Problems with Autodiscover, Out of Office, Free Busy, OWA and Outlook Anywhere

One of the most common issues I see has to do with certificates, so to start out we need to understand some things about certificates.

Certificates are used to encrypt traffic between exchange servers and clients.

There are 3 things that need to be true for a certificate to be valid.

  1. The name used to access the resource needs match the certificate exactly.
    Example: If I connect to say owa with then the certificate needs to also have on it in either the subject or the subject alternate name field. clip_image002
  2. The Certificate time must be valid
  3. The issuing Certificate Authority must be trusted by the client. (It needs to exist in the “Trusted Root Certificate Authorities)


Now that we have some VERY basic info about certificates.

The issues I see constantly are: Autodiscover, Out of Office, Free Busy and Outlook Anywhere miss-configuration.


  1. Not using a trusted certificate
    • Solution: use a 3rd party cert provider
  2. The certificate name does not match the DNS name\s
    • Solution: create a new cert request containing all the names used to access the server. Minimum of
      2. <ExternalName>
      3. <InternalName>.domain.local (if using for internal systems also)

Example of a correct cert request:

    • New-ExchangeCertificate -GenerateRequest -SubjectName “C=US, O=Org Name,” -domainname,, servername, servername.domain.local -FriendlyName -privatekeyexportable:$true -path c:\cert_myserver.txt

Example of Cert import

    • Import-ExchangeCertificate –Path “C:\CertificateFile.cer” | Enable-ExchangeCertificate -Services pop, smtp, iis, imap  (2007 Example)
    • Import-ExchangeCertificate -FileData ([Byte[]]$(Get-Content -Path c:\certificates\newcert.cer -Encoding Byte -ReadCount 0)) | Enable-ExchangeCertificate -Services SMTP   (2010 Example)
  1. External URLs not defined correctly
  2. Can’t resolve Fully qualified domain names (FQDN)

           Should look like this


  1. SCP Record does not contain the correct value
    1. Test from outlook:
      1. Hold CTRL and Click the outlook Icon in the system tray image and select “Test Email Auto Configuration”image
      2. Uncheck guess smart and click Test
    2. check SCP value returned
      1. If you get info on the results tab then autodiscover is working
      2. If not look at the Log tab and look at the URL that is returned


    1. Test the URL (Type it into Internet explorer) if its not change SCP to a valid URL
      1. Run ADSIEDIT and view the “Service Binding Information” to verify the correct value


2. Set the SCP allong with the internal URL: Set-ClientAccessServer CASServerName -AutoDiscoverServiceInternalUri https://mail.domain.local/Autodiscover/Autodiscover.xml

3 thoughts on “Problems with Autodiscover, Out of Office, Free Busy, OWA and Outlook Anywhere

  1. Pingback: Most Common Exchange issues « Troubleshooting Exchange

  2. Pingback: Publish Exchange 2010 with TMG (Forefront Threat Management Gateway) « Troubleshooting Exchange

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s