How do I fix Autodiscover internal 500 error?

May 17, 2015

Problem : How do I fix Autodiscover internal 500 error?

This issue was originally brought to my attention when one of the users was unable to use the Out of Office Assistant in Outlook 2007.  I have read every article I can find regarding the apparently common Autodiscover problems on Exchange 2007, but none of them deal with this error specifically:

From Exchange Management Shell, when I run Test-OutlookWebServices:

*****************************
Id      : 1019
Type    : Information
Message : Found a valid AutoDiscover service connection point. The AutoDiscover
URL on this object is https://mail.xxxx.net/Autodiscover/Autodiscover.xml.

Id      : 1013
Type    : Error
Message : When contacting https://mail.xxxx.net/Autodiscover/Autodiscover.xml
received the error The remote server returned an error: (500) Internal Server Error.

Id      : 1006
Type    : Error
Message : Failed to contact AutoDiscover
*****************************

I’ve seen several examples where people get 403 forbidden errors and have been able to avoid that problem..  I  also have the problem where line 64 of the web.config file gives errors in the event log, but re-installing CAS as recommended does nothing.

Started with a self-signed SSL cert, but now moved onto a GoDaddy cert in an effort to help.

Any help or advice would be greatly appreciated as I’ve exhausted everything I can find on the subject.

 

Solution : How do I fix Autodiscover internal 500 error?

For exchange 2007 you need what is called a UCC certificate:

Multiple Domain Certificates, also called Unified Communications Certificates (UCC), provide the most flexible class of SSL Certificates today by securing multiple domain names with one certificate.
Secure up to 100 domain names on one certificate.
Save money because the cost of one Multiple Domain Certificate, with additional domain names, is less than the cost of individual certificates for each unique domain name.
Compatible with Microsoft Exchange Server 2007 and Microsoft Communications Server.
Simplifies the process of managing multiple certificates with varying expiration dates.
Our Single, Multiple Domain and Subdomain certificates all use the same rock-solid, 256-bit encryption technology, proving that your Web site is a secure place for customers to conduct business.
NOTE: The UCC Certificate is ideal for Communication Server, Exchange Server and other Enterprise Applications, as well as for single companies or entities with many related URLs. This Certificate is not recommended for use with sites completely separate from each other (e.g. a network provider who builds Web sites for competitors).

https://www.godaddy.com/gdshop/ssl/ssl.asp?ci=8901#tb

You can no longer use 1 certificate for the domain ‘owa or mail.your domain.com

you need 1 certificate for multiple domains
outlook 2007 uses  autodiscovery.yourdomain.com which you need a cert for
owa uses it’s own, etc

So instead of purchasing multiple certs, you need a UCC cert that covers all of it.

Common name as in what the clients are already using. So if the clients are all configured to use mail.domain.com then that needs to be in the certificate.

UCC certificate  and that supported five names (This can go up to 100 possible domain names), so I adjusted the list to:
mail.domain.com (which was the common name)
autodiscover.domain.com
autodiscover.domain.local
server.domain.local
server (ie just the NETBIOS name).