responce in android always wrong server.. (solved)

thctlo

Hai,

One i can not figure out.

Setup. Debian 10, Apache2, Dovocot-imap + z-push. This all works, i can sync, send mail.

Now im configuring the autodiscover for my phone.
im enter “username@domain.tld”
password.

and the mail client shows in the server field : domain.tld
Where i was expecting the hostname of the configured server for activesync, as in mail.domain.tld

DNS set up.
mail A ip
autodiscover CNAME mail
SRV record : _autodiscover._tcp is set to the hostname where autodiscover is configured.

When i test this with : https://testconnectivity.microsoft.com
Attempting to contact the Autodiscover service using the DNS SRV redirect method.
The Microsoft Connectivity Analyzer successfully contacted the Autodiscover service using the DNS SRV redirect method.
The Autodiscover SRV record was successfully retrieved from DNS.
Testing of the Autodiscover URL was successful.
The host name resolved successfully.
The port was opened successfully.
The certificate passed all validation requirements.
The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
etc. etc. all correct.

the output responce shows this.

XML response:
<?xml version="1.0"?>
<Autodiscover xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
<Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/mobilesync/responseschema/2006">
<Culture>en:us</Culture>
<User>
<DisplayName>username@domain.tld</DisplayName>
<EMailAddress>username@domain.tld</EMailAddress>
</User>
<Action>
<Settings>
<Server>
<Type>MobileSync</Type>
<Url>https://mail.domain.tld/Microsoft-Server-ActiveSync</Url>
<Name>https://mail.domain.tld/Microsoft-Server-ActiveSync</Name>
</Server>
</Settings>
</Action>
</Response>
</Autodiscover>
HTTP Response Headers:
Strict-Transport-Security: max-age=15768000
Vary: Accept-Encoding
X-Frame-Options: sameorigin
Content-Length: 729
Content-Type: text/html;charset=UTF-8
Date: Mon, 12 Aug 2019 12:35:42 GMT
Set-Cookie: membername=username%40domain.tld
Server: Apache
Elapsed Time: 1167 ms.

and the client on my android phone, shows domain.tld, where i was excpecting <Server>mail.domain.tld</Server>

What did i miss or what did i wrong here.

Manfred

Hi thctlo,

it’s possible that your device doesn’t handle it correctly. Are you using the default email client or some 3rd party app?

Did you try with another phone, e.g. an iPhone?

Manfred

thctlo

Hai,

In advance, sorry for the long reply, but i wanted to make it as complete as possible.

for z-push i installed these:

ii  z-push                            2.4.5-2                       all          open source implementation of the ActiveSync protocol - metapackage
ii  z-push-backend-caldav             2.4.5-2                       all          open source implementation of the ActiveSync protocol - CalDav backend
ii  z-push-backend-carddav            2.4.5-2                       all          open source implementation of the ActiveSync protocol - CardDav backend
ii  z-push-backend-combined           2.4.5-2                       all          open source implementation of the ActiveSync protocol - combine backends
ii  z-push-backend-imap               2.4.5-2                       all          open source implementation of the ActiveSync protocol - IMAP backend
ii  z-push-common                     2.4.5-2                       all          open source implementation of the ActiveSync protocol - common files

(note, once imap is working i start on caldav and carddav)

After testing with an iphone, whichs also failed i verified my complete setup again.
i fixed a few things and the result now. typos on apache config.

First i tested with : https://testconnectivity.microsoft.com / Exchange ActiveSync
Only one warning about the cert chain and older clients, of which i dont care because i dont allow old clients. Everything else is ok, no errors.

Then I tested with a browser:
https://autodiscover.domain.tld/Autodiscover/Autodiscover.xml
I get the popup and im able to authenticate.
i also verified : https://mail.domain.tld/Autodiscover/Autodiscover.xml
Both work as they should.

DNS is set to : autodiscover CNAME mail.domain.tld.
( with that extra dot )

mail has its A and AAAA record set.
Lets Encrypt has created the certificate with hostnames mail.domain.tld and autodiscover.domain.tld for this vhost “mail.domain.tld”

i’ve also setup the SRV record :
_autodiscover._tcp 0 0 443 mail.domain.tld.

and in the /etc/z-push config files i’ve set.

the /etc/z-push/autodiscover.conf.php

define('ZPUSH_HOST', 'mail.domain.tld');
define('USE_FULLEMAIL_FOR_LOGIN', true);
define('AUTODISCOVER_LOGIN_TYPE', AUTODISCOVER_LOGIN_EMAIL);
define('BACKEND_PROVIDER', 'BackendImap');

and for z-push config itsself.

    define('TIMEZONE', 'Europe/Amsterdam');
    define('USE_FULLEMAIL_FOR_LOGIN', true);
    define('BACKEND_PROVIDER', 'BackendImap');

last z-push imap.conf

define('IMAP_SERVER', 'mail.domain.tld');
define('IMAP_PORT', 993);
define('IMAP_OPTIONS', '/ssl');
define('IMAP_FOLDER_CONFIGURED', true);
define('IMAP_EXCLUDED_FOLDERS', 'dovecot.sieve');
define('IMAP_SMTP_METHOD', 'mail');

Config setting not mentioned are default.

Now im verified the autoconfigure again.

