Unable to get Autodiscover running
-
Hi
I've setup the Autodiscover service but probably I'll missed some step because I can't get it working.
When I go to https://autodiscover.mydomain.com/autodiscover/autodiscover.xml the server responds ok so the server is runing, dns seems ok, etc.
But when I try to configure a mobile device or an Outlook (win) it does not work and I must to setup it manually (so the activesync service works fine). This wouldn't be a bit issue but the latest Outlook Mobile for Android very often does not permit manual configutation so it's impossible to add an account to them.
I've tried to diagnose the activesync service with the Microsoft Remote Connectivity Tools and this is what I see when it tries to get the configuration for one user:
<?xml version="1.0" encoding="utf-8"?>
<Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006"> <Responsexmlns="http://schemas.microsoft.com/exchange/autodiscover/mobilesync/responseschema/2006>
<Culture>en:us</Culture>
<User/>
<Action>
<Error>
<Status>2</Status>
<ErrorCode>0x81330100</ErrorCode>
<Message>Access Denied
</Message>
<DebugData>SESSIONID: 00008C26</DebugData>
</Error>
</Action>
</Response>
</Autodiscover>
Seem some kind of security/access problem, any hit to check the server configuration and try to solve the problem?
Thanks in advance
-
Arron Staff
What does the AutoDiscover and MDDP logs show is happening?
-
@Arron The autodiscover logs show the same ("access denied"):
23/09/05 11:32:52.201 Info 00008BEF 0x41380100 Connection: 52.109.8.10 Method:POST SSL:On User-Agent:Microsoft-Server-ActiveSync/12.0+(TestExchangeConnectivity.com)
23/09/05 11:32:52.201 Debug 00008BEF 0x41380120 Processing 460 byte request from client
23/09/05 11:32:52.203 Debug 00008BEF 0x41330006 Logon Attempt: user@mydomain.com
23/09/05 11:32:52.204 Debug 00008BEF 0x41330100 Access Denied
23/09/05 11:32:52.204 Warning 00008BEF 0x81330100 Access Denied
23/09/05 11:32:52.205 Debug 00008BEF 0x41380160 Sending 507 byte response to client
23/09/05 11:32:52.205 Debug 00008BEF 0x00000000 La operación se completó correctamente.
23/09/05 11:32:52.206 Info 00008BEF 0x41380102 Connection TerminatingThe MDDP logs doesn't show any information about that connection.
-
Arron Staff
That log snippet appears to be from testing the service using testexchangeconnectivity.com. Verify the username and password being used are correct and that the IP the connection is coming from, 52.109.8.10, is not on the dynamic screening block list.
What do the logs show when you try to setup the mobile Outlook client or Outlook on Windows?
-
Arron Staff
Also, have you created the appropriate SRV records? For example, if you are setting up an IMAP account in Outlook you would want an SRV record for _imap._tcp.mydomain.com and _smtp._tcp.mydomain.com.
-
@Tasagore Should you be interested, I've compiled a Statement of Process (SOP) for implementing auto-discovery with MDaemon its very specific to CFTS but should point you in the right direction :) it's quite comprehensive and covers the entire process, I'm more than willing to share a copy. Due to its length, I hesitate to post it here, but here is a link to the Autodiscover document
-
@Arron I've verified the username, password, IP...all is fine. Keep in mind that I can configure the account in same device (exchange mode) in the Gmail APP or in general settings, the problem is only with the Autodiscover feature and specifically with Outlook Mobile for Android that sometimes lets configure the account manually (and it works if I setup manually the server, username...) but most of the times the option for manual configuration does not apperars so it's imposible to add the account.
-
@Arron No, I've just read the Mdaemon guide to the autodiscover feature so I've created the SRV records and the CNAMEs but the error shows access denied and seems something in the server side blocking the request to the service to get the user configuration.
All works fine when I setup the account manually so, do I need that registers only for Autodiscover?
-
@peter THANKS Peter, I'll take a look to your document and keep you in touch.
-
Arron Staff
What do the Autodiscover and MDDP logs show when you are trying to setup Outlook for Mobile using AutoDiscover? Can you post snippets from those logs that show the Outlook for Mobile setup process?
-
@Arron I tried looking for the MDDP log (I assume is something like this: MDDP-YYYY-MM-DD.log) but nowhwere to be found! possible for some pointers?
-
Arron Staff
MDDP is a background service that is used to provide information to AutoDiscover. Open a browser and go to https://mailserver.domain.com/mddp, where mailserver.domain.com is the FQDN for your MDaemon server. You should be prompted for credentials. Enter your the username and password for your MDaemon account. An MDDP log should be created.
