Thursday, September 7, 2017

Autodiscover: Outlook Provider - 6001 Error for one user only

We had issues with Autodiscover with only one mailbox in our environment.

When we ran the Test-OutlookWebServices against the problematic mailbox, we got an error.

Test-OutlookWebServices -Identity "journal@domain.com" -MailboxCredential (get-credential domain\journal)


Looking at the full report with the format list option "| fl" we get:


Test-OutlookWebServices -Identity "journal@domain.com" -MailboxCredential (get-credential domain\journal) | fl

RunspaceId          : 996337d5-8719-4dfa-b19c-84b81a2ea577
Source              : exchangeserver.domain.com
ServiceEndpoint     : mail.domain.com
Scenario            : AutoDiscoverOutlookProvider
ScenarioDescription : Autodiscover: Outlook Provider
Result              : Failure
Latency             : 16
Error               : System.Net.WebException: The remote server returned an error: (401) Unauthorized.
                         at System.Net.HttpWebRequest.GetResponse()
                         at
                      Microsoft.Exchange.Management.SystemConfigurationTasks.ServiceValidatorBase.InternalInvoke()
                         at Microsoft.Exchange.Management.SystemConfigurationTasks.ServiceValidatorBase.Invoke()
Verbose             : [2017-09-08 04:38:10Z] Autodiscover connecting to
                      'https://mail.domain.com/Autodiscover/Autodiscover.xml'.
                      [2017-09-08 04:38:10Z] Test account: journal Password: ******
                      [2017-09-08 04:38:10Z] Autodiscover request:
                      User-Agent:
exchangeserver/Test-OutlookWebServices/journal@domain.com
                      Content-Type: text/xml; charset=utf-8
                      Host: mail.domain.com
                      Cookie: X-BackEndCookie=S-1-5-21-2167321796-859855631-2145623002-1367=rJqNiZqNgayprdK6p7y3vrG4utG
                      SnpGVlpKKj4yX0ZOQnJ6Tgc7GzMjGxsjGy8iBzc/OyNLPxtLPx6vPy8XLx8XOzw==
                      [2017-09-08 04:38:10Z] Autodiscover request:
                     
                      http://www.w3.org/2001/XMLSchema
"
                      xmlns:xsi="
http://www.w3.org/2001/XMLSchema-instance"
                      xmlns="
http://schemas.microsoft.com/exchange/autodiscover/outlook/requestschema/2006">
                       

                          journal@domain.com
                         
http://schemas.microsoft.com/exchange/autodiscover/outlook/response
                      schema/2006a

                       

                    

                      [2017-09-08 04:38:10Z] Autodiscover response:
                      request-id: eee84b62-bc41-4363-90b6-4c47e136a08d
                      X-SOAP-Enabled: True
                      X-WSSecurity-Enabled: True
                      X-WSSecurity-For: None
                      X-OAuth-Enabled: True
                      Server: Microsoft-IIS/8.5
                      WWW-Authenticate: Negotiate,NTLM,Basic realm="mail.domain.com"
                      X-Powered-By: ASP.NET
                      X-FEServer: exchangeserver
                      Date: Fri, 08 Sep 2017 04:38:10 GMT
                      Content-Length: 0
                      [2017-09-08 04:38:10Z] Autodiscover response:
                      System.Net.WebException: The remote server returned an error: (401) Unauthorized.
                         at System.Net.HttpWebRequest.GetResponse()
                         at
                      Microsoft.Exchange.Management.SystemConfigurationTasks.ServiceValidatorBase.InternalInvoke()
                         at Microsoft.Exchange.Management.SystemConfigurationTasks.ServiceValidatorBase.Invoke()
MonitoringEventId   : 6001RunspaceId          : 996337d5-8719-4dfa-b19c-84b81a2ea577
Source              : exchangeserver.domain.com
ServiceEndpoint     :
Scenario            : ExchangeWebServices
ScenarioDescription : Exchange Web Services
Result              : Skipped
Latency             : 0
Error               : Skipped testing Exchange Web Services because the Autodiscover step failed.
Verbose             :
MonitoringEventId   : 5002

RunspaceId          : 996337d5-8719-4dfa-b19c-84b81a2ea577
Source              : exchangeserver.domain.com
ServiceEndpoint     :
Scenario            : AvailabilityService
ScenarioDescription : Availability Service
Result              : Skipped
Latency             : 0
Error               : Skipped testing Availability Service because the Autodiscover step failed.
Verbose             :
MonitoringEventId   : 5003

RunspaceId          : 996337d5-8719-4dfa-b19c-84b81a2ea577
Source              : exchangeserver.domain.com
ServiceEndpoint     :
Scenario            : OfflineAddressBook
ScenarioDescription : Offline Address Book
Result              : Skipped
Latency             : 0
Error               : Skipped testing Offline Address Book because the Autodiscover step failed.
Verbose             :
MonitoringEventId   : 5004


To resolve this issue I compared all attributes from the bad mailbox "journal" against a working mailbox.  To quickly get an attribute dump from a user account in Active Directory you can use the following command:

Get-ADUser username -Properties * | Select *

To compare the attributes against a working account, I simply used the windiff tool available from http://www.grigsoft.com/download-windiff.htm

I noticed the problematic account had the protocolSettings set as shown in the screenshot below:

 
All other accounts had protocolSettings set to "RemotePowerShell§1", so I corrected this as shown in the screenshot below.
 
 
After making this change on the mailbox I tested again - it failed.  This is because Exchange caches Active Directory objects and attributes - usually for up to an hour to reduce load on Domain Controllers.  To get the web app to flush its cache, I simply did an "iisreset".
 
Running the command again and the Autodiscover test passed.
 

No comments:

Post a Comment