I am using a trial version at the moment, but if I can get the Autodiscover service to work for iPhones, then this will give me more ammo to purchase. Running on Server 2008 r2 Single Exchange 2010 server I ran test-outlookwebservices from the shell, and everything passed. When I try from testexchangeconnectivity.com I get this output (changed domain and user information): ExRCA is attempting to retrieve an XML Autodiscover response from URL https://domain.com/AutoDiscover/AutoDiscover.xml for user user@domain.com ExRCA failed to obtain an Autodiscover XML response. An HTTP 401 Unauthorized response was received from the remote Unknown server. This is usually the result of an incorrect username or password. If you are attempting to log onto an Office 365 service, ensure you are using your full User Principal Name (UPN) So, then I tried launching the autodiscover.xml from IIS7. When browsing to https://localhost/autodiscover/autodiscover.xml, I get the expected http 600 error responce, however, when I browse to https://domain.com/autodiscover/autodiscover.xml internally, I get the username/password popup window, but it will not authenticate me. The external and internal domain names are not the same. The user logs into corp.domain.com and the email address is domain.com. The accepted domain of domain.com is set as the default. When prompted for the username/password, it is defaulting to corp.domain.com, which is correct. Any help will be appreciated. Moderators - If this is not in the correct forum, please feel free to move Thanks, Todd

Do you have a DNS entry for autodiscover.example.com. The error that you have posted is normal, if the root of the domain (example.com) is pointing to your public web site, which is how most domains are configured. The authentication prompt isn't coming from your server, but the external web site. The usual method to implement autodiscover from the Internet is to create a DNS record for autodiscover.example.com along with the required SSL certificate. Simon.Simon Butler, Exchange MVP Blog | Exchange Resources | In the UK? Hire Me.

I do have DNS entries externally (pointing to our external IP) and internally (I created a forward lookup zone for domain.com and added a dns entry there as well). Our web page is hosted by another company, so that has a different external IP. Autodiscover.domain.com is pointing to our external IP and https service has been routed to this exchange server's IP. I installed a Certificate Authority and created a SSL Cert for autodiscover.domain.com (as well as internal autodiscover, etc.). When running the test from testexchangeconnectivity.com, autodiscover does connect to the exchange server, but still gives the same error. It passes the SSL tests without issue. Is this still doing the same thing, prompting the website for login credentials instead of the exchange server? Do I need a pointer for all https traffic externally to point to our external IP regardless of the prefix to domain.com? Thanks for the help! Todd

however, when I browse to https://domain.com/autodiscover/autodiscover.xml internally, I get the username/password popup window, but it will not authenticate me. Can you try browsing internally to the following replacing exchangeserver with the internal name of the exchange server CAS... https://exchangeserver/autodiscover/autodiscover.xml Please could you let me know the result? Thanks

https://exchangeserver/autodiscover/autodiscover.xml does work correctly. I believe that when I try https://domain.com/autodiscover/autodiscover.xml, it is trying to authenticate to the web page. To me this means that I need to redirect the https traffic for domain.com from the web hosting company IP to my company IP. Let me know if this sounds correct. Thanks! Todd

Internally on a domain connected machine https://exchangeserver/autodiscover/autodiscover.xml should work and depending on authentication you should see the XML page in IE. This really should be working. When you say it does not work correctly - what happens?

Yes, internally https://exchangeserver/autodiscover/autodiscover.xml does work. The XML page comes up correctly. Internally and externally https://domain.com/autodiscover/autodiscover.xml does not work. I get a prompt for username/password, but even using known good credentials it does not accept them. It just asks for username/password again. When I look at the event logs on the exchange server, I am getting a failed security audit saying login failed. I reset the password for the test user to be sure I had it correct, and still getting the same error.

When checking EXRCA it does check domain.com/autodiscover/autodiscover.xml but even if this does fail it will check autodiscover.domain.com/autodiscover/autodiscover.xml - does this fail? If you put https://autodiscover.domain.com/autodiscover/autodiscover.xml into a browser externally what happens?

Hi, Give it a try and test it from https://www.testexchangeconnectivity.com/ and post the result in here Jonas Andersson | Microsoft Community Contributor Award 2011 | MCITP: EMA 2007/2010 | Blog: http://www.testlabs.se/blog | Follow me on twitter: jonand82

If I try https://autodiscover.domain.com/autodiscover/autodiscover.xml from a machine not joined to the domain, I get a "cannot display webpage" error. From a computer joined to the domain, I get prompted for a username/password, but it doesn't accept it. After three tries I get http error 401.1 - unauthorized to view the page. Here is the test results as Jonas requested: Attempting the Autodiscover and Exchange ActiveSync test (if requested). Testing of Autodiscover for Exchange ActiveSync failed. Test Steps Attempting each method of contacting the Autodiscover service. The Autodiscover service couldn't be contacted successfully by any method. Test Steps Attempting to test potential Autodiscover URL https://domain.com/AutoDiscover/AutoDiscover.xml Testing of this potential Autodiscover URL failed. Test Steps Attempting to resolve the host name domain.com in DNS. The host name resolved successfully. Additional Details IP addresses returned: x.x.x.x Testing TCP port 443 on host domain.com to ensure it's listening and open. The port was opened successfully. Testing the SSL certificate to make sure it's valid. The certificate passed all validation requirements. Test Steps ExRCA is attempting to obtain the SSL certificate from remote server domain.com on port 443. ExRCA successfully obtained the remote SSL certificate. Additional Details Remote Certificate Subject: CN=domain.com, OU=Comapny, O=Comapny, L=city, S=MI, C=US, Issuer: CN=corp-CA, DC=corp, DC=domain, DC=com. Validating the certificate name. The certificate name was validated successfully. Additional Details Host name domain.com was found in the Certificate Subject Common name. Testing the certificate date to confirm the certificate is valid. Date validation passed. The certificate hasn't expired. Additional Details The certificate is valid. NotBefore = 11/8/2011 6:16:57 PM, NotAfter = 11/7/2013 6:16:57 PM Checking the IIS configuration for client certificate authentication. Client certificate authentication wasn't detected. Additional Details Accept/Require Client Certificates isn't configured. Attempting to send an Autodiscover POST request to potential Autodiscover URLs. Autodiscover settings weren't obtained when the Autodiscover POST request was sent. Test Steps ExRCA is attempting to retrieve an XML Autodiscover response from URL https://domain.com/AutoDiscover/AutoDiscover.xml for user tuser@domain.com. ExRCA failed to obtain an Autodiscover XML response. Additional Details An HTTP 401 Unauthorized response was received from the remote Unknown server. This is usually the result of an incorrect username or password. If you are attempting to log onto an Office 365 service, ensure you are using your full User Principal Name (UPN). Attempting to test potential Autodiscover URL https://autodiscover.domain.com/AutoDiscover/AutoDiscover.xml Testing of this potential Autodiscover URL failed. Test Steps Attempting to resolve the host name autodiscover.domain.com in DNS. The host name resolved successfully. Additional Details IP addresses returned: x.x.x.x Testing TCP port 443 on host autodiscover.domain.com to ensure it's listening and open. The port was opened successfully. Testing the SSL certificate to make sure it's valid. The certificate passed all validation requirements. Test Steps ExRCA is attempting to obtain the SSL certificate from remote server autodiscover.domain.com on port 443. ExRCA successfully obtained the remote SSL certificate. Additional Details Remote Certificate Subject: CN=domain.com, OU=Comapny, O=Comapny, L=city, S=MI, C=US, Issuer: CN=corp-CA, DC=corp, DC=domain, DC=com. Validating the certificate name. The certificate name was validated successfully. Additional Details Host name autodiscover.domain.com was found in the Certificate Subject Alternative Name entry. Testing the certificate date to confirm the certificate is valid. Date validation passed. The certificate hasn't expired. Additional Details The certificate is valid. NotBefore = 11/8/2011 6:16:57 PM, NotAfter = 11/7/2013 6:16:57 PM Checking the IIS configuration for client certificate authentication. Client certificate authentication wasn't detected. Additional Details Accept/Require Client Certificates isn't configured. Attempting to send an Autodiscover POST request to potential Autodiscover URLs. Autodiscover settings weren't obtained when the Autodiscover POST request was sent. Test Steps ExRCA is attempting to retrieve an XML Autodiscover response from URL https://autodiscover.domain.com/AutoDiscover/AutoDiscover.xml for user tuser@domain.com. ExRCA failed to obtain an Autodiscover XML response. Additional Details An HTTP 401 Unauthorized response was received from the remote Unknown server. This is usually the result of an incorrect username or password. If you are attempting to log onto an Office 365 service, ensure you are using your full User Principal Name (UPN). Attempting to contact the Autodiscover service using the HTTP redirect method. The attempt to contact Autodiscover using the HTTP Redirect method failed. Test Steps Attempting to resolve the host name autodiscover.domain.com in DNS. The host name resolved successfully. Additional Details IP addresses returned: x.x.x.x Testing TCP port 80 on host autodiscover.domain.com to ensure it's listening and open. The port was opened successfully. ExRCA is checking the host autodiscover.domain.com for an HTTP redirect to the Autodiscover service. ExRCA failed to get an HTTP redirect response for Autodiscover. Additional Details A Web exception occurred because an HTTP 404 - NotFound response was received from IIS6. Attempting to contact the Autodiscover service using the DNS SRV redirect method. ExRCA failed to contact the Autodiscover service using the DNS SRV redirect method. Test Steps Attempting to locate SRV record _autodiscover._tcp.domain.com in DNS. The Autodiscover SRV record wasn't found in DNS.

Is it port forwarded or are you using any kind of publishing like TMG/ISA? The port seems to be open, port 443..https Verify the username and password and try once again Is the web site binded to any name? What about the authentication, how is it configured? Jonas Andersson | Microsoft Community Contributor Award 2011 | MCITP: EMA 2007/2010 | Blog: http://www.testlabs.se/blog | Follow me on twitter: jonand82

No publishing. Port 443 is directed through the firewall straight to the exchange server (Virtual server using Hyper-V, if that matters). Website is "Default Web Site" I reset the password just to make sure I was using the correct one. Verified authentication settings based on this site: http://msexchangeguru.com/2010/10/05/autodiscover/ I followed the settings for Exchange 2010, of course. Tried it again, and same exact result. Thanks!