pointed the outlook anywhere ip address new cas server, now both exchange 2010 and exchange 2013 users while OA from external, its keep on asking password... Not accepting it...
Please help me to fix this issue..Hi ,
On TMG please have the outlook anywhere rule like below and check the status.
Step
1 :
On the TMG rule - >authentication delegation ---> select the option "no delegation users can authenticate directly"
Step
2 :
on the users tab in the TMG rule - just add "all users" group on that rule.
By having the above settings we have avoided the issues in your environment.
Note : Based on the above setting's , Each and everyone in exchange will have a access to the outlook anywhere from external world , because there would not be having any restriction on the TMG rules.
Please have a look in to the below link , it will give you some ideas which is related to TMG
http://blogs.technet.com/b/exchange/archive/2012/11/21/publishing-exchange-server-2013-using-tmg.aspx
Thanks & Regards S.Nithyanandham -
I am using Exchange 2007 SP1. Exchange ActiveSync doesnot work.
autodiscover DNS Records
Get-ClientAccessServer | fl Name,AutoDiscoverServiceInternalUri
Name : MAIL
AutoDiscoverServiceInternalUri : https://mail.mydomain.com/autodiscover/autodiscover.xml
Get-ClientAccessServer | fl Name,AutoDiscoverServiceExternalUri
Name : MAIL
In my Dns I can see records
(same as parent folder) Host(A) 192.168.1.2 (local exchange IP)
(same as parent folder) Text(TXT) v=spf1 mx ptr mx:mail.mydomain.com ip4:10.1.1.1-all (here 10.1.1.1 is public Ip of my server)
(same as parent folder) Alias(CNAME) mail.mydomain.com
I am trying to create host record for autodiscover pointing to my public ip i am getting error
The host record autodiscover.mydomain.com cannot be created Node is a CNAME DNS record
Please do guide me how to setup autodiscover record and SRV records for my exchange so that
active sync works. i use digicert for OWA
Get-ActiveSyncVirtualDirectory | fl
MobileClientFlags : BadItemReportingEnabled
MobileClientCertificateProvisioningEnabled : False
BadItemReportingEnabled : True
MobileClientCertificateAuthorityURL :
MobileClientCertTemplateName :
ActiveSyncServer : https://mail.mydomain.com/
RemoteDocumentsActionForUnknownServers : Allow
RemoteDocumentsInternalDomainSuffixList : {mydomain.com}
MetabasePath : IIS://MAIL.mydomain.com/W3SVC/1/ROOT/Microsoft-Server-ActiveSync
BasicAuthEnabled : True
WindowsAuthEnabled : False
CompressionEnabled : True
ClientCertAuth : Ignore
WebsiteName : Default Web Site
WebSiteSSLEnabled : True
VirtualDirectoryName : Microsoft-Server-ActiveSync
Path :
Server : MAIL
InternalUrl : https://mail.mydomain.com/Microsoft-Server-ActiveSync
InternalAuthenticationMethods : {}
ExternalUrl : https://mail.mydomain.com/
ExternalAuthenticationMethods : {}
AdminDisplayName :
ExchangeVersion : 0.1 (8.0.535.0)
Name : Microsoft-Server-ActiveSync (Default Web Site)
DistinguishedName : CN=Microsoft-Server-ActiveSync (Default Web Site),CN=HTTP,CN=Protocols,CN=MAIL,CN=Servers,CN=Exchange Administrati
ve Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Con
figuration,DC=,DC=,DC=
Identity : MAIL\Microsoft-Server-ActiveSync (Default Web Site)
ObjectCategory : mydomain.com/Configuration/Schema/ms-Exch-Mobile-Virtual-Directory
ObjectClass : {top, msExchVirtualDirectory, msExchMobileVirtualDirectory}
OriginatingServer : MAIL.mydomain.com
IsValid : TrueHi,
Please check whether there is any Exchange service which is still using blgexchserv1.blg.local as the namespace of internal URL.
In Outlook client, please follow the steps below to check Exchange service for the problematic users :
Open Outlook - press CTRL key - right click on the Outlook icon from right bottom corner taskbar -
Test Email AutoConfiguration. Put the email address - uncheck use guessmart and secure guessmart authentication - click Test to check your Autodiscover service.
