SOLVED

Autodiscover infected with virus

Copper Contributor

My client has Exchange server 2016 running on windows server 2016 Standard. After the recent zero day we patched the server right away and ran the mitigation tool. We have also run several full Microsoft safety scans and Windows defender scans. The safety scans and mitigation tools removed back doors and we have been running them regularly since. A few days later one of the users mentioned that they keep getting a pop up about a virus when opening Outlook. The message is attached. I verified that the same thing was happening on any other computer using Outlook. I also tested on an external machine that was a clean build and I got the same message as soon as I connected Outlook to their exchange server. I tried deleting and recreating the autodiscover virtual directory but the issue seems to keep going after that. Any help would be greatly appreciated. 

 

Thanks

5 Replies

@Tingley5 

 

Have you found a solution? We have a client which has the exact same issue. They are in the process of installing a new Exchange server to migrate the mailboxes, but not sure if the Autodiscover.xml error will disappear after the old Exchange is decommissioned and the clients connect to the new one.

best response confirmed by Tingley5 (Copper Contributor)
Solution

@Tingley5 

 

Well I found the solution in this case. Apparently the external URL used for the OAB URL was rewritten and changing it back to the original value fixed it.

 

 

@DaveGr1280 

Thanks! That did it!

Hi @DaveGr1280 

I'm having a similar problem whilst setting up a new email address under Microsoft® Outlook® for Microsoft 365 MSO (Version 2112 Build 16.0.14729.20254) 64-bit. Bitdefender AV is blocking the autodiscover URL - See attached. 

 

I'm not technical, could you please explain what I need to do?

 

Many thanksAutodiscover error.JPG

I'd really appreciate any help with this issue folks, as it is preventing me from getting to my emails.

 

Thank you

 

Danny

1 best response

Accepted Solutions
best response confirmed by Tingley5 (Copper Contributor)
Solution

@Tingley5 

 

Well I found the solution in this case. Apparently the external URL used for the OAB URL was rewritten and changing it back to the original value fixed it.

 

 

View solution in original post