Issue with autoconfigure, Exchange 2013, Server 2012
I can not get through the final setup of exchange can't connect from phone or exchange on a non domain computer.
this is my report from testexchangeconnectivity.com
Testing RPC/HTTP connectivity.
The RPC/HTTP test failed.
Test Steps
ExRCA is attempting to test Autodiscover for administrator@gsmith.biz.
Testing Autodiscover failed.
Test Steps
Attempting each method of contacting the Autodiscover service.
The Autodiscover service couldn't be contacted successfully by any method.
Test Steps
Attempting to test potential Autodiscover URL https://gsmith.biz/AutoDiscover/AutoDiscover.xml
Testing of this potential Autodiscover URL failed.
Test Steps
Attempting to resolve the host name gsmith.biz in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 123.243.73.235
Testing TCP port 443 on host gsmith.biz to ensure it's listening and open.
The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
The SSL certificate failed one or more certificate validation checks.
Test Steps
ExRCA is attempting to obtain the SSL certificate from remote server gsmith.biz on port 443.
ExRCA successfully obtained the remote SSL certificate.
Additional Details
Remote Certificate Subject: CN=VMMAIL, Issuer: CN=VMMAIL.
Validating the certificate name.
Certificate name validation failed.
Tell me more about this issue and how to resolve it
Additional Details
Host name gsmith.biz doesn't match any name found on the server certificate CN=VMMAIL.
Attempting to test potential Autodiscover URL https://autodiscover.gsmith.biz/AutoDiscover/AutoDiscover.xml
Testing of this potential Autodiscover URL failed.
Test Steps
Attempting to resolve the host name autodiscover.gsmith.biz in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 123.243.73.235
Testing TCP port 443 on host autodiscover.gsmith.biz to ensure it's listening and open.
The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
The SSL certificate failed one or more certificate validation checks.
Test Steps
ExRCA is attempting to obtain the SSL certificate from remote server autodiscover.gsmith.biz on port 443.
ExRCA successfully obtained the remote SSL certificate.
Additional Details
Remote Certificate Subject: CN=VMMAIL, Issuer: CN=VMMAIL.
Validating the certificate name.
Certificate name validation failed.
Tell me more about this issue and how to resolve it
Additional Details
Host name autodiscover.gsmith.biz doesn't match any name found on the server certificate CN=VMMAIL.
Attempting to contact the Autodiscover service using the HTTP redirect method.
The attempt to contact Autodiscover using the HTTP Redirect method failed.
Test Steps
Attempting to resolve the host name autodiscover.gsmith.biz in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 123.243.73.235
Testing TCP port 80 on host autodiscover.gsmith.biz to ensure it's listening and open.
The port was opened successfully.
ExRCA is checking the host autodiscover.gsmith.biz for an HTTP redirect to the Autodiscover service.
ExRCA failed to get an HTTP redirect response for Autodiscover.
Additional Details
An HTTP 403 forbidden response was received. The response appears to have come from Unknown. Body of the response:
Attempting to contact the Autodiscover service using the DNS SRV redirect method.
ExRCA failed to contact the Autodiscover service using the DNS SRV redirect method.
Test Steps
Attempting to locate SRV record _autodiscover._tcp.gsmith.biz in DNS.
The Autodiscover SRV record wasn't found in DNS.
Tell me more about this issue and how to resolve it
I tried to setup autoconfigure in DNS but not sure how exactly to do it.
any help would be great.
October 29th, 2012 4:54pm
Is that your SMTP Address? @gsmith.biz ?
If so, simply create a record in external DNS for autodiscover.gsmith.biz that points to the external IP address
for the external client access to your servers.
Free Windows Admin Tool Kit Click here and download it now
October 29th, 2012 6:22pm
I tried that but something must be wrong as it still does not work.
This is whats in my GoDaddy DNS:
And I have this in my internal DNS. This is where I think I have gone wrong.
I also manage to get incoming mail working so will try to get a instantssl certificate today (if they are still free) or could I just use a self signed one?
October 29th, 2012 7:10pm
Right, so you need 2 things here:
A valid DNS entry and a trusted cert with the FQDN of that entry as one of the subject names on it.
self-signed certs should not be used. Go with the 3rd party trusted.
Free Windows Admin Tool Kit Click here and download it now
October 29th, 2012 7:33pm
Right so there is an issue with my local autoconfugure. Is it the domain that is the issue when I fill out the fields i thought that the domain had to be _autoconfigure._tcp.gsmith.biz but I can not change it from the below.
For the SSL must I have one? This is only a test\lab server so that I can try out exchange and server 2013, I don't really want to pay for one if I can help it (I don't care about the prompt if that is the difference.)
Thanks for you quick help.
October 29th, 2012 7:52pm
You can use a self-signed cert however, you will need to either add it to the mobile device or tell to ignore the fact its not trusted.
Note its autodiscover.gsmith.biz
not _autoconfigure._tcp.gsmith.biz and its really used for external autodiscover, not internal. Domain-joined clients use the SCP record in AD to find autodiscovery URLs.
Free Windows Admin Tool Kit Click here and download it now
October 29th, 2012 8:19pm
OH crap! that is a dumb mistake, let me change it and try again.
October 29th, 2012 8:38pm
I have changed it but still have same issue.
When I try to connect from my phone does it first use public DNS autodiscover to look at my internal dns autodiscover then pass the info back to my phone?
Free Windows Admin Tool Kit Click here and download it now
October 29th, 2012 9:58pm
External non-domain joined clients will only refer to external DNS
Try running the test-exchangeconnectivity tests again
October 29th, 2012 10:15pm
OK well that's the important one for me then.
I can ping autodiscover.gsmith.biz so looks like DNS is OK. I'm not %100 sure that I filled in godaddys autodiscover correctly but it looks right to me.
I ran the testexchangeconnectivity.com test again and this is the response (sorry it loses color when I put it in as HTML but at least its not all one parragraph)
ExRCA is attempting to test Autodiscover for administrator@gsmith.biz.
Testing Autodiscover failed.
Test Steps
Attempting each method of contacting the Autodiscover service.
The Autodiscover service couldn't be contacted successfully by any method.
Test Steps
Attempting to test potential Autodiscover URL https://gsmith.biz/AutoDiscover/AutoDiscover.xml
Testing of this potential Autodiscover URL failed.
Test Steps
Attempting to resolve the host name gsmith.biz in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 123.243.73.235
Testing TCP port 443 on host gsmith.biz to ensure it's listening and open.
The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
The SSL certificate failed one or more certificate validation checks.
Test Steps
ExRCA is attempting to obtain the SSL certificate from remote server gsmith.biz on port 443.
ExRCA successfully obtained the remote SSL certificate.
Additional Details
Remote Certificate Subject: CN=VMMAIL, Issuer: CN=VMMAIL.
Validating the certificate name.
Certificate name validation failed.
Tell me more about this issue and how to resolve it
Additional Details
Host name gsmith.biz doesn't match any name found on the server certificate CN=VMMAIL.
Attempting to test potential Autodiscover URL https://autodiscover.gsmith.biz/AutoDiscover/AutoDiscover.xml
Testing of this potential Autodiscover URL failed.
Test Steps
Attempting to resolve the host name autodiscover.gsmith.biz in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 123.243.73.235
Testing TCP port 443 on host autodiscover.gsmith.biz to ensure it's listening and open.
The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
The SSL certificate failed one or more certificate validation checks.
Test Steps
ExRCA is attempting to obtain the SSL certificate from remote server autodiscover.gsmith.biz on port 443.
ExRCA successfully obtained the remote SSL certificate.
Additional Details
Remote Certificate Subject: CN=VMMAIL, Issuer: CN=VMMAIL.
Validating the certificate name.
Certificate name validation failed.
Tell me more about this issue and how to resolve it
Additional Details
Host name autodiscover.gsmith.biz doesn't match any name found on the server certificate CN=VMMAIL.
Attempting to contact the Autodiscover service using the HTTP redirect method.
The attempt to contact Autodiscover using the HTTP Redirect method failed.
Test Steps
Attempting to resolve the host name autodiscover.gsmith.biz in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 123.243.73.235
Testing TCP port 80 on host autodiscover.gsmith.biz to ensure it's listening and open.
The port was opened successfully.
ExRCA is checking the host autodiscover.gsmith.biz for an HTTP redirect to the Autodiscover service.
ExRCA failed to get an HTTP redirect response for Autodiscover.
Additional Details
An HTTP 403 forbidden response was received. The response appears to have come from Unknown. Body of the response:
Attempting to contact the Autodiscover service using the DNS SRV redirect method.
ExRCA failed to contact the Autodiscover service using the DNS SRV redirect method.
Test Steps
Attempting to locate SRV record _autodiscover._tcp.gsmith.biz in DNS.
The Autodiscover SRV record wasn't found in DNS.
Tell me more about this issue and how to resolve it
Free Windows Admin Tool Kit Click here and download it now
October 29th, 2012 10:30pm
Host name autodiscover.gsmith.biz doesn't match any name found on the server
You need that on the cert. Note that since this is a self-signed cert, you will fail any trust test and the phones wont work unless you use a trusted cert or bypass that on the phone. Or use HTTP ( not recommened)
October 29th, 2012 10:34pm
So for exchange I just need a SSL cert with the name autodiscover.gsmith.biz I don't need any other
one like mail.gsmith.biz or pop.gsmith.biz?
Free Windows Admin Tool Kit Click here and download it now
October 29th, 2012 10:46pm
OK so I added a startssl cert for autodiscover.gsmith.biz and this is the output.
ExRCA is attempting to test Autodiscover for administrator@gsmith.biz.
Testing Autodiscover failed.
Test Steps
Attempting each method of contacting the Autodiscover service.
The Autodiscover service couldn't be contacted successfully by any method.
Test Steps
Attempting to test potential Autodiscover URL https://gsmith.biz/AutoDiscover/AutoDiscover.xml
Testing of this potential Autodiscover URL failed.
Test Steps
Attempting to resolve the host name gsmith.biz in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 123.243.73.235
Testing TCP port 443 on host gsmith.biz to ensure it's listening and open.
The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
The SSL certificate failed one or more certificate validation checks.
Test Steps
ExRCA is attempting to obtain the SSL certificate from remote server gsmith.biz on port 443.
ExRCA successfully obtained the remote SSL certificate.
Additional Details
Remote Certificate Subject: CN=VMMAIL, Issuer: CN=VMMAIL.
Validating the certificate name.
Certificate name validation failed.
Tell me more about this issue and how to resolve it
Additional Details
Host name gsmith.biz doesn't match any name found on the server certificate CN=VMMAIL.
Attempting to test potential Autodiscover URL https://autodiscover.gsmith.biz/AutoDiscover/AutoDiscover.xml
Testing of this potential Autodiscover URL failed.
Test Steps
Attempting to resolve the host name autodiscover.gsmith.biz in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 123.243.73.235
Testing TCP port 443 on host autodiscover.gsmith.biz to ensure it's listening and open.
The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
The SSL certificate failed one or more certificate validation checks.
Test Steps
ExRCA is attempting to obtain the SSL certificate from remote server autodiscover.gsmith.biz on port 443.
ExRCA successfully obtained the remote SSL certificate.
Additional Details
Remote Certificate Subject: CN=VMMAIL, Issuer: CN=VMMAIL.
Validating the certificate name.
Certificate name validation failed.
Tell me more about this issue and how to resolve it
Additional Details
Host name autodiscover.gsmith.biz doesn't match any name found on the server certificate CN=VMMAIL.
