A customer cannot perform automatic configuration of Outlook profile for their Exchange mailbox hosted on POA-managed installation using Autodiscover service.
Refer to the Knowledgebase article #115940 ‘Autodiscover service implementation in POA Hosted Exchange module’ for specific features of Autodiscover service in POA environment.
Use the steps below to troubleshoot the problems with the Autodiscover service:
- Check Exchange mailbox properties
- Make sure DNS is configured properly
- Use the Microsoft Remote Connectivity Analyzer
- Use Outlook built-in 'Test E-mail AutoConfiguration' feature
- Check firewall settings
- Check IIS websites on CAS server(s)
- Use the Exchange Management Shell cmdlets
Make sure in Customer Control Panel that mailbox has Outlook access:
Autodiscover service is not going to work for mailboxes without Outlook access configured.
POA uses HTTP redirect for Autodiscover service. If a customer has Exchange mail hosting enabled on their domain POA creates special DNS record ‘autodiscover’ in customer’s domain zone which is a CNAME for autodiscover-redirect.<branded Autodiscover domain> and then this record is used to detect address of Client Access Server to be used for Outlook autoconfiguration. The <branded Autodiscover domain> is the branding domain of a customer's brand.
2.1. Make sure that customer’s domain zone contains the ‘autodiscover’ record, use the dig, nslookup utilities, e.g.:
# nslookup autodiscover.customer.com autodiscover.customer.com canonical name = autodiscover-redirect.provider.com. Name: autodiscover-redirect.provider.com Address: 10.10.10.101
Note: replace the customer.com domain everywhere in the article with the actual domain a customer experiences problem with, the domain which customer used to create Exchange mailbox.
If customer's domain does not have the 'autodiscover' CNAME record - try to add it manually.
2.2. If DNS service for a customer domain is hosted in POA (i.e. authoritative nameservers which hold domain zone are managed by POA) then check that the ‘autodiscover’ record is present in the customer’s domain zone in POA Provider or Customer Control Panel:
2.3. Make sure that hostname autodiscover-redirect.<branded Autodiscover domain> (autodiscover-redirect.provider.com in the example above) resolves to the correct IP address of the CAS server or CAS NLB cluster in Exchange installation.
2.4. Try to open URL like this in browser: http://autodiscover.<customer domain>/autodiscover/autodiscover.xml (replace <customer domain> with the actual customer's domain in question).
You should see ‘600 Invalid Request’ error message. If you do not see this error message it means that ‘autodiscover’ DNS record in customer’s domain points to the wrong target host, correct the problem with DNS in customer's domain or in the domain of customer's brand - make sure that autodiscover-redirect.<branded Autodiscover domain> point to the correct IP address.
2.5. Try to open URL like https://autodiscover.<customer domain>/autodiscover/autodiscover.xml in browser and authenticate using customer’s login and password.
After successful authentication you should see the same ‘600 Invalid Request’ error message as in the previous point.
If you do not see this error message it means that ‘autodiscover’ DNS record in customer’s domain points to the wrong target host, correct the problem with DNS in customer's domain or in the domain of customer's brand - make sure that autodiscover-redirect.<branded Autodiscover domain> point to the correct IP address.
If you cannot authenticate using customer’s login and password – try to change password for the service user of the problem Exchange mailbox in POA Customer Control Panel. Make sure that the background task ‘Set properties for AD entity '<username>' of type 'UserAccount'’ was successfully processed in POA Task Manager. After that try to authenticate again.
If you still cannot authenticate log into CAS (Client Access Server) and analyze errors in the Windows Event Viewer.
2.6 How to check that Autodiscover redirect works correctly: use e.g. the curl utility to check that redirect works correctly:
curl --verbose http://autodiscover.customer.org/autodiscover/autodiscover.xml * About to connect() to autodiscover.customer.org port 80 (#0) * Trying 10.39.83.23... connected * Connected to autodiscover.customer.org (10.39.83.23) port 80 (#0) > GET /autodiscover/autodiscover.xml HTTP/1.1 > User-Agent: curl/7.21.4 (i386-pc-win32) libcurl/7.21.4 OpenSSL/0.9.8h zlib/1.2.5 > Host: autodiscover.customer.org > Accept: */* > < HTTP/1.1 302 Found < Cache-Control: private < Content-Length: 182 < Content-Type: text/html; charset=utf-8 < Location: https://autodiscover.provider.com/AutodiscoverProxy/Autodiscover.xml < Server: Microsoft-IIS/7.5 < X-AspNet-Version: 2.0.50727 < X-Powered-By: ASP.NET < Date: Thu, 30 May 2013 00:02:11 GMT < <html><head><title>Object moved</title></head><body> <h2>Object moved to <a href="https://autodiscover.provider.com/AutodiscoverProxy/Autodiscover.xml">here</a>.</h2> </body></html> * Connection #0 to host autodiscover.customer.org left intact * Closing connection #0`
As we can see in the example above IIS server replied with HTTP 302 (Object moved) response - this means that Autodiscover-redirect website correctly redirected request to the Autodiscover proxy server.
Use the Microsoft Remote Connectivity Analyzer (a.k.a. ExRCA) available by the URL https://www.testexchangeconnectivity.com/ to troubleshoot Outlook connectivity issues.
Open the URL provided above, select the Outlook Autodiscover test and click Next:
On the next screen enter email address to check, user name and password and click Perform test:
The tool will check all possible ways to connect to Exchange mailbox, report found problem and suggest ways to resolve them.
Note: ignore the following error message shown by the Remote Connectivity Analyzer:
The URL specified in the location HTTP header was in an unexpected format. The expected path should be /Autodiscover/Autodiscover.xml; Received: https://exchange.provider.com/AutodiscoverProxy/Autodiscover.xml
Refer to the Knowledgebase article https://kb.cloudblue.com/en/115473 for more details about the problem above.
Use the Outlook built-in autoconfiguration checking tool:
- Run Outlook
- Hold Ctrl button on keyboard and right-click on the Outlook icon in the Windows system tray
Select ‘Test E-mail AutoConfiguration…’ from the list
- Enter email address and password in the appeared window
- Leave only Use AutoDiscover checkbox checked
- Click Test and analyze logs
Check firewall settings for CAS servers to make sure that required ports are open:
Exchange 2003 - http://download.pa.parallels.com/poa/5.4/doc/63248.htm
Exchange 2007 - http://download.pa.parallels.com/poa/5.4/doc/63257.htm
Exchange 2010 - http://download.pa.parallels.com/poa/5.4/doc/65386.htm
Note: HTTPS access must be disabled in firewall for IP address of Autodiscover redirect website.
Advice: use telnet, curl utilities to check if required ports are open on servers, e.g.:
telnet CAS_PUBLIC_IP 80 telnet CAS_PUBLIC_IP 443
If Microsoft Remote Connectivity Analyzer and Outlook Test E-mail AutoConfiguration feature report issue with connectivity to Autodiscover services make sure that IIS websites are up and running on CAS servers:
- Default Web Site
Make sure that public IP address used for the Autodiscover-redirect website does not have HTTPS binding, use IIS Manager on CAS servers to check that.
Enable request tracer in IIS Manager for the 'Default Web Site' and 'AutodiscoverRedirectSite' websites and analyze logs: IIS Manager > Sites > choose site > Configure > Failed Requests Tracing.
Try to re-run Outlook and use the 'Test E-mail AutoConfiguration' feature after that.
Use the Test-OutlookConnectivity, Test-OutlookWebServices cmdlets in the Exchange Management Shell on Exchange CAS server(s) to find possible problems with the Autodiscover service.
- Use alternative ways to configure Outlook provided in the Knowledgebase article #113220.