==> /var/log/ispconfig/httpd/domain.tld/access.log <==
13.67.59.89 - - [13/Aug/2019:14:54:50 +0200] "OPTIONS /Autodiscover/Autodiscover.xml HTTP/1.1" 401 4456 "-" "Microsoft-Server-ActiveSync/12.0+(TestExchangeConnectivity.com)"
13.67.59.89 - - [13/Aug/2019:14:54:51 +0200] "POST /Autodiscover/Autodiscover.xml HTTP/1.1" 401 559 "-" "Microsoft-Server-ActiveSync/12.0+(TestExchangeConnectivity.com)"
13.67.59.89 - username@domain.tld [13/Aug/2019:14:54:51 +0200] "POST /Autodiscover/Autodiscover.xml HTTP/1.1" 200 1086 "-" "Microsoft-Server-ActiveSync/12.0+(TestExchangeConnectivity.com)"

==> /var/log/ispconfig/httpd/mail.domain.tld/access.log <==
13.67.59.89 - - [13/Aug/2019:14:54:53 +0200] "OPTIONS /Autodiscover/Autodiscover.xml HTTP/1.1" 401 4472 "-" "Microsoft-Server-ActiveSync/12.0+(TestExchangeConnectivity.com)"
13.67.59.89 - - [13/Aug/2019:14:54:54 +0200] "POST /Autodiscover/Autodiscover.xml HTTP/1.1" 401 555 "-" "Microsoft-Server-ActiveSync/12.0+(TestExchangeConnectivity.com)"
13.67.59.89 - username@domain.tld [13/Aug/2019:14:54:54 +0200] "POST /Autodiscover/Autodiscover.xml HTTP/1.1" 200 1086 "-" "Microsoft-Server-ActiveSync/12.0+(TestExchangeConnectivity.com)"
13.67.59.89 - - [13/Aug/2019:14:54:55 +0200] "GET /Autodiscover/Autodiscover.xml HTTP/1.1" 301 551 "-" "Microsoft-Server-ActiveSync/12.0+(TestExchangeConnectivity.com)"
13.67.59.89 - - [13/Aug/2019:14:54:56 +0200] "OPTIONS /Autodiscover/Autodiscover.xml HTTP/1.1" 401 337 "-" "Microsoft-Server-ActiveSync/12.0+(TestExchangeConnectivity.com)"
13.67.59.89 - - [13/Aug/2019:14:54:56 +0200] "POST /Autodiscover/Autodiscover.xml HTTP/1.1" 401 336 "-" "Microsoft-Server-ActiveSync/12.0+(TestExchangeConnectivity.com)"
13.67.59.89 - username@domain.tld [13/Aug/2019:14:54:57 +0200] "POST /Autodiscover/Autodiscover.xml HTTP/1.1" 200 1086 "-" "Microsoft-Server-ActiveSync/12.0+(TestExchangeConnectivity.com)"
13.67.59.89 - - [13/Aug/2019:14:54:59 +0200] "OPTIONS /Autodiscover/Autodiscover.xml HTTP/1.1" 401 4472 "-" "Microsoft-Server-ActiveSync/12.0+(TestExchangeConnectivity.com)"
13.67.59.89 - - [13/Aug/2019:14:54:59 +0200] "POST /Autodiscover/Autodiscover.xml HTTP/1.1" 401 555 "-" "Microsoft-Server-ActiveSync/12.0+(TestExchangeConnectivity.com)"
13.67.59.89 - username@domain.tld [13/Aug/2019:14:55:00 +0200] "POST /Autodiscover/Autodiscover.xml HTTP/1.1" 200 1086 "-" "Microsoft-Server-ActiveSync/12.0+(TestExchangeConnectivity.com)"

Beside above message 0 messages in any other apache log.

The test again via : https://testconnectivity.microsoft.com
Exchange ActiveSync Autodiscover

email adres:username@domain.tld
loginname : username@domain.tld

and the result.

	Connectivity Test Failed
 
Test Details
	Attempting the Autodiscover and Exchange ActiveSync test (if requested).
 	Testing of Autodiscover for Exchange ActiveSync failed.
 	
	Additional Details
 	
Elapsed Time: 12054 ms.
 	
	Test Steps
 	
	Attempting each method of contacting the Autodiscover service.
 	The Autodiscover service couldn't be contacted successfully by any method.
 	
	Additional Details
 	
Elapsed Time: 12054 ms.
 	
	Test Steps
 	
	Attempting to test potential Autodiscover URL https://domain.tld:443/Autodiscover/Autodiscover.xml
 	Testing of this potential Autodiscover URL failed.
 	
	Additional Details
 	
Elapsed Time: 3191 ms.
 	
	Test Steps
 	
	Attempting to resolve the host name domain.tld in DNS.
 	The host name resolved successfully.
 	
	Additional Details
 	
IP addresses returned: 136.144.231.115, 2a01:7c8:d005:8a::1
Elapsed Time: 18 ms.
	Testing TCP port 443 on host domain.tld to ensure it's listening and open.
 	The port was opened successfully.
 	
	Additional Details
 	
Elapsed Time: 218 ms.
	Testing the SSL certificate to make sure it's valid.
 	The certificate passed all validation requirements.
 	
	Additional Details
 	
Elapsed Time: 697 ms.
 	
	Test Steps
 	
	The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server domain.tld on port 443.
 	The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
 	
	Additional Details
 	
Remote Certificate Subject: CN=domain.tld, Issuer: CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US.
Elapsed Time: 645 ms.
	Validating the certificate name.
 	The certificate name was validated successfully.
 	
	Additional Details
 	
Host name domain.tld was found in the Certificate Subject Common name.
Elapsed Time: 0 ms.
	Certificate trust is being validated.
 	The certificate is trusted and all certificates are present in the chain.
 	
	Test Steps
 	
	The Microsoft Connectivity Analyzer is attempting to build certificate chains for certificate CN=domain.tld.
 	One or more certificate chains were constructed successfully.
 	
	Additional Details
 	
A total of 1 chains were built. The highest quality chain ends in root certificate CN=DST Root CA X3, O=Digital Signature Trust Co..
Elapsed Time: 15 ms.
	Analyzing the certificate chains for compatibility problems with versions of Windows.
 	Potential compatibility problems were identified with some versions of Windows.
 	
	Additional Details
 	
The Microsoft Connectivity Analyzer can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the "Update Root Certificates" feature isn't enabled.
Elapsed Time: 6 ms.
	Testing the certificate date to confirm the certificate is valid.
 	Date validation passed. The certificate hasn't expired.
 	
	Additional Details
 	
The certificate is valid. NotBefore = 7/22/2019 9:31:25 AM, NotAfter = 10/20/2019 9:31:25 AM
Elapsed Time: 0 ms.
	Checking the IIS configuration for client certificate authentication.
 	Client certificate authentication wasn't detected.
 	
	Additional Details
 	
Accept/Require Client Certificates isn't configured.
Elapsed Time: 900 ms.
	Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
 	Autodiscover settings weren't obtained when the Autodiscover POST request was sent.
 	
	Additional Details
 	
Elapsed Time: 1357 ms.
 	
	Test Steps
 	
	The Microsoft Connectivity Analyzer is attempting to retrieve an XML Autodiscover response from URL https://domain.tld:443/Autodiscover/Autodiscover.xml for user username@domain.tld.
 	The Microsoft Connectivity Analyzer failed to obtain an Autodiscover XML response.
 	
	Additional Details
 	
No servers of type MobileSync were returned in the mobile Autodiscover response.
HTTP Response Headers:
Strict-Transport-Security: max-age=15768000
Vary: Accept-Encoding
X-Frame-Options: sameorigin
Content-Length: 726
Content-Type: text/html;charset=UTF-8
Date: Tue, 13 Aug 2019 12:54:51 GMT
Set-Cookie: membername=username%40domain.tld
Server: Apache
Elapsed Time: 1357 ms.
	Attempting to test potential Autodiscover URL https://autodiscover.domain.tld:443/Autodiscover/Autodiscover.xml
 	Testing of this potential Autodiscover URL failed.
 	
	Additional Details
 	
Elapsed Time: 3248 ms.
 	
	Test Steps
 	
	Attempting to resolve the host name autodiscover.domain.tld in DNS.
 	The host name resolved successfully.
 	
	Additional Details
 	
IP addresses returned: 136.144.231.115, 2a01:7c8:d005:8a::1
Elapsed Time: 5 ms.
	Testing TCP port 443 on host autodiscover.domain.tld to ensure it's listening and open.
 	The port was opened successfully.
 	
	Additional Details
 	
Elapsed Time: 217 ms.
	Testing the SSL certificate to make sure it's valid.
 	The certificate passed all validation requirements.
 	
	Additional Details
 	
Elapsed Time: 692 ms.
 	
	Test Steps
 	
	The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server autodiscover.domain.tld on port 443.
 	The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
 	
	Additional Details
 	
Remote Certificate Subject: CN=mail.domain.tld, Issuer: CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US.
Elapsed Time: 645 ms.
	Validating the certificate name.
 	The certificate name was validated successfully.
 	
	Additional Details
 	
Host name autodiscover.domain.tld was found in the Certificate Subject Alternative Name entry.
Elapsed Time: 0 ms.
	Certificate trust is being validated.
 	The certificate is trusted and all certificates are present in the chain.
 	
	Test Steps
 	
	The Microsoft Connectivity Analyzer is attempting to build certificate chains for certificate CN=mail.domain.tld.
 	One or more certificate chains were constructed successfully.
 	
	Additional Details
 	
A total of 1 chains were built. The highest quality chain ends in root certificate CN=DST Root CA X3, O=Digital Signature Trust Co..
Elapsed Time: 15 ms.
	Analyzing the certificate chains for compatibility problems with versions of Windows.
 	Potential compatibility problems were identified with some versions of Windows.
 	
	Additional Details
 	
The Microsoft Connectivity Analyzer can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the "Update Root Certificates" feature isn't enabled.
Elapsed Time: 6 ms.
	Testing the certificate date to confirm the certificate is valid.
 	Date validation passed. The certificate hasn't expired.
 	
	Additional Details
 	
The certificate is valid. NotBefore = 8/13/2019 9:54:08 AM, NotAfter = 11/11/2019 9:54:08 AM
Elapsed Time: 0 ms.
	Checking the IIS configuration for client certificate authentication.
 	Client certificate authentication wasn't detected.
 	
	Additional Details
 	
Accept/Require Client Certificates isn't configured.
Elapsed Time: 980 ms.
	Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
 	Autodiscover settings weren't obtained when the Autodiscover POST request was sent.
 	
	Additional Details
 	
Elapsed Time: 1352 ms.
 	
	Test Steps
 	
	The Microsoft Connectivity Analyzer is attempting to retrieve an XML Autodiscover response from URL https://autodiscover.domain.tld:443/Autodiscover/Autodiscover.xml for user username@domain.tld.
 	The Microsoft Connectivity Analyzer failed to obtain an Autodiscover XML response.
 	
	Additional Details
 	
No servers of type MobileSync were returned in the mobile Autodiscover response.
HTTP Response Headers:
Strict-Transport-Security: max-age=15768000
Vary: Accept-Encoding
X-Frame-Options: sameorigin
Content-Length: 726
Content-Type: text/html;charset=UTF-8
Date: Tue, 13 Aug 2019 12:54:54 GMT
Set-Cookie: membername=username%40domain.tld
Server: Apache
Elapsed Time: 1352 ms.
	Attempting to contact the Autodiscover service using the HTTP redirect method.
 	The attempt to contact Autodiscover using the HTTP Redirect method failed.
 	
	Additional Details
 	
Elapsed Time: 2495 ms.
 	
	Test Steps
 	
	Attempting to resolve the host name autodiscover.domain.tld in DNS.
 	The host name resolved successfully.
 	
	Additional Details
 	
IP addresses returned: 136.144.231.115, 2a01:7c8:d005:8a::1
Elapsed Time: 28 ms.
	Testing TCP port 80 on host autodiscover.domain.tld to ensure it's listening and open.
 	The port was opened successfully.
 	
	Additional Details
 	
Elapsed Time: 205 ms.
	The Microsoft Connectivity Analyzer is checking the host autodiscover.domain.tld for an HTTP redirect to the Autodiscover service.
 	The redirect (HTTP 301/302) response was received successfully.
 	