Attempting to contact the Autodiscover service using the HTTP redirect method.
The attempt to contact Autodiscover using the HTTP Redirect method failed.
Test Steps
Attempting to resolve the host name autodiscover.gsmith.biz in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 123.243.73.235
Testing TCP port 80 on host autodiscover.gsmith.biz to ensure it's listening and open.
The port was opened successfully.
ExRCA is checking the host autodiscover.gsmith.biz for an HTTP redirect to the Autodiscover service.
ExRCA failed to get an HTTP redirect response for Autodiscover.
Additional Details
An HTTP 403 forbidden response was received. The response appears to have come from Unknown. Body of the response:
Attempting to contact the Autodiscover service using the DNS SRV redirect method.
ExRCA failed to contact the Autodiscover service using the DNS SRV redirect method.
Test Steps
Attempting to locate SRV record _autodiscover._tcp.gsmith.biz in DNS.
The Autodiscover SRV record wasn't found in DNS.
Tell me more about this issue and how to resolve it
October 30th, 2012 11:09pm
On Wed, 31 Oct 2012 03:09:17 +0000, theawkward wrote:
>OK so I added a startssl cert for autodiscover.gsmith.biz and this is the output.
Try this to get the information about the certificate (it all goes on
one line):
Get-ExchangeCertificate <thumbprint> | fl
Issuer,CertificateDomains,Subject
If you have multiple certificates make sure you enabled the correct
one!
Your problem is stated pretty clearly:
Host name autodiscover.gsmith.biz doesn't match any name found on the
server certificate CN=VMMAIL.
---
Rich Matheisen
MCSE+I, Exchange MVP
--- Rich Matheisen MCSE+I, Exchange MVP
Free Windows Admin Tool Kit Click here and download it now
October 30th, 2012 11:43pm
I tried that command in Exchange Management shell (also tried PS) but I get this error.
But I think that you may have solved it anyway. I didn't know that I had to have one as the default so went back to admin center and saw that I can change the services.
I was going to tick the boxes for SMNP, IMAP, POP, IIS but I get this error and I am unsure if I want to do it. I had a look on the internet but couldn't find anything that was helpful.
Is this where I went wrong? Shoudl I say yes?
October 31st, 2012 12:21am
when i clicked cancel it showed as having added those services so tested again and it all looks good.
Thanks everyone!
Now to see if it really works :)
Free Windows Admin Tool Kit Click here and download it now
October 31st, 2012 12:25am
On Wed, 31 Oct 2012 04:21:40 +0000, theawkward wrote:
>I tried that command in Exchange Management shell (also tried PS) but I get this error.
Well, sure . . . "<thumbprint>" is what you'd replace with the
thumprint of your certificate.
>But I think that you may have solved it anyway. I didn't know that I had to have one as the default so went back to admin center and saw that I can change the services.
>
>I was going to tick the boxes for SMNP, IMAP, POP, IIS but I get this error and I am unsure if I want to do it. I had a look on the internet but couldn't find anything that was helpful.
>
>Is this where I went wrong? Shoudl I say yes?
If the certificate with the thumbprint "805A3...." is the one you want
to use, sure. It isn't going to remove the other certificate from the
certificate store so you always enable the one that you replace (at
least until it's removed from the certificate store).
---
Rich Matheisen
MCSE+I, Exchange MVP
--- Rich Matheisen MCSE+I, Exchange MVP
October 31st, 2012 10:51am
:D
Oh, that makes more sense. I've never used exchange or power shell before so was not sure what I was doing.
I really just wanted to use a self signed certificate as its just a test server so that I can get used to exchange and server 2012 (technet).
I ended up setting my self signed cert for SMNP, IMAP, POP, IIS (I left UM as I didn't know what it was) but I am still getting errors.
