MSExchangeGuru.com

Learn Exchange the Guru way !!!

 

Autodiscover Looping Fixed

We have already talked a lot about auto discover which is an evolution for the auto configuration of outlook, ActiveSync and other mobile devices. In this blog I am sharing a common mistake which I found at my customer location. This is very much possible in an environment where we don’t have dedicated Messaging systems administrators, lack of training and un professional design done by a cheap solution provider.

 

What is Autodiscover?

Autodiscover is a service which provides Autodiscover.xml (a file with the urls of the Exchange services) to the client so that client can connect to the respective services.

Microsoft’s Explanation

https://technet.microsoft.com/en-us/library/bb332063(v=exchg.80).aspx

https://msdn.microsoft.com/en-us/library/office/jj900169(v=exchg.150).aspx

 

Previous Blogs:

Let me share the previous posts which I will not repeat here.

http://msexchangeguru.com/2010/10/05/autodiscover/

http://msexchangeguru.com/2015/08/18/exchange-upnautodiscover/

http://msexchangeguru.com/2015/10/02/error-code10/

http://msexchangeguru.com/2015/12/14/suppress-autodiscover-popup/

 

Autodiscover lookups:

In a big picture Autodiscover look for the following 4 options to get the Autodiscover.xml file to get the urls of all of the exchange services:

1. URL https://emaildomain:443/Autodiscover/Autodiscover.xml

2. URL https://autodiscover.emaildomain:443/Autodiscover/Autodiscover.xml

3. Attempting to contact the Autodiscover service using the HTTP redirect method – Port 80

4. Attempting to contact the Autodiscover service using the DNS SRV redirect method means locate SRV record _Autodiscover._tcp.emaildomain in DNS

New Addition is number 5

5. Checking if there is an Autodiscover CNAME record in DNS for your domain ’emaildomain’ for Office 365

 

SCP Role:

If you have read the 1st blog here, then you know that Outlook client will use SCP (Service Connection Point) when you are in office and part of the domain.

This means when we deploy Exchange in a coexistence then both the version of Exchange should provide the same Autodiscover else your outlook with query the SCP in the following way:

  1. Local SCP
  2. Oldest Created SCP

How to query the SCP will be your question?

You can run a query in Adsiedit.msc like this but you will have to check serviceBindingInformation and Whencreated for every SCP.


Or

Run the below mentioned command in the powershell

Import-module ActiveDirectory

Get-ADObject -LDAPFilter ‘(&(objectClass=serviceConnectionPoint)(|(keywords=67661d7F-8FC4-4fa7-BFAC-E1D7794C1F68)(keywords=77378F46-2C66-4aa9-A6A6-3E7A48B19596)))’ -SearchScope Subtree -SearchBase ‘CN=Configuration,DC=humed,DC=com’ | Get-ADObject -Properties WhenCreated,ServiceBindingInformation,Keywords | ft Name,WhenCreated,ServiceBindingInformation,Keywords –Autosize

Or

Download the same script from Microsoft Gallery herehttps://gallery.technet.microsoft.com/Service-Connection-Point-423f70fb

 

Output will be like this


So Attribute will map with the attributes mentioned below:

Name = Exchange Server which has this SCP record

Keywords=ADSite to check the local SCP

WhenCreated=creation date

ServiceBindingInformation=AutoDiscoverURL

Microsoft Guidance on Exporting AutoDiscover info

https://msdn.microsoft.com/en-us/library/office/dn467397(v=exchg.150).aspx

https://msdn.microsoft.com/en-us/library/office/dn467395(v=exchg.150).aspx

Important point to understand in a coexistence or if you have 2 different Autodiscover urls:

If you have 2 different urls for the Autodiscoverinternalserviceuri on 2 different CAS servers then AD will first look for the local (Same AD site as outlook) SCP Autodiscover url. If both url belongs to the local AD site, then AD will use the oldest SCP which will use the WhenCreated Attribute.

Because of this reason we should configure same autodiscover url for autodiscoverinternalserviceuri on all CAS servers which should be https://Autodiscover.domain.com/autodiscover/autodiscover.xml, else your AD will use the old CAS servers SCP and continue to give wrong autodiscover.xml file.

The highest Exchange version CAS should hit first to get the autodiscover.xml file which is the rule for coexistence.

 

Another Issue Fixed:

Now my customer had Autodiscover cname record which we switch to Exchange 2016 outlook was connecting but we were getting the below popup.

Security and Redirection Popups:

“Your account was redirected to this website for settings. You should only allow settings from sources you know and trust.”


Look at those security popups, we got the popup from IP address and even in the Autodiscover url with IP address.

So we researched and found that the DNS had a _Autodiscover SRV record and this was looping and stopping the proxy.

We went ahead and deleted the SRV record and these popups stopped coming.

 

Prabhat Nigam

Microsoft MVP | Exchange Server

Team@MSExchangeGuru


One Response to “Autodiscover Looping Fixed”

  1. Weekly IT Newsletter – April 11-15, 2016 | Just a Lync Guy Says:

    […] · Autodiscover Looping Fixed […]

Leave a Reply

ad

Categories

Archives