	Additional Details
 	
Redirect URL: https://autodiscover.domain.tld/Autodiscover/Autodiscover.xml
HTTP Response Headers:
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Length: 269
Content-Type: text/html; charset=iso-8859-1
Date: Tue, 13 Aug 2019 12:54:55 GMT
Location: https://autodiscover.domain.tld/Autodiscover/Autodiscover.xml
Server: Apache
Elapsed Time: 413 ms.
	Attempting to test potential Autodiscover URL https://autodiscover.domain.tld/Autodiscover/Autodiscover.xml
 	Testing of this potential Autodiscover URL failed.
 	
	Additional Details
 	
Elapsed Time: 1847 ms.
 	
	Test Steps
 	
	Attempting to resolve the host name autodiscover.domain.tld in DNS.
 	The host name resolved successfully.
 	
	Additional Details
 	
IP addresses returned: 136.144.231.115, 2a01:7c8:d005:8a::1
Elapsed Time: 10 ms.
	Testing TCP port 443 on host autodiscover.domain.tld to ensure it's listening and open.
 	The port was opened successfully.
 	
	Additional Details
 	
Elapsed Time: 229 ms.
	Testing the SSL certificate to make sure it's valid.
 	The certificate passed all validation requirements.
 	
	Additional Details
 	
Elapsed Time: 482 ms.
 	
	Test Steps
 	
	The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server autodiscover.domain.tld on port 443.
 	The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
 	
	Additional Details
 	
Remote Certificate Subject: CN=mail.domain.tld, Issuer: CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US.
Elapsed Time: 422 ms.
	Validating the certificate name.
 	The certificate name was validated successfully.
 	
	Additional Details
 	
Host name autodiscover.domain.tld was found in the Certificate Subject Alternative Name entry.
Elapsed Time: 0 ms.
	Certificate trust is being validated.
 	The certificate is trusted and all certificates are present in the chain.
 	
	Test Steps
 	
	The Microsoft Connectivity Analyzer is attempting to build certificate chains for certificate CN=mail.domain.tld.
 	One or more certificate chains were constructed successfully.
 	
	Additional Details
 	
A total of 1 chains were built. The highest quality chain ends in root certificate CN=DST Root CA X3, O=Digital Signature Trust Co..
Elapsed Time: 20 ms.
	Analyzing the certificate chains for compatibility problems with versions of Windows.
 	Potential compatibility problems were identified with some versions of Windows.
 	
	Additional Details
 	
The Microsoft Connectivity Analyzer can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the "Update Root Certificates" feature isn't enabled.
Elapsed Time: 6 ms.
	Testing the certificate date to confirm the certificate is valid.
 	Date validation passed. The certificate hasn't expired.
 	
	Additional Details
 	
The certificate is valid. NotBefore = 8/13/2019 9:54:08 AM, NotAfter = 11/11/2019 9:54:08 AM
Elapsed Time: 0 ms.
	Checking the IIS configuration for client certificate authentication.
 	Client certificate authentication wasn't detected.
 	
	Additional Details
 	
Accept/Require Client Certificates isn't configured.
Elapsed Time: 207 ms.
	Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
 	Autodiscover settings weren't obtained when the Autodiscover POST request was sent.
 	
	Additional Details
 	
Elapsed Time: 917 ms.
 	
	Test Steps
 	
	The Microsoft Connectivity Analyzer is attempting to retrieve an XML Autodiscover response from URL https://autodiscover.domain.tld/Autodiscover/Autodiscover.xml for user username@domain.tld.
 	The Microsoft Connectivity Analyzer failed to obtain an Autodiscover XML response.
 	
	Additional Details
 	
No servers of type MobileSync were returned in the mobile Autodiscover response.
HTTP Response Headers:
Strict-Transport-Security: max-age=15768000
Vary: Accept-Encoding
X-Frame-Options: sameorigin
Content-Length: 726
Content-Type: text/html;charset=UTF-8
Date: Tue, 13 Aug 2019 12:54:57 GMT
Set-Cookie: membername=username%40domain.tld
Server: Apache
Elapsed Time: 917 ms.
	Attempting to contact the Autodiscover service using the DNS SRV redirect method.
 	The Microsoft Connectivity Analyzer failed to contact the Autodiscover service using the DNS SRV redirect method.
 	
	Additional Details
 	
Elapsed Time: 3115 ms.
 	
	Test Steps
 	
	Attempting to locate SRV record _autodiscover._tcp.domain.tld in DNS.
 	The Autodiscover SRV record was successfully retrieved from DNS.
 	
	Additional Details
 	
The Service Location (SRV) record lookup returned host mail.domain.tld.
Elapsed Time: 2 ms.
	Attempting to test potential Autodiscover URL https://mail.domain.tld:443/Autodiscover/Autodiscover.xml
 	Testing of this potential Autodiscover URL failed.
 	
	Additional Details
 	
Elapsed Time: 3113 ms.
 	
	Test Steps
 	
	Attempting to resolve the host name mail.domain.tld in DNS.
 	The host name resolved successfully.
 	
	Additional Details
 	
IP addresses returned: 136.144.231.115, 2a01:7c8:d005:8a::1
Elapsed Time: 4 ms.
	Testing TCP port 443 on host mail.domain.tld to ensure it's listening and open.
 	The port was opened successfully.
 	
	Additional Details
 	
Elapsed Time: 217 ms.
	Testing the SSL certificate to make sure it's valid.
 	The certificate passed all validation requirements.
 	
	Additional Details
 	
Elapsed Time: 698 ms.
 	
	Test Steps
 	
	The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server mail.domain.tld on port 443.
 	The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
 	
	Additional Details
 	
Remote Certificate Subject: CN=mail.domain.tld, Issuer: CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US.
Elapsed Time: 646 ms.
	Validating the certificate name.
 	The certificate name was validated successfully.
 	
	Additional Details
 	
Host name mail.domain.tld was found in the Certificate Subject Common name.
Elapsed Time: 0 ms.
	Certificate trust is being validated.
 	The certificate is trusted and all certificates are present in the chain.
 	
	Test Steps
 	
	The Microsoft Connectivity Analyzer is attempting to build certificate chains for certificate CN=mail.domain.tld.
 	One or more certificate chains were constructed successfully.
 	
	Additional Details
 	
A total of 1 chains were built. The highest quality chain ends in root certificate CN=DST Root CA X3, O=Digital Signature Trust Co..
Elapsed Time: 20 ms.
	Analyzing the certificate chains for compatibility problems with versions of Windows.
 	Potential compatibility problems were identified with some versions of Windows.
 	
	Additional Details
 	
The Microsoft Connectivity Analyzer can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the "Update Root Certificates" feature isn't enabled.
Elapsed Time: 6 ms.
	Testing the certificate date to confirm the certificate is valid.
 	Date validation passed. The certificate hasn't expired.
 	
	Additional Details
 	
The certificate is valid. NotBefore = 8/13/2019 9:54:08 AM, NotAfter = 11/11/2019 9:54:08 AM
Elapsed Time: 0 ms.
	Checking the IIS configuration for client certificate authentication.
 	Client certificate authentication wasn't detected.
 	
	Additional Details
 	
Accept/Require Client Certificates isn't configured.
Elapsed Time: 855 ms.
	Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
 	Autodiscover settings weren't obtained when the Autodiscover POST request was sent.
 	
	Additional Details
 	
Elapsed Time: 1337 ms.
 	
	Test Steps
 	
	The Microsoft Connectivity Analyzer is attempting to retrieve an XML Autodiscover response from URL https://mail.domain.tld:443/Autodiscover/Autodiscover.xml for user username@domain.tld.
 	The Microsoft Connectivity Analyzer failed to obtain an Autodiscover XML response.
 	
	Additional Details
 	
No servers of type MobileSync were returned in the mobile Autodiscover response.
HTTP Response Headers:
Strict-Transport-Security: max-age=15768000
Vary: Accept-Encoding
X-Frame-Options: sameorigin
Content-Length: 726
Content-Type: text/html;charset=UTF-8
Date: Tue, 13 Aug 2019 12:55:00 GMT
Set-Cookie: membername=username%40domain.tld
Server: Apache
Elapsed Time: 1337 ms.

when i look in the apache logs, shown in order of the while the test was running.

==> /var/log/httpd/domain.tld/access.log <==
13.67.59.89 - - [13/Aug/2019:15:19:13 +0200] "OPTIONS /Autodiscover/Autodiscover.xml HTTP/1.1" 401 4456 "-" "Microsoft-Server-ActiveSync/12.0+(TestExchangeConnectivity.com)"

==> /var/log/z-push/autodiscover-error.log <==
13/08/2019 15:19:13 [15026] [FATAL] [#unknown] Exception: (AuthenticationRequiredException) - Unauthorized
13/08/2019 15:19:13 [15026] [ERROR] [#unknown] Unable to complete autodiscover incorrect request: 'Unauthorized'

==> /var/log/z-push/autodiscover.log <==
13/08/2019 15:19:13 [15026] [ INFO] [#unknown] Z-Push version='2.4.5-2'
13/08/2019 15:19:13 [15026] [ INFO] [#unknown] AuthenticationRequiredException: Unauthorized - code: 0 - file: /usr/share/z-push/autodiscover/autodiscover.php:149
13/08/2019 15:19:13 [15026] [FATAL] [#unknown] Exception: (AuthenticationRequiredException) - Unauthorized
13/08/2019 15:19:13 [15026] [ERROR] [#unknown] Unable to complete autodiscover incorrect request: 'Unauthorized'

==> /var/log/httpd/domain.tld/access.log <==
13.67.59.89 - - [13/Aug/2019:15:19:13 +0200] "POST /Autodiscover/Autodiscover.xml HTTP/1.1" 401 559 "-" "Microsoft-Server-ActiveSync/12.0+(TestExchangeConnectivity.com)"
13.67.59.89 - username@domain.tld [13/Aug/2019:15:19:14 +0200] "POST /Autodiscover/Autodiscover.xml HTTP/1.1" 200 1086 "-" "Microsoft-Server-ActiveSync/12.0+(TestExchangeConnectivity.com)"

==> /var/log/z-push/autodiscover-error.log <==
13/08/2019 15:19:14 [15024] [FATAL] [#unknown] Exception: (AuthenticationRequiredException) - Unauthorized
13/08/2019 15:19:14 [15024] [ERROR] [#unknown] Unable to complete autodiscover incorrect request: 'Unauthorized'

==> /var/log/z-push/autodiscover.log <==
13/08/2019 15:19:14 [15024] [ INFO] [#unknown] Z-Push version='2.4.5-2'
13/08/2019 15:19:14 [15024] [ INFO] [#unknown] AuthenticationRequiredException: Unauthorized - code: 0 - file: /usr/share/z-push/autodiscover/autodiscover.php:149
13/08/2019 15:19:14 [15024] [FATAL] [#unknown] Exception: (AuthenticationRequiredException) - Unauthorized
13/08/2019 15:19:14 [15024] [ERROR] [#unknown] Unable to complete autodiscover incorrect request: 'Unauthorized'
13/08/2019 15:19:14 [15024] [ INFO] [#unknown] Z-Push version='2.4.5-2'
13/08/2019 15:19:14 [15024] [ INFO] [#unknown] ZPushAutodiscover->createResponse(): server URL: 'https://mail.domain.tld/Microsoft-Server-ActiveSync'

==> /var/log/httpd/mail.domain.tld/access.log <==
13.67.59.89 - - [13/Aug/2019:15:19:16 +0200] "OPTIONS /Autodiscover/Autodiscover.xml HTTP/1.1" 401 4472 "-" "Microsoft-Server-ActiveSync/12.0+(TestExchangeConnectivity.com)"

==> /var/log/z-push/autodiscover-error.log <==
13/08/2019 15:19:16 [15067] [FATAL] [#unknown] Exception: (AuthenticationRequiredException) - Unauthorized
13/08/2019 15:19:16 [15067] [ERROR] [#unknown] Unable to complete autodiscover incorrect request: 'Unauthorized'

==> /var/log/z-push/autodiscover.log <==
13/08/2019 15:19:16 [15067] [ INFO] [#unknown] Z-Push version='2.4.5-2'
13/08/2019 15:19:16 [15067] [ INFO] [#unknown] AuthenticationRequiredException: Unauthorized - code: 0 - file: /usr/share/z-push/autodiscover/autodiscover.php:149
13/08/2019 15:19:16 [15067] [FATAL] [#unknown] Exception: (AuthenticationRequiredException) - Unauthorized
13/08/2019 15:19:16 [15067] [ERROR] [#unknown] Unable to complete autodiscover incorrect request: 'Unauthorized'

==> /var/log/httpd/mail.domain.tld/access.log <==
13.67.59.89 - - [13/Aug/2019:15:19:16 +0200] "POST /Autodiscover/Autodiscover.xml HTTP/1.1" 401 555 "-" "Microsoft-Server-ActiveSync/12.0+(TestExchangeConnectivity.com)"

==> /var/log/z-push/autodiscover-error.log <==
13/08/2019 15:19:17 [15025] [FATAL] [#unknown] Exception: (AuthenticationRequiredException) - Unauthorized
13/08/2019 15:19:17 [15025] [ERROR] [#unknown] Unable to complete autodiscover incorrect request: 'Unauthorized'

==> /var/log/z-push/autodiscover.log <==
13/08/2019 15:19:17 [15025] [ INFO] [#unknown] Z-Push version='2.4.5-2'
13/08/2019 15:19:17 [15025] [ INFO] [#unknown] AuthenticationRequiredException: Unauthorized - code: 0 - file: /usr/share/z-push/autodiscover/autodiscover.php:149
13/08/2019 15:19:17 [15025] [FATAL] [#unknown] Exception: (AuthenticationRequiredException) - Unauthorized
13/08/2019 15:19:17 [15025] [ERROR] [#unknown] Unable to complete autodiscover incorrect request: 'Unauthorized'
13/08/2019 15:19:17 [15025] [ INFO] [#unknown] Z-Push version='2.4.5-2'

==> /var/log/httpd/mail.domain.tld/access.log <==
13.67.59.89 - username@domain.tld [13/Aug/2019:15:19:17 +0200] "POST /Autodiscover/Autodiscover.xml HTTP/1.1" 200 1086 "-" "Microsoft-Server-ActiveSync/12.0+(TestExchangeConnectivity.com)"
13.67.59.89 - - [13/Aug/2019:15:19:18 +0200] "GET /Autodiscover/Autodiscover.xml HTTP/1.1" 301 551 "-" "Microsoft-Server-ActiveSync/12.0+(TestExchangeConnectivity.com)"

==> /var/log/z-push/autodiscover.log <==
13/08/2019 15:19:17 [15025] [ INFO] [#unknown] ZPushAutodiscover->createResponse(): server URL: 'https://mail.domain.tld/Microsoft-Server-ActiveSync'

==> /var/log/httpd/mail.domain.tld/access.log <==
13.67.59.89 - - [13/Aug/2019:15:19:19 +0200] "OPTIONS /Autodiscover/Autodiscover.xml HTTP/1.1" 401 337 "-" "Microsoft-Server-ActiveSync/12.0+(TestExchangeConnectivity.com)"
13.67.59.89 - - [13/Aug/2019:15:19:19 +0200] "POST /Autodiscover/Autodiscover.xml HTTP/1.1" 401 336 "-" "Microsoft-Server-ActiveSync/12.0+(TestExchangeConnectivity.com)"

==> /var/log/z-push/autodiscover-error.log <==
13/08/2019 15:19:19 [15067] [FATAL] [#unknown] Exception: (AuthenticationRequiredException) - Unauthorized
13/08/2019 15:19:19 [15067] [ERROR] [#unknown] Unable to complete autodiscover incorrect request: 'Unauthorized'
13/08/2019 15:19:19 [15025] [FATAL] [#unknown] Exception: (AuthenticationRequiredException) - Unauthorized
13/08/2019 15:19:19 [15025] [ERROR] [#unknown] Unable to complete autodiscover incorrect request: 'Unauthorized'

==> /var/log/z-push/autodiscover.log <==
13/08/2019 15:19:19 [15067] [ INFO] [#unknown] Z-Push version='2.4.5-2'
13/08/2019 15:19:19 [15067] [ INFO] [#unknown] AuthenticationRequiredException: Unauthorized - code: 0 - file: /usr/share/z-push/autodiscover/autodiscover.php:149
13/08/2019 15:19:19 [15067] [FATAL] [#unknown] Exception: (AuthenticationRequiredException) - Unauthorized
13/08/2019 15:19:19 [15067] [ERROR] [#unknown] Unable to complete autodiscover incorrect request: 'Unauthorized'
13/08/2019 15:19:19 [15025] [ INFO] [#unknown] Z-Push version='2.4.5-2'
13/08/2019 15:19:19 [15025] [ INFO] [#unknown] AuthenticationRequiredException: Unauthorized - code: 0 - file: /usr/share/z-push/autodiscover/autodiscover.php:149
13/08/2019 15:19:19 [15025] [FATAL] [#unknown] Exception: (AuthenticationRequiredException) - Unauthorized
13/08/2019 15:19:19 [15025] [ERROR] [#unknown] Unable to complete autodiscover incorrect request: 'Unauthorized'

==> /var/log/httpd/mail.domain.tld/access.log <==
13.67.59.89 - username@domain.tld [13/Aug/2019:15:19:19 +0200] "POST /Autodiscover/Autodiscover.xml HTTP/1.1" 200 1086 "-" "Microsoft-Server-ActiveSync/12.0+(TestExchangeConnectivity.com)"

