HI,

I recently renewed our Exchange server's UCC certificate. After that the autodiscover not functions properly. While checking the internal and external urls , they are empty. Is there anything specific to do on autodiscover settings after renewing the certificate? However, from internal clients the autodiscover test is successful.

I should mention that, I had not updated the intermediate certificate upon importing the renewed certificate.

I appreciate any input to solve this issue.

Thank you

Hi,

do you have autodiscover.domain.com in Your cert?

How many domains do you have in Your smtp?

Cert rule for Exchange is that it should include autodiscover.domain.com and Subject name should contain OWA (ex mail.domain.com).

Also if mobile Access is configured With another url,it should also be included (ex mobile.domain.com)

smtp.domain.com is also required if its used in Your case.

if you run the following command in cmd:

nslookup autodiscover.domain.com 8.8.8.8

Does it resolve?

Also run https://testconnectivity.microsoft.com/ to confirm where it fails.

Regarding Virtual directories you should add autodiscover.domain.com as well.

Thanks for the quick response.

Yes, in the UCC certificate, the autodiscover url is included.

only one domain in smtp

4 names are included in the Certificate SAN (EWS, Autodiscover, OWA etc)

unfortunately, it doesn't resolve the autodiscover from external using the public dns you provided.

Any other checks I can do?

Hi,

if it doesnt resolve from external DNS then autodiscover wont work.Please add dns for autodiscover.domain.com on Your DNS provider.Let it point to Your firewall (which again redirects to Exchange server) or External IP of Your Edge/Exchange server.What kind of TMG/Firewall do you use?

Hi,

Please refer to Off2work's suggestion to configure external DNS for your autodiscover service. If the issue persists, we can create a SRV record with mail.domain.com for autodiscover service to have a try:

Service: _autodiscover
Protocol: _tcp
Port Number: 443
Host: mail.domain.com

For more information about SRV record for autodiscover service, please refer to:

http://support.microsoft.com/kb/940881/en-us

Regards,

Hi

Autodiscover hostA record is already present in the DNS server, pointing to the exchange server. (If I browse from lan  to httpx://autodiscover.mydomain.com, opens up OWA page)

The SRV record is also present.

As I told, these were working perfect earlier, only things changed we renew the SSL certificate. The SSL includes all the subject names of EWS, autodiscover, OWA etc.

One more thing, if I browse to httpx://mail.mydomain.com/autodiscover/autodiscover.xml, i get prompt for credentials and immediately gets the below page:

  <?xml version="1.0" encoding="utf-8" ?> - <Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006"> - <Response> - <Error Time="12:12:54.9480471" Id="2758256420">   <ErrorCode>600</ErrorCode>   <Message>Invalid Request</Message>   <DebugData />   </Error>   </Response>

 </Autodiscover>

Thanks for your support