AutoDiscover - Problems with autodiscover.xml, SRV, etc.

twizted
Posts: 118
Joined: Thu Sep 23, 2004 5:37 pm
Location: Florida, USA
Contact:

AutoDiscover - Problems with autodiscover.xml, SRV, etc.

Postby twizted » Tue May 08, 2012 1:31 am

Anyone else having problems with the AutoDiscovery working with 1 SSL website?

I have setup SRV records correctly for about 5 domains now - and I cannot log in with an ActiveSync device on any of them except for the primary domain that doesn't require an SRV record. If I specify the server as the primary for the other domains it works (although that is obviously bypassing autodiscovery)...
Last edited by twizted on Tue May 08, 2012 6:38 pm, edited 1 time in total.

twizted
Posts: 118
Joined: Thu Sep 23, 2004 5:37 pm
Location: Florida, USA
Contact:

Re: AutoDiscovery - SRV Records

Postby twizted » Tue May 08, 2012 2:51 am

Ok, so I have added autodiscover.domain.com along with the SRV records to each domain name - but now I get warnings on the IPAD / Android devices when trying to connect. The documentation states to direct autodiscover.domain.com to the main IP address of the ActiveSync server - is this correct? This causes the AS client to point itself to the primary AS server while loading the wrong SSL key.

I believe while doing this it is completely skipping the SRV record and that is why this is happening.

Any thoughts?

MailEnable
Site Admin
Posts: 4441
Joined: Tue Jun 25, 2002 3:03 am
Location: Melbourne, Victoria Australia

Re: AutoDiscovery - SRV Records

Postby MailEnable » Tue May 08, 2012 3:56 am

It sounds like you are close. This utility (provided by MS) will provide you with more information on what is wrong:
https://www.testexchangeconnectivity.com
(use the Exchange ActiveSync Autodiscover tests)

There are many ways to provide autodiscovery, so it is more a matter of working out how you can configure your environment to service Autodiscover URLs.

Microsoft outlines the Autodiscovery methods/urls themselves here:
http://msdn.microsoft.com/en-us/library ... v=exchg.80).aspx

SRV records are not the only way that clients establish which autodisovery host to use - but it is the simplest approach in a multi-tennant environment. It also works best because you can simply enable domains by pointing them at a single host that is configured with Autodiscover - ie: that you only need a single SSL enabled IIS site to provide Autodiscovery and EAS to all your e-mail domains.

I would first start with getting EAS working for a single site.
That involves using the ActiveSync Configuration Manager to enable Autodiscovery and ActiveSync for an IIS site that already offers SSL.
Then you point your DNS to that SSL host via the SRV record approach.

The configuration utility was recently updated in 6.53 to make this much simpler - and a section outlining the approach for a single SSL cert - (ie: your situation). It is here:

See: Configuring ActiveSync and AutoDiscovery using the Configuration Manager at: http://www.mailenable.com/activesync/EA ... _Guide.pdf


The follow-on steps are to implement the additional autodiscovery approaches, but some of these may not be possible (depending on your environment).
Specifically, you may not have an SSL certificate for Autodiscover.domainname as outlined here:
http://msdn.microsoft.com/en-us/library ... v=exchg.80).aspx

If you did though, you would simply add the AutoDiscover.domainname host and SSL configuration to the MailEnable Protocols IIS Site (since it knows how to respond to requests for <host>/Autodiscover/Autodiscover.xml.
Regards, Andrew

scngan
Posts: 433
Joined: Fri Dec 30, 2005 1:27 pm

Re: AutoDiscovery - SRV Records

Postby scngan » Tue May 08, 2012 4:05 am

MailEnable wrote:It sounds like you are close. This utility (provided by MS) will provide you with more information on what is wrong:
https://www.testexchangeconnectivity.com
(use the Exchange ActiveSync Autodiscover tests)

There are many ways to provide autodiscovery, so it is more a matter of working out how you can configure your environment to service Autodiscover URLs.

Microsoft outlines the Autodiscovery methods/urls themselves here:
http://msdn.microsoft.com/en-us/library ... v=exchg.80).aspx

SRV records are not the only way that clients establish which autodisovery host to use - but it is the simplest approach in a multi-tennant environment. It also works best because you can simply enable domains by pointing them at a single host that is configured with Autodiscover - ie: that you only need a single SSL enabled IIS site to provide Autodiscovery and EAS to all your e-mail domains.

I would first start with getting EAS working for a single site.
That involves using the ActiveSync Configuration Manager to enable Autodiscovery and ActiveSync for an IIS site that already offers SSL.
Then you point your DNS to that SSL host via the SRV record approach.

The configuration utility was recently updated in 6.53 to make this much simpler - and a section outlining the approach for a single SSL cert - (ie: your situation). It is here:

See: Configuring ActiveSync and AutoDiscovery using the Configuration Manager at: http://www.mailenable.com/activesync/EA ... _Guide.pdf


The follow-on steps are to implement the additional autodiscovery approaches, but some of these may not be possible (depending on your environment).
Specifically, you may not have an SSL certificate for Autodiscover.domainname as outlined here:
http://msdn.microsoft.com/en-us/library ... v=exchg.80).aspx

If you did though, you would simply add the AutoDiscover.domainname host and SSL configuration to the MailEnable Protocols IIS Site (since it knows how to respond to requests for <host>/Autodiscover/Autodiscover.xml.



hi andrew,
on the last paragraph
If you did though, you would simply add the AutoDiscover.domainname host and SSL configuration to the MailEnable Protocols IIS Site (since it knows how to respond to requests for <host>/Autodiscover/Autodiscover.xml.

i went to the folder, i cant find Autodiscover.xml, anyway to add this xml ?

MailEnable
Site Admin
Posts: 4441
Joined: Tue Jun 25, 2002 3:03 am
Location: Melbourne, Victoria Australia

Re: AutoDiscovery - SRV Records

Postby MailEnable » Tue May 08, 2012 4:33 am

Yes - the files/Directories do not physically exist (they are not meant to).

The IIS Handler (and associated module) intercepts the requested URL and programatically returns XML content when the request is made.
The XML content returned is determined by what settings you defined for Autodiscover under the Autodiscover section of the ActiveSync Configuration Manager.

The same also applies for servicing the Microsoft-Server-ActiveSync url (in that the MailEnable Protocols site knows how to respond to requests for ActiveSync, and the virtual directory does not exist). It will probably also work for SyncML requests too - though I have not confirmed this.

Thats what the file "MEIISHandler.DLL" does in the bin directory - and the web config file registers the handler and module.
Regards, Andrew

twizted
Posts: 118
Joined: Thu Sep 23, 2004 5:37 pm
Location: Florida, USA
Contact:

Re: AutoDiscovery - SRV Records

Postby twizted » Tue May 08, 2012 6:05 am

I have everything working for a single host. I cannote figure out how to get the additional hosts to work without popping up a security warning on the device.

MailEnable
Site Admin
Posts: 4441
Joined: Tue Jun 25, 2002 3:03 am
Location: Melbourne, Victoria Australia

Re: AutoDiscovery - SRV Records

Postby MailEnable » Tue May 08, 2012 6:23 am

What is the error reported? Is it an SSL error?

If you have it working without warnings for 1 domain, but it fails for another domain, then it could be to do with the autodiscover response - in that it could be directing to an insecure or invalid ActiveSync URL.
ie: the SRV record is working fine, it just that you have configured mailenable to report a host that is not secure.
In a single SSL certificate environment, you should select the Autodiscover "Domain Reporting Mode" to "Fully Specify Domain" with the same host name as the value you entered for the SRV record in DNS.

To clarify - in a single cert SSL environmnt:

The SRV record should point to a host that is running SSL with a valid certificate for that host name.
Also, you need to ensure that the host name reported back by autodiscover is a host that has a valid SSL certificate too - use the "Domain Reporting Mode" to "Fully Specify Domain" .
In a single SSL environment, the ActiveSync host name and SRV autodiscover host name would be the same.
Regards, Andrew

twizted
Posts: 118
Joined: Thu Sep 23, 2004 5:37 pm
Location: Florida, USA
Contact:

Re: AutoDiscover - Problems with autodiscover.xml, SRV, etc.

Postby twizted » Tue May 08, 2012 7:06 pm

Actually, it looks like I have nothing 100% working - not even the primary domain. It's working good enough to connect w/o error on an IPAD but it looks like this is my #1 problem:

Attempting to test potential Autodiscover URL https://networkcloset.com/AutoDiscover/AutoDiscover.xml

The AutoDiscover (MailEnable Protocols) is only listening on port 80. When I try to enable it on 443 it has a bind conflict and stops itself from running.

ADDED: I am trying everything to get this to respond on 443 and I just can't seen to figure it out :cry:

MailEnable
Site Admin
Posts: 4441
Joined: Tue Jun 25, 2002 3:03 am
Location: Melbourne, Victoria Australia

Re: AutoDiscover - Problems with autodiscover.xml, SRV, etc.

Postby MailEnable » Tue May 08, 2012 11:19 pm

It seems to work when I access: https://networkcloset.com in a browser.
That indicates that the bindings and SSL are configured correctly for that IIS site.
Perhaps you fixed this since your post.

Also, https://networkcloset.com/Microsoft-Server-ActiveSync is challenging - which means that MailEnable is responding.
That would indicate that ActiveSync and SSL are at least set up correctly, but its not clear if the host is responding to:
https://networkcloset.com/AutoDiscover/AutoDiscover.xml - the microsoft autodiscovery test I mentioned earlier will tell you that.
Regards, Andrew

twizted
Posts: 118
Joined: Thu Sep 23, 2004 5:37 pm
Location: Florida, USA
Contact:

Re: AutoDiscover - Problems with autodiscover.xml, SRV, etc.

Postby twizted » Fri May 11, 2012 1:02 am

I had http:// autodiscover working and https:// was not. I somehow broke the system so that both respond with 404 error and have spent hours trying to fix it :(

MailEnable
Site Admin
Posts: 4441
Joined: Tue Jun 25, 2002 3:03 am
Location: Melbourne, Victoria Australia

Re: AutoDiscover - Problems with autodiscover.xml, SRV, etc.

Postby MailEnable » Fri May 11, 2012 4:59 am

Hi, the 404 error might mean that the IIS bindings are incorrect or there is a problem with the virtual directories. The Management Utility should allow you to repair the virtual directories. Also, we have produced an update to the Management Application that has improved diagnostics.

It is available here:
http://www.mailenable.com/hotfix/mam.zip
It is identical to the version in the 6.54 release (but will work with any 6.5x version and later)

and the files should be extracted to here:
[Program Files]\Mail Enable\ActiveSync

If you still have issues using the utility, then it may be best to arrange for a review of your environment/fix via rdp.
If thats the case, please submit sever details via https://www.mailenable.com/secure/details.asp using the reference number: FORUM23829
Regards, Andrew

Who is online

Users browsing this forum: No registered users and 1 guest