Jump to content
roccomarcy

Autodiscover mit mehreren Domains und einem Zertifikat

Recommended Posts

Ist ein frisches iPhone mit einem neu erstellten Account.

Scheint ein Problem mit iOS und der Identifizierung der Autodiscover-Methode zu sein?

Wenn ich im Netz nach Autodiscover Multi Domain Redirect suche, finde ich mehrere solcher Beiträge.

 

https://social.technet.microsoft.com/Forums/en-US/08ae064f-8f9f-4814-bc33-8e1379495454/autodiscover-redirect-no-longer-working-in-ios-11?forum=Exch2016CM

 

Aber alle ohne Lösung...

Share this post


Link to post
Share on other sites
vor 41 Minuten schrieb roccomarcy:

Was soll ich ausprobieren?
Die Authentifizierungsmethode ändern?

Nein, dich mit UPN, SAMACCOUNT oder DOMAIN\SAMACCOUNT anzumelden. Das geht auf jeden Fall, wenn man nur BEnutzername konfiguriert hat im OWA. Die anderen virtual directories sollten natürlich ebenfalls alle jeweils korrekt konfiguriert sein. Was korrekt bedeutet, hängt natürlich von deiner Umgebung ab. :)

vor 19 Minuten schrieb roccomarcy:

Ist ein frisches iPhone mit einem neu erstellten Account.

Scheint ein Problem mit iOS und der Identifizierung der Autodiscover-Methode zu sein?

Wenn ich im Netz nach Autodiscover Multi Domain Redirect suche, finde ich mehrere solcher Beiträge.

 

https://social.technet.microsoft.com/Forums/en-US/08ae064f-8f9f-4814-bc33-8e1379495454/autodiscover-redirect-no-longer-working-in-ios-11?forum=Exch2016CM

 

Aber alle ohne Lösung...

Dann mach Wireshark an und schau wo es hakt. :/

Share this post


Link to post
Share on other sites
vor 40 Minuten schrieb roccomarcy:

Scheint ein Problem mit iOS und der Identifizierung der Autodiscover-Methode zu sein?

AFAIK aber nur mit iOS11 und das ist jawohl sowas von vorgestern. ;)

Ich habe leider kein aktuelles iPhone, um es zu testen.

Share this post


Link to post
Share on other sites
vor einer Stunde schrieb Nobbyaushb:

Ich öffne keine Links - ist es so schwer, die Ausgabe mit Copy&Paste zu posten? :neutral2:

Ich wollte euch nur die Lesbarkeit des RCA-Reports erhalten. :)

 


Attempting the Autodiscover and Exchange ActiveSync test (if requested).
Autodiscover was successfully tested for Exchange ActiveSync.
Additional Details
Elapsed Time: 33479 ms.
Test Steps
Attempting each method of contacting the Autodiscover service.
The Autodiscover service was tested successfully.
Additional Details
Elapsed Time: 33479 ms.
Test Steps
Attempting to test potential Autodiscover URL https://zweitedomain.de:443/Autodiscover/Autodiscover.xml
Testing of this potential Autodiscover URL failed.
Additional Details
Elapsed Time: 7463 ms.
Test Steps
Attempting to resolve the host name zweitedomain.de in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 987.654.321.0
Elapsed Time: 740 ms.
Testing TCP port 443 on host zweitedomain.de to ensure it's listening and open.
The port was opened successfully.
Additional Details
Elapsed Time: 186 ms.
Testing the SSL certificate to make sure it's valid.
The certificate passed all validation requirements.
Additional Details
Elapsed Time: 855 ms.
Test Steps
The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server zweitedomain.de on port 443.
The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
Additional Details
Remote Certificate Subject: CN=*.zweitedomain.de, OU=Domain Control Validated, Issuer: CN=COMODO RSA Domain Validation Secure Server CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB.
Elapsed Time: 799 ms.
Validating the certificate name.
The certificate name was validated successfully.
Additional Details
Host name zweitedomain.de was found in the Certificate Subject Alternative Name entry.
Elapsed Time: 0 ms.
Certificate trust is being validated.
The certificate is trusted and all certificates are present in the chain.
Test Steps
The Microsoft Connectivity Analyzer is attempting to build certificate chains for certificate CN=*.zweitedomain.de, OU=Domain Control Validated.
One or more certificate chains were constructed successfully.
Additional Details
A total of 2 chains were built. The highest quality chain ends in root certificate CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB.
Elapsed Time: 21 ms.
Analyzing the certificate chains for compatibility problems with versions of Windows.
Potential compatibility problems were identified with some versions of Windows.
Additional Details
The Microsoft Connectivity Analyzer can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the "Update Root Certificates" feature isn't enabled.
Elapsed Time: 0 ms.
Testing the certificate date to confirm the certificate is valid.
Date validation passed. The certificate hasn't expired.
Additional Details
The certificate is valid. NotBefore = 11/1/2017 12:00:00 AM, NotAfter = 1/29/2021 11:59:59 PM
Elapsed Time: 0 ms.
Checking the IIS configuration for client certificate authentication.
Client certificate authentication wasn't detected.
Additional Details
Accept/Require Client Certificates isn't configured.
Elapsed Time: 2734 ms.
Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
Autodiscover settings weren't obtained when the Autodiscover POST request was sent.
Additional Details
Elapsed Time: 2947 ms.
Test Steps
The Microsoft Connectivity Analyzer is attempting to retrieve an XML Autodiscover response from URL https://zweitedomain.de:443/Autodiscover/Autodiscover.xml for user autodiscover.test@zweitedomain.de.
The Autodiscover XML response was successfully retrieved.
Additional Details
An HTTPS redirect was received in response to the Autodiscover request. The redirect URL is https://www.zweitedomain.de/Autodiscover/Autodiscover.xml. HTTP Response Headers: Connection: keep-alive Strict-Transport-Security: max-age=31536000 Content-Length: 182 Content-Type: text/html Date: Wed, 23 Jan 2019 09:29:35 GMT Location: https://www.zweitedomain.de/Autodiscover/Autodiscover.xml
Elapsed Time: 580 ms.
Attempting to test potential Autodiscover URL https://www.zweitedomain.de/Autodiscover/Autodiscover.xml
Testing of this potential Autodiscover URL failed.
Additional Details
Elapsed Time: 2365 ms.
Test Steps
Attempting to resolve the host name www.zweitedomain.de in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 85.236.61.248
Elapsed Time: 206 ms.
Testing TCP port 443 on host www.zweitedomain.de to ensure it's listening and open.
The port was opened successfully.
Additional Details
Elapsed Time: 201 ms.
Testing the SSL certificate to make sure it's valid.
The certificate passed all validation requirements.
Additional Details
Elapsed Time: 587 ms.
Test Steps
The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server www.zweitedomain.de on port 443.
The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
Additional Details
Remote Certificate Subject: CN=*.zweitedomain.de, OU=Domain Control Validated, Issuer: CN=COMODO RSA Domain Validation Secure Server CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB.
Elapsed Time: 531 ms.
Validating the certificate name.
The certificate name was validated successfully.
Additional Details
The host name that was found, www.zweitedomain.de, is a wildcard certificate match for common name *.zweitedomain.de.
Elapsed Time: 0 ms.
Certificate trust is being validated.
The certificate is trusted and all certificates are present in the chain.
Test Steps
The Microsoft Connectivity Analyzer is attempting to build certificate chains for certificate CN=*.zweitedomain.de, OU=Domain Control Validated.
One or more certificate chains were constructed successfully.
Additional Details
A total of 2 chains were built. The highest quality chain ends in root certificate CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB.
Elapsed Time: 19 ms.
Analyzing the certificate chains for compatibility problems with versions of Windows.
Potential compatibility problems were identified with some versions of Windows.
Additional Details
The Microsoft Connectivity Analyzer can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the "Update Root Certificates" feature isn't enabled.
Elapsed Time: 6 ms.
Testing the certificate date to confirm the certificate is valid.
Date validation passed. The certificate hasn't expired.
Additional Details
The certificate is valid. NotBefore = 11/1/2017 12:00:00 AM, NotAfter = 1/29/2021 11:59:59 PM
Elapsed Time: 0 ms.
Checking the IIS configuration for client certificate authentication.
Client certificate authentication wasn't detected.
Additional Details
Accept/Require Client Certificates isn't configured.
Elapsed Time: 513 ms.
Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
Autodiscover settings weren't obtained when the Autodiscover POST request was sent.
Additional Details
Elapsed Time: 856 ms.
Test Steps
