question

Bac-6780 avatar image
0 Votes"
Bac-6780 asked YukiSun-MSFT commented

Autodiscover failed after upgrade Exchange 2013 to CU23

Hello,
After upgrade Exchange Server to 2013, the autodiscover cannot access with error:
89147-1.png


89148-2.png



But the OWA/ECP are working fine.

Plz help me to fix this issue.

office-exchange-server-administration
1.png (13.8 KiB)
2.png (32.2 KiB)
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Make sure the MSExchangeAutodisoverAppPool is started. If it is , recycle it

Look under "Application Pools" In IIS

0 Votes 0 ·
Bac-6780 avatar image
0 Votes"
Bac-6780 answered Bac-6780 commented

Hi AndyDavid,
MSExchangeAutodisoverAppPool is started, I did to recycle it or restart server but no luck.
89204-image.png
I still get error.



image.png (229.0 KiB)
· 4
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

what does this show?

 Get-ServerComponentState -Identity <server>



0 Votes 0 ·

Hi AndyDavid
Here is result of ServerComponentState:
89214-image.png


0 Votes 0 ·
image.png (99.8 KiB)

and how about for authentication?

 Get-AutodiscoverVirtualDirectory -Server <server> | fl *auth*




0 Votes 0 ·
Show more comments
AndyDavid avatar image
0 Votes"
AndyDavid answered Bac-6780 commented

ok, looks normal.
So EAC/OWA work, just not autodiscovery?
Nothing in the event logs?
No errors?

See if resetting it fixes it in EAC:
89232-image.png


If all else fails, consider recreating the AutoD Virtual D:

https://theitbros.com/recreate-owa-ecp-virtual-directories-exchange-server-2016/



image.png (7.3 KiB)
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Yes, only autodiscover has problem.
I reset Audodiscover (Default Web Site) as you said but nothing change.
Now, my users cannot setup outlook profile because they cannot query autodiscover service.

0 Votes 0 ·
YukiSun-MSFT avatar image
0 Votes"
YukiSun-MSFT answered YukiSun-MSFT commented

Hi @Bac-6780,

Please also have a check to see if a proper certificate is bound to the Exchange Backend website on port 444:

  1. Start IIS Manager on the Mailbox Server.

  2. Expand Site, highlight Exchange Back End, and select Bindings from the Actions pane in the right side column.

  3. Select Type https on Port 444, click Edit and check if the certificate is bound properly:
    89345-1.jpg


If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


1.jpg (66.3 KiB)
· 5
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi Yukisun,
Sure I checked and verify to use the same certificate on Default web site and exchange back end.
89361-image.png


0 Votes 0 ·
image.png (205.4 KiB)

Hi @Bac-6780,

Have you had a chance to check if there are any clues in the Event Viewer?
Besides, it's suggested to search for relevant entries in the HTTPERR log file which is located at "c:\windows\system32\logfiles". You can open up the log file and search on “503” to locate the informaiton.

In addition, in order to help troubleshoot the issue, if there's any firewall or antivirus software running in your environment, I'd recommend have a go by temporarily disabling or removing it and check the result.


If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


0 Votes 0 ·

Hi Yukisun,
Yes, I removed all firewall / AV.
Even I installed a new Exchange Server without any FW / AV but it still has the same error - Include the new Exchange server.
My HTTPERR log file:

90727-image.png


0 Votes 0 ·
image.png (107.0 KiB)
Show more comments
AndyDavid avatar image
0 Votes"
AndyDavid answered AndyDavid commented

That's Incorrect. Not sure why thats allowing OWA and EAC are working and autodiscover is not with that cert, but that backend cert should be the self-signed Exchange Cert.
See my blog on how to change it to the correct one:

https://ehloergosum.com/2020/01/25/renewing-that-pesky-microsoft-exchange-certificate/

From the article I first linked above. Do the following:


Start IIS Manager on the Mailbox Server.
Expand Site, highlight Exchange Back End, and select Bindings from the Actions pane in the right side column.
Select Type https on Port 444.
Click Edit and select the Microsoft Exchange certificate.
From an administrator command prompt, run IISReset. ( Do this off-hours if this a standalone Exchange Server. If you are using a DAG, then move all the databases to other servers and have at it)


· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

First, the Backend cert is the self-signed Exchange cert.
After upgrade, I got error as you saw. So I search solution to fix it and I found some topic which that said change backend to use the same cert with default web site. I tried but no luck. :(
I still tried to rollback the self-cert but still got the same error.
I also don't understand why OWA/ECP work well but Autodiscover doesn't. And I got this error on all Exchange server (8 servers)

0 Votes 0 ·

Yea, its unusual that it would only affect one virtual directory.
As I mentioned above, consider recreating it:

https://theitbros.com/recreate-owa-ecp-virtual-directories-exchange-server-2016/

0 Votes 0 ·