-
@Arron Thanks that makes sence now, I could not find any refernace to that, guess not looking correctly, I've update my SOP accordinly, and I found an anaomly! I will raise another ticket for that.
-
@Arron If I try https://autodiscover.mydomain.com/mddp the browser prompts for credencials, enter user/password and I get a reponse in XML format with this (headers removed):
</MDDP>I can't see the mail server domain in that xml (don't know if it must be there), in my case should be mail.mydomain.com.If I don't use https and try same with http://autodiscover.mydomain.com/mddp a file with 0 bytes is downloaded, don't know it it matters since I guess the Autodiscover service will try first with https and it seems to works.Does it have any sense?
-
Arron Staff
by default HTTPS is required. It looks to me like MDDP is working correctly.
Are you still having issues with AutoDiscover working when using the Outlook for Mobile app? What do the autodiscover and MDDP logs show when Outlook for Mobile attempts to configure itself using AutoDiscover?
-
@Arron Hi Arron. When I try to configure a mobile device (Outlook Mobile) a few seconds after I enter the email address a popup in the bottom of the screen appears asking for IMAP or POP account. Sometimes, but not very often, also appears a button to continue with manual mode. In that case there is no problem since in the next screen I can setup the mailserver name and all works fine, but when that button does not appears the only way to configure the account is in IMAP or POP mode.
Same behavior if I try to configure Outlook desktop app, but in that case I can allways configure manually the account so I can get it working, the big problem is with the mobile version. Anyway I have someting wrong with my configuration since the Autodiscover service should work in both cases.
I can't find the MDDP log, where is it?
-
Arron Staff
if there is no activity for the MDDP service, the MDDP log will be created in the MDaemon\Logs directory. If there is no activity there will not be a log.
What does the autodiscover log show is happening when you try to setup an Outlook for mobile account?
Do you have a cname setup for autodiscover.domain.com that points to a A record that resolves to the IP address of your mail server? Where domain.com is your domain.
If you try setting up an email account to use ActiveSync on the device instead of using Outlook for Mobile, does the Autodiscover process work?
Have you created the SRV records in DNS for AirSync, IMAP, and SMTP?
What is your domain name?
Do you have a certificate in place that supports autodiscover.domain.com? Is it a self signed certificate?
If you try setting up a different account does the same thing occur?
If you open a browser and go to https://autodiscover.domain.com/mddp, are you prompted for credentials? If you enter the same credentials that you are attempting to use to setup the account in Outlook for mobile, what happens?
-
@Arron Hi Arron
I guess all that answers are in the previous posts but here we go:
if there is no activity for the MDDP service, the MDDP log will be created in the MDaemon\Logs directory. If there is no activity there will not be a log.
There are logs, but they doesn't seem to log any relevant information during the Autodiscover process.
What does the autodiscover log show is happening when you try to setup an Outlook for mobile account?
Nothing special, just access denied, you can see a example log in a previous post.
If you try setting up an email account to use ActiveSync on the device instead of using Outlook for Mobile, does the Autodiscover process work?
Autodiscover never works, I can setup the account only with manual settings and after that it works fine in activesync mode. The automatic setup (Autodiscover) is the problem.
Have you created the SRV records in DNS for AirSync, IMAP, and SMTP?
Only AirSync and Autodiscover, as described in the setup process in https://knowledge.mdaemon.com/how-to-setup-the-auto-discover-service-and-create-srv/cname-records-for-the-service
Do you have a certificate in place that supports autodiscover.domain.com? Is it a self signed certificate?
Yes, I have a letsencript cert and it works when I go to https://autodiscover....
If you try setting up a different account does the same thing occur?
Yes, tested with a few accounts in two different domains, no changes.
If you open a browser and go to https://autodiscover.domain.com/mddp, are you prompted for credentials?
Yes
If you enter the same credentials that you are attempting to use to setup the account in Outlook for mobile, what happens?
Posted in a previous post, I receive a XML response with the ports settings. BUT I don't see the mailserver name anywhere, and I guess that's the problem, may be some dns problem but since it works in manual mode really don't know what could be the wrong setting.
-
Arron Staff
I've requested the AutoDiscover log a number of times and am still unclear on what it shows because the log snippet provided is from (TestExchangeConnectivity.com) and does not appear to be from setting up an actual client. Please post the AutoDiscover log that shows the actual Outlook for Mobile client attempting to be setup.
The MDDP response is not supposed to contain the mail server name.
If there are MDDP logs, what do they show?
If you don't want to post your logs to the discussion groups, please email several days of AutoDiscover, MDDP, and Dynamic Screening logs that include the time period when you attempted to setup a clients.