Troubleshooting DNS issues for Office 365

When you add a domain to your MS Office 365 account, you will receive a list of DNS entries that you must be make for the domain to function correctly. Although most of these DNS entries are relatively straightforward, Microsoft Lync requires some SRV records to be created.

This shouldn't be a problem for those who have Microsoft DNS servers, but it can be problematic for non-Microsoft DNS servers. Following are some trouble-shooting tips fotr Office 365 DNS and autodiscover settings.

 

The Autodiscover CNAME record must contain the following information:

  •  Alias   autodiscover
  • Target   autodiscover.outlook.com


Test your domain with the Exchange Remote Connectivity Analyzer


Use the tests at https://www.testexchangeconnectivity.com to troubleshoot the following issues with your domain:

  • Incoming mail flow 
  • Outlook connectivity to a mailbox 

Note   ExRCA has several other tests that you can perform on your domain. However, some of these tests are relevant only for an on-premises Microsoft Exchange organization.

Test incoming mail flow


To test incoming mail flow using ExRCA, under Internet E-Mail Tests, select Inbound SMTP E-Mail. This test retrieves all available MX records for the domain, and then performs the following tests on each MX record:

  1. 1.It tries to resolve the host name specified in the MX record to an IP address.
  2. 2.It tests connectivity on TCP25 to the host name specified in the MX record. TCP port 25 is the port used by SMTP.
  3. 3.It sends a test e-mail message to an account in the domain that you specify.
  4. 4.It tests the host name specified in the MX record for open relay. Anenables messages to be resubmitted or "relayed" by using a different server to mask the true source of the messages. Note that this last test is irrelevant for cloud-based Exchange because you can't configure it as an open relay, intentionally or unintentionally.

Use the Inbound SMTP Email test to test mail flow and to verify the mail-routing MX record for your domain


  1. 1.Openhttps://www.testexchangeconnectivity.com.
  2. 2.Under, select, and then click.
  3. 3.In thesection, enter the e-mail address of an account in your domain, such as admin@contoso.edu.
    Note
  4. 4.In thesection, type the letters that are displayed in the CAPTCHA image, and then clickPerform Test.
  5. 5.When the test is complete, you can do the following:
  • Clickto save the information in the report. You can then paste the information into a text file.
  • Clickto view the test results.

If you also created an MX record to prove domain ownership, the overall Incoming SMTP E-Mail test will always fail. To understand the test results, look in the Test Steps section. For each MX record, you’ll see twoTesting Mail Exchanger tests:

  • Testing Mail Exchanger <token>.mail.outlook.com.   This tests the MX record used for mail routing. This step and all sub-steps should succeed.
  • Testing Mail Exchanger <token>.msv1.invalid.   This tests the MX record used for proof of domain ownership. This test will always fail because this MX record isn’t designed to route e-mail.

 

 Test Outlook connectivity to a mailbox


To test Outlook connectivity to a mailbox using ExRCA, under Microsoft Office Outlook Connectivity Tests, select Outlook Autodiscover. This test uses three different methods of contacting the Autodiscover service for your domain. Only the "HTTP redirect method" is expected to succeed. This test does the following:

  1. 1.It tries to resolve the host "autodiscover.<domain name>" to an IP address.
  2. 2.It tests connectivity on TCP80 to the host "autodiscover.<domain name>". TCP port 80 is the port used by HTTP.
  3. 3.It tests "autodiscover.<domain name>" for an HTTP redirect response.
  4. 4.It tests the validity of the HTTP redirect URL from the previous result.

Use the Outlook Autodiscover test to test Outlook connectivity to a mailbox and to verify the Autodiscover CNAME record for your domain


  1. 1.Openhttps://www.testexchangeconnectivity.com.
  2. 2.Under, select, and then clickNext.
  3. 3.In thesection, enter the following information:
  • E-mail Address
  • Domain\Username (or UPN)
  • Password
  • Ignore Trust for SSL
  1. 4.Select the check box to acknowledge the security warning.
    Notesection, we recommend that, if possible, you use a temporary test account, and then delete the account when you are finished testing.
  2. 5.In thesection, type the letters that are displayed in the CAPTCHA image, and then clickPerform Test.
  3. 6.When the test is complete, you can do the following:
  • You can clickto save the information in the report. You can then paste the information into a text file.
  • You can clickto view the test results.

Pay particular attention to the test results under "Attempting to contact the Autodiscover service using the HTTP redirect method". All tests should pass successfully if the Autodiscover CNAME record for your cloud-based domain is configured correctly.

