Results 1 to 3 of 3

Thread: How to fix Autodiscover error on ExRCA?

  1. #1
    Join Date
    Jan 2012

    How to fix Autodiscover error on ExRCA?

    ExRCA successfully got SSL certificate from remote server via port 443. Below mentioned are some useful information which you would like to know.
    Remote Certificate Subject:, OU=Domain Control Validated,, Issuer: SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=, O=", Inc.", L=Scottsdale, S=Arizona, C=US.
    I have successfully validated the certificate name.

    Host name was available into Certificate Subject Alternative Name entry.
    Certificate trust was validated and it was presented into chain.
    ExRCA try to create certificate chains for the certidcate, OU=Domain Control Validated, and it was created succefully.

    A total of 2 chains were built. The highest quality chain ends in root certificate OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US.
    There was no compatibility issue with Windows version when I tested certificate chains for compatibility.

    The certificate chain has been validated up to a trusted root. Root =, CN=, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network.
    After that I have tested certificate date so that I can figure whether certificate is valid. It passed date validation succfully and it was not expired.

    The certificate is valid. NotBefore = 2/12/2012 4:14:28 AM, NotAfter = 2/8/2015 9:22:45
    I checked IIS configuration of client certificate authentication and there was no Client certificate authentication detected.

    Accept/Require Client Certificates isn't configured.
    I tried to sent Autodiscover POST for potential Autodiscover URLs but there was no Autodiscover POST request.
    ExRCA trying to retrieve XML Autodiscover response from below mentioned URL. for user However it failed to get Autodiscover XML response.
    An HTTP 403 error was received because ISA Server denied the specified URL.
    Let me know how can I resolve above mentioned issue.
    Tried to connect with Autodiscover service using HTTP redirect method. But it was not able to contact Autodiscover.

    The host name was resolved successfully when I tried to resolved hostname in DNS.
    IP addresses returned:
    TCP port 80 on host is listing and open.
    When ExRCA is trying to check host through HTTP redirect using Autodiscover service. But it was not working.

    An HTTP 403 error was received because ISA Server denied the specified URL.

    When I tried to contact Autodiscover service utliozing DNS SRV redirect method I got below mentioned mesaage.
    ExRCA failed to contact the Autodiscover service using the DNS SRV redirect method.

    I tried to find out SRV record in DNS. I got.
    The Autodiscover SRV record wasn't found in DNS.
    Let me know me know how can I resolve above mentioned problem.

  2. #2
    Join Date
    Jul 2011

    Re: How to fix Autodiscover error on ExRCA?

    Normally Autodiscover uses below mentioned connection attempts.
    HTTPS for
    HTTPS for
    DNS for SRV record

    The error message which you have mentioned in your post is not an error actually rather its first attempt made to connect with autodiscover through SMTP domain. Normally it gets fails as there are less number of organization setup for DNS who are having root DNS namespace pointing towards same address which is being used by Exchange services. At the time of second attempt, you are trying to use DNS name for so that it can connection point for Autodiscover. After gong through the log entries I managed to get that ExRCA able to connect without having any major issue and it simply continue with processing of SSL certificate. So it implies that public DNS is correct and connection attempt should be made to connect with ISA server and it would retrieve SL certificate information.
    You can have rules for OWA, ActiveSync, and Outlook. It would also make use of web listener in case you are making use of Basic Authentication delegation with CAS.
    You should configure authentication settings with publishing rules as well as web listener(s) correlate for authentication methods on Exchange virtual directories on CAS.

    ExRCA is showing that URL has been denied by ISA. In case you have implemented multiple rules on Exchange for OWA, ActiveSync, and Outlook then you should see that rules are processed into proper order. If OWA rule is getting processed then it should be configured to accept public name,. could be possible that Autodiscover or virtual directory is published and it would result into ISA denying your URL. You should enable logging on ISA server to get which rule is blocking ExRCA to authenticate certificate. It would give you better idea of entire issue.

  3. #3
    Join Date
    May 2011

    Re: How to fix Autodiscover error on ExRCA?

    In order to resolve above mentioned issue I am suggesting that you should try to open exchange rule on ISA server. from public names tab you have to simply add autodiscover record. On paths tab you have to simply add autodiscover directory. So try the above mentioned thing and let me know whether it is working or not.

Similar Threads

  1. Replies: 6
    Last Post: 12-11-2010, 10:37 PM
  2. Error Creating Autodiscover Virtual Directory
    By MegaTron in forum Windows Software
    Replies: 6
    Last Post: 11-08-2010, 12:47 AM
  3. Server Error: 451, Socket Error: 10053, Error Number: 0x800CCC0F
    By Eigenberg in forum Windows XP Support
    Replies: 3
    Last Post: 03-06-2008, 04:13 PM
  4. Replies: 3
    Last Post: 21-07-2005, 01:07 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts