Autodiscover

Hi all,

I've two problems with autodiscover. Here's my Setup:

Exchange 2010 SP3 , all roles on one server

OWA / ActiveSync is published via Apache Frontend Server (Reverse Proxy). Outlook anywhere is disabled. Internal AD Domain is company.local, external mail domain ist company.at

Self signed Exchange certificates via internal AD PKI

Apache has a self signed wildcard certificate

Problem 1:

Main Mailadress domain on Exchange is company.at. If i start Outlook 2010 on a domain-joined client autodiscover ist working fine (all settings are automatically filled, Outlook Connection Test without errors). But everytime I restart Outlook the Password prompt dialog appears, if i cancel the dialog everythings seems to be working (Outlook is connected to Exchange).

In the Outlook Logfile (%Temp% -> olkdisc.log) the following error appears:

Thread    Tick Count    Date/Time    DescriptionAccount Configuration Version 14.0.6131.01848    0x002647BA    06/05/13 08:50:18    AutoErmittlungssuche für E-Mail-Adresse starten1848    0x00264875    06/05/13 08:50:19    AutoErmittlungssuche für E-Mail-Adresse Erfolgreich (0x00000000).1848    0x00264884    06/05/13 08:50:19    +++++++++++++++++++++++++++++++1848   0x00264884    06/05/13 08:50:19    AUTODISCOVER GET SETTINGS BEGIN1848    0x00264884    06/05/13 08:50:19      LegacyDN=/o=ExchangeLabs/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=9cd4f2898e2e4b9288f2d271543b6165-brumic1848   0x00264884    06/05/13 08:50:19      SMTP=xxx@company.local1848    0x002648F2    06/05/13 08:50:19    Die über den Dienstverbindungspunkt gefundene URL https://webmail.company.local/autodiscover/autodiscover.xml wird ausprobiert.1848    0x002648F2    06/05/13 08:50:19    AutoErmittlung für https://webmail.company.local/autodiscover/autodiscover.xml wird gestartet.1848    0x00264940    06/05/13 08:50:19    GetLastError=0; httpStatus=401.1848    0x00264940    06/05/13 08:50:19    AutoDiscover disabled auth schemes:1848    0x00264940    06/05/13 08:50:19     <NONE>1848    0x00264940    06/05/13 08:50:19    AutoDiscover supported auth schemes:1848    0x00264940    06/05/13 08:50:19      Negotiate1848   0x00264940    06/05/13 08:50:19      NTLM1848    0x00264940    06/05/13 08:50:19      Basic1848    0x00264940    06/05/13 08:50:19   AutoDiscover attempting Auto-Negotiate with Desktop Credentials.1848    0x00264940    06/05/13 08:50:19    AutoDiscover USING pcreds->dwAuthScheme:1848    0x00264940    06/05/13 08:50:19      Negotiate1848    0x0026495F    06/05/13 08:50:19    GetLastError=0; httpStatus=200.1848    0x0026495F    06/05/13 08:50:19    Autodiscover XML Received1848  ---BEGIN XML---<?xml version="1.0" encoding="utf-8"?><Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">  <Response>    <Error Time="08:50:19.0997790" Id="1690816174">      <ErrorCode>500</ErrorCode>      <Message>Mail address not fund</Message>      <DebugData />    </Error>  </Response></Autodiscover>1848  ----END XML----1848    0x0026495F    06/05/13 08:50:19    AutoErmittlung für https://webmail.company.local/autodiscover/autodiscover.xml Fehlgeschlagen (0x800C8203).1848    0x0026495F    06/05/13 08:50:19    AutoErmittlung für https://company.local/autodiscover/autodiscover.xml wird gestartet.1848    0x002670CC    06/05/13 08:50:29    GetLastError=12029; httpStatus=0.1848    0x002670CC    06/05/13 08:50:29    AutoErmittlung für https://company.local/autodiscover/autodiscover.xml Fehlgeschlagen (0x800C8203).1848   0x002670CC    06/05/13 08:50:29    AutoErmittlung für https://autodiscover.company.local/autodiscover/autodiscover.xml wird gestartet.1848    0x002670EB    06/05/13 08:50:29    GetLastError=12007; httpStatus=0.1848    0x002670FB    06/05/13 08:50:29    AutoErmittlung für https://autodiscover.company.local/autodiscover/autodiscover.xml Fehlgeschlagen (0x800C8203).1848    0x002670FB   06/05/13 08:50:29    Lokale AutoErmittlung für company.local wird gestartet.1848    0x002670FB    06/05/13 08:50:29    Lokale AutoErmittlung für company.local Fehlgeschlagen (0x8004010F).1848   0x002670FB    06/05/13 08:50:29    Umleitungsprüfung für http://autodiscover.company.local/autodiscover/autodiscover.xml wird gestartet.1848    0x0026711A    06/05/13 08:50:29    Diensteintragssuche für http://autodiscover.company.local/autodiscover/autodiscover.xml Fehlgeschlagen (0x80072EE7).1848    0x0026711A    06/05/13 08:50:29    Diensteintragssuche für company.local wird gestartet.1848    0x00267149   06/05/13 08:50:29    Diensteintragssuche für company.local Fehlgeschlagen (0x8004010F).1848    0x00267149    06/05/13 08:50:29    AUTODISCOVER GET SETTINGS END1848    0x00267158   06/05/13 08:50:29    -----------------------------6600    0x0026734C    06/05/13 08:50:30    Looking for cached XML file:6600    0x0026736B    06/05/13 08:50:30   C:\Users\xxx\AppData\Local\Microsoft\Outlook\24ed1fd1e2550441bd9b3f05a522a5ce - Autodiscover.xml6600    0x0026736B    06/05/13 08:50:30    Autodiscover XML Received

On the next line in the log, autodiscover seems to work properly again.

Things I've already checked:

IIS Virtual Directorys Permissions -> ok

AutoDiscoverServiceInternalUri-> ok

AD SCP -> ok

Exchange Certificate has all neccessary SANs -> ok

direct access to https://webmail.company.local/autodiscover/autodiscover.xml works also (in a Browser)

Problem 2:

Autodiscover on external clients does not work.

The Exchange connectivity tools gives me the following error:

ExRCA is attempting to retrieve an XML Autodiscover response from URL https://autodiscover.xxx.at/AutoDiscover/AutoDiscover.xml for user xxx@company.at

ExRCA failed to obtain an Autodiscover XML response.

Additional Details       

An HTTP 401 Unauthorized response was received from the remote Unknown server. This is usually the result of an incorrect username or password. If you are attempting to log onto an Office 365 service, ensure you are using your full User Principal Name (UPN).

Any suggestions on this? thank you

Michael