3

Recently I've set up Exchange Server 2016, configured external DNS accrodingly. Server itself works fine, can send and receive emails. OWA is working fine aswell (externally and internally).

Issue is that Autodiscover is not working properly. I can open it externally via https://example.com/autodiscover/autodiscover.xml (it prompts for user and password), but cant set up an account automatically in Outlook. Outlook prompts for server address and domain credentials. I have no problem typing those, but I need to solve this issue due users.

When testing Autodiscover in Microsoft Connectivity Analyzer it reports no errors whatsoever.

Jon
  • 167
  • 4
  • 15
  • Are you using the same account e-mail address and password in the connectivity analyzer that you are trying to autodiscover in Outlook? – Todd Wilcox Nov 10 '17 at 14:21
  • Yes, made an additional email box from who made those tests. – Jon Nov 10 '17 at 17:17

3 Answers3

1

There are two ways you can set up Exchange's Autodiscover service, assuming a SMTP domain called "example.com":

In both cases, the name should resolve to your Exchange server(s) both from your internal network and from the outside (usually via a reverse proxy and/or firewall); if you have more than one Exchange server, a load balancer should be placed in front of them and configuration should be modified accordingly; also, the certificate used for Exchange web services (be it on the server(s) or on the load balancer / reverse proxy) should contain as a SAN the name you are using for the service.

It seems like your external publishing of the service is ok, otherwise the Remote Connectivity Analyzer would fail; but what about your internal network?

Are you using the same name ("example.com") for both your SMTP domain and your Active Directory domain? If this is the case, the FQDN of the domain will automatically point to your domain controllers in the internal DNS, thus it can't point to your Exchange server(s).

If instead "example.com" is a different domain from your AD one, are you using split-DNS (i.e. do you have an internal DNS zone with the same name)? And in this case, did you make the FQDN of the domain point to your Exchange server(s) from inside your network, too?

TL;DR: make sure "example.com" points to your Exchange server(s) both when resolved in the internal network and when resolved outside it; if this is not feasible, switch to a specific name ("autodiscover.example.com") instead of using the FQDN of the domain; and in that case, make sure the certificate used by Exchange web services contains the appropriate SAN.

Massimo
  • 68,714
  • 56
  • 196
  • 319
0

Are you setting up the clients externally or internally (and do both fail)? Can you scrub & post output of:

Get-OutlookProvider 
Get-OutlookAnywhere
Get-ClientAccessServer

Most of the time I see problems with those values.

AutodiscoverServiceInternalUri. InternalHostName & ExternalHostName.

Requiring SSL? Authentication method? Assume you have a CA generated certificate installed and it's trusted by clients (some CA's require the Intermediate cert installed too).

Finny
  • 1
  • 3
0

Do Outlook works after enter the server name (it's the Exchange GUID for user mailbox normally) and mailbox credential? Does internal Outlook client working fine with autodiscover?

I suppose the autodiscover works (get error 600 when browser autodiscover URL) and has valid certificate for autodiscover.

As we known, the MAPI over HTTP will enabled by default in Exchange 2016. Thus, run "Get-MapiVirtualDirectory" to view the URL and authentication settings of it. Also, check the settings of Outlook provider, Outlook Anywhere as Finny mentioned above. Ensure those FQDNs are valid by DNS resolution.

Jianfei Wang
  • 387
  • 1
  • 4