exchange 2010 autodiscover dns record

[Ish]

Hi

Our out of office notifications don't work to external email addresses but work fine to internal. I have been told that it is a DNS problem and have been told to get a DNS A record created for autodiscover.*****.org and point it to the external IP of our SBS2011 server.

Is there anything else I have to do?

 

[Ish]

They use Outlook 2010 and regardless of whether they set external OOF via OWA or in Outlook if an external email address emails them, no OOF is sent.

I can't see any errors in the server DNS event logs.

 

[Ish]

This is what the connectivity test shows as even by adding the DNS A record for autodiscover.****.org it still doesn't work.

Is the problem the missing SRV record. Is this created on our SBS server or with our web host?

ExRCA is attempting to test Autodiscover for **@*****.org.

Testing Autodiscover failed.

Test Steps

Attempting each method of contacting the Autodiscover service.

The Autodiscover service couldn't be contacted successfully by any method.

Test Steps

Attempting to test potential Autodiscover URL https://*****.org/AutoDiscover/AutoDiscover.xml

Testing of this potential Autodiscover URL failed.

Test Steps

Attempting to resolve the host name *****.org in DNS.

The host name resolved successfully.

Additional Details

IP addresses returned: 212.46.***.**

Testing TCP port 443 on host *****.org to ensure it's listening and open.

The port was opened successfully.

Testing the SSL certificate to make sure it's valid.

The SSL certificate failed one or more certificate validation checks.

Test Steps

ExRCA is attempting to obtain the SSL certificate from remote server *****.org on port 443.

ExRCA successfully obtained the remote SSL certificate.

Additional Details

Remote Certificate Subject: E=[email protected], CN=plesk, OU=Plesk, O="Parallels, Inc.", L=Herndon, S=Virginia, C=US, Issuer: E=[email protected], CN=plesk, OU=Plesk, O="Parallels, Inc.", L=Herndon, S=Virginia, C=US.

Validating the certificate name.

Certificate name validation failed.

Additional Details

Host name *****.org doesn't match any name found on the server certificate E=[email protected], CN=plesk, OU=Plesk, O="Parallels, Inc.", L=Herndon, S=Virginia, C=US.

Attempting to test potential Autodiscover URL https://autodiscover.*****.org/AutoDiscover/AutoDiscover.xml

Testing of this potential Autodiscover URL failed.

Test Steps

Attempting to resolve the host name autodiscover.*****.org in DNS.

The host name resolved successfully.

Additional Details

IP addresses returned: 78.105.**.***

Testing TCP port 443 on host autodiscover.*****.org to ensure it's listening and open.

The port was opened successfully.

Testing the SSL certificate to make sure it's valid.

The SSL certificate failed one or more certificate validation checks.

Test Steps

ExRCA is attempting to obtain the SSL certificate from remote server autodiscover.*****.org on port 443.

ExRCA successfully obtained the remote SSL certificate.

Additional Details

Remote Certificate Subject: CN=webmail.*****.org, OU=*****, O=*****, L=*****, C=GB, Issuer: CN=DigiCert High Assurance CA-3, OU=www.digicert.com, O=DigiCert Inc, C=US.

Validating the certificate name.

Certificate name validation failed.

Additional Details

Host name autodiscover.*****.org doesn't match any name found on the server certificate CN=webmail.*****.org, OU=*****, O=*****, L=*****, C=GB.

Attempting to contact the Autodiscover service using the HTTP redirect method.

The attempt to contact Autodiscover using the HTTP Redirect method failed.

Test Steps

Attempting to resolve the host name autodiscover.*****.org in DNS.

The host name resolved successfully.

Additional Details

IP addresses returned: 78.105.**.***

Testing TCP port 80 on host autodiscover.*****.org to ensure it's listening and open.

The port was opened successfully.

ExRCA is checking the host autodiscover.*****.org for an HTTP redirect to the Autodiscover service.

The redirect (HTTP 301/302) response was received successfully.

Additional Details

Redirect URL: HTTPS://AUTODISCOVER.*****.ORG/AUTODISCOVER/AUTODISCOVER.XML

Attempting to test potential Autodiscover URL HTTPS://AUTODISCOVER.*****.ORG/AUTODISCOVER/AUTODISCOVER.XML

Testing of this potential Autodiscover URL failed.

Test Steps

Attempting to resolve the host name autodiscover.*****.org in DNS.

The host name resolved successfully.

Additional Details

IP addresses returned: 78.105.**.***

Testing TCP port 443 on host autodiscover.*****.org to ensure it's listening and open.

The port was opened successfully.

Testing the SSL certificate to make sure it's valid.

The SSL certificate failed one or more certificate validation checks.

Test Steps

ExRCA is attempting to obtain the SSL certificate from remote server autodiscover.*****.org on port 443.

ExRCA successfully obtained the remote SSL certificate.

Additional Details

Remote Certificate Subject: CN=webmail.*****.org, OU=*****, O=***** L=*****, C=GB, Issuer: CN=DigiCert High Assurance CA-3, OU=www.digicert.com, O=DigiCert Inc, C=US.

Validating the certificate name.

Certificate name validation failed.

Additional Details

Host name autodiscover.*****.org doesn't match any name found on the server certificate CN=webmail.*****.org,

Attempting to contact the Autodiscover service using the DNS SRV redirect method.

ExRCA failed to contact the Autodiscover service using the DNS SRV redirect method.

Test Steps

Attempting to locate SRV record _autodiscover._tcp.*****.org in DNS.

The Autodiscover SRV record wasn't found in DNS.

 

[Ish]

Thanks for having a go.

We have an IT support company who can't fix this problem and they actually provided our SSL certificate as well so I'm having to try and resolve this myself. I can't wait for our contract to end.

Is it true that if I get the SRV working properly then the certificate errors won't matter?

 

[Ish]

No you should have those already configured when you install Exchange, at least locally anyway. If you jump onto a client machine connected on the same network and use the Oulook autodiscover tester, does this come back OK?

Autodiscover should only be needed in public DNS if you aren't connecting locally, i.e. you are on the internet elsewhere.

Also advise checking my other recommendations, config of the remote domain, smart host config, message tracking etc.

Above poster is correct as well, your cert needs to have autodiscover.domain.com on it as well. However I would still question your need to even have external autodiscover if you don't need it.

I'll test this on site tomorrow and let you know.

We used to have SBS 2003 and this was migrated over to SBS 2011 and this is when OOF to external email addresses stopped working.

 

[Ish]

Potential barking up the wrong tree here...

Reading the OP, the problem is when users set OOO (either via Outlook or OWA - both work), messages don't go out to external e-mail addresses?

If so, from the Exchange Management Console, drill down into Organisation Configuration, then Hub Transport. Under "Remote Domains" you will probably have a single entry "Default". If you go into that, what is enabled for OOO? It might be set to "Allow None".

This is exactly the problems we are having.

i checked and the 3rd option is ticked which is allow external out-of-office............

How do I check message tracking and can you give me the menu paths as you did above.

To the person that mentioned smart hosts our smtp server only accepts emails coming from our email addresses with out domain *****.org

Thanks

 

[Ish]

I turned OOF on for my account for both internal/external emails and then sent a test email to myself from my yahoo account with the subject qwerty1.

I checked the message logs as suggested and there are no messages being sent out with qwerty1 in the subject.

I even searched for any messages going out with AUTOMATIC in the subject but there were none.

 

[Ish]

It was the outbound smtp service not acepting blank headers which caused the problem.