Please collect the information in the Log tab and Results tab. In Results tab, please confirm the blgexchserv1.blg.local name is not used in OWA URL, Availability Service URL, OOF URL, OAB URL. If the .local is still used,
please refer to the following KB to change the Internal URL for the service to match the name in your certificate with IIS service:
Outlook 2007 security warning: "The name of the security certificate is invalid or does not match the name of the site"
Regards,
Winnie Liang
TechNet Community Support -
ActiveSync is not working properly after migrating to new Exchange 2013 SP1 server?!
Few weeks ago we have added new Exchange 2013 SP1 onto our existing Exchange 2007 environment. I have migrated my mailbox to the new Ex2013 server. Everything (send/receive - internally/externally, OWA, OutlookAnywhere) for me and the existing Ex2007
users works fine. The only thing I have trouble with is the ActiveSync! After migrating to the new Ex2013 server my phone stops getting new emails…, existing Ex2007 users don’t have any problems with their mobile phones.
I did ActiveSync test for my user account with ActiveSync Tester and here is what I have:
As you can see from the error above ActiveSync Tester detects ActiveSync on Ex2013 server however something wrong there with form-based auth?! I can’t see any differences in settings for ActiveSync virtual folders in Ex2007 and Ex2013
virtual folders?!
What I’m missing here?! Please help.Check if the Exchange Servers group does not have the appropriate permission to the mailbox object in Active Directory.
To check whether inheritance is disabled on the user:
1.Open Active Directory Users and Computers.
2.On the menu at the top of the console, click View > Advanced Features.
3.Locate and right-click the mailbox account in the console, and then click Properties.
4.Click the Security tab.
5.Click Advanced.
6.Make sure that the check box for "Include inheritable permissions from this object's parent" is selected.
Ref:
http://technet.microsoft.com/en-us/library/dd439375(v=exchg.80).aspx
Also check the Virtual directory authentication
Microsoft-Server-ActiveSync
•Basic authentication
•SSL required
•Requires 128-bit encryption
Ref:
http://technet.microsoft.com/en-us/library/gg247612(v=exchg.150).aspx
Check the IIS log if you are able to find any error message on it
Exchange Queries -
Autodiscover not working correctly when Office 365 integrated with Server Essentials 2012 R2
Hello!
This last weekend I setup our server as new and to ease the creation of users, integrated with our Office 365 (which to this point has worked fine) and imported the users. This had a somewhat unexpected side effect in that the import used the email address
as for the user forename and then synced that change back to Office 365 and so needed to enter this information back in on the dashboard which synced back to Office 365. This may or may not have any relevance to our issue below.
I should also point out that we have our own domain name so within the original Office 365 setup we had just one .onmicrosoft.com user with all the rest setup with our own domain name.
At the weekend when it came to the client install, Outlook (2010 or 2013) would fail on the autodiscover with it asking again for credentials but critically displaying a server name of .contoso.com rather than the office365srvr.contoso.com . As I mention,
Office 365 had been operating fine for some time and DNS records where checked and have been set for sometime. I spoke to Office 365 support and after a while come up with a temporary solution (so that I could complete the client installs) of assigning each
user a onmicrosoft address, using that in the new account wizard to pick up the server correctly and then signing in the the Office 365 .contoso.com credentials.
This worked OK to get us past the weekend (although I am having to reset up profiles on quite number of users where they get disconnected but with no credentials box appearing) but isn't a solution. The clients do not see public folders or their archives
and of course we don't want to keep having to reset the profiles.
I'm think that there must be something in the internal network that needs reconfiguring but I don't know what. I have tried pointing the client to an external DNS server just in case the internal DNS server was throwing the autodiscover out but this has
made no difference.Ah - solved my own problem.
Despite the domain DNS record looking OK and the Office 365 Portal domain checker not highlighting any issue, it looks as though the autodiscover is picking up an imap account provided by the web host.
I've added an alias on the local DNS server to point to the Office 365 autodiscover server and this has solved the problem. -
Exchange Server 2007 external autodiscover not working
Dears
I need help to resolve my autodiscover issue externally. Internally everything works fine like auto discover, free-busy, out of office etc.
