Tip

How to troubleshoot Exchange Autodiscover service issues

The Exchange Autodiscover service automates the configuration process for Outlook clients and certain mobile operating systems that connect to Exchange 2007 and Exchange 2010. While the Autodiscover service

    Requires Free Membership to View

isn’t something you normally have to worry about, problems do creep in. When they do, it’s important you know how to troubleshoot them.

The Autodiscover service runs on your client access server (CAS), from which Outlook automatically acquires Exchange configuration information. To retrieve that info, Outlook opens the following XML file:

https://<your domain>.com/autodiscover/autodiscover.xml

If you need to troubleshoot the Autodiscover service, the first thing you should do is to open the aforementioned URL in a Web browser from a computer on your corporate network. When you do, remember that Microsoft Outlook automatically passes account credentials to the CAS; Internet Explorer does not.

Therefore, you will most likely be prompted for your credentials; this is normal and does not indicate a problem. The Autodiscover.xml file should resemble the one shown in Figure 1.

Figure 1. First, see if you can access Exchange’s Autodiscover.xml file.

If the .xml file opens, your CAS is working properly and you should move forward with the troubleshooting advice outlined below. If the .xml file does not open, try substituting the CAS’s IP address in place of the domain name. If the file opens, you probably have a Domain Name System (DNS) issue. I will also discuss the proper DNS configuration later in this tip.

Using the Remote Connectivity Analyzer
After confirming that your CAS is hosting the Autodiscover.xml file, the next step is to utilize the Remote Connectivity Analyzer. The Remote Connectivity Analyzer is a Web app that verifies connectivity to your Exchange Server organization.

After launching the Remote Connectivity Analyzer, select the Exchange Server tab, then the Outlook Autodiscover option (Figure 2).

Figure 2. The Remote Connectivity Analyzer will help diagnose Autodiscover problems.

Click Next and you’ll be prompted to enter an email address and set of account credentials. I highly recommend selecting the Ignore Trust for SSL option. If you don’t, the test can fail because Microsoft does not recognize the certificate authority (CA) that issued your CAS’s SSL certificate.

In my example, my tests failed because I do not expose my Autodiscover service (Figure 3). That said, you can still see that the tests were based on attempts to download the Autodiscover.xml file.

Figure 3. The Remote Connectivity Analyzer made several attempts to contact the Autodiscover service.

Repairing Exchange Autodiscover: Checking firewalls, certificates and DNS
If you can’t access the Autodiscover service, the next step is to check firewall settings. HTTPS provides Autodiscover access, so make certain that port number 443 is open on your CAS’s firewall, as well as all other firewalls between the Outlook client and your CAS.

You should also check to make sure the CAS’s SSL certificate is valid and the certificate authority that issued the certificate is trusted by the end users’ computers. The CAS uses a self-signed certificate by default. While this certificate is adequate for Autodiscover to work properly on your corporate network, you should use a Subject Alternate Name (SAN) certificate from a trusted commercial certificate authority If you plan on providing Autodiscover services to external clients.

As you saw in Figure 3, there are two URLs that Outlook checks when it attempts to download the Autodiscover configuration file:

<your domain>/autodiscover/autodiscover.xml

Autodiscover.<your domain>/autodiscover/autodiscover.xml

Either URL should work fine, but Microsoft recommends creating a Host (A) record to your DNS for autodiscover.<your domain>. For example, if you want to create an Autodiscover record for the Contoso.com domain, you can create a Host record that associates the CAS’s IP address with autodiscover.contoso.com. If you create the record on an external DNS server, it can take up to 48 hours for the DNS record to propagate.

Earlier I noted that your CAS should use a SAN certificate. A SAN certificate allows you to associate multiple subject alternate names with a single certificate. The autodiscover.<your domain> name should be included in the certificate so that connections to autodiscover.<your domain> can be SSL-encrypted.

After you’ve properly configured both the DNS record and SSL certificate, try opening https://autodiscover.<your domain>/autodiscover/autodiscover.xml in a Web browser. If the certificate, firewall and DNS record are configured properly, you should have no trouble accessing the XML file.

ABOUT THE AUTHOR:
Brien Posey is an eight-time Microsoft MVP with two decades of IT experience. Before becoming a freelance technical writer, Brien worked as a CIO at a national chain of hospitals and health care facilities. He has also served as a network administrator for some of the nation’s largest insurance companies and for the Department of Defense at Fort Knox.

This was first published in June 2012

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.