Note that the following tests under "Attempting each method of contacting the AutoDiscover Service" will fail even if your Autodiscover CNAME record is configured correctly:

  • Attempting to test potential AutoDiscover URL https://<; domain name>/AutoDiscover/AutoDiscover.xml 
  • Attempting to test potential AutoDiscover URL https://autodiscover.<; domain name>/AutoDiscover/AutoDiscover.xml 

For more information about issues related to the Autodiscover service, Troubleshooting Autodiscover in Exchange Online. 

View DNS records with Nslookup


You can use the Nslookup tool that comes with any version of Microsoft Windows to view the DNS records for your domain.

Note   Firewall or Internet proxy restrictions that are enforced on your organization's internal network may prevent the Nslookup tool from functioning correctly.

Also, in the following steps, always type your domain name with a trailing period. The trailing period ( . ) indicates a fully qualified domain name (FQDN). The use of the trailing period prevents any default DNS suffixes that are configured for your network from being unintentionally added to the domain name.


View the MX records


Open a command prompt and run the following command:

Copy

Nslookup -type=MX <domain name>.

For example, if your domain name is contoso.edu, run the following command:

Copy

Nslookup -type=MX contoso.edu.

Note the trailing period after the domain name. If you have two MX records, one for proving domain ownership, and one for mail routing, the output of the command will resemble the following:

Copy

contoso.edu   MX preference=10, mail exchanger = e0e792760b25459f40912aae164e0a.mail.outlook.com

contoso.edu   MX preference=100, mail exchanger = msv1.invalid

  

View the Autodiscover CNAME record


Open a command prompt and run the following command:

Copy

Nslookup -type=CNAME autodiscover.<domain name>.

For example, if your domain name is contoso.edu, run the following command:

Copy

Nslookup -type=CNAME autodiscover.contoso.edu.

Note the trailing period after the domain name. The output of the command will resemble the following:

Copy

autodiscover.contoso.edu   canonical name = autodiscover.contoso.edu

  

View the TXT records


Open a command prompt and run the following command:

Copy

Nslookup -type=TXT <domain name>.

For example, if your domain name is contoso.edu, run the following command:

Copy

Nslookup -type=TXT contoso.edu.

Note the trailing period after the domain name. If you have two TXT records, one for ensuring that destination e-mail systems trust messages sent from your domain, and one for proving domain ownership, the output of the command will resemble the following:

Copy

contoso.edu   text = "v=spf1 include:outlook.com include:spf.messaging.microsoft.com ~all"

contoso.edu   text = "v=msv1 t=e0e792760b25459f4aae164e0a"

  

View the SRV records


Note   The SRV record described in this example is used in Live@edu only.

Open a command prompt and run the following command:

Copy

Nslookup -type=SRV _sipfederationtls._tcp.<domain name>.

For example, if your domain name is contoso.edu, run the following command:

Copy

Nslookup -type=SRV _sipfederationtls._tcp.autodiscover.contoso.edu.

Note the trailing period after the domain name. The output of the command will resemble the following:

Copy

_sipfederationtls._tcp.contoso.edu   SRV service location:

   priority    = 10

   weight    = 2

   port    = 5061

   svr hostname    = federation.messenger.msn.com

  

Troubleshoot the Nslookup results


If any of your DNS records appear to be incorrect, or the services that are associated with the DNS records aren't working, consider these possible causes:

  • It is very easy to make a typographical error when you create a record. Make sure that you used the correct values when you created the DNS records.
  • Some DNS hosting services support managing multiple domains using the same Web management interface, and therefore require you to enter @ to specify the parent domain name for certain types of DNS records. Entering the actual domain name instead of @ can cause unexpected results in the DNS record.
  • Some DNS hosting services may not support an MX priority value of 0. Instead of 0, try using the value of 10 in the MX mail routing record.

About us

We serve businesses in Fairfield County, Connecticut with IT Tech Support, network planning (network consulting), network projects, and ongoing network/computer maintenance and Tech Support. We pride ourselves on not only delivering the results you expect, but also being knowledgeable, systematic, accountable, trustworthy and easy to work with. Read more...

Fairfield County Connecticut

Fairfield, CT 06824
Westport, CT 06880
Bridgeport, CT 06804
Wilton, CT 06897
Easton, CT 06612
Norwalk, CT 06850
Southport, CT 06890
Stamford, CT 06901
Trumbull, CT 06611
Stratford, CT 06614
Ridgefield, CT 06810
Danbury, CT 06810

Contact Us

Address: Georgetown Road
Weston, CT 06883

Tel:         (203) 541-5448 Ext. 211
Toll-free: (877) 717-6075
IM:          (203) 216-9902 

Email: jb at cssdllc.com