Our Exchange is 2007 CCR clustered with one CAS and HUB server (both in one) and 2 mailbox servers (active & passive) with a mail gateway appliance instead of Edge Server.
Externally nothing of the above are working but Outlook Anywhere is working and more number of uses are working without any issue. For all these users who connected with Outlook-Anywhere they cannot see free-busy, out of office etc.
Please let me know how I can check the settings for internal and external settings and what all details need to be provided for external autodiscover through cmdlet or GUI.I am getting a XML file when accessing above link from external source.
The beginning is as detailed below
<?xml
version="1.0" encoding="utf-8" ?>
- <wsdl:definitions
xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:tns="http://schemas.microsoft.com/exchange/services/2006/messages" xmlns:s="http://www.w3.org/2001/XMLSchema"
targetNamespace="http://schemas.microsoft.com/exchange/services/2006/messages" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"
xmlns:t="http://schemas.microsoft.com/exchange/services/2006/types">
- <wsdl:types>
- <xs:schema
xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:import
namespace="http://schemas.microsoft.com/exchange/services/2006/messages" schemaLocation="messages.xsd"
/>
</xs:schema>
</wsdl:types>
- <wsdl:message
name="ConvertIdSoapIn">
<wsdl:part
name="request"
element="tns:ConvertId" />
<wsdl:part
name="RequestVersion"
element="t:RequestServerVersion" />
</wsdl:message>
- <wsdl:message
name="ConvertIdSoapOut">
<wsdl:part
name="ConvertIdResult"
element="tns:ConvertIdResponse" />
<wsdl:part
name="ServerVersion"
element="t:ServerVersionInfo" />
</wsdl:message>
- <wsdl:message
name="GetFolderSoapIn">
<wsdl:part
name="request"
element="tns:GetFolder" />
<wsdl:part
name="Impersonation"
element="t:ExchangeImpersonation" />
<wsdl:part
name="S2SAuth"
element="t:SerializedSecurityContext" />
<wsdl:part
name="MailboxCulture"
element="t:MailboxCulture" />
<wsdl:part
name="RequestVersion"
element="t:RequestServerVersion" />
</wsdl:message>
- <wsdl:message
name="GetFolderSoapOut">
<wsdl:part
name="GetFolderResult"
element="tns:GetFolderResponse" />
<wsdl:part
name="ServerVersion"
element="t:ServerVersionInfo" />
</wsdl:message> -
AutoDiscover not working after Exchange 2010 SP2 - SP3 update.
Hi Everyone,
I'm sorry if this is a really simple thing, but i've played around for hours and exhausted google.
I run a 2010 exchange server for everyone at the office, and today I updated from 2010 SP2 to SP3.
The problem I have is auto discover no longer accepts anyones username or password. If you set the account up on the client machine by manually entering the details everything works great.
All the DNS records are correct and have been working for 2+ years. I have recreated the Autodiscovery virtual directory in EMC.
If i manually browse to mydomain/Autodiscover/Autodiscover.xml, when asked for a username and password it says it incorrect. I can then log in to OWA with the same credentials and it works.
Thanks,
Garrett
The Microsoft Connectivity Analyzer is attempting to retrieve an XML Autodiscover response from URL https://mydomaincom.au:443/Autodiscover/Autodiscover.xml for user mydomain.com.au.
The Microsoft Connectivity Analyzer failed to obtain an Autodiscover XML response.
Additional Details
An HTTP 401 Unauthorized response was received from the remote Unknown server. This is usually the result of an incorrect username or password. If you are attempting to log onto an Office 365 service, ensure you are using your full User Principal Name (UPN).
HTTP Response Headers:
Transfer-Encoding: chunked
Connection: keep-alive
Content-Type: text/html
Date: Wed, 22 Apr 2015 00:44:51 GMT
Set-Cookie: __cfduid=dc0261b4643b5dbe27f750bbc28bfef7c1429663490; expires=Thu, 21-Apr-16 00:44:50 GMT; path=/; domain=.macarthurcs.com.au; HttpOnly
Server: cloudflare-nginx
WWW-Authenticate: Negotiate,NTLM,Basic realm="mydomain.com.au"
X-Powered-By: ASP.NET
CF-RAY: 1dad4d701ae911c5-SJC
Elapsed Time: 3357 ms.
