Autodiscover Looping Fixed
We have already talked a lot about auto discover which is an evolution for the auto configuration of outlook, ActiveSync and other mobile devices. In this blog I am sharing a common mistake which I found at my customer location. This is very much possible in an environment where we don’t have dedicated Messaging systems administrators, lack of training and un professional design done by a cheap solution provider.
What is Autodiscover?
Autodiscover is a service which provides Autodiscover.xml (a file with the urls of the Exchange services) to the client so that client can connect to the respective services.
Microsoft’s Explanation
https://technet.microsoft.com/en-us/library/bb332063(v=exchg.80).aspx
https://msdn.microsoft.com/en-us/library/office/jj900169(v=exchg.150).aspx
Previous Blogs:
Let me share the previous posts which I will not repeat here.
https://msexchangeguru.com/2010/10/05/autodiscover/
https://msexchangeguru.com/2015/08/18/exchange-upnautodiscover/
https://msexchangeguru.com/2015/10/02/error-code10/
https://msexchangeguru.com/2015/12/14/suppress-autodiscover-popup/
Autodiscover lookups:
In a big picture Autodiscover look for the following 4 options to get the Autodiscover.xml file to get the urls of all of the exchange services:
1. URL https://emaildomain:443/Autodiscover/Autodiscover.xml
2. URL https://autodiscover.emaildomain:443/Autodiscover/Autodiscover.xml
3. Attempting to contact the Autodiscover service using the HTTP redirect method – Port 80
4. Attempting to contact the Autodiscover service using the DNS SRV redirect method means locate SRV record _Autodiscover._tcp.emaildomain in DNS
New Addition is number 5
5. Checking if there is an Autodiscover CNAME record in DNS for your domain ’emaildomain’ for Office 365
SCP Role:
If you have read the 1st blog here, then you know that Outlook client will use SCP (Service Connection Point) when you are in office and part of the domain.
This means when we deploy Exchange in a coexistence then both the version of Exchange should provide the same Autodiscover else your outlook with query the SCP in the following way:
- Local SCP
- Oldest Created SCP
How to query the SCP will be your question?
You can run a query in Adsiedit.msc like this but you will have to check serviceBindingInformation and Whencreated for every SCP.
Or
Run the below mentioned command in the powershell
Import-module ActiveDirectory
Get-ADObject -LDAPFilter ‘(&(objectClass=serviceConnectionPoint)(|(keywords=67661d7F-8FC4-4fa7-BFAC-E1D7794C1F68)(keywords=77378F46-2C66-4aa9-A6A6-3E7A48B19596)))’ -SearchScope Subtree -SearchBase ‘CN=Configuration,DC=humed,DC=com’ | Get-ADObject -Properties WhenCreated,ServiceBindingInformation,Keywords | ft Name,WhenCreated,ServiceBindingInformation,Keywords –Autosize
Or
Download the same script from Microsoft Gallery here. https://gallery.technet.microsoft.com/Service-Connection-Point-423f70fb
Output will be like this
So Attribute will map with the attributes mentioned below:
Name = Exchange Server which has this SCP record
Keywords=ADSite to check the local SCP
WhenCreated=creation date
ServiceBindingInformation=AutoDiscoverURL
Microsoft Guidance on Exporting AutoDiscover info
https://msdn.microsoft.com/en-us/library/office/dn467397(v=exchg.150).aspx
https://msdn.microsoft.com/en-us/library/office/dn467395(v=exchg.150).aspx
Important point to understand in a coexistence or if you have 2 different Autodiscover urls:
If you have 2 different urls for the Autodiscoverinternalserviceuri on 2 different CAS servers then AD will first look for the local (Same AD site as outlook) SCP Autodiscover url. If both url belongs to the local AD site, then AD will use the oldest SCP which will use the WhenCreated Attribute.
Because of this reason we should configure same autodiscover url for autodiscoverinternalserviceuri on all CAS servers which should be https://Autodiscover.domain.com/autodiscover/autodiscover.xml, else your AD will use the old CAS servers SCP and continue to give wrong autodiscover.xml file.
The highest Exchange version CAS should hit first to get the autodiscover.xml file which is the rule for coexistence.
Another Issue Fixed:
Now my customer had Autodiscover cname record which we switch to Exchange 2016 outlook was connecting but we were getting the below popup.
Security and Redirection Popups:
“Your account was redirected to this website for settings. You should only allow settings from sources you know and trust.”
Look at those security popups, we got the popup from IP address and even in the Autodiscover url with IP address.
So we researched and found that the DNS had a _Autodiscover SRV record and this was looping and stopping the proxy.
We went ahead and deleted the SRV record and these popups stopped coming.
Microsoft MVP | Exchange Server
Team@MSExchangeGuru
April 17th, 2016 at 3:34 pm
[…] · Autodiscover Looping Fixed […]