powlfruit
Goto Top

Exchange 2010 Probleme - Autodiscover oder noch mehr?

Hallo alle zusammen,

Nach Stunden von versuchter Problemlösung von meinen Kollegen und mir verzweifeln wir bei diesem Problem.
Externe Clients können nicht mehr via Autodiscover die Einstellungen abrufen.

Wir haben vor etwa einen Monat auf LetsEncrypt Zertifikate umgestellt. Das Verteilen und Internieren der Zertifikate funktioniert Problemlos und Automatisch via Powershell.

Aber ein Kollege, der sich mit seinen Client Extern befand wollte über die Autodiscover Funktion ein Client einstellen, dies funktioniert aber wie von Zauberhand nicht mehr.

Server: SBS11 mit Exchange 2010

https://testconnectivity.microsoft.com sagt:

The Microsoft Connectivity Analyzer is attempting to test Autodiscover for Username@TOPLevelDomain.com.
 	Testing Autodiscover failed.
 	
	Additional Details
 	
Elapsed Time: 9359 ms.
 	
	Test Steps
 	
	Attempting each method of contacting the Autodiscover service.
 	The Autodiscover service couldn't be contacted successfully by any method.  
 	
	Additional Details
 	
Elapsed Time: 9359 ms.
 	
	Test Steps
 	
	Attempting to test potential Autodiscover URL https://TOPLevelDomain.com:443/Autodiscover/Autodiscover.xml
 	Testing of this potential Autodiscover URL failed.
 	
	Additional Details
 	
Elapsed Time: 2404 ms.
 	
	Test Steps
 	
	Attempting to resolve the host name TOPLevelDomain.com in DNS.
 	The host name resolved successfully.
 	
	Additional Details
 	
IP addresses returned: IP Adress, IP Adress
Elapsed Time: 1049 ms.
	Testing TCP port 443 on host TOPLevelDomain.com to ensure it's listening and open.  
 	The port was opened successfully.
 	
	Additional Details
 	
Elapsed Time: 941 ms.
	Testing the SSL certificate to make sure it's valid.  
 	The SSL certificate failed one or more certificate validation checks.
 	
	Additional Details
 	
Elapsed Time: 413 ms.
 	
	Test Steps
 	
	The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from exchange server TOPLevelDomain.com on port 443.
 	The Microsoft Connectivity Analyzer successfully obtained the exchange SSL certificate.
 	
	Additional Details
 	
exchange Certificate Subject: CN=www.TOPLevelDomain.de, Issuer: CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US.  
Elapsed Time: 395 ms.
	Validating the certificate name.
 	Certificate name validation failed.
 	 Tell me more about this issue and how to resolve it
 	
	Additional Details
 	
Host name TOPLevelDomain.com doesn't match any name found on the server certificate CN=www.TOPLevelDomain.de.  
Elapsed Time: 0 ms.
	Attempting to test potential Autodiscover URL https://autodiscover.TOPLevelDomain.com:443/Autodiscover/Autodiscover.xml
 	Testing of this potential Autodiscover URL failed.
 	
	Additional Details
 	
Elapsed Time: 5042 ms.
 	
	Test Steps
 	
	Attempting to resolve the host name autodiscover.TOPLevelDomain.com in DNS.
 	The host name resolved successfully.
 	
	Additional Details
 	
IP addresses returned: IP Adress
Elapsed Time: 1527 ms.
	Testing TCP port 443 on host autodiscover.TOPLevelDomain.com to ensure it's listening and open.  
 	The port was opened successfully.
 	
	Additional Details
 	
Elapsed Time: 762 ms.
	Testing the SSL certificate to make sure it's valid.  
 	The certificate passed all validation requirements.
 	
	Additional Details
 	
Elapsed Time: 1103 ms.
 	
	Test Steps
 	
	The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from exchange server autodiscover.TOPLevelDomain.com on port 443.
 	The Microsoft Connectivity Analyzer successfully obtained the exchange SSL certificate.
 	
	Additional Details
 	
exchange Certificate Subject: CN=exchange.TOPLevelDomain.com, Issuer: CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US.  
Elapsed Time: 1048 ms.
	Validating the certificate name.
 	The certificate name was validated successfully.
 	
	Additional Details
 	
Host name autodiscover.TOPLevelDomain.com was found in the Certificate Subject Alternative Name entry.
Elapsed Time: 0 ms.
	Certificate trust is being validated.
 	The certificate is trusted and all certificates are present in the chain.
 	
	Test Steps
 	
	The Microsoft Connectivity Analyzer is attempting to build certificate chains for certificate CN=exchange.TOPLevelDomain.com.
 	One or more certificate chains were constructed successfully.
 	
	Additional Details
 	
A total of 1 chains were built. The highest quality chain ends in root certificate CN=DST Root CA X3, O=Digital Signature Trust Co..
Elapsed Time: 12 ms.
	Analyzing the certificate chains for compatibility problems with versions of Windows.
 	Potential compatibility problems were identified with some versions of Windows.
 	
	Additional Details
 	
The Microsoft Connectivity Analyzer can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the "Update Root Certificates" feature isn't enabled.  
Elapsed Time: 6 ms.
	Testing the certificate date to confirm the certificate is valid.
 	Date validation passed. The certificate hasn't expired.  
 	
	Additional Details
 	
The certificate is valid. NotBefore = 4/24/2017 4:52:00 AM, NotAfter = 7/23/2017 4:52:00 AM
Elapsed Time: 0 ms.
	Checking the IIS configuration for client certificate authentication.
 	Client certificate authentication wasn't detected.  
 	
	Additional Details
 	
Accept/Require Client Certificates isn't configured.  
Elapsed Time: 1056 ms.
	Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
 	Autodiscover settings weren't obtained when the Autodiscover POST request was sent.  
 	
	Additional Details
 	
Elapsed Time: 592 ms.
 	
	Test Steps
 	
	The Microsoft Connectivity Analyzer is attempting to retrieve an XML Autodiscover response from URL https://autodiscover.TOPLevelDomain.com:443/Autodiscover/Autodiscover.xml for user Username@TOPLevelDomain.com.
 	The Microsoft Connectivity Analyzer failed to obtain an Autodiscover XML response.
 	
	Additional Details
 	
An HTTP 500 response was returned from Unknown.
HTTP Response Headers:
Content-Length: 0
Cache-Control: private
Date: Wed, 03 May 2017 09:50:45 GMT
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Elapsed Time: 592 ms.
	Attempting to contact the Autodiscover service using the HTTP redirect method.
 	The attempt to contact Autodiscover using the HTTP Redirect method failed.
 	
	Additional Details
 	
Elapsed Time: 1646 ms.
 	
	Test Steps
 	
	Attempting to resolve the host name autodiscover.TOPLevelDomain.com in DNS.
 	The host name resolved successfully.
 	
	Additional Details
 	
IP addresses returned: IP Adress
Elapsed Time: 361 ms.
	Testing TCP port 80 on host autodiscover.TOPLevelDomain.com to ensure it's listening and open.  
 	The port was opened successfully.
 	
	Additional Details
 	
Elapsed Time: 148 ms.
	The Microsoft Connectivity Analyzer is checking the host autodiscover.TOPLevelDomain.com for an HTTP redirect to the Autodiscover service.
 	The redirect (HTTP 301/302) response was received successfully.
 	
	Additional Details
 	
Redirect URL: HTTPS://AUTODISCOVER.TOPLevelDomain.COM/AUTODISCOVER/AUTODISCOVER.XML
HTTP Response Headers:
Content-Length: 178
Content-Type: text/html; charset=utf-8
Date: Wed, 03 May 2017 09:50:47 GMT
Location: HTTPS://AUTODISCOVER.TOPLevelDomain.COM/AUTODISCOVER/AUTODISCOVER.XML
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Elapsed Time: 290 ms.
	Attempting to test potential Autodiscover URL HTTPS://AUTODISCOVER.TOPLevelDomain.COM/AUTODISCOVER/AUTODISCOVER.XML
 	Testing of this potential Autodiscover URL failed.
 	
	Additional Details
 	
Elapsed Time: 847 ms.
 	
	Test Steps
 	
	Attempting to resolve the host name autodiscover.TOPLevelDomain.com in DNS.
 	The host name resolved successfully.
 	
	Additional Details
 	
IP addresses returned: IP Adress
Elapsed Time: 5 ms.
	Testing TCP port 443 on host autodiscover.TOPLevelDomain.com to ensure it's listening and open.  
 	The port was opened successfully.
 	
	Additional Details
 	
Elapsed Time: 162 ms.
	Testing the SSL certificate to make sure it's valid.  
 	The certificate passed all validation requirements.
 	
	Additional Details
 	
Elapsed Time: 357 ms.
 	
	Test Steps
 	
	The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from exchange server autodiscover.TOPLevelDomain.com on port 443.
 	The Microsoft Connectivity Analyzer successfully obtained the exchange SSL certificate.
 	
	Additional Details
 	
exchange Certificate Subject: CN=exchange.TOPLevelDomain.com, Issuer: CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US.  
Elapsed Time: 291 ms.
	Validating the certificate name.
 	The certificate name was validated successfully.
 	
	Additional Details
 	
Host name autodiscover.TOPLevelDomain.com was found in the Certificate Subject Alternative Name entry.
Elapsed Time: 0 ms.
	Certificate trust is being validated.
 	The certificate is trusted and all certificates are present in the chain.
 	
	Test Steps
 	
	The Microsoft Connectivity Analyzer is attempting to build certificate chains for certificate CN=exchange.TOPLevelDomain.com.
 	One or more certificate chains were constructed successfully.
 	
	Additional Details
 	
A total of 1 chains were built. The highest quality chain ends in root certificate CN=DST Root CA X3, O=Digital Signature Trust Co..
Elapsed Time: 12 ms.
	Analyzing the certificate chains for compatibility problems with versions of Windows.
 	Potential compatibility problems were identified with some versions of Windows.
 	
	Additional Details
 	
The Microsoft Connectivity Analyzer can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the "Update Root Certificates" feature isn't enabled.  
Elapsed Time: 7 ms.
	Testing the certificate date to confirm the certificate is valid.
 	Date validation passed. The certificate hasn't expired.  
 	
	Additional Details
 	
The certificate is valid. NotBefore = 4/24/2017 4:52:00 AM, NotAfter = 7/23/2017 4:52:00 AM
Elapsed Time: 0 ms.
	Checking the IIS configuration for client certificate authentication.
 	Client certificate authentication wasn't detected.  
 	
	Additional Details
 	
Accept/Require Client Certificates isn't configured.  
Elapsed Time: 160 ms.
	Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
 	Autodiscover settings weren't obtained when the Autodiscover POST request was sent.  
 	
	Additional Details
 	
Elapsed Time: 161 ms.
 	
	Test Steps
 	
	The Microsoft Connectivity Analyzer is attempting to retrieve an XML Autodiscover response from URL HTTPS://AUTODISCOVER.TOPLevelDomain.COM/AUTODISCOVER/AUTODISCOVER.XML for user Username@TOPLevelDomain.com.
 	The Microsoft Connectivity Analyzer failed to obtain an Autodiscover XML response.
 	
	Additional Details
 	
An HTTP 500 response was returned from Unknown.
HTTP Response Headers:
Content-Length: 0
Cache-Control: private
Date: Wed, 03 May 2017 09:50:47 GMT
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Elapsed Time: 161 ms.
	Attempting to contact the Autodiscover service using the DNS SRV redirect method.
 	The Microsoft Connectivity Analyzer failed to contact the Autodiscover service using the DNS SRV redirect method.
 	
	Additional Details
 	
Elapsed Time: 131 ms.
 	
	Test Steps
 	
	Attempting to locate SRV record _autodiscover._tcp.TOPLevelDomain.com in DNS.
 	The Autodiscover SRV record wasn't found in DNS.  
 	 Tell me more about this issue and how to resolve it
 	
	Additional Details
 	
Elapsed Time: 131 ms. 


Das ergab der "test-outlookwebservices" über die Console


[PS] C:\Windows\system32>test-outlookwebservices


RunspaceId : d106ee1c-fa6b-4346-bcaf-168c7bb0ae43
Id         : 1019
Type       : Information
Message    : Es wurde ein gültiger AutoErmittlungsdienst-Verbindungspunkt gefunden. Die AutoErmittlungs-URL für dieses Objekt ist https://autodiscover.TopLevelDomain.com/Autodiscover/Autodiscover.xml.

RunspaceId : d106ee1c-fa6b-4346-bcaf-168c7bb0ae43
Id         : 1013
Type       : Error
Message    : Fehler Der exchangeserver hat einen Fehler zurückgegeben: (500) Interner Serverfehler. beim Herstellen der Verbindung mit https://autodiscover.TopLevelDomain.com/Autodiscover/Autodiscover.xml

RunspaceId : d106ee1c-fa6b-4346-bcaf-168c7bb0ae43
Id         : 1023
Type       : Error
Message    : Es konnte keine Verbindung mit dem AutoErmittlungsdienst hergestellt werden.

RunspaceId : d106ee1c-fa6b-4346-bcaf-168c7bb0ae43
Id         : 1104
Type       : Error
Message    : Das Zertifikat für die URL "https://Servername.TopLevelDomain.local/Autodiscover/Autodiscover.xml" ist falsch. Damit SSL funktioniert, muss der Antragsteller des Zertifikats Servername.TopLevelDomain.local" lauten, der Antragsteller lautete jedoch "exchange.TopLevelDomain.com". Korrigieren Sie die Diensterkennung, oder installieren Sie ein korrektes SSL-Zertifikat.  

RunspaceId : d106ee1c-fa6b-4346-bcaf-168c7bb0ae43
Id         : 1113
Type       : Error
Message    : Fehler Der exchangeserver hat einen Fehler zurückgegeben: (500) Interner Serverfehler. beim Herstellen der Verbindung mit https://Servername.TopLevelDomain.local:443/Autodiscover/Autodiscover.xml

RunspaceId : d106ee1c-fa6b-4346-bcaf-168c7bb0ae43
Id         : 1123
Type       : Error
Message    : Es konnte keine Verbindung mit dem AutoErmittlungsdienst hergestellt werden.

RunspaceId : d106ee1c-fa6b-4346-bcaf-168c7bb0ae43
Id         : 1013
Type       : Error
Message    : Fehler Der vom Client gefundene Anforderungsinhaltstyp ist '', erwartet wurde 'text/xml'.  
             Fehler: Leere Antwort auf Anforderung. beim Herstellen der Verbindung mit https://Servername.TopLevelDomain.local/EWS/Exchange.asmx

RunspaceId : d106ee1c-fa6b-4346-bcaf-168c7bb0ae43
Id         : 1025
Type       : Error
Message    : [EXCH] Fehler beim Herstellen der Verbindung mit dem Dienst AS bei https://Servername.TopLevelDomain.local/EWS/Exchange.asmx. Die verstrichene Zeit betrug 16 Millisekunden.

RunspaceId : d106ee1c-fa6b-4346-bcaf-168c7bb0ae43
Id         : 1026
Type       : Success
Message    : [EXCH] Verbindung mit dem Dienst UM bei https://Servername.TopLevelDomain.local/EWS/Exchange.asmx wurde erfolgreich hergestellt. Die verstrichene Zeit betrug 203 Millisekunden.

