Exchange 2013 – Outlook 2013 – The connection to Microsoft Exchange is unavailable.

If you use Autodiscover service by Outlook, you can see the following error (Exchange 2013 + Outlook 2013 in my case) :

OutlookMustBeOnline

Outlook error: Microsoft Outlook: The connection to Microsoft Exchange is unavailable. Outlook must be online or connected to complete this action.

Outlook error: Outlook is unable to connect to the proxy server. (Error Code 10)

The error could be due to:

  1. Firewall issue
  2. DNS failure
  3. Exchange misconfiguration
  4. Client issue
  5. Certificate validation failed

Well quite common problem.

Investigation

<?xml version="1.0" encoding="UTF-8"?>
-<Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
-<Response> 
-<Error Id="3876576560" Time="21:12:30.2927520">
<ErrorCode>600</ErrorCode>
<Message>Invalid Request</Message>
<DebugData/>
</Error>
</Response>
</Autodiscover>

Error code 600 means autodiscover service is accessible and works. Autodiscover request is corrupted at this point but it is typical behavior for testing via IE. Very useful articles regarding to Autodiscover are White Paper: Exchange 2007 Autodiscover Service and Troublshooting Autodiscover (Exchange 2007/2010).

Test-OutlookWebServices | fl
Source : s04.contoso.com
ServiceEndpoint : autodiscover.contoso.com
Scenario : AutoDiscoverOutlookProvider
ScenarioDescription : Autodiscover: Outlook Provider
Result : Failure
Latency : 22
Error : System.Net.WebException: The underlying connection was closed: Could not establish trust
 relationship for the SSL/TLS secure channel. --->
 System.Security.Authentication.AuthenticationException: The remote certificate is invalid
 according to the validation procedure.
…

The validation procedure (shortly):

  1. The name used to access the resource needs match the certificate exactly.
  2. The Certificate date must be valid
  3. The Certificate Authority which issued the certificate must be trusted by the client. (It needs to exist in the Trusted Root Certificate Authorities)

Solution

I checked CAS certificate issued by internal CA and I found missing letter in one SAN name. New certificate assigned to IIS service solved the error.

Notes