Hello, could anybody help please? We have probblem with autodiscover for external users (internal is working) We are using reverse proxy and allowed 443 comm. OWA, RPC .. everything is working, only externla autodiscover not. Login window is always pop up after entered username and password. I have 401 error. Interna is working on \\nameserver\autodiscover\autodiscover.xml this is from the the testexchangeconnectivity.com Attempting to contact the Autodiscover service using the DNS SRV redirect method. ExRCA failed to contact the Autodiscover service using the DNS SRV redirect method. Test Steps Attempting to locate SRV record _autodiscover._tcp.foxconn.cz in DNS. The Autodiscover SRV record was successfully retrieved from DNS. Additional Details The Service Location (SRV) record lookup returned host mail20.foxconn.cz. Attempting to test potential Autodiscover URL https://mail20.foxconn.cz/Autodiscover/Autodiscover.xml Testing of this potential Autodiscover URL failed. Test Steps Attempting to resolve the host name mail20.foxconn.cz in DNS. The host name resolved successfully. Additional Details IP addresses returned: 62.209.192.78 Testing TCP port 443 on host mail20.foxconn.cz to ensure it's listening and open. The port was opened successfully. Testing the SSL certificate to make sure it's valid. The certificate passed all validation requirements. Test Steps Validating the certificate name. The certificate name was validated successfully. Additional Details Host name mail20.foxconn.cz was found in the Certificate Subject Common name. Testing the certificate date to confirm the certificate is valid. Date validation passed. The certificate hasn't expired. Additional Details The certificate is valid. NotBefore = 12/27/2010 4:33:36 PM, NotAfter = 12/27/2011 4:43:36 PM Checking the IIS configuration for client certificate authentication. Client certificate authentication wasn't detected. Additional Details Accept/Require Client Certificates isn't configured. Attempting to send an Autodiscover POST request to potential Autodiscover URLs. Autodiscover settings weren't obtained when the Autodiscover POST request was sent. Test Steps ExRCA is attempting to retrieve an XML Autodiscover response from URL https://mail20.foxconn.cz/Autodiscover/Autodiscover.xml for user test2010@foxconn.cz. ExRCA failed to obtain an Autodiscover XML response. Additional Details A Web exception occurred because an HTTP 401 - Unauthorized response was received from Unknown.

Hi, Please follow these steps to test the problem: 1. Open IE, access the f ollowing link: https://mail20.foxconn.cz/Autodiscover/Autodiscover.xml After entering the your credential, can you open the xml file? 2. Please refer the folllowing KB article and check if you have same senerio: http://support.microsoft.com/kb/896861Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. Thanks Gen Lin-MSFT

Hi, thank you for your reply ad1 - when I try to opne this link in the IE, logon window will pop up, I enter the username and password and window pop up again and again. This link is working only from the internal site. I have internal link https://cz01excas01.cz.foxconn.com/..... external https://mail20.foxconn.cz/..... in the internal DNS is CNAME for autodiscover to mail20.foxconn.cz and mail20 has CNAME to internal name cz01excas01.cz.foxconn.com Reverse proxy is in the DMZ and has allowe acces only on the 443 to CAS (no access to the DNS, there is a host name) ad2 - I have not this event in the security log. OS is server 2008 R2, Exchange - EX2010 SP1 thank you Pavel

Pavel, Have you set the correct certificate in the External site at the Org level, it could be that the security is using the internal cert and it is not getting back through your proxy correctly? Just a thought. Cheers Phil

Phil, we have valid certificate on the external proxy server for mail20.foxconn.cz, on the internal CAS is the same and internal too. thank you

Pavel, Can you post your proxy logs when you have an attempt to access autodiscover? Cheers Phil

Hi All, it is working now. Problem was with authentication settings on the autodiscovery and OAB folder. It is not working with settings what microsoft is recommended. Autodiscovery - disable windows authentication. OAB - disable windows authentication and enable reguired ssl Or do does anybody know about squid version or script how to setup reverse proxy with windows authentication on the web folders? thank you Pavel

Hi Check the whitepaper about autodiscover, it will give you all the details http://technet.microsoft.com/en-us/library/bb332063%28EXCHG.80%29.aspxJonas Andersson MCTS: Microsoft Exchange Server 2007/2010 | MCITP: EMA 2007/2010 | Blog: http://www.testlabs.se/blog | Follow me on twitter: jonand82