When I run the PS command I get this
[PS] C:\Windows\system32>Get-ExchangeCertificate EAD28B78253E49C9A480C7BBDADE8378DA50F17F | fl Issuer,CertificateDomains
,Subject
Issuer : CN=vmmail.gsmith.biz
CertificateDomains : {vmmail.gsmith.biz, AutoDiscover.gsmith.biz, mail.gsmith.biz, gsmith.biz}
Subject : CN=vmmail.gsmith.biz
That looks OK to me but I have other certificates that are assigned to the same services (exchange made these I think)
Microsoft Exchange: IIS, SMTP
Microsoft Exchange Server Auth Certificate: SMTP
WMSVC: None
So I tried to turn off these services but they are greyed out and I don't think I should just delete the certificates.
If I try to setup mail in outlook 2013 (host, on non domain computer) then it looks like autodiscover is working as I get a prompt for Security certificate. and If i say yes then I all green ticks saying that it connected to the server
But when I restart outlook I get this
I have been trying to Google it but nothing seems related as its such a general error.
Oh and I should say I am doing all this in the Exchange admin center not in IIS (i think this is where it used to go)
Free Windows Admin Tool Kit Click here and download it now
October 31st, 2012 7:13pm
On Wed, 31 Oct 2012 23:12:12 +0000, theawkward wrote:
[ snip ]
>But when I restart outlook I get this
Try running the Exchange Best Practices Analyzer.
That GUID for the server name and the "=SMTP:" in the account name
have, in the past, been caused by DNS and/or Outlook client issues.
If the server's accessible from the Internet you can visit
https://testexchangeconnectivity.com and verify that things are
working correctly.
---
Rich Matheisen
MCSE+I, Exchange MVP
--- Rich Matheisen MCSE+I, Exchange MVP
October 31st, 2012 7:50pm
I have been doing this and so far I have this.
Outbound: OK, but get this warning that I am ignoring
Performing Sender ID validation.
Sender ID validation was performed successfully.
Test Steps
Attempting to find the SPF record using a DNS TEXT record query.
ExRCA wasn't able to find the SPF record.
Additional Details
No records were found.
Inbound: Completely OK
Outlook Autodiscover: Completely OK
Outlook Anywhere (RPC over HTTP): This one not so good. I am trying to work out how to do the Autodiscover.xml right now cause that looks like most of the damage.
Testing RPC/HTTP connectivity.
The RPC/HTTP test failed.
Test Steps
ExRCA is attempting to test Autodiscover for Administrator@gsmith.biz.
Testing Autodiscover failed.
Test Steps
Attempting each method of contacting the Autodiscover service.
The Autodiscover service couldn't be contacted successfully by any method.
Test Steps
Attempting to test potential Autodiscover URL https://gsmith.biz/AutoDiscover/AutoDiscover.xml
Testing of this potential Autodiscover URL failed.
Test Steps
Attempting to resolve the host name gsmith.biz in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 123.243.73.235
Testing TCP port 443 on host gsmith.biz to ensure it's listening and open.
The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
The SSL certificate failed one or more certificate validation checks.
Test Steps
ExRCA is attempting to obtain the SSL certificate from remote server gsmith.biz on port 443.
ExRCA successfully obtained the remote SSL certificate.
Additional Details
Remote Certificate Subject: CN=vmmail.gsmith.biz, Issuer: CN=vmmail.gsmith.biz.
Validating the certificate name.
The certificate name was validated successfully.
Additional Details
Host name gsmith.biz was found in the Certificate Subject Alternative Name entry.
Certificate trust is being validated.
Certificate trust validation failed.
Test Steps
ExRCA is attempting to build certificate chains for certificate CN=vmmail.gsmith.biz.
A certificate chain couldn't be constructed for the certificate.
Tell me more about this issue and how to resolve it
Additional Details
The certificate chain didn't end in a trusted root. Root = CN=vmmail.gsmith.biz
Attempting to test potential Autodiscover URL https://autodiscover.gsmith.biz/AutoDiscover/AutoDiscover.xml
Testing of this potential Autodiscover URL failed.