Attempting to test potential Autodiscover URL https://autodiscover.mydomain.com.au:443/Autodiscover/Autodiscover.xml
Testing of this potential Autodiscover URL failed.Hi,
Based on my knowledge, the above issue is caused by the loopback check being enabled. Please follow the steps below to disable loopback on the CAS servers:
1. Run regedit, in Registry Editor, locate and then click the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
2. Right-click Lsa, point to New, and then click DWORD Value.
3. Type DisableLoopbackCheck, and then press ENTER.
4. Right-click DisableLoopbackCheck, and then click Modify.
5. In the Value data box, type 1, and then click OK.
6. Quit Registry Editor, and then restart your computer.
Hope this can be helpful to you.
Best regards,
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
Amy Wang
TechNet Community Support -
CSS and Exchange Mobile ActiveSync not working
I have a question relating to a CSS and Exchange Mobile devices The customer has 2 Exchange Client Access Servers CAS1 and CAS2 and has problems with ActiveSync on mobile devices. (OWA is working fine) I am trying to test Exchange ActiveSync (using the Microsoft test site https://www.testexchangeconnectivity.com) When I perform an ‘Exchange ActiveSync Autodiscover’ it works fine, but when I use the test ‘Exchange ActiveSync’, it fails Has anyone had this problem before or can suggest a fix please http://mobile.thamesriver.co.uk The config is underneath Any help would be appreciated Kind Regards Tony !*********************** SSL PROXY LIST *********************** ssl-proxy-list TRC_List ssl-server 10 ssl-server 10 vip address x.x.x.x ssl-server 10 cipher rsa-with-rc4-128-md5 x.x.x.x 80 ssl-server 10 rsakey myrsakey ssl-server 10 rsacert myrsacert active !************************** SERVICE ************************** service mobile1 ip address 10.1.230.200 keepalive type tcp protocol tcp port 80 active service mobile2 ip address 10.1.230.201 keepalive type tcp protocol tcp port 80 active service CASservice1_HTTP protocol tcp port 80 keepalive type tcp ip address 10.1.230.200 string cashttp1 active service CASservice2_HTTP protocol tcp port 80 keepalive type tcp ip address 10.1.230.201 string cashttp2 active service CASservice1_EPM protocol tcp port 135 keepalive type tcp ip address 10.1.230.200 string EPM1 active service RPC_Address1 port 59533 keepalive type tcp ip address 10.1.230.200 protocol tcp active service RPC_Address2 port 59533 keepalive type tcp ip address 10.1.230.201 protocol tcp active service RPC_Mailbox1 protocol tcp keepalive type tcp ip address 10.1.230.200 port 59532 active service RPC_Mailbox2 protocol tcp keepalive type tcp ip address 10.1.230.201 port 59532 active service ssl_module1 keepalive type none add ssl-proxy-list TRC_List type ssl-accel slot 3 active !*************************** OWNER *************************** owner TRC content AuthHead add service mobile1 add service mobile2 vip address x.x.x.x protocol tcp port 80 url "//mobile.thamesriver.co.uk/Microsoft-Server-ActiveSync" active content EPM balance aca add service CASservice1_EPM add service CASservice2_EPM protocol tcp port 135 url "/*" vip address x.x.x.x advanced-balance sticky-srcip sticky-inact-timeout 1 active content OWA balance aca add service CASservice1_HTTP add service CASservice2_HTTP protocol tcp port 80 url "/*" vip address x.x.x.x advanced-balance sticky-srcip-dstport active content RPC-Address balance aca add service RPC_Address1 add service RPC_Address2 port 59533 protocol tcp advanced-balance sticky-srcip vip address x.x.x.x active content RPC-Mailbox balance aca add service RPC_Mailbox1 add service RPC_Mailbox2 advanced-balance sticky-srcip vip address x.x.x.x port 59532 protocol tcp active content ssl-rule vip address x.x.x.x protocol tcp port 443 add service ssl_module1 active !*************************** GROUP *************************** group RDP add service TSservice1 add service TSservice2 add service TSservice3 add service TSservice4 add service TSservice5 add service TSservice6 add service TSservice7 vip address 172.26.100.190 active group WWW add service CASservice1_HTTP add service CASservice2_HTTP vip address x.x.x.x active TRC_CSS#
duh!