==> /var/log/z-push/autodiscover.log <==
13/08/2019 15:19:20 [15025] [ INFO] [#unknown] Z-Push version='2.4.5-2'
13/08/2019 15:19:20 [15025] [ INFO] [#unknown] ZPushAutodiscover->createResponse(): server URL: 'https://mail.domain.tld/Microsoft-Server-ActiveSync'

==> /var/log/httpd/mail.domain.tld/access.log <==
13.67.59.89 - - [13/Aug/2019:15:19:21 +0200] "OPTIONS /Autodiscover/Autodiscover.xml HTTP/1.1" 401 4472 "-" "Microsoft-Server-ActiveSync/12.0+(TestExchangeConnectivity.com)"

==> /var/log/z-push/autodiscover-error.log <==
13/08/2019 15:19:21 [15092] [FATAL] [#unknown] Exception: (AuthenticationRequiredException) - Unauthorized
13/08/2019 15:19:21 [15092] [ERROR] [#unknown] Unable to complete autodiscover incorrect request: 'Unauthorized'

==> /var/log/z-push/autodiscover.log <==
13/08/2019 15:19:21 [15092] [ INFO] [#unknown] Z-Push version='2.4.5-2'
13/08/2019 15:19:21 [15092] [ INFO] [#unknown] AuthenticationRequiredException: Unauthorized - code: 0 - file: /usr/share/z-push/autodiscover/autodiscover.php:149
13/08/2019 15:19:21 [15092] [FATAL] [#unknown] Exception: (AuthenticationRequiredException) - Unauthorized
13/08/2019 15:19:21 [15092] [ERROR] [#unknown] Unable to complete autodiscover incorrect request: 'Unauthorized'

==> /var/log/httpd/mail.domain.tld/access.log <==
13.67.59.89 - - [13/Aug/2019:15:19:22 +0200] "POST /Autodiscover/Autodiscover.xml HTTP/1.1" 401 555 "-" "Microsoft-Server-ActiveSync/12.0+(TestExchangeConnectivity.com)"
13.67.59.89 - username@domain.tld [13/Aug/2019:15:19:22 +0200] "POST /Autodiscover/Autodiscover.xml HTTP/1.1" 200 1086 "-" "Microsoft-Server-ActiveSync/12.0+(TestExchangeConnectivity.com)"

==> /var/log/z-push/autodiscover-error.log <==
13/08/2019 15:19:22 [15026] [FATAL] [#unknown] Exception: (AuthenticationRequiredException) - Unauthorized
13/08/2019 15:19:22 [15026] [ERROR] [#unknown] Unable to complete autodiscover incorrect request: 'Unauthorized'

==> /var/log/z-push/autodiscover.log <==
13/08/2019 15:19:22 [15026] [ INFO] [#unknown] Z-Push version='2.4.5-2'
13/08/2019 15:19:22 [15026] [ INFO] [#unknown] AuthenticationRequiredException: Unauthorized - code: 0 - file: /usr/share/z-push/autodiscover/autodiscover.php:149
13/08/2019 15:19:22 [15026] [FATAL] [#unknown] Exception: (AuthenticationRequiredException) - Unauthorized
13/08/2019 15:19:22 [15026] [ERROR] [#unknown] Unable to complete autodiscover incorrect request: 'Unauthorized'
13/08/2019 15:19:23 [15026] [ INFO] [#unknown] Z-Push version='2.4.5-2'
13/08/2019 15:19:23 [15026] [ INFO] [#unknown] ZPushAutodiscover->createResponse(): server URL: 'https://mail.domain.tld/Microsoft-Server-ActiveSync'

The only thing here i can think of is upgrading z-push from the z-push repo and not debian.

If one has an other suggestion here, let me know.

Thanks!

Manfred

Hi thctlo,

you’ve posted a lot of information, but for me it was rather confusing to understand what happens in what step. Also the WBXML log level of autodiscover/Z-Push logs would be more helpful.

You’ve configured DNS and A and server records, but that’s not necessary for Z-Push autodiscover. Our guide at https://wiki.z-hub.io/display/ZP/Configuring+Z-Push+Autodiscover provides a configuration overview. Did you follow it?

@thctlo said in responce in android always wrong server..:

After testing with an iphone, whichs also failed i verified my complete setup again.
i fixed a few things and the result now. typos on apache config.

Could you provide autodiscover and Z-Push WBXML level log for the iphone when you setup the account?
What things did you fix? Were these typos in the packages Z-Push provides?

@thctlo said in responce in android always wrong server..:

First i tested with : https://testconnectivity.microsoft.com / Exchange ActiveSync
Only one warning about the cert chain and older clients, of which i dont care because i dont allow old clients. Everything else is ok, no errors.
Then I tested with a browser:
https://autodiscover.domain.tld/Autodiscover/Autodiscover.xml
I get the popup and im able to authenticate.
i also verified : https://mail.domain.tld/Autodiscover/Autodiscover.xml
Both work as they should.

So, it works fine except for configuring an actual account on the device? Did you also test this on the device’s browser?

@thctlo said in responce in android always wrong server..:

DNS is set to : autodiscover CNAME mail.domain.tld.
[Removed to keep the post shorter]
Now im verified the autoconfigure again.
[Removed to keep the post shorter]

So, you made all these settings before this test? What were the settings before when it worked? Did you also test in a browser after all these changes?

Manfred

thctlo

Hai Manfred,

You replied while i was typing below…

After removing the “debian buster / Z-push packages” and installing the latest from z-push repo, seems to fix it all now. ( updated to 2.5.1+0-0 )

Im happy to say that for this domain everything work now and the correct hostname is in my mail app. :-) great :-)

Now the other domains, which need to point to the same hostname as above, because im setting up one hostname for the sync for all domains.

To make it a bit less confusion what i typed.
I configured the DNS with A and SRV records and with these its compatible for multiple mail clients.

That overview, yes and no, i follow the official Microsoft documentation on auto discover.
Its about the same.

This setup is on a ISPconfig server. this is why i need/want a multi-server responder.
i need one host with the sync setup, all other domains need to point to that vhost on the server.
That the next thing im testing.

thctlo

Hai Manfred, After some testing i a few questions.

