I'm at a loss on this one. I ran the Microsoft Remote Connectivity Analyzer for Outlook Autodiscover on our Exchange Server 2010 SP1, and it says: "ExRCA wasn't able to obtain the remote SSL certificate. Additional Details The certificate couldn't be validated because SSL negotiation wasn't successful. This could have occurred as a result of a network error or because of a problem with the certificate installation." If I go into Outlook's Test Email AutoConfiguration, I get the following failure: "Autodiscover to https://domain.com/autodiscover/autodiscover.xml Failed Autodiscover to https://autodiscover.domain.com/autodiscover/autodiscover.xml starting GetLastError=0, httpStatus=200 Autodiscover to https://autodiscover.domain.com/autodiscover/autodiscover.xml Succeeded" OWA does work. Any help would be appreciated. Michael

I'm at a loss on this one. I ran the Microsoft Remote Connectivity Analyzer for Outlook Autodiscover on our Exchange Server 2010 SP1, and it says: "ExRCA wasn't able to obtain the remote SSL certificate. Additional Details The certificate couldn't be validated because SSL negotiation wasn't successful. This could have occurred as a result of a network error or because of a problem with the certificate installation." Michael Are you using a self-signed certificate, or a certificate issued by an internal CA? If that is the case, then the error is expected. What can you tell us about your certificate? I would also help if you posted the output from EXRCA.Martina Miskovic

I'm at a loss on this one. I ran the Microsoft Remote Connectivity Analyzer for Outlook Autodiscover on our Exchange Server 2010 SP1, and it says: "ExRCA wasn't able to obtain the remote SSL certificate. Additional Details The certificate couldn't be validated because SSL negotiation wasn't successful. This could have occurred as a result of a network error or because of a problem with the certificate installation." Michael Are you using a self-signed certificate, or a certificate issued by an internal CA? If that is the case, then the error is expected. What can you tell us about your certificate? I would also help if you posted the output from EXRCA.Martina Miskovic

Hi Martina, Thank you for your response. We are using a UCC SAN SSL Certificate from Go Daddy. Below are the results from Exrca: --------------------------------------------------------- ExRCA is attempting to test Autodiscover for email@yourdomain.com. Autodiscover was tested successfully. Test Steps Attempting each method of contacting the Autodiscover service. The Autodiscover service was tested successfully. Test Steps Attempting to test potential Autodiscover URL https://yourdomain.com/AutoDiscover/AutoDiscover.xml Testing of this potential Autodiscover URL failed. Test Steps Attempting to resolve the host name yourdomain.com in DNS. The host name resolved successfully. Additional Details Testing TCP port 443 on host yourdomain.com to ensure it's listening and open. The port was opened successfully. Testing the SSL certificate to make sure it's valid. The SSL certificate failed one or more certificate validation checks. Test Steps ExRCA is attempting to obtain the SSL certificate from remote server yourdomain.com on port 443. ExRCA wasn't able to obtain the remote SSL certificate. Additional Details Attempting to test potential Autodiscover URL https://autodiscover.yourdomain.com/AutoDiscover/AutoDiscover.xml Testing of the Autodiscover URL was successful. Test Steps Attempting to resolve the host name autodiscover.yourdomain.com in DNS. The host name resolved successfully. Additional Details Testing TCP port 443 on host autodiscover.yourdomain.com to ensure it's listening and open. The port was opened successfully. Testing the SSL certificate to make sure it's valid. The certificate passed all validation requirements. Test Steps Checking the IIS configuration for client certificate authentication. Client certificate authentication wasn't detected. Additional Details Attempting to send an Autodiscover POST request to potential Autodiscover URLs. ExRCA successfully retrieved Autodiscover settings by sending an Autodiscover POST. Test Steps ----------------------------------------------- Michael

Hi Martina, Thank you for your response. We are using a UCC SAN SSL Certificate from Go Daddy. Below are the results from Exrca: --------------------------------------------------------- ExRCA is attempting to test Autodiscover for it@benrichservice.com. Autodiscover was tested successfully. Test Steps Attempting each method of contacting the Autodiscover service. The Autodiscover service was tested successfully. Test Steps Attempting to test potential Autodiscover URL https://benrichservice.com/AutoDiscover/AutoDiscover.xml Testing of this potential Autodiscover URL failed. Test Steps Attempting to resolve the host name benrichservice.com in DNS. The host name resolved successfully. Additional Details Testing TCP port 443 on host benrichservice.com to ensure it's listening and open. The port was opened successfully. Testing the SSL certificate to make sure it's valid. The SSL certificate failed one or more certificate validation checks. Test Steps ExRCA is attempting to obtain the SSL certificate from remote server benrichservice.com on port 443. ExRCA wasn't able to obtain the remote SSL certificate. Additional Details Attempting to test potential Autodiscover URL https://autodiscover.benrichservice.com/AutoDiscover/AutoDiscover.xml Testing of the Autodiscover URL was successful. Test Steps Attempting to resolve the host name autodiscover.benrichservice.com in DNS. The host name resolved successfully. Additional Details Testing TCP port 443 on host autodiscover.benrichservice.com to ensure it's listening and open. The port was opened successfully. Testing the SSL certificate to make sure it's valid. The certificate passed all validation requirements. Test Steps Checking the IIS configuration for client certificate authentication. Client certificate authentication wasn't detected. Additional Details Attempting to send an Autodiscover POST request to potential Autodiscover URLs. ExRCA successfully retrieved Autodiscover settings by sending an Autodiscover POST. Test Steps ----------------------------------------------- Michael

Hi, I can't see anything wrong in the EXCRA report you posted. Autodiscover URL autodisocover.yourdomain.com was tested successfully. Is everything working for you now? I can't see the first error your posted so... Martina Miskovic

Hi, I can't see anything wrong in the EXCRA report you posted. Autodiscover URL autodisocover.benrichservice.com was tested successfully. Is everything working for you now? I can't see the first error your posted so...Martina Miskovic

Hi, I can't see anything wrong in the EXCRA report you posted. Is everything working for you now? I can't see the first error your posted so... Martina Miskovic No, still not working. Also can you do me a favor, and remove the domain from your prior post. I was very tired and unintentionally included it. Thanks. I would PM you but this system does not appear to have such a feature. Michael

That output looks fine. What isn't working exactly? You mentioned OWA is working, is outlook anywhere not working or autodiscover not working, not able to see freebusy or set oof etc.James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com

No, still not working. Michael Yes, we need to get more information cause the output looks like it should and I didn't see anything wrong in your certificate when I checked. Btw, I have removed your domain name from my previous post.Martina Miskovic

Thanks, Martina. What sort of information can I provide you? Maritina and James, right now everything is working except Autodiscover. Both the Microsoft Ceonnection Analyzer, and the Outlook connection tests failed. The SSL certificate works for OWA, but perhaps it is not setup properly for autodiscover. Michael

Per the results autodiscover is coming back sucessfully, unless you have a defunct cas in the array possibly. When you say autodiscover is not working, is it not working internally, externally or both? Outlook connection tests fail? Do you mean when you create a new outlook profile and use autodisocover to provision the account? You may not be running into an autodiscover issue but some other issue. James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com

You must configure a valid SSL certificate from a CA that the client computer trusts. We recommend that you use the Exchange 2010 Certificate wizard to configure a valid SSL certificate. And you should configure the firewall for the address space and configure the SSL certificate for the Autodiscover service.Noya Lau TechNet Community Support