I'll try that again....
I have a question relating to a CSS and Exchange Mobile devices
The customer has 2 Exchange Client Access Servers CAS1 and CAS2 and has problems with ActiveSync on mobile devices.
OWA is working fine
I am trying to test Exchange ActiveSync (using the Microsoft test site https://www.testexchangeconnectivity.com) I perform an ‘Exchange ActiveSync Autodiscover’ it works fine, but when I use the test ‘Exchange ActiveSync’, it fails
When
Has anyone had this problem before or can suggest a fix please
http://mobile.thamesriver.co.uk config is underneath
The
Any help would be appreciated
Kind Regards Tony
!*********************** SSL PROXY LIST ***********************
ssl-proxy-list TRC_List
ssl-server 10
ssl-server 10 vip address x.x.x.x
ssl-server 10 cipher rsa-with-rc4-128-md5 x.x.x.x 80
ssl-server 10 rsakey myrsakey
ssl-server 10 rsacert myrsacert
active
!************************** SERVICE **************************
service mobile1
ip address 10.1.230.200
keepalive type tcp
protocol tcp
port 80
active
service mobile2
ip address 10.1.230.201
keepalive type tcp
protocol tcp
port 80
active
service CASservice1_HTTP
protocol tcp
port 80
keepalive type tcp
ip address 10.1.230.200
string cashttp1
active
service CASservice2_HTTP
protocol tcp
port 80
keepalive type tcp
ip address 10.1.230.201
string cashttp2
active
service CASservice1_EPM
protocol tcp
port 135
keepalive type tcp
ip address 10.1.230.200
string EPM1
active
service RPC_Address1
port 59533
keepalive type tcp
ip address 10.1.230.200
protocol tcp
active
service RPC_Address2
port 59533
keepalive type tcp
ip address 10.1.230.201
protocol tcp
active
service RPC_Mailbox1
protocol tcp
keepalive type tcp
ip address 10.1.230.200
port 59532
active
service RPC_Mailbox2
protocol tcp
keepalive type tcp
ip address 10.1.230.201
port 59532
active
service ssl_module1
keepalive type none
add ssl-proxy-list TRC_List
type ssl-accel
slot 3
active
!*************************** OWNER ***************************
owner TRC
content AuthHead
add service AuthHead1
add service AuthHead2
vip address x.x.x.x
protocol tcp
port 80
url "//mobile.thamesriver.co.uk/Microsoft-Server-ActiveSync"
active
content EPM
balance aca
add service CASservice1_EPM
add service CASservice2_EPM
protocol tcp
port 135
url "/*"
vip address x.x.x.x
advanced-balance sticky-srcip
sticky-inact-timeout 1
active
content OWA
balance aca
add service CASservice1_HTTP
add service CASservice2_HTTP
protocol tcp
port 80
url "/*"
vip address x.x.x.x
advanced-balance sticky-srcip-dstport
active
content RPC-Address
balance aca
add service RPC_Address1
add service RPC_Address2
port 59533
protocol tcp
advanced-balance sticky-srcip
vip address x.x.x.x
active
content RPC-Mailbox
balance aca
add service RPC_Mailbox1
add service RPC_Mailbox2
advanced-balance sticky-srcip
vip address x.x.x.x
port 59532
protocol tcp
active
content ssl-rule
vip address x.x.x.x
protocol tcp
port 443
add service ssl_module1
active
!*************************** GROUP ***************************
group RDP
add service TSservice1
add service TSservice2
add service TSservice3
add service TSservice4
add service TSservice5
add service TSservice6
add service TSservice7
vip address 172.26.100.190
active
group WWW
add service CASservice1_HTTP
add service CASservice2_HTTP
vip address x.x.x.x
active
TRC_CSS# -
Autodiscover not providing correct server address and UPN
Hi
System is as follows: Server 2012R2 With Essentials Exp. + Server 2012R2 with Exchange 2013 sp1
And everything is fine and dandy, except for autodiscover, when outside of domain.