Does z-push support multi domain with autodiscover?

I’ll explain why and how im setup.
Debian Buster, ISPconfig server, setup with Apache webserver with mutiple domain/vhosts.
Im reading : https://docs.microsoft.com/en-us/previous-versions/office/developer/exchange-server-interoperability-guidance/hh352638(v%3Dexchg.140)

Some termilogie ill be using below.
z-push The <Directory /usr/share/z-push> part only.
z-push +activesync (+ Alias /Microsoft-Server-ActiveSync part )
z-push +autodiscover (+ Alias /AutoDiscover/AutoDiscover.xml part)
z-push-redirect-302 apache redirections with a 302 as MS documentation shows.

Redirect 302 /AutoDiscover/AutoDiscover.xml https://mail.domain.tld/Autodiscover/Autodiscover.xml
Redirect 302 /Autodiscover/Autodiscover.xml https://mail.domain.tld/Autodiscover/Autodiscover.xml
Redirect 302 /autodiscover/autodiscover.xml https://mail.domain.tld/Autodiscover/Autodiscover.xml

The main vhost for active sync. ( domain.tld ) which is the primary domain of the ISP server.
This domains has z-push and z-push-autoconfigure configure in the vhost of domain.tld
The test of Exchange ActiveSync Autodiscover
https://testconnectivity.microsoft.com/#&&JLErJIbAY6/6K3YKXWEzA06HPBVWn/hLAZtCreaTGIhEF0ce0uH9UokDRdlLSV8937N2pJYHJ1CceW5hxdCuMH7wybk6sEMR1uq4MnYffmQsArt/aepa0Zt6iWnma/7XbJ4ZibhYs5SvC3ct9PB0Kfk4NG/Fpn12alrjIsZJXpgL/jMH14uIjK5YM35DMxOZin1V8bfEiCmT4cswkhJAkwkc9Bc=
All verified ok.

next test : vhost mail.domain.tld , this is the host where i want/need all users connections
This domains has z-push+active-sync and +autoconfigure configure in the vhost.
The test : Exchange ActiveSync
https://testconnectivity.microsoft.com/#&&9NEyQEu0J6sWkFh30rMSiOTRY+0M/Qd7IEPodaCx53HVFL/HUxxpfUX5uKhLMRdpELeBqMrf0jvOnW5kWCF5FuYhMhlVPBG4pE1XUvylyiiO0xdnuGP4YsRioe3pE/yxHmw/HCdeCjCroLZ8ub/3dPPhQiNZLATpjfEYQCpKkYvm35pfxZD6oyU4RveKo7wE4eAziw==
All verified ok.

So this is exact what i want, so far. Now im adding a new domain, lets say testdomain2.tld
I use z-push-redirect-302 in this vhost.
And the test of Exchange ActiveSync Autodiscover
https://testconnectivity.microsoft.com/#&&IqYIvAObDvsy5yhOpbOrfhXU8QXxcKFiJTxN9q7Lfmb0h0O2K1XEVL5bZA/ciSCDgRahM+i6+5DSGNtYia1Rpzjbg/U7/XUweR/YAw7QrQvlsEkbmiflZCLZkYzdOuvgR5P6qnZEvpcSB5/S/ohxbzSghn93OHCMCx67ONhEU12Og2dGSvG/LhRtIXkTj3bjTlhO7qmAQFx51mrf0JfsExxKvsg=
all verified ok.

next test the Exchange ActiveSync:
https://testconnectivity.microsoft.com/#&&SZSXRYodNuz3FEYFy/VOl+rzL0S59gjGSzwikDr2u3lCuaL1pxU0oQmYQgnmtXKo+YPCWZiwTh041sD3PC9yCy5JwZzJpV9ZMiSwRxqu3LZOZdmSdIDnoY8u5woi9Xd2wXdVMQxemV20U6M+fazuPKtHihirGXaeewr/rIbMJ8u3FeCOj117QTUpbmDRyZXW0BulfA==
and again all ok.

So now your probely thinking what the … is he doing here… its all working… ;-)

well, yeah, but if you use the mail adres : test@testdomain2.tld as shown in the second domain.
The mobile devices still show “testdomain2.tld” in the server field and i was expecting “mail.domain.tld”

Any suggestion on this or is this not supported with z-push? Or what did i miss here.

Manfred

Hi thctlo,

please also post WBXML level autodiscover log for test@testdomain2.tld.

Manfred

thctlo

Hai,
I just enable the extra logging and tried again, … and now its correct…
Not that im complaining but strange.
I’ll setup a thirth test site and keep the wbxml logging enabled.

I’ll post the results later on today.

thctlo

Hai, i can say, for this topic, it is all working now.
Only adding Davical with z-push makes it very unstable, but that is me i think, missing settings.
I’ll open a new topic for that and mark this one solved.

So basicly how im setup now, i’ll share it so other can use it/learn from it.

1 - default (catch-all-unconfigured ) host, contains the 302 redirects to mail-host
Redirect 302 /AutoDiscover/AutoDiscover.xml https://mail.domain.tld/Autodiscover/Autodiscover.xml
Redirect 302 /Autodiscover/Autodiscover.xml https://mail.domain.tld/Autodiscover/Autodiscover.xml
Redirect 302 /autodiscover/autodiscover.xml https://mail.domain.tld/Autodiscover/Autodiscover.xml

2 - server host, the default site for the server, (domain.tld), same as above the 302 redirects.

3 - mail.domain.tld host, contains z-push + activesync + autodiscover
+ aliasname autodiscover.maildomain.tld
! BOTH mail and autodiscover must have a correct SSL Certificate.

4 -SRV records for autodiscover is set in the DNS to https://mail.domain.tld

5 - All other new sites, in domain.tld get the 302 redirects to mail host is all we need now, as shown in step 1.

And resulting in, windows Mail/Android (gmail) and IOS (gmail) correctly configuring with autodiscover for mail contacts and calendar.