RunspaceId : d106ee1c-fa6b-4346-bcaf-168c7bb0ae43
Id         : 1013
Type       : Error
Message    : Fehler Der vom Client gefundene Anforderungsinhaltstyp ist '', erwartet wurde 'text/xml'.  
             Fehler: Leere Antwort auf Anforderung. beim Herstellen der Verbindung mit https://exchange.TopLevelDomain.com/ews/exchange.asmx

RunspaceId : d106ee1c-fa6b-4346-bcaf-168c7bb0ae43
Id         : 1025
Type       : Error
Message    : [EXPR] Fehler beim Herstellen der Verbindung mit dem Dienst AS bei https://exchange.TopLevelDomain.com/ews/exchange.asmx. Die verstrichene Zeit betrug 265 Millisekunden.

RunspaceId : d106ee1c-fa6b-4346-bcaf-168c7bb0ae43
Id         : 1026
Type       : Success
Message    : [EXPR] Verbindung mit dem Dienst UM bei https://exchange.TopLevelDomain.com/ews/exchange.asmx wurde erfolgreich hergestellt. Die verstrichene Zeit betrug 15 Millisekunden.

https://autodiscover.TopLevelDomain.com/Autodiscover/Autodiscover.xml funktioniert auch und fragt Nutzerdaten ab. Wenn ich mich mit meinen Nutzerdaten oder mit den Nutzerdaten von Domain Administrator einlogge erscheint: "600 Ungültige Anforderung"

Was haben wir bereits gemacht?


Externe Clientzugriffsdomäne neu konfiguriert (über die Verwaltungskonsole)
Rechte überprüft von IIS Verzeichnissen
NSLOOK Up vom Client. -> Ohne Probleme
einzelnes Neuerstellen von Verzeichnis
Remove-AutodiscoverVirtualDirectory –Identity "Servername\Autodiscover (Default Web Site)"
New-AutodiscoverVirtualDirectory -WebsiteName "Default Web Site" -WindowsAuthentication $true -BasicAuthentication $true

Ich hoffe, mir kann irgend jemand mit einer Idee weiter helfen, wie ich das Autodiscover wieder zum Laufen bringen kann. Ich bin jeden sehr Dankbar.

Content-ID: 336718

Url: https://administrator.de/contentid/336718

Ausgedruckt am: 26.11.2024 um 05:11 Uhr

132895
132895 03.05.2017 aktualisiert um 12:43:23 Uhr
Goto Top
Offensichtlich ist der IIS hier das Hauptproblem.
IISRESET durchführen und Internet/Email Assistenten neu durchlaufen lassen.
Beim SBS hintenrum Dinge zu ändern führt oft zu Problemen, die sich erst Monate später rächen.

Aber hier scheinen ein paar URLs noch nicht ganz zu stimmen.

Gruß
PowlFruit
PowlFruit 03.05.2017 um 13:13:30 Uhr
Goto Top
Hallo,

danke erst einmal für deine schnelle Antwort.

den IISRESET habe ich durchgeführt, jedoch keinerlei Änderung. Im Browser bekomme ich die Fehlermeldung 600 und über die testconnectivity weiterhin den Fehler:

Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
 	Autodiscover settings weren't obtained when the Autodiscover POST request was sent.  
 	
	Additional Details
 	
Elapsed Time: 67 ms.
 	
	Test Steps
 	
	The Microsoft Connectivity Analyzer is attempting to retrieve an XML Autodiscover response from URL HTTPS://AUTODISCOVER.Topleveldomain.COM/AUTODISCOVER/AUTODISCOVER.XML for user .
 	The Microsoft Connectivity Analyzer failed to obtain an Autodiscover XML response.
 	
	Additional Details
 	
An HTTP 500 response was returned from Unknown.
HTTP Response Headers:
Content-Length: 0
Cache-Control: private
Date: Wed, 03 May 2017 10:56:43 GMT
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Elapsed Time: 67 ms. 

Aber was genau meinst du mit dem "Internet/Email Assistenten"? Da war ich nun etwas überfragt.


Vielen Dank