We had issues with Autodiscover with only one mailbox in our environment.
When we ran the Test-OutlookWebServices against the problematic mailbox, we got an error.
Test-OutlookWebServices -Identity "journal@domain.com" -MailboxCredential (get-credential domain\journal)
Looking at the full report with the format list option "| fl" we get:
Test-OutlookWebServices -Identity "journal@domain.com" -MailboxCredential (get-credential domain\journal) | fl
RunspaceId : 996337d5-8719-4dfa-b19c-84b81a2ea577
Source : exchangeserver.domain.com
ServiceEndpoint : mail.domain.com
Scenario : AutoDiscoverOutlookProvider
ScenarioDescription : Autodiscover: Outlook Provider
Result : Failure
Latency : 16
Error : System.Net.WebException: The remote server returned an error: (401) Unauthorized.
at System.Net.HttpWebRequest.GetResponse()
at
Microsoft.Exchange.Management.SystemConfigurationTasks.ServiceValidatorBase.InternalInvoke()
at Microsoft.Exchange.Management.SystemConfigurationTasks.ServiceValidatorBase.Invoke()
Verbose : [2017-09-08 04:38:10Z] Autodiscover connecting to
'https://mail.domain.com/Autodiscover/Autodiscover.xml'.
[2017-09-08 04:38:10Z] Test account: journal Password: ******
[2017-09-08 04:38:10Z] Autodiscover request:
User-Agent: exchangeserver/Test-OutlookWebServices/journal@domain.com
Content-Type: text/xml; charset=utf-8
Host: mail.domain.com
Cookie: X-BackEndCookie=S-1-5-21-2167321796-859855631-2145623002-1367=rJqNiZqNgayprdK6p7y3vrG4utG
SnpGVlpKKj4yX0ZOQnJ6Tgc7GzMjGxsjGy8iBzc/OyNLPxtLPx6vPy8XLx8XOzw==
[2017-09-08 04:38:10Z] Autodiscover request:
http://www.w3.org/2001/XMLSchema
"When we ran the Test-OutlookWebServices against the problematic mailbox, we got an error.
Test-OutlookWebServices -Identity "journal@domain.com" -MailboxCredential (get-credential domain\journal)
Looking at the full report with the format list option "| fl" we get:
Test-OutlookWebServices -Identity "journal@domain.com" -MailboxCredential (get-credential domain\journal) | fl
RunspaceId : 996337d5-8719-4dfa-b19c-84b81a2ea577
Source : exchangeserver.domain.com
ServiceEndpoint : mail.domain.com
Scenario : AutoDiscoverOutlookProvider
ScenarioDescription : Autodiscover: Outlook Provider
Result : Failure
Latency : 16
Error : System.Net.WebException: The remote server returned an error: (401) Unauthorized.
at System.Net.HttpWebRequest.GetResponse()
at
Microsoft.Exchange.Management.SystemConfigurationTasks.ServiceValidatorBase.InternalInvoke()
at Microsoft.Exchange.Management.SystemConfigurationTasks.ServiceValidatorBase.Invoke()
Verbose : [2017-09-08 04:38:10Z] Autodiscover connecting to
'https://mail.domain.com/Autodiscover/Autodiscover.xml'.
[2017-09-08 04:38:10Z] Test account: journal Password: ******
[2017-09-08 04:38:10Z] Autodiscover request:
User-Agent: exchangeserver/Test-OutlookWebServices/journal@domain.com
Content-Type: text/xml; charset=utf-8
Host: mail.domain.com
Cookie: X-BackEndCookie=S-1-5-21-2167321796-859855631-2145623002-1367=rJqNiZqNgayprdK6p7y3vrG4utG
SnpGVlpKKj4yX0ZOQnJ6Tgc7GzMjGxsjGy8iBzc/OyNLPxtLPx6vPy8XLx8XOzw==
[2017-09-08 04:38:10Z] Autodiscover request:
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/requestschema/2006">
schema/2006a
[2017-09-08 04:38:10Z] Autodiscover response:
request-id: eee84b62-bc41-4363-90b6-4c47e136a08d
X-SOAP-Enabled: True
X-WSSecurity-Enabled: True
X-WSSecurity-For: None
X-OAuth-Enabled: True
Server: Microsoft-IIS/8.5
WWW-Authenticate: Negotiate,NTLM,Basic realm="mail.domain.com"
X-Powered-By: ASP.NET
X-FEServer: exchangeserver
Date: Fri, 08 Sep 2017 04:38:10 GMT
Content-Length: 0
[2017-09-08 04:38:10Z] Autodiscover response:
System.Net.WebException: The remote server returned an error: (401) Unauthorized.
at System.Net.HttpWebRequest.GetResponse()
at
Microsoft.Exchange.Management.SystemConfigurationTasks.ServiceValidatorBase.InternalInvoke()
at Microsoft.Exchange.Management.SystemConfigurationTasks.ServiceValidatorBase.Invoke()
MonitoringEventId : 6001RunspaceId : 996337d5-8719-4dfa-b19c-84b81a2ea577
Source : exchangeserver.domain.com
ServiceEndpoint :
Scenario : ExchangeWebServices
ScenarioDescription : Exchange Web Services
Result : Skipped
Latency : 0
Error : Skipped testing Exchange Web Services because the Autodiscover step failed.
Verbose :
MonitoringEventId : 5002
RunspaceId : 996337d5-8719-4dfa-b19c-84b81a2ea577
Source : exchangeserver.domain.com
ServiceEndpoint :
Scenario : AvailabilityService
ScenarioDescription : Availability Service
Result : Skipped
Latency : 0
Error : Skipped testing Availability Service because the Autodiscover step failed.
Verbose :
MonitoringEventId : 5003
RunspaceId : 996337d5-8719-4dfa-b19c-84b81a2ea577
Source : exchangeserver.domain.com
ServiceEndpoint :
Scenario : OfflineAddressBook
ScenarioDescription : Offline Address Book
Result : Skipped
Latency : 0
Error : Skipped testing Offline Address Book because the Autodiscover step failed.
Verbose :
MonitoringEventId : 5004
To resolve this issue I compared all attributes from the bad mailbox "journal" against a working mailbox. To quickly get an attribute dump from a user account in Active Directory you can use the following command:
Get-ADUser username -Properties * | Select *
To compare the attributes against a working account, I simply used the windiff tool available from http://www.grigsoft.com/download-windiff.htm
I noticed the problematic account had the protocolSettings set as shown in the screenshot below:
All other accounts had protocolSettings set to "RemotePowerShell§1", so I corrected this as shown in the screenshot below.
After making this change on the mailbox I tested again - it failed. This is because Exchange caches Active Directory objects and attributes - usually for up to an hour to reduce load on Domain Controllers. To get the web app to flush its cache, I simply did an "iisreset".
Running the command again and the Autodiscover test passed.
No comments:
Post a Comment