Hi,

Have just deployed 3 collocated CAS/MBX servers behind a HLB.

when testing using test-outlookwebservices I get:

[PS] C:\>Test-OutlookWebServices

Source                              ServiceEndpoint                     Scenario                       Result  Latency
                                                                                                                  (MS)
------                              ---------------                     --------                       ------  -------
EXCHANGE01.company.com              autodiscover.company.com            Autodiscover: Outlook Provider Failure      30
EXCHANGE01.company.com              mail.company.com                    Exchange Web Services          Success      22
EXCHANGE01.company.com              mail.company.com                    Availability Service           Success      33
EXCHANGE01.company.com                                                  Offline Address Book           Skipped       0

if using the -debug feature I cannot locate any error in EXPR or elsewhere...

Setup:

Get-ClientAccessServer

AutoDiscoverServiceInternalUri       : https://autodiscover.company.com/autodiscover/autodiscover.xml

Get-OutlookProvider

I have tested EXPR server as empty and with mail.company.com

CertPrincipalName is set to msstd: mail.company.com

WebServicesVirtualDirectory

Both internal and external url is set to https://mail.company.com/EWS/Exchange.asmx

Using 3rd party certificate with autodiscover.company.com and mail.company.com namespaces.

Please advice!

• Edited by [fredrik] Monday, April 22, 2013 12:32 PM

Get-OabVirtualDirectory | FL Server,*URL

By chance, once you get a mailbox profile created manually, does OOF work? And does Free/Busy show up correctly?

@Ed, Get-OabVirtualDirectory seems fine, both internalurl and externalurl are set to https://mail.company.com/OAB

@Mike, Outlook profiles are created automatically and OOF is working. the this is that got me worried is that

ExRCA is saying:

Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
Autodiscover settings weren't obtained when the Autodiscover POST request was sent.

Test Steps

ExRCA is attempting to retrieve an XML Autodiscover response from URL https://autodiscover.company.com/AutoDiscover/AutoDiscover.xml for user testuser@company.com.
ExRCA failed to obtain an Autodiscover XML response.

Additional Details
An HTTP 401 Unauthorized response was received from the remote Unknown server. This is usually the result of an incorrect username or password. If you are attempting to log onto an Office 365 service, ensure you are using your full User Principal Name (UPN).

And test-outlookwebservices said that the outlook provider is failing, that got me worried.

Do I have to change any authentication on my Exchange servers for external autodiscover/outlook anywhere since I hit a 401 Unauthorized responce? Or is that on our UAG server? (running latest SP3 with latests patches for Exchange 2013 support)

I can browse https://autodiscover.company.com/AutoDiscover/AutoDiscover.xml both internally and externally. I get the 600 Invalid Request which is correct.

Internally I don't have to enter credentials (guess windows auth)

Externally I have to enter credentials.

• Edited by [fredrik] Tuesday, April 23, 2013 6:03 PM

Update: Issue with autodiscover via ExRCA was the HLB was acting like a proxy.

- Autodiscover is working internally and can configure domain joined pc's without any problems.

- I can browse https://autodiscover.company.com/autodiscover/autodiscover.xml with out any problems both internally and externally.

- Test-OutlookWebServices still reports Outlook Provider failure...

and...

- Outlook externally seems to find the server via autodiscover but I can't logon (via basic auth screen) so the account will not be created in my profile. I have to manually specify the settings (one of the internal servernames, my username then add the proxy settings, then it works.

What have I missed?

On each CAS, find \Program Files\Microsoft\Exchange Server\V14\Client Access\OAB\web.config and ensure that Authenticated Users has both Read, and Read and Execute right.

Hi Ed,

I noticed that only SYSTEM and Administrators had permissions on my web.config on the servers. V15 dir since its Exchange 2013.

I added Authenticated Users with Read + Read & execute permissions...but the issue still appears.

For clients on the corporate network (ad joined pc and non-ad joined pcs) can use autodiscover to authenticate.

For clients on the internet autodiscover can find the serverguid and my mailbox during the lookup but I cannot login, the basic auth screen keeps looping.

29fa6069-e63c-43c5-b48f-91469d1fd5f2@company.com

=SMTP:testuser@company.com

I have to force the outlook client to use manual settings and configure proxy settings as well as basic auth to be able to logon.

so manual setup works but not via the settings provided by the autodsicover...

ExRCA Autodiscover = OK

ExRCA Outlook Anywhere via autodiscover settings = OK

Outlook Anywhere settings (rpc vdir)

- ExternalHostname: mail.company.com

- InternalHostname: mail.company.com

- ExternalClientAuthenticationMethods: Basic

- InternalClientAuthenticationMethods: Ntlm

- IISAuthenticationMethods: {Basic, Ntlm, Negotiate}

UAG runnings SP3 has /rpc/* set to basic auth.

• Edited by [fredrik] Friday, April 26, 2013 7:27 AM

Run http://exrca.com and look at what is being returned by Autodiscover, even if it passes.  Examine the URLs to be sure that everything is correct.

Hi again,

Every URL seems to be fine. i'm out of ideas...

If it's working, then I wouldn't worry about Test-OutlookWebServices.

If the ExRCA warning you're getting is under the test where it looks at https://company.com/autodiscover/autodiscover.xml, then the response you're seeing is normal.  Nobody publishes Autodiscover using that URL, so I can't fathom why ExRCA (and Outlook for that matter) looks at that URL first, but it does, fails and moves on to the correct URL.  That's a red herring that you need not worry about.

Hi Ed, thx for helping.

I have changed the Outlook Anywhere authenticationmethod(Set-OutlookAnywhere for the rpc vdir) for the attribute ExternalClientAuthenticationMethodsfrom the original "Negotiaer" to "Basic" and back again.

I have always used Basic authentication before but in 2013 Negotiate seems to be the default one.

I thought basic or negotiate on exchange and basic on UAG would work, is it true?

then I can't understand whats blocking the logon. I can't get passed the logonscreen while autodiscover configures the outlook profile.

If using the Test E-mail AutoConfiguration utility in Outlook I can see that no OAB URL is retrieved.

Is that something that can cause my issue with outside connectivity?

• Edited by [fredrik] Tuesday, April 30, 2013 6:52 AM

any update on this .. u able to sort this.. m stuck on this ..my autodiscover is not going through .. and mailing the problem users are the one on MAC

please