All virtual directories are configured as mail.mydomain.com
PS reports: AutoDiscoverServiceInternalUri :
https://mail.mydomain.com/Autodiscover/Autodiscover.xml
Have installed and configured a wildcard ssl certificate, that both servers trust, and I can navigate to both servers using iexplorer:
https://server.mydomain.com/remote and
https://mail.mydomain.com/owa
When I run exchangeremoteconnectivity I can succesfully connect with activesync.
I have set up spf and srv record in external DNS
All the users validate using domain\username
So when I try to configure Outlook 2013 using autodiscover, it just hangs at step 1.
And when I try using a galaxy s5, supplying email and password, it populates, but not correctly.
UPN is set as \username, and I need to provide "domain" to make it domain\username
Server is set as domain.com, and I need to provide "mail." to make it mail.domain.com
The I can connect, I suspect that is also why Outlook won´t autoconfigure as well.
I have read high and low, but I need more assistance per se.
Please advise :)
Regards LarsHi Lars,
Following are some common procedures to check autodiscover configuration:
• Run Test-OutlookWebservices | fl
• Run Test-EmailAutoConfiguration on client to find how autodiscover is connecting and where exactly it's failing.
• Verify URL for autodiscover. Get-ClientAccessServer | fl
Check for AutodiscoverInternalServerUri attribute.
Get-ClientAccessServer -Identity "CAS-01" | fl AutoDiscoverServiceInternalUri
Set-ClientAccessServer -Identity "CAS-01" -AutoDiscoverServiceInternalUri "https://cas01.contoso.com/autodiscover/autodiscover.xml"
• You may also access the autodiscover url from IE and in response should get "600 invalid request".
https://cas01.contoso.com/autodiscover/autodiscover.xml
• If autodiscover not working for external client verify authentication on Autodiscover virtual directory and if required you may recreate the virtual directory by running command:
Remove-AutodiscoverVirtualDirectory
New-AutodiscoverVirtualDirectory
Regards,
Satyajit
Please “Vote As Helpful”
if you find my contribution useful or “Mark As Answer” if it does answer your question. That will encourage me - and others - to take time out to help you. -
Exchange 2013 Autodiscover Android IOS not working
Hello,
I configured exchange 2013 in my organization. Android, thunderbird and IOS not working with autodiscover.
Windows Phone example Lumia worked with autodiscover correctly.
All needed DNS entry and certificate are uploaded to Exchange.
Test on https://testconnectivity.microsoft.com/ ended successfuly.
Can Android and IOS supported autodiscover.
BR/LukasYes i try https://fqdn/Microsoft-Server-ActiveSync instead
I have White page nothing else.
IOS, Android work after manualy configured. Windows Phone work with autodiscover wonderfully
Ok we added public IP address to our CAS Server. Now from Internet i can login to /OWA or /ECP.
What next to do? Change autodiscover.domain.com Record A to point NAT IP address CAS server?
BR/Lukas
Maybe you are looking for
-
HOW TO OPEN AND SAVE FILES TO/FOR MS-WORD 2007 .docx format
MS-Office 2007 will open .docx files as well as .doc files. Apple's Pages '08 can OPEN MS Word 2007 documents with the new file format ".docx". Pages '08 can not save as ".docx" files, just ".doc" files, but since MS Office 2007 can open these ".doc"
-
How can I have two iPhones with the same apple id recieve the conversations from each phone.
My girlfriend and I want to be able to see each others conversations while they're happening. We made an apple id we both use, now what?
-
Client certificate authentication with custom authorization for J2EE roles?
We have a Java application deployed on Sun Java Web Server 7.0u2 where we would like to secure it with client certificates, and a custom mapping of subject DNs onto J2EE roles (e.g., "visitor", "registered-user", "admin"). If we our web.xml includes:
-
Itunes could not copy song because the file could not be converted. Can anyone help
Synced Jeff Wayne's War of the World from Mac to Iphone - 1 track could not be copied - error message "the file could not be converted" popped. Any suggestions as to problem and remedy?
-
Client Security Solution 8.2 (Password Manager Grayed out!)
Z60m has grayed out password manager. Chip is activated how do get it back?