RSS

AutoDiscover Troubleshooting

14 Dec

AutoDiscover Troubleshooting- Default authentication for Exchange VDir’s aka Virtual directories on CAS and Mailbox role

 

With AutoDiscover is highlight in E2K7 and E2010, we know how important is to understand and troubleshoot this feature.

Test E-mail AutoConfiguration is an inbuilt tool in Outlook which lets you know whether AutoDiscover is working as expected from a client machine.

Internal Clients – Outlook looks for SCP (Service connection point) in AD which contains the URL for the Autodiscover residing on the CAS server’s IIS and outlook ultimately establishes a connection with the CAS Server.

Internal AutoDiscover URL looks like – https://mydomain/autodiscover/autodiscover.xml

External Clients – In this case, outlook is not in the domain and would be utilizing RPC-HTTP and Outlook so uses DNS to resolve the external AutoDiscover URL specified for your organization.

External AutoDiscover URL looks like – https://autodiscover.mydomain/autodiscover/autodiscover.xml

If you are looking at this article before setting up Autodiscover URL’s, it is recommended to have it setup this way.

To get details on Autodiscover VDir, type this cmdlet:

Get-AutodiscoverVirtualDirectory |FL

Now, to run Test E-mail AutoConfiguration, the pre-requisite is that your mailbox should be on an E2K7/E2010 server for which you think AutoDiscover has encountered an issue. E2K3 users do not use this service.

Now press the CTRL button on the key-board and right-click the Outlook icon in the System tray.

You will now see a pop-up screen with your email address. Only check the box which says “Use Autodiscover” and click Test.

Once the test completes, you should not see any errors.

Now, if you have clients complaining AutoDiscover works internally and not externally, the best way to start troubleshooting is to go to www.testexchangeconnectivity.com and perform an AutoDiscover test there.

Now, if it is not working internally or externally the first action should be to mandatorily check the Authentication’s for Exchange virtual directories on your CAS servers. Now, if you ask me as to what changes it – it could be a patch which was recently installed/human error/something which I dont know. Please be sure to check these on all your CAS servers individually if it is a set of clients complaining of having this issue.

I have made a checklist of the authentication types for Exchange VDir’s on the CAS and Mailbox roles for Exchange 2007 and 2010 servers.

We begin with the default settings on a CAS, followed by the settings on a Mailbox server for both E2K7 and E2010 and the setting bear no changes with Service pack upgrades.

Exchange 2007 CAS Role
VDir Authentication SSL Management done through
Default Web Site Anonymous Yes IIS and HTTP Keep Alive should be on
/Owa Basic Yes EMC/Powershell
/Exchange Basic Yes EMC/Powershell
/Public Basic Yes EMC/Powershell
/Exchweb Basic Yes EMC/Powershell
/Oab Integrated No EMC/Powershell
/Autodiscover Basic and Integrated Yes Powershell
/Ews Integrated Yes Powershell
/UnifiedMessaging Integrated Yes Powershell 
/Microsoft-Server-Activesync Basic Yes EMC/Powershell
/Rpc Basic and Integrated Yes  

 

Exchange 2007 Mailbox Role
VDir Authentication SSL Management done through
Default Web Site Anonymous No  IIS
/Exadmin Basic and Integrated No  IIS
/Exchange Basic and Integrated No EMC
/Public Basic and Integrated No EMC

 

Exchange 2010 CAS Role
VDir Authentication SSL Management performed through
Default Web Site Anonymous Yes IIS
aspnet_client Anonymous Yes IIS
Autodiscover Anonymous / Basic / Windows Authentication Yes Powershell
ECP Anonymous / Basic Yes EMC or Powershell
EWS Anonymous / Windows Authentication Yes Powershell
Microsoft-Server-ActiveSync Basic Yes EMC or Powershell
OWA Basic Yes EMC or Powershell
Powershell Anonymous No EMC or Powershell
RPC Basic / Windows Authentication Yes Powershell
RpcWithCert Everything Disabled Yes (128 encryption not enabled) N/A
OAB Windows Authentication No EMC or Powershell

 

Exchange 2010 Mailbox Role
VDir Authentication SSL Management done through
Default Web Site Anonymous Yes IIS
PowerShell Anonymous No Powershell

These are the Powershell CMDlet’s to edit settings for the ones only with Shell:

Set-AutoDiscoverVirtualDirectory

Set-WebServicesVirtualDirectory

Set-PowershellVirtualDirectory

Set-OutlookAnywhere (RPC VDir)

Once you confirm these entire Authentications are displayed properly, next step is to do:

Test-OutlookWebServices and ensure you get an error free output.

To re-create your Autodiscover VDir, follow this:

   1. Take a backup of IIS 

                    ##As simple as a right click backup in IIS 6

                    ##To backup IIS 7, you need to follow this:

                             To add a backup, run this command:

                             %windir%\system32\inetsrv\appcmd.exe add backup ” IISbkp_Date ”

                            To restore a backup, run this command:

                             %windir%\system32\inetsrv\appcmd.exe restore backup ” IISbkp_Date ”

                             To delete a backup, run this command:

                             %windir%\system32\inetsrv\appcmd.exe delete backup ” IISbkp_Date ”

                              To list all backup’s, run this command:

                             %windir%\system32\inetsrv\appcmd.exe list backup

   2. Remove-AutodiscoverVirtualDirectory –Identity “CAS-servername\Autodiscover (Default Web Site)” 

   3. New-AutodiscoverVirtualDirectory -WebsiteName “Default Web Site” -WindowsAuthentication $true -BasicAuthentication $true

   4. Perform an IISReset

These are the basic troubleshooting for if AutoDiscover stops functioning. Understanding the concepts are extremely important as they drive resolution further.

http://msexchangeguru.com/2010/10/05/autodiscover/ 

Advertisements
 
Leave a comment

Posted by on December 14, 2010 in Exchange

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s

 
%d bloggers like this: