I have just inherited a new organization which has an in internal domain named abc.local and external website/email domain of abc-xyz.com abc & xyz are of course just place holders. When an external client try to use Autodiscover from within Outlook or a Mobile phone it will not automatically connect. It prompts for a username/password. The only way to get it to work is to enter the local domain\user name such as abc.local\username.

Is there a SIMPLE way to fix this? Or can someone tell me Specifically how to correct this so Autodiscover will work correctly?

Any help is truly appreciated.....

Roy

I have just inherited a new organization which has an in internal domain named abc.local and external website/email domain of abc-xyz.com abc & xyz are of course just place holders. When an external client try to use Autodiscover from within Outlook or a Mobile phone it will not automatically connect. It prompts for a username/password. The only way to get it to work is to enter the local domain\user name such as abc.local\username.

Is there a SIMPLE way to fix this? Or can someone tell me Specifically how to correct this so Autodiscover will work correctly?

Any help is truly appreciated.....

Roy

Do the primary SMTP addresses match the UPNs of the users? They should and that will help make this work as expected.

Hi Roy,

Thank you for your question.

By my understanding, because the external URL is abc-xyz.com, external outlook client will find https://autodiscover.abc-xyz.com/autodiscover/autodiscover.xml instead of https://autodiscover.abc.local/autodiscover/autodiscover.xml.

We could change UPN into @abc-xyz.com by the following link:

https://technet.microsoft.com/en-us/library/cc772007.aspx

If there are any questions regarding this issue, please be free to let me know.

Best Regard,

Jim

I just tried changing the UPN as described above but it did not work.The message I get is "Authentication failed"

to make it work I must manually change the auto filled in "Domain\username field" from "\johnsmith" to abc\jsmith" It will not accept the full user name with is used in the email address. The user logon for the domain is first Initial, Last name.

What next?

I just tried changing the UPN as described above but it did not work.The message I get is "Authentication failed"

to make it work I must manually change the auto filled in "Domain\username field" from "\johnsmith" to abc\jsmith" It will not accept the full user name with is used in the email address. The user logon for the domain is first Initial, Last name.

What next?

Are these domain joined machines you are testing from?

If you run

Get-OutlookAnywhere | fl Server*, *auth*

Do the external Auth methods list NTLM as an option?

Yes they are domain joined. Here are the results of the command that I was requested above to run. Also I am testing with a mobile phone which is my biggest concern for getting autodiscover to work.

[PS] C:\Windows\system32>Get-OutlookAnywhere | fl Server*, *auth*


ServerName                         : US10S005
Server                             : US10S005
ExternalClientAuthenticationMethod : Basic
InternalClientAuthenticationMethod : Ntlm
IISAuthenticationMethods           : {Basic, Ntlm, Negotiate}

Ok, it looks like your ExternalClientAuthenticationMethod is set to Basic.  This basically prompts for credentials every time outlook connects.  

Let's change that to NTLM, (Windows Authentication) so it functions the same as it does internally.

Get-OutlookAnywhere -Server US10S005 | Set-OutlookAnywhere -ExternalClientAuthenticationMethod NTLM

Once you make that change you should do an iisreset to make the changes take affect.

Mobile phones aren't domain joined, so they will always prompt for creds when you initially set them up, but the phone should save the creds and pass them along to Exchange as they need it.  

If you want to test autodiscover externally, I would use the Remote Connectivity Analyzer to verify that works.  But if 

https://testconnectivity.microsoft.com/

Yes they are domain joined. Here are the results of the command that I was requested above to run. Also I am testing with a mobile phone which is my biggest concern for getting autodiscover to work.

[PS] C:\Windows\system32>Get-OutlookAnywhere | fl Server*, *auth*


ServerName                         : US10S005
Server                             : US10S005
ExternalClientAuthenticationMethod : Basic
InternalClientAuthenticationMethod : Ntlm
IISAuthenticationMethods           : {Basic, Ntlm, Negotiate}

What are the internal and external Outlook Anywhere  host names set to? If they are the same and the internalhostname is resolvable on the internet, then Outlook will use the internalhostname and internal authentication.

I found a fix! 

1) Add an additional UPN to match the external domain name. Such as  abc-xyz.com.

2) Set the user to use this new UPN as primary.

3) Change users logon such as bsmith to bobsmith to match the email bobsmith@abc-xyz.com

This worked for me!

• Marked as answer by rbx1239 20 hours 12 minutes ago

I found a fix! 

1) Add an additional UPN to match the external domain name. Such as  abc-xyz.com.

2) Set the user to use this new UPN as primary.

3) Change users logon such as bsmith to bobsmith to match the email bobsmith@abc-xyz.com

This worked for me!

• Marked as answer by rbx1239 Friday, May 29, 2015 11:14 AM