Tuesday, July 1, 2014

Fix Exchange Autodiscover Error 600 - Invalid Request

Resolve Exchange Autodiscover Error 600 Invalid Request

The Auto-Discover option was introduced in Exchange 2007 edition and is further included in Exchange 2010 and 2013. Less brought into deliberation, this feature holds importance for smooth functioning of Exchange environment. Its main purpose is to provide essential information to the mail client for configuration with Server with mere two basic credentials: username and password. This option proves quite useful when remote users want to connect to the Server without advanced information like Server name or the domain. In addition to this, AutoDiscover is responsible for smooth functioning of applications like Offline Address Book (OAB) in Outlook and Out of Office. 

How Autodiscover Works in Exchange 2010 and Related Issues:

AutoDiscover helps in client Configuration with Exchange Server to the mobile and remote users. Most of the time, users might not notice this but they are just asked for the username and password details while configuration. For example: In Android smart phones, the email set up screen looks like this:

After you provide the details, the email client will look out for https://<your domain>.com/autodiscover/autodiscover.xml and will try to retrieve necessary information for configuration with Server. If the AutoDiscover is set up properly, the configuration will be complete in few minutes, making it extremely simple for non-IT users to deal with the situation without making any support call.

Another important function of AutoDiscover feature is related to Offline Address Book and Out of Office. Outlook uses the auto-discover address in order to get details of Exchange Server and thus if it is not properly configured, these features cannot be properly utilized (although everything else work perfectly well). If AutoDiscover feature is not correctly configured, “Error 600 Invalid Requestmight pop up on screen. Also, it can result in troubles like:

  •  Free/Busy information about a user is not available
  •  Error code: 0x8004010F is received on downloading OAB
  • Continuous prompt for username and password
  • Outlook  Anywhere service stops responding
  • The Out of Office Assistant stops working properly

In the upcoming part of this segment, we will discuss as how to check out the configuration accuracy for AutoDiscover feature and how to handle related issues.

Troubleshooting AutoDiscover Issues:

For client configuration with Server, MS Outlook retrieves information from CAS on which AutoDiscover service runs. To fix issues in this service, open https://<your domain>.com/autodiscover/autodiscover.xml on computer network. When this is done, Outlook communicates with CAS and provides it account details. You will likely to be prompted for username and password and the AutoDiscover.XML file will look like:

If the XML file gets opened, it means that CAS Server is working perfectly and you can move on to troubleshooting steps underlined below. However, if the XML file does not get opened, replace CAS IP address with Domain name. If the XML file gets opened now, the problem is associated with the Domain Name Server (DNS).

Troubleshooting: Step #1
In order to verify that AutoDiscover configuration is working perfect, there are two tests that are to be performed: one is inside the network and another is outside the network. The test to be performed outside network is simple to execute. All you need to do is open in your web browser. This is a free service by Microsoft and absolutely reliable as far as confidentiality is concerned. However, it is recommended to check the SSL certificate of site in order to assure that you are on legitimate site. 
Remote Content Analyzer

Here, you can find two Auto-Discover test options: ActiveSync and for Outlook (any of the options can be chosen as they do not make a difference). Select any of the option and click Next button. (Here it is recommended to enable check box for “Ignore Trust for SSL”. If you don’t do this, the test might fail as Microsoft does not identify Certificate Authority for CAS SSL certificate.)

You will be taken to another page where some information will be requested to be filled up. Once you are done with the validation code formality, click on the Perform Test button to start the configuration accuracy test. The test is based on the attempts to download XML file (see the figure below):
Remote Content Analyzer

Possibility is you might get following error message that says “Connectivity Test Failed”. This won’t give much information about the configuration. To know more, click on Expand All button.
Test Failure

For testing configuration inside your network can be done through existing Outlook profile set up with Exchange Server. In the system tray, locate Outlook icon. Hold the CTRL key, right click on the icon, and click on Test E-mail AutoConfiguration option.

A window will pop up, the email address will be already entered, and you have to provide password for the same. Enable check box for ‘Use AutoDiscover’ and hit the Test button. The output will be split into two different sections: Exchange RPC and Exchange HTTP, each with links for Out of Office and Offline Address Book. 

Troubleshooting: Step#2

If the above method does not work out, the recommendation is to check the firewall settings. Access to AutoDiscover service is provided by HTTPS and thus you have to ensure that port number 433 is open to CAS firewall. In addition to this, ensure that the CAS SSL certificate is issued by a trusted Certificate Authority. By default, the CAS uses a self-signed certificate. This is fine until AutoDiscover service is being used in internal network but a Subject Alternate Name (SAN) certificate would be required for external clients.
In the above section, we noticed that Outlook checks out for two URLS while making attempt to download the XML file:

·         <your domain>/autodiscover/autodiscover.xml
·         Autodiscover.<your domain>/autodiscover/autodiscover.xml

While downloading the XML file, possibility is the URL is working fine but Microsoft is recommending creation of a Host (A) record to DNS. Also, the Client Access Server should have a SAN certificate. Reason being, it helps to link multiple subject alternate names with just one certificate. Also, the autodiscover.<your domain> name should be added to the certificate so that connection to domain is SSL encrypted.

Once DNS record and SSL certificate is configured properly, open https://autodiscover.<your domain>/autodiscover/autodiscover.xml. If everything is configured properly, the AutoDiscover XML file should be accessed. 


Post a Comment

Post a reply