Here's my setup:
Mixed environment transitioning:
Exchange 2010 running on Server 2008 in a VM
Exchange 2013 running on Server 2012 in a VM
I have split dns so that autodiscover.domain.com points to my 2013 server internally and my 2010 server externally. When setting up new profiles in outlook internally, autodiscover seems to work fine. However, when I try moving the public autodiscover.domain.com
DNS record over to the 2013, things stop working (like auto profile setup).
I know that the 2013 server is reachable from the outside because mail.domain.com will to go owa and ecp without a problem. I can log in to both without an issue.
If I point public DNS back to my 2010 server, then all is well again with outlook anywhere and mobile connectivity.
I'm not really sure what needs to be tweaked for the 2013 server to be ready to take over the day to day communications so that I can decommission my 2010 server.
Here are the results of the connectivity analyzer:
The Microsoft Connectivity Analyzer is attempting to test Autodiscover for me. Testing Autodiscover failed. Additional Details Elapsed Time: 1774 ms. Test Steps Attempting each method of contacting the Autodiscover service. The Autodiscover service couldn't be contacted successfully by any method. Additional Details Elapsed Time: 1773 ms. Test Steps Attempting to test potential Autodiscover URL https://domain.com:443/Autodiscover/Autodiscover.xml Testing of this potential Autodiscover URL failed. Additional Details Elapsed Time: 489 ms. Test Steps Attempting to resolve the host name domain.com in DNS. The host name resolved successfully. Additional Details IP addresses returned: 98.129.228.152 Elapsed Time: 165 ms. Testing TCP port 443 on host domain.com to ensure it's listening and open. The port was opened successfully. Additional Details Elapsed Time: 97 ms. Testing the SSL certificate to make sure it's valid. The SSL certificate failed one or more certificate validation checks. Additional Details Elapsed Time: 225 ms. Test Steps The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server domain.com on port 443. The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate. Additional Details Remote Certificate Subject: CN=www.domain.com, OU=Domain Control Validated - RapidSSL(R), OU=See www.rapidssl.com/resources/cps (c)09, OU=2150198723, O=www.domain.com, C=US, Issuer: CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure Inc., C=US. Elapsed Time: 170 ms. Validating the certificate name. Certificate name validation failed. Tell me more about this issue and how to resolve it Additional Details Host name domain.com doesn't match any name found on the server certificate CN=www.domain.com, OU=Domain Control Validated - RapidSSL(R), OU=See www.rapidssl.com/resources/cps (c)09, OU=2150198723, O=www.domain.com, C=US. Elapsed Time: 1 ms. Attempting to test potential Autodiscover URL https://autodiscover.domain.com:443/Autodiscover/Autodiscover.xml Testing of this potential Autodiscover URL failed. Additional Details Elapsed Time: 1009 ms. Test Steps Attempting to resolve the host name autodiscover.domain.com in DNS. The host name resolved successfully. Additional Details IP addresses returned: x.x.x.x Elapsed Time: 70 ms. Testing TCP port 443 on host autodiscover.domain.com to ensure it's listening and open. The port was opened successfully. Additional Details Elapsed Time: 189 ms. Testing the SSL certificate to make sure it's valid. The certificate passed all validation requirements. Additional Details Elapsed Time: 300 ms. Test Steps The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server autodiscover.domain.com on port 443. The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate. Additional Details Remote Certificate Subject: CN=mail.domain.com, OU=PositiveSSL Multi-Domain, OU=Domain Control Validated, Issuer: CN=PositiveSSL CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB. Elapsed Time: 220 ms. Validating the certificate name. The certificate name was validated successfully. Additional Details Host name autodiscover.domain.com was found in the Certificate Subject Alternative Name entry. Elapsed Time: 1 ms. Certificate trust is being validated. The certificate is trusted and all certificates are present in the chain. Test Steps The Microsoft Connectivity Analyzer is attempting to build certificate chains for certificate CN=mail.domain.com, OU=PositiveSSL Multi-Domain, OU=Domain Control Validated. One or more certificate chains were constructed successfully. Additional Details A total of 1 chains were built. The highest quality chain ends in root certificate CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE. Elapsed Time: 34 ms. Analyzing the certificate chains for compatibility problems with versions of Windows. Potential compatibility problems were identified with some versions of Windows. Additional Details The Microsoft Connectivity Analyzer can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the "Update Root Certificates" feature isn't enabled. Elapsed Time: 5 ms. Testing the certificate date to confirm the certificate is valid. Date validation passed. The certificate hasn't expired. Additional Details The certificate is valid. NotBefore = 5/19/2014 12:00:00 AM, NotAfter = 5/18/2016 11:59:59 PM Elapsed Time: 0 ms. Checking the IIS configuration for client certificate authentication. Client certificate authentication wasn't detected. Additional Details Accept/Require Client Certificates isn't configured. Elapsed Time: 276 ms. Attempting to send an Autodiscover POST request to potential Autodiscover URLs. Autodiscover settings weren't obtained when the Autodiscover POST request was sent. Additional Details Elapsed Time: 172 ms. Test Steps The Microsoft Connectivity Analyzer is attempting to retrieve an XML Autodiscover response from URL https://autodiscover.domain.com:443/Autodiscover/Autodiscover.xml for user me@domain.com. The Microsoft Connectivity Analyzer failed to obtain an Autodiscover XML response. Additional Details A Web exception occurred because an HTTP 404 - NotFound response was received from Unknown.HTTP Response Headers: Connection: close Content-Length: 315 Content-Type: text/html; charset=us-ascii Date: Sat, 19 Jul 2014 03:44:42 GMT Server: Microsoft-HTTPAPI/2.0 Elapsed Time: 171 ms. Attempting to contact the Autodiscover service using the HTTP redirect method. The attempt to contact Autodiscover using the HTTP Redirect method failed. Additional Details Elapsed Time: 207 ms. Test Steps Attempting to resolve the host name autodiscover.domain.com in DNS. The host name resolved successfully. Additional Details IP addresses returned: x.x.x.x Elapsed Time: 15 ms. Testing TCP port 80 on host autodiscover.domain.com to ensure it's listening and open. The port was opened successfully. Additional Details Elapsed Time: 76 ms. The Microsoft Connectivity Analyzer is checking the host autodiscover.domain.com for an HTTP redirect to the Autodiscover service. The Microsoft Connectivity Analyzer failed to get an HTTP redirect response for Autodiscover. Additional Details An HTTP 403 forbidden response was received. The response appears to have come from Unknown. Body of the response: HTTP Response Headers: X-FEServer: SMSE2013 Content-Length: 0 Date: Sat, 19 Jul 2014 03:44:42 GMT Server: Microsoft-IIS/8.0 X-Powered-By: ASP.NET Elapsed Time: 115 ms. Attempting to contact the Autodiscover service using the DNS SRV redirect method. The Microsoft Connectivity Analyzer failed to contact the Autodiscover service using the DNS SRV redirect method. Additional Details Elapsed Time: 39 ms. Test Steps Attempting to locate SRV record _autodiscover._tcp.domain.com in DNS. The Autodiscover SRV record wasn't found in DNS. Tell me more about this issue and how to resolve it Additional Details Elapsed Time: 39 ms. Checking if there is an autodiscover CNAME record in DNS for your domain 'domain.com' for Office 365. Failed to validate autodiscover CNAME record in DNS. If your mailbox isn't in Office 365, you can ignore this warning. Tell me more about this issue and how to resolve it Additional Details There is no Autodiscover CNAME record for your domain 'domain.com'. Elapsed Time: 28 ms.
I just double checked my SSL cert and it has the three typical entries:
DNS Name=mail.domain.com
DNS Name=AutoDiscover.domian.com
DNS Name=domain.com
I have assembled the output for the following commands
HERE
Get-OutlookProvider | fl Get-OutlookAnywhere | fl Get-ActiveSyncVirtualDirectory | fl Get-AutodiscoverVirtualDirectory | fl Get-EcpVirtualDirectory | fl Get-OabVirtualDirectory | fl Get-OwaVirtualDirectory | fl Get-PowerShellVirtualDirectory | fl Get-WebServicesVirtualDirectory | fl
I have gone through the Exchange Server Deployment Assistant. Almost everything was as it should have been. I made some changes in the "Enable and configure Outlook Anywhere" and "Configure service connection point."
I have switched external DNS over to my 2013 server, and the connectivity test is still failing. It is also not proxying the 2010 mailboxes through 2013 as it should (according to the Deployment Assistant).
I have a 2010 test account and a 2013 test account. Both work fine in their respective WebMail's, but the 2010 mailbox will not pull up through the 2013 WebMail.
Just for the heck of it, I have checked my SonicWall and it is configured the same for the 2010 host and the 2013 host. I knew that ports 80 and 443 were passing on both hosts anyway because the port 80 redirect works and https webmail works on both hosts.
If I try to access the xml file directly on both hosts:
https://mail.domain.com/Autodiscover/Autodiscover.xml (2013)
https://webmail.domain.com/Autodiscover/Autodiscover.xml
(2010)
I do get an xml response from both of them after authenticating like this:
<Autodiscover><Response><Error Time="18:17:41.0173284" Id="2526055628"> ErrorCode>600</ErrorCode><Message>Invalid Request</Message><DebugData/></Error></Response></Autodiscover>
Sooo...I'm stuck.