The Microsoft Connectivity Analyzer is attempting to retrieve an XML Autodiscover response from URL https://www.zweitedomain.de/Autodiscover/Autodiscover.xml for user autodiscover.test@zweitedomain.de.
The Microsoft Connectivity Analyzer failed to obtain an Autodiscover XML response.
Additional Details
The URL specified in the location HTTP header is invalid or is not an absolute URL: / HTTP Response Headers: Connection: keep-alive Pragma: no-cache tcs-time: 1548235777 X-Node: cms1 Age: 0 Strict-Transport-Security: max-age=31536000 Content-Length: 42 Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Content-Type: text/html; charset=utf-8 Date: Wed, 23 Jan 2019 09:29:37 GMT Expires: Thu, 19 Nov 1981 08:52:00 GMT Location: / Set-Cookie: ___sid_=7lh8b37117vtfgndg323tsi24u71eavh; path=/; HttpOnly
Elapsed Time: 856 ms.
Attempting to test potential Autodiscover URL https://autodiscover.zweitedomain.de:443/Autodiscover/Autodiscover.xml
Testing of this potential Autodiscover URL failed.
Additional Details
Elapsed Time: 21558 ms.
Test Steps
Attempting to resolve the host name autodiscover.zweitedomain.de in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 123.456.789.0
Elapsed Time: 518 ms.
Testing TCP port 443 on host autodiscover.zweitedomain.de to ensure it's listening and open.
The specified port is either blocked, not listening, or not producing the expected response.
Tell me more about this issue and how to resolve it
Additional Details
A network error occurred while communicating with the remote host.
Elapsed Time: 21039 ms.
Attempting to contact the Autodiscover service using the HTTP redirect method.
The Autodiscover service was successfully contacted using the HTTP redirect method.
Additional Details
Elapsed Time: 4457 ms.
Test Steps
Attempting to resolve the host name autodiscover.zweitedomain.de in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 123.456.789.0
Elapsed Time: 12 ms.
Testing TCP port 80 on host autodiscover.zweitedomain.de to ensure it's listening and open.
The port was opened successfully.
Additional Details
Elapsed Time: 223 ms.
The Microsoft Connectivity Analyzer is checking the host autodiscover.zweitedomain.de for an HTTP redirect to the Autodiscover service.
The redirect (HTTP 301/302) response was received successfully.
Additional Details
Redirect URL: https://mail.hauptdomain.de/Autodiscover/Autodiscover.xml HTTP Response Headers: Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Length: 340 Content-Type: text/html; charset=iso-8859-1 Date: Wed, 23 Jan 2019 09:29:59 GMT Location: https://mail.hauptdomain.de/Autodiscover/Autodiscover.xml Server: Apache/2.4.25 (Debian)
Elapsed Time: 385 ms.
Attempting to test potential Autodiscover URL https://mail.hauptdomain.de/Autodiscover/Autodiscover.xml
Testing of the Autodiscover URL was successful.
Additional Details
Elapsed Time: 3836 ms.
Test Steps
Attempting to resolve the host name mail.hauptdomain.de in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 62.153.150.166
Elapsed Time: 594 ms.
Testing TCP port 443 on host mail.hauptdomain.de to ensure it's listening and open.
The port was opened successfully.
Additional Details
Elapsed Time: 192 ms.
Testing the SSL certificate to make sure it's valid.
The certificate passed all validation requirements.
Additional Details
Elapsed Time: 659 ms.
Test Steps
The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server mail.hauptdomain.de on port 443.
The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
Additional Details
Remote Certificate Subject: CN=*.hauptdomain.de, OU=Domain Control Validated, Issuer: CN=COMODO RSA Domain Validation Secure Server CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB.
Elapsed Time: 619 ms.
Validating the certificate name.
The certificate name was validated successfully.
Additional Details
The host name that was found, mail.hauptdomain.de, is a wildcard certificate match for common name *.hauptdomain.de.
Elapsed Time: 0 ms.
Certificate trust is being validated.
The certificate is trusted and all certificates are present in the chain.
Test Steps
The Microsoft Connectivity Analyzer is attempting to build certificate chains for certificate CN=*.hauptdomain.de, OU=Domain Control Validated.
One or more certificate chains were constructed successfully.
Additional Details
A total of 2 chains were built. The highest quality chain ends in root certificate CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB.
Elapsed Time: 21 ms.
Analyzing the certificate chains for compatibility problems with versions of Windows.
Potential compatibility problems were identified with some versions of Windows.
Additional Details
The Microsoft Connectivity Analyzer can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the "Update Root Certificates" feature isn't enabled.
Elapsed Time: 1 ms.
Testing the certificate date to confirm the certificate is valid.
Date validation passed. The certificate hasn't expired.
Additional Details
The certificate is valid. NotBefore = 1/2/2019 12:00:00 AM, NotAfter = 4/1/2021 11:59:59 PM
Elapsed Time: 0 ms.
Checking the IIS configuration for client certificate authentication.
Client certificate authentication wasn't detected.
Additional Details
Accept/Require Client Certificates isn't configured.
Elapsed Time: 832 ms.
Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
The Microsoft Connectivity Analyzer successfully retrieved Autodiscover settings by sending an Autodiscover POST.
Additional Details
Elapsed Time: 1557 ms.
Test Steps
The Microsoft Connectivity Analyzer is attempting to retrieve an XML Autodiscover response from URL https://mail.hauptdomain.de/Autodiscover/Autodiscover.xml for user autodiscover.test@zweitedomain.de.
The Autodiscover XML response was successfully retrieved.
Additional Details
Autodiscover Account Settings XML response: <?xml version="1.0"?> <Autodiscover xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006"> <Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/mobilesync/responseschema/2006"> <Culture>en:us</Culture> <User> <DisplayName>TEST Autodiscover</DisplayName> <EMailAddress>autodiscover.test@zweitedomain.de</EMailAddress> </User> <Action> <Settings> <Server> <Type>MobileSync</Type> <Url>https://mail.hauptdomain.de/Microsoft-Server-ActiveSync</Url> <Name>https://mail.hauptdomain.de/Microsoft-Server-ActiveSync</Name> </Server> </Settings> </Action> </Response> </Autodiscover> HTTP Response Headers: X-Frame-Options: SAMEORIGIN Strict-Transport-Security: max-age=31536000; includeSubDomains Vary: Accept-Encoding Content-Length: 750 Cache-Control: private Content-Type: text/xml; charset=utf-8 Date: Wed, 23 Jan 2019 09:30:03 GMT Server: Apache WWW-Authenticate: Basic realm=mail.hauptdomain.de
Elapsed Time: 1557 ms.

 

Share this post


Link to post
Share on other sites
vor einer Stunde schrieb ASR:

Erstelle einen Trace mit dem iPhone, dann siehst Du schon: http://docs.telerik.com/fiddler/configure-fiddler/tasks/configureforios

was passiert und was nicht.

 

ASR

 

Ich hab das mal ausprobiert.

Er folgt nicht dem Redirect, versucht immer auf autodiscover.zweitedomain.de via HTTPS zuzugreifen und das ist ja wie auf der vorherigen Seite nicht erlaubt.

2019-01-23 13_49_48-Progress Telerik Fiddler Web Debugger.png

Share this post


Link to post
Share on other sites

Verbindung wird nicht aufgebaut,

da ich für autodiscover.zweitedomain.de nur HTTP freigegeben habe.

So wurde es in der Seite zuvor ja auch beschrieben.

Share this post


Link to post
Share on other sites
vor 22 Minuten schrieb roccomarcy:

 

Ich hab das mal ausprobiert.

Er folgt nicht dem Redirect, versucht immer auf autodiscover.zweitedomain.de via HTTPS zuzugreifen und das ist ja wie auf der vorherigen Seite nicht erlaubt.

2019-01-23 13_49_48-Progress Telerik Fiddler Web Debugger.png

hm, auf Port 443 sollte Dein Redirect Endpunkt ja gar nicht reagieren.

 

ASR

Share this post


Link to post
Share on other sites
vor 1 Minute schrieb NorbertFe:

Was im Übrigen auch ganz am Anfang explizit so geschrieben wurde.

Korrekt, wurde ja auch so übernommen.

Die Frage ist ja warum er auf 443 reagiert?!

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Werbepartner:



×
×
  • Create New...