Thing is it has been working for about a year now. Just trying it now prior to getting new certs and it is failing. So since I don't test daily I am not sure when it broke. I will look at the TMG but I believe I have a rule there already.
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Orlebeck, Geoffrey Sent: Wednesday, October 22, 2014 1:38 PM To: 'exchange@lists.myitforum.com' Subject: [Exchange] RE: DNS external records and Testconnectivity I ran into this a couple months back. IIRC the /Autodiscover/* path had to be added to the publishing rule in TMG. I may have created a separate rule strictly for Autodiscover, though I am not sure if that was necessary or I did it to isolate the changes being made. From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com] On Behalf Of David McSpadden Sent: Wednesday, October 22, 2014 10:25 AM To: exchange@lists.myitforum.com<mailto:exchange@lists.myitforum.com> Subject: [Exchange] DNS external records and Testconnectivity I have the below set externally with Ultradns and Fisolv: Autodiscover.imcu.com 'A' 38.109.185.193 Mx1.imcu.com 'A' 38.109.185.193 LegacyMail.imcu.com 'A' 38.109.185.193 Mail.imcu.com 'A' 38.109.185.193 193.185.109.38.in-addr.arpa 'PTR' mail.imcu.com 193.185.109.38.in-addr.arpa 'PTR' mx1.imcu.com 'MX' mx1.imcu.com 'TXT' "v=spf1 ip4:184.72.242.195 ip4:38.109.185.193 ~all" I have the below set internally with server 2012 DNS: Outlook.imcu.com 'A' 10.0.55.58 Autodiscover.imcu.com 'A' 10.0.55.58 LegacyMail.imcu.com 'A' 10.0.50.4 Mail.imcu.com 'A' 10.0.55.58 58.55.0.10.in-addr.arpa 'PTR' mail.imcu.com 58.55.0.10.in-addr.arpa 'PTR' outlook.imcu.com 58.55.0.10.in-addr.arpa 'PTR' autodiscover.imcu.com 'MX' mail.imcu.com My question is do I have all the DNS settings I need for an Exchange 2010 with TMG in the DMZ? Because with I do a testconnectivity I get bad Autodiscover responses: See below: The Microsoft Connectivity Analyzer is testing Exchange ActiveSync. The Exchange ActiveSync test failed. Additional Details Elapsed Time: 23179 ms. Test Steps Attempting the Autodiscover and Exchange ActiveSync test (if requested). Testing of Autodiscover for Exchange ActiveSync failed. Additional Details Elapsed Time: 23179 ms. Test Steps Attempting each method of contacting the Autodiscover service. The Autodiscover service couldn't be contacted successfully by any method. Additional Details Elapsed Time: 23179 ms. Test Steps Attempting to test potential Autodiscover URL https://Imcu.com:443/Autodiscover/Autodiscover.xml Testing of this potential Autodiscover URL failed. Additional Details Elapsed Time: 490 ms. Test Steps Attempting to resolve the host name imcu.com in DNS. The host name resolved successfully. Additional Details IP addresses returned: 12.145.177.146 Elapsed Time: 266 ms. Testing TCP port 443 on host imcu.com to ensure it's listening and open. The port was opened successfully. Additional Details Elapsed Time: 76 ms. Testing the SSL certificate to make sure it's valid. The SSL certificate failed one or more certificate validation checks. Additional Details Elapsed Time: 146 ms. Test Steps The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server imcu.com on port 443. The Microsoft Connectivity Analyzer wasn't able to obtain the remote SSL certificate. Additional Details The certificate couldn't be validated because SSL negotiation wasn't successful. This could have occurred as a result of a network error or because of a problem with the certificate installation. Elapsed Time: 121 ms. Attempting to test potential Autodiscover URL https://autodiscover.Imcu.com:443/Autodiscover/Autodiscover.xml Testing of this potential Autodiscover URL failed. Additional Details Elapsed Time: 1467 ms. Test Steps Attempting to resolve the host name autodiscover.imcu.com in DNS. The host name resolved successfully. Additional Details IP addresses returned: 38.109.185.193 Elapsed Time: 201 ms. Testing TCP port 443 on host autodiscover.imcu.com to ensure it's listening and open. The port was opened successfully. Additional Details Elapsed Time: 122 ms. Testing the SSL certificate to make sure it's valid. The certificate passed all validation requirements. Additional Details Elapsed Time: 298 ms. Test Steps The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server autodiscover.imcu.com on port 443. The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate. Additional Details Remote Certificate Subject: CN=mail.imcu.com, OU=Domain Control Validated, Issuer: SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US. Elapsed Time: 265 ms. Validating the certificate name. The certificate name was validated successfully. Additional Details Host name autodiscover.imcu.com was found in the Certificate Subject Alternative Name entry. Elapsed Time: 1 ms. Testing the certificate date to confirm the certificate is valid. Date validation passed. The certificate hasn't expired. Additional Details The certificate is valid. NotBefore = 11/12/2013 1:47:36 PM, NotAfter = 11/12/2014 1:47:36 PM Elapsed Time: 0 ms. Checking the IIS configuration for client certificate authentication. Client certificate authentication wasn't detected. Additional Details Accept/Require Client Certificates isn't configured. Elapsed Time: 359 ms. Attempting to send an Autodiscover POST request to potential Autodiscover URLs. Autodiscover settings weren't obtained when the Autodiscover POST request was sent. Additional Details Elapsed Time: 485 ms. Test Steps The Microsoft Connectivity Analyzer is attempting to retrieve an XML Autodiscover response from URL https://autodiscover.Imcu.com:443/Autodiscover/Autodiscover.xml for user dav...@imcu.com<mailto:dav...@imcu.com>. The Microsoft Connectivity Analyzer failed to obtain an Autodiscover XML response. Tell me more about this issue and how to resolve it Additional Details An HTTP 403 error was received because ISA Server denied the specified URL. HTTP Response Headers: Connection: close Pragma: no-cache Content-Length: 2040 Cache-Control: no-cache Content-Type: text/html Elapsed Time: 484 ms. Attempting to contact the Autodiscover service using the HTTP redirect method. The attempt to contact Autodiscover using the HTTP Redirect method failed. Additional Details Elapsed Time: 21036 ms. Test Steps Attempting to resolve the host name autodiscover.Imcu.com in DNS. The host name resolved successfully. Additional Details IP addresses returned: 38.109.185.193 Elapsed Time: 16 ms. Testing TCP port 80 on host autodiscover.Imcu.com to ensure it's listening and open. The specified port is either blocked, not listening, or not producing the expected response. Tell me more about this issue and how to resolve it Additional Details A network error occurred while communicating with the remote host. Elapsed Time: 21019 ms. Attempting to contact the Autodiscover service using the DNS SRV redirect method. The Microsoft Connectivity Analyzer failed to contact the Autodiscover service using the DNS SRV redirect method. Additional Details Elapsed Time: 24 ms. Test Steps Attempting to locate SRV record _autodiscover._tcp.Imcu.com in DNS. The Autodiscover SRV record wasn't found in DNS. Tell me more about this issue and how to resolve it Additional Details Elapsed Time: 24 ms. Checking if there is an autodiscover CNAME record in DNS for your domain 'Imcu.com' for Office 365. Failed to validate autodiscover CNAME record in DNS. If your mailbox isn't in Office 365, you can ignore this warning. Tell me more about this issue and how to resolve it Additional Details There is no Autodiscover CNAME record for your domain 'Imcu.com'. Elapsed Time: 160 ms. This e-mail and any files transmitted with it are property of Indiana Members Credit Union, are confidential, and are intended solely for the use of the individual or entity to whom this e-mail is addressed. If you are not one of the named recipient(s) or otherwise have reason to believe that you have received this message in error, please notify the sender and delete this message immediately from your computer. Any other use, retention, dissemination, forwarding, printing, or copying of this email is strictly prohibited. Please consider the environment before printing this email. Confidentiality Notice: This is a transmission from Community Hospital of the Monterey Peninsula. This message and any attached documents may be confidential and contain information protected by state and federal medical privacy statutes. They are intended only for the use of the addressee. If you are not the intended recipient, any disclosure, copying, or distribution of this information is strictly prohibited. If you received this transmission in error, please accept our apologies and notify the sender. Thank you. This e-mail and any files transmitted with it are property of Indiana Members Credit Union, are confidential, and are intended solely for the use of the individual or entity to whom this e-mail is addressed. If you are not one of the named recipient(s) or otherwise have reason to believe that you have received this message in error, please notify the sender and delete this message immediately from your computer. Any other use, retention, dissemination, forwarding, printing, or copying of this email is strictly prohibited. Please consider the environment before printing this email.