Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

active sync and autodiscover not working after exchange 2013 upgrade 1

Status
Not open for further replies.

mlbasso

MIS
Jan 20, 2004
45
US
Ive been working through the weekend to complete my Exchange 2013/2007 coexistence upgrade. I followed these instructions ( I first upgraded 2007 to CU13. I installed exchange 2013 CU9. I main problem at this time is active sync/autodiscover. I have not moved any 2007useres to 2013. 2007 users can successful send and receive mail via Outlook client and OWA. However, mobile devices do not connect. A work around is to change settings to legacy.domain.com instead of mail.domain.com. using remote connectivity analyser I get the following: (I place the significant portions in BOLD)

Attempting the Autodiscover and Exchange ActiveSync test (if requested).
Testing of Autodiscover for Exchange ActiveSync failed.

Test Steps

Attempting each method of contacting the Autodiscover service.
The Autodiscover service couldn't be contacted successfully by any method.

Test Steps

Attempting to test potential Autodiscover URL Testing of this potential Autodiscover URL failed.

Test Steps

Attempting to resolve the host name domain.com in DNS.
The host name resolved successfully.

Testing TCP port 443 on host domain.com to ensure it's listening and open.
The specified port is either blocked, not listening, or not producing the expected response.
Tell me more about this issue and how to resolve it

A network error occurred while communicating with the remote host.

Attempting to test potential Autodiscover URL Testing of this potential Autodiscover URL failed.

Test Steps

Attempting to resolve the host name autodiscover.domain.com in DNS.
The host name resolved successfully.

Additional Details

IP addresses returned: X.X.X.X

Testing TCP port 443 on host autodiscover.domain.com to ensure it's listening and open.
The port was opened successfully.

Testing the SSL certificate to make sure it's valid.
The certificate passed all validation requirements.

Test Steps

The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server autodiscover.domain.com on port 443.
The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.

Additional Details

Remote Certificate Subject: CN=mail.domain.com, OU=Domain Control Validated, Issuer: CN=Go Daddy Secure Certificate Authority - G2, OU= O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US.

Validating the certificate name.
The certificate name was validated successfully.

Additional Details

Host name autodiscover.domain.com was found in the Certificate Subject Alternative Name entry.

Certificate trust is being validated.
The certificate is trusted and all certificates are present in the chain.

Test Steps

The Microsoft Connectivity Analyzer is attempting to build certificate chains for certificate CN=mail.domain.com, OU=Domain Control Validated.
One or more certificate chains were constructed successfully.

Additional Details

A total of 2 chains were built. The highest quality chain ends in root certificate OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US.

Analyzing the certificate chains for compatibility problems with versions of Windows.
Potential compatibility problems were identified with some versions of Windows.

Additional Details

The Microsoft Connectivity Analyzer can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the "Update Root Certificates" feature isn't enabled.

Testing the certificate date to confirm the certificate is valid.
Date validation passed. The certificate hasn't expired.

Additional Details

The certificate is valid. NotBefore = 8/7/2015 10:37:38 PM, NotAfter = 3/10/2016 4:32:00 AM

Checking the IIS configuration for client certificate authentication.
Client certificate authentication wasn't detected.

Additional Details

Accept/Require Client Certificates isn't configured.

Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
Autodiscover settings weren't obtained when the Autodiscover POST request was sent.

Additional Details

Test Steps

The Microsoft Connectivity Analyzer is attempting to retrieve an XML Autodiscover response from URL for user me@domain.com.
The Microsoft Connectivity Analyzer failed to obtain an Autodiscover XML response.

Additional Details

An HTTP 500 response was returned from Unknown.
HTTP Response Headers:
request-id: f3644d3b-613e-43a1-b835-7191377d4891
X-CalculatedBETarget: exch2013.domain.com
X-DiagInfo: EXCH2013
X-BEServer: EXCH2013
Cache-Control: private
Content-Type: text/html; charset=utf-8
Set-Cookie: ClientId=FJVIVFPIURWYLXXJSUW; expires=Tue, 09-Aug-2016 13:39:49 GMT; path=/; HttpOnly,X-BackEndCookie=S-1-5-21-3970167411-3836497950-71674325-1164=u56Lnp2ejJqBx5zLyZ2encjSz8+aytLLxsqZ0p2byMzSyZueyM/Jy8nNzcmagYHNz87K0s/G0s/Gq87MxczGxcvG; expires=Wed, 09-Sep-2015 13:39:49 GMT; path=/Autodiscover; secure; HttpOnly
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
Persistent-Auth: true
X-Powered-By: ASP.NET
X-FEServer: EXCH2013
Date: Mon, 10 Aug 2015 13:39:49 GMT
Content-Length: 7062

Attempting to contact the Autodiscover service using the HTTP redirect method.
The attempt to contact Autodiscover using the HTTP Redirect method failed.


