Autodiscovery in Exchange 2007 (Full Version)

All Forums >> [Microsoft Exchange 2007] >> Mobility


deemas -> Autodiscovery in Exchange 2007 (9.May2009 12:05:09 PM)

Please help,

My Network.

internet..>DSLrouter..>>ISA 2004..(Win 2000 AdServ)>>>LAN..>>1. DC (GC DNS/DHCP...) 2. Exchange 2003 3. Exchange 2007 (CAS,HT, MB)

As you can see the network i am running on coexistance. i have only IT users in Exch 2007. others still running on exch 2003. My al servrs on Winodows 2003 except ISA which is windows 2000 adv serve. All with latest service packs and patches/updates.

Also i have isntalled godaddy's UCC ssl certificate in Exch 2007. and have imported to ISA 2004 firewall server as well.

1. OWA is working fine internally and externally.

2. POP3 always poping up for pasword.

3. Autodiscovery test from testexchangeconnectivity always giving the following error.

"An HTTP 403 was received because ISA denied the specified URL"

I am serching in the internet from last two weeks but i could not find a solution to this particular problem. please help.


deemas -> RE: Autodiscovery in Exchange 2007 (14.May2009 3:35:18 AM)

Is there any one to help on this issue.

mavog -> RE: Autodiscovery in Exchange 2007 (14.May2009 7:18:41 AM)

Do you have any ideas which URL is being denied?
in other words,is it the pointing internal or external?

Otherwise try to see what you can find in the event logs.
Get-eventloglevel and Set-evenloglevel are the shell commmands.

hope this helps


deemas -> RE: Autodiscovery in Exchange 2007 (16.May2009 3:37:19 AM)

ilantz -> RE: Autodiscovery in Exchange 2007 (16.May2009 10:39:18 AM)


ISA 2004 does not support UCC certificates.
that means only the subject name is valid for it.

you should consider upgrading to ISA 2006 or configure your web services,owa & autodiscover to a single fqdn name by this tutorial :

hope this helps.

Best Regards,

deemas -> RE: Autodiscovery in Exchange 2007 (18.May2009 5:16:15 AM)

Thanks for your guidence,

To be make sure,

I have already insatalled Godaddy's UCC certificate or SAN certificate. which common name is, Subject Alternative Names are, EX2007, EX2007.ourdomain.locl.

My Question is Can I use the same certificate and follow the instruction as here
with ISA 2004. or Do i need to by another single certificate.

Please help

ilantz -> RE: Autodiscovery in Exchange 2007 (18.May2009 5:23:49 AM)

you could use the same certificate , but you need a solution for the single name certificate regarding autodiscover.

you should use the method of creating an SRV record eg;
service: autodiscover
protocol: TCP
port: 443

to test when you create it , query the dns like this:
nslookup -q=srv

that should complete the single name certificate issues.

good luck & post your progress..

deemas -> RE: Autodiscovery in Exchange 2007 (18.May2009 9:04:43 AM)

I have created the dns srv record the nslookup result as follow (from our local network)

C:\>nslookup -q=srv
Server: DC.ourdomain.local
Address: 192.168.1.X SRV service location:
priority = 0
weight = 0
port = 443
svr hostname = internet address = 192.168.1.Y

After that still autodiscovery not working

when i test using, the following error

Failed to find Autodiscover SRV record in DNS.

Also, i have created this record in our local DNS server with split DNS, Do I need to create this in ISP's Control Panel.

ilantz -> RE: Autodiscovery in Exchange 2007 (18.May2009 9:26:04 AM)

i assume you are testing the resolution for the SRV record from the external network too.. local lan clients are usually domain joined and they receive the autodiscover info by querying active directory.

Office 2007 needs a hotfix or atleast SP1 to support SRV record autodiscover, does the clients are 2007 ?

besides that verify that your publishing rule in the isa is correctly handling the external name "" and allowing the /autodiscover/* directory...

please update in progress..

deemas -> RE: Autodiscovery in Exchange 2007 (18.May2009 10:27:04 AM)

when i test from outside network, the result as follow

C:\Users\SIDDEEK>nslookup -q=srv
Server: speedtouch.lan
*** speedtouch.lan can't find Non-existent domain

ilantz -> RE: Autodiscovery in Exchange 2007 (18.May2009 10:58:12 AM)

does the test shows that it retrieved the autodiscover info using SRV ?

tmacdaddy -> RE: Autodiscovery in Exchange 2007 (18.May2009 1:59:29 PM)

Here is some good info to get you going. From a work station that has Outlook opened, hold down the control key and right click over the Outlook icon in the system tray and select "Test Email AutoConfig"  The only check box to be checked is the farthest to the left.  (Use AutoDiscover)  That will tell you where things are pointing to as far as certs etc...

then there are some shell commands that you need to use to get it straight.

NOTE: the CAS_Server_name  is your internal Netbios name for the exchange server
The other ( needs to be set to your external domain name.

loadTOCNode(2, 'cause');

To resolve this issue, modify the URLs for the appropriate Exchange 2007 components. To do this, follow these steps:
  1. Start the Exchange Management Shell.
  2. Modify the Autodiscover URL in the Service Connection Point. The Service Connection Point is stored in the Active Directory directory service. To modify this URL, type the following command, and then press ENTER:
    Set-ClientAccessServer -Identity CAS_Server_Name -AutodiscoverServiceInternalUri
  3. Modify the InternalUrl attribute of the EWS. To do this, type the following command, and then press ENTER:
    Set-WebServicesVirtualDirectory -Identity "CAS_Server_Name\EWS (Default Web Site)" -InternalUrl
  4. Modify the InternalUrl attribute for Web-based Offline Address Book distribution. To do this, type the following command, and then press ENTER:
    Set-OABVirtualDirectory -Identity "CAS_Server_name\oab (Default Web Site)" -InternalUrl
  5. Modify the InternalUrl attribute of the UM Web service. To do this, type the following command, and then press ENTER:
    Set-UMVirtualDirectory -Identity "CAS_Server_Name\unifiedmessaging (Default Web Site)" -InternalUrl
  6. Open IIS Manager.
  7. Expand the local computer, and then expand Application Pools.
  8. Right-click MSExchangeAutodiscoverAppPool, and then click Recycle.
Important These steps assume that a host record exists in the DNS to map the FQDN that you specify to the IP address of the CAS server. Consider the following sample scenario:
  • The original internal URLs for the Exchange components point to the internal FQDN of the server. For example, one of these URLs points to the following:
  • The FQDN that is specified on the certificate points to the externally accessed host name of the server. For example, the certificate specifies an FQDN, such as ""
In this scenario, you must add a host record for the mail host name that is mapped to the internally accessed IP address of the CAS server to let internal clients access the server.  

deemas -> RE: Autodiscovery in Exchange 2007 (19.May2009 6:44:21 AM)


I have applied all the steps you suggested earlier, But no luck

deemas -> RE: Autodiscovery in Exchange 2007 (19.May2009 6:49:51 AM)

Is this result is ok for outlook provider or do i need to run any cmd to fill blanl of EXCH and WEB
[PS] C:\>Get-OutlookProvider

Name Server CertPrincipalName TTL
---- ------ ----------------- ---
EXPR msstd:mail.arbex... 1

Page: [1]