Test Steps
Attempting to resolve the host name autodiscover.gsmith.biz in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 123.243.73.235
Testing TCP port 443 on host autodiscover.gsmith.biz to ensure it's listening and open.
The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
The SSL certificate failed one or more certificate validation checks.
Test Steps
ExRCA is attempting to obtain the SSL certificate from remote server autodiscover.gsmith.biz on port 443.
ExRCA successfully obtained the remote SSL certificate.
Additional Details
Remote Certificate Subject: CN=vmmail.gsmith.biz, Issuer: CN=vmmail.gsmith.biz.
Validating the certificate name.
The certificate name was validated successfully.
Additional Details
Host name autodiscover.gsmith.biz was found in the Certificate Subject Alternative Name entry.
Certificate trust is being validated.
Certificate trust validation failed.
Test Steps
ExRCA is attempting to build certificate chains for certificate CN=vmmail.gsmith.biz.
A certificate chain couldn't be constructed for the certificate.
Tell me more about this issue and how to resolve it
Additional Details
The certificate chain didn't end in a trusted root. Root = CN=vmmail.gsmith.biz
Attempting to contact the Autodiscover service using the HTTP redirect method.
The attempt to contact Autodiscover using the HTTP Redirect method failed.
Test Steps
Attempting to resolve the host name autodiscover.gsmith.biz in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 123.243.73.235
Testing TCP port 80 on host autodiscover.gsmith.biz to ensure it's listening and open.
The port was opened successfully.
ExRCA is checking the host autodiscover.gsmith.biz for an HTTP redirect to the Autodiscover service.
ExRCA failed to get an HTTP redirect response for Autodiscover.
Additional Details
An HTTP 403 forbidden response was received. The response appears to have come from Unknown. Body of the response:
Attempting to contact the Autodiscover service using the DNS SRV redirect method.
ExRCA failed to contact the Autodiscover service using the DNS SRV redirect method.
Test Steps
Attempting to locate SRV record _autodiscover._tcp.gsmith.biz in DNS.
The Autodiscover SRV record wasn't found in DNS.
Tell me more about this issue and how to resolve it
Free Windows Admin Tool Kit Click here and download it now
October 31st, 2012 8:25pm
On Thu, 1 Nov 2012 00:23:42 +0000, theawkward wrote:
>I have been doing this and so far I have this.
[ snip ]
>Outlook Anywhere (RPC over HTTP): This one not so good. I am trying to work out how to do the Autodiscover.xml right now cause that looks like most of the damage.
>
>Testing RPC/HTTP connectivity. The RPC/HTTP test failed.
[ snip ]
Additional Details Remote Certificate Subject: CN=vmmail.gsmith.biz,
Issuer: CN=vmmail.gsmith.biz. Validating the certificate name.
[ snip ]
Certificate trust validation failed.
Test Steps ExRCA is attempting to build certificate chains for
certificate CN=vmmail.gsmith.biz.
A certificate chain couldn't be constructed for the certificate.
Additional Details The certificate chain didn't end in a trusted
root. Root = CN=vmmail.gsmith.biz
The certificate isn't trusted by any public CA so you're not going to
get this to work (well, maybe if you put the necessary information on
an internet-facing machine you could).
What infrmation did the ExBPA turn up?
---
Rich Matheisen
MCSE+I, Exchange MVP
--- Rich Matheisen MCSE+I, Exchange MVP
October 31st, 2012 10:40pm
Oh forgot it has been retired, still looking to see if it was replaced with something else.
In Exchange 2010, the Exchange Best Practice Analyzer examined your Exchange deployment and determined whether the configuration was in line with Microsoft best practices. In Exchange 2013, the Exchange Best Practice Analyzer has been retired.
Free Windows Admin Tool Kit Click here and download it now
October 31st, 2012 10:48pm
Do I have to create AutoDiscover.xml because I can't really find any information on how to set it up or create it.
November 1st, 2012 12:26am