Additional Details

Test Steps

Attempting to resolve the host name autodiscover.domain.com in DNS.
The host name resolved successfully.

Additional Details

IP addresses returned: X.X.X.X

Testing TCP port 80 on host autodiscover.domain.com to ensure it's listening and open.
The port was opened successfully.

The Microsoft Connectivity Analyzer is checking the host autodiscover.domain.com for an HTTP redirect to the Autodiscover service.
The Microsoft Connectivity Analyzer failed to get an HTTP redirect response for Autodiscover.

Additional Details

An HTTP 401 Unauthorized response was received from the remote Unknown server. This is usually the result of an incorrect username or password. If you are attempting to log onto an Office 365 service, ensure you are using your full User Principal Name (UPN).
HTTP Response Headers:
request-id: 486dbd86-1b4a-484a-9921-c28f76103ca1
X-SOAP-Enabled: True
X-WSSecurity-Enabled: True
X-WSSecurity-For: None
X-OAuth-Enabled: True
Cache-Control: private
Set-Cookie: ClientId=GOMHIENKWTVLUOMSFDG; expires=Tue, 09-Aug-2016 13:39:49 GMT; path=/; HttpOnly
Server: Microsoft-IIS/8.5
Negotiate,NTLM,Basic realm="autodiscover.domain.com"
X-Powered-By: ASP.NET
X-FEServer: EXCH2013
Date: Mon, 10 Aug 2015 13:39:49 GMT
Content-Length: 0


Attempting to contact the Autodiscover service using the DNS SRV redirect method.
The Microsoft Connectivity Analyzer failed to contact the Autodiscover service using the DNS SRV redirect method.



Test Steps

Attempting to locate SRV record _autodiscover._tcp.domain.com in DNS.
The Autodiscover SRV record wasn't found in DNS.
Tell me more about this issue and how to resolve it

Additional Details

Checking if there is an autodiscover CNAME record in DNS for your domain 'domain.com' for Office 365.
Failed to validate autodiscover CNAME record in DNS. If your mailbox isn't in Office 365, you can ignore this warning.
Tell me more about this issue and how to resolve it

Additional Details

There is no Autodiscover CNAME record for your domain 'domain.com'.



Post #: 1




Featured Links*












Page: [1]

<< Older Topic Newer Topic >>



All Forums >> [Microsoft Exchange 2013] >> Mobility >> active sync and autodiscover not working after exchange 2013 upgrade Page: [1]


Jump to: Select a ForumAll Forums---------------------- [Microsoft Office 365] - - Exchange Online [Microsoft Exchange 2013] - - Installation - - General - - Management - - Outlook Web Access - - Mobility - - Migration - - Message Routing - - Secure Messaging - - Compliance - - High Availability - - Unified Messaging [Microsoft Exchange 2010] - - Installation - - General - - Management - - Outlook Web Access - - Mobility - - Migration - - Message Routing - - Secure Messaging - - Compliance - - High Availability - - Unified Messaging [Microsoft Exchange 2007] - - Installation - - General - - Management - - Outlook Web Access - - Mobility - - Migration - - Message Routing - - Secure Messaging - - Compliance - - High Availability - - Unified Messaging [Microsoft Exchange 2003] - - Installation - - General - - Server Security - - Outlook Web Access - - Message Routing - - Public Folders - - Information Stores - - Migration - - Exchange 2003 SBS [Microsoft Exchange 2000] - - Installation - - General - - Server Security - - Outlook Web Access - - Message Routing - - Public Folders - - Information Stores - - Migration [Microsoft Exchange 5.5] - - Installation - - General [Exchange Server Misc] - - 3rd Party Add-ons - - Tips & Tricks - - Certification [Site & Message Boards] - - Message Boards Comments and Suggestions - - Special MSExchange.org Offer






New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages

Locked w/ New Messages Locked w/o New Messages

Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts











Featured Links*


















Community Area



My Account | Log out







Anti Spam Section


Articles & Tutorials




















Authors
































Books


Hardware





Load Balancing


Message Boards


Migration Section


Services














Software













































































Tips & Tricks


Webinars


White Papers



Featured Products








Featured Book


Order today PacktPub.com


TechGenix Sites
ISAserver.orgThe No.1 Forefront TMG / UAG and ISA Server resource site. WindowSecurity.comNetwork Security & Information Security resource for IT administrators.WindowsNetworking.comWindows Server 2008 / 2003 & Windows 7 networking resource site.MSPAnswers.comResource site for Managed Service Providers.WServerNews.comThe largest Windows Server focused newsletter worldwide.VirtualizationAdmin.comThe essential Virtualization resource site for administrators.

Follow TechGenix on Twitter

Anti Spam
Articles
Authors
Blogs
Books
Free Tools
Hardware
Hosted Exchange
Links
Message Boards
Newsletter
Services
Software
Tips
Webinars
White Papers

About Us : Email us : Product Submission Form : Advertising Information
MSExchange.org is in no way affiliated with Microsoft Corp. *Links are sponsored by advertisers.

Copyright © 2014 TechGenix Ltd. All rights reserved. Please read our Privacy Policy and Terms & Conditions.

Forum Software © ASPPlayground.NET Advanced Edition
 
Are both servers published to the world on different public IP addresses? Which one is autodiscover.domain.com pointed at?

Did you publish the legacy.domain.com A-record in the public DNS already?

If you are going to do coexistence and not migrate all the users at the same time, you'll want to do the whole legacy.domain.com route. If you wanted to cut over everyone at once, you could do a mailbox move with Autosuspend upon Completion selected and then do the whole cutover in 2-3 hours at a certain time and cut over all relevant DNS records when you do that. I usually go that route.

Dave Shackelford
ThirdTier.net
 
Also, it's a known problem that any user who has *ever* been a member of an administrative group in the past will not be able to provision ActiveSync when connecting to the Exchange 2010/2013 server. The fix is in this article:


Basically, any current admin won't be able to get ActiveSync provisioned, but former admins can be fixed by re-enabling inherited permissions on the user account.

Dave Shackelford
ThirdTier.net
 
I opened a ticket with Microsoft:

Problem: OWA fails when new 2013 user accounts attempt to log on

Fix 1: %systemroot%\Program Files\Microsoft\Exchange Server\V15\ClientAccess\SharedWebConfig.config was missing. The tech created an empty file and copied the contents from the same file from his lab environment

Fix 2: In IIS on the 2013 server, he removed the HTTP Redirect from the Exchange Back End site

Problem: both 2007 users and 2013 users cannot get email on their mobile devices due to autodiscover and active-sync issues

Fix:
•With Fix 1 and 2 being already applied, ExRCA now only produced a 403 error on Active-Sync.In
•IIS on Exchange 2013 server, the 2 binding for 127.0.0.1 were missing. One for port 80 and the other for port 443. Be sure to apply the 3rd party certificate for mail.mydomain.com to 443
•On 2007 Exchange CAS server, in Exchange Management Console, removed the external URL from Microsoft-Server-ActiveSync found in Server Configuration - Client Access - Exchange ActiveSync
•On 2007 Exchange CAS Server Enabled Windows Authentication on Active Sync via:

Get-ActiveSyncVirtualDirectory -Server exchcas01 | Set-ActiveSyncVirtualDirectory -WindowsAuthEnabled $true
 
Thanks for posting a follow-up. Very strange: did the M$ tech give you any idea of how this situation came about?

Dave Shackelford
ThirdTier.net
 
Yes...sort of. He asked if I received any failures during the installation, which I did. We have an empty root domain which holds the Enterprise Admin. During the install it failed with a permission error (a couple of times) so I started it up again using an Enterprise admin account and then again using the local domain admin account. Sorry I can't be more specific. So maybe that is when the file failed to be installed. I believe all the other setting were wrong because I kept making changes before I called Microsoft and learned that file was missing.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top