OutlookAnywhere Authentication Loop

Hello,

We have a new Exchange 2013 environment having some issues with OutlookAnywhere published through UAG. When we try to configure a client externally via autodiscover the fiddler trace shows that it hits the autodiscover URL fine and returns the needed mailbox info. Once it hits the /rpc/rpcproxy.dll URL it fails with 401 unauthorized. The trace also seems to be stating that it is attempting to use NTLM and not Basic as specified in the config

Get-OutlookAnywhere

ExternalHostname                   : webmail.domain.com
InternalHostname                   : webmail.domain.com
ExternalClientAuthenticationMethod : Basic
InternalClientAuthenticationMethod : Ntlm
IISAuthenticationMethods           : {Basic, Ntlm, Negotiate}
ExternalClientsRequireSsl          : True

The behavior we see is a repeated prompt for credentials that almost seems to be a loop. What it also seems is that because the internal and external URL used are the same it is using the authentication method for Internal as opposed to what is specified for External. I will also note that internally OutlookAnywhere and Autodiscover are working fine.

August 25th, 2015 8:15am

Hi,

Take a look at http://www.ntsystems.it/post/How-to-build-an-UAG-2010-Array-for-Exchange-publishing-Part-1.aspx. Part 1 looks at how to create your UAG array and part 2 demonstrates how to configure it for Exchange 2013 including Outlook Anywhere. 

UAG is now discontinued and Microsoft are encouraging the use of Web Application Proxy as an alternative. More information about WAP and E2K13 here: https://technet.microsoft.com/en-us/library/dn528827.aspx.

Thanks.

Free Windows Admin Tool Kit Click here and download it now
August 25th, 2015 9:03am

Hi MK, 

Thank you for your question.

First of all, we should check outlook anywhere and autodiscover authentication on UAG by the following link: 

https://technet.microsoft.com/en-us/library/ee921429.aspx 

For testing, we could enable NTLM authentication on external client authentication method to check if the issue persist. 

If there are any questions regarding this issue, please be free to let me know. 

Best Regard, 

Jim

August 26th, 2015 2:42am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics