Autodiscover not setting outlook anywhere accordingly

We have installed 2013 Mailbox and CAS Server on separate boxes into our 2010 environment. We have migrated a few users and it seems autodiscover does not configure Outlook anywhere on the Outlook 2010 client. If we configure this manually the
user can connect and view mail. Outlook web access is fine, certificates appear to be working as we can manually configure Outlook and it is ready mail very well. We are running Exchange 2013 CU3, and have installed the certificate on the CAS.
the autodiscover dns entry has been changed to point to the 2013 CAS.
Is this a common problem and what can we try to do to resolve this issue ?
I've read a few different posts and looked at authentication of virtual folders (still default setup), certificates (added new certificate from company CA). Any ideas ?

Hi CompGuy2012,
To troubleshoot the autodiscover issue, I suggest we refer to the test email auto-configuration:
[Check AutoConfiguration Status in Outlook]
===================================
a. While Outlook is running, click the CTRL key and then right-click the Outlook icon in the system tray and then select “Test Email Autoconfiguration”.
b. Confirm that your email address is in the address field, uncheck “Use
Guessmart” and “secure Guessmart
authentication” boxes. Then click the “Test” button.
c. Once it runs, Check the Log tab andResults
tab.
Let us know the detailed error message.
Thanks,
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
[email protected]
Simon Wu
TechNet Community Support

Similar Messages

Object variable or With block variable not set, Outlook 2010.

I am using Outlook from Office 2010 Professional (32 bit) and have Exchange 2010 from SBS2011 installed on the server.
Outlook cannot sync with the server over the LAN. This started suddenly about 6 hours ago.
I can send from outlook and it is delivered. I can receive into outlook. I can also send and receive on the phone using the Exchange server. However, the sent emails are not showing up in the sent folder of Outlook. The phone can see its own sent emails,
but not those from outlook.
I haver rebooted the PC and the server with the same result. When I open outlook, is get an error dialogue box with a title, "Contact Sync" and a message, "Error: Object variable or With block variable not set."
My contacts and calender are visible. Email sent since early this afternoon are not recorded in Outlook.
Any thoughts?
Thanks

Hi,
Do you mean all emails that are send from phone are not showing up in the sent folder of Outlook? Please check whether these emails are showing in Outlook Online mode or OWA.
Please make sure all emails send from Outlook can be listed in Sent Items folder correctly. If the problematic emails can be viewed in OWA and Outlook Online mode and the issue only happens to Outlook Cached mode, please manually sync the folder by clicking
Send/Receive button to have a try. If it doesn’t work, we can create a new Outlook profile to have a check.
As for the “Contact Sync” error, please try to launch Outlook with safe mode (“Outlook.exe .safe”) to check whether the issue still persists. Some of third-party programs such as QuickBooks Contact Sync or corrupted VBA coding may cause that. If it
is, please refer to the following article to check it:
http://dataservices.intuit.com/support/articles/sln43126
Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make
sure that you completely understand the risk before retrieving any suggestions from the above link.
Thanks,
Winnie Liang
TechNet Community Support

Outlook Anywhere losing proxy settings, Autodiscover issue?

I have Exchange Server 2010 in Small Business Server 2011. I have several remote clients that are not part of the SBS domain, but they use Outlook Anywhere to connect to Exchange.
We originally started with a self-signed and eventually added a GoDaddy SSL certificate. Some of the remote clients lose the settings for Outlook Anywhere randomly. The proxy checkbox is unchecked and the MSSTS settings have all disappeared.
I investigated this and it seems to point to autodiscover. Our DNS is hosted externally so I created an A-Host record at Netowork Solutions called autodiscover and resolved it to the static IP address of the server. When I did this the remote
clients started to get certificate security warnings.
Next I tried to create a CNAME called _autodiscover for mail.mydomain.com and this didn't work either, certificate security erros
Is my Outlook Anywhere issue an 'autodiscover' problem and if it is, what amI doing wrong? Here are some additional details:
Self-signed certificate is mail.mydomain.com. GoDaddy Class 2 certificate authority has identified this site as mail.mydomain.com. The connection to the server is encrypted.

Testing RPC/HTTP connectivity.
The RPC/HTTP test failed.
Additional Details
Elapsed Time: 3221 ms.
Test Steps
The Microsoft Connectivity Analyzer is attempting to test Autodiscover for
[email protected].
Autodiscover was tested successfully.
Additional Details
Elapsed Time: 3219 ms.
Test Steps
Attempting each method of contacting the Autodiscover service.
The Autodiscover service was tested successfully.
Additional Details
Elapsed Time: 3218 ms.
Test Steps
Attempting to test potential Autodiscover URL
https://pickardconstruction.com/AutoDiscover/AutoDiscover.xml
Testing of this potential Autodiscover URL failed.
Additional Details
Elapsed Time: 835 ms.
Test Steps
Attempting to resolve the host name pickardconstruction.com in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 205.204.84.106
Elapsed Time: 464 ms.
Testing TCP port 443 on host pickardconstruction.com to ensure it's listening and open.
The port was opened successfully.
Additional Details
Elapsed Time: 164 ms.
Testing the SSL certificate to make sure it's valid.
The SSL certificate failed one or more certificate validation checks.
Additional Details
Elapsed Time: 205 ms.
Test Steps
The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server pickardconstruction.com on port 443.
The Microsoft Connectivity Analyzer wasn't able to obtain the remote SSL certificate.
Additional Details
The certificate couldn't be validated because SSL negotiation wasn't successful. This could have occurred as a result of a network error or because of a problem with the certificate installation.
Elapsed Time: 156 ms.
Attempting to test potential Autodiscover URL
https://autodiscover.pickardconstruction.com/AutoDiscover/AutoDiscover.xml
Testing of this potential Autodiscover URL failed.
Additional Details
Elapsed Time: 609 ms.
Test Steps
Attempting to resolve the host name autodiscover.pickardconstruction.com in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 205.204.84.106
Elapsed Time: 222 ms.
Testing TCP port 443 on host autodiscover.pickardconstruction.com to ensure it's listening and open.
The port was opened successfully.
Additional Details
Elapsed Time: 185 ms.
Testing the SSL certificate to make sure it's valid.
The SSL certificate failed one or more certificate validation checks.
Additional Details
Elapsed Time: 200 ms.
Test Steps
The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server autodiscover.pickardconstruction.com on port 443.
The Microsoft Connectivity Analyzer wasn't able to obtain the remote SSL certificate.
Additional Details
The certificate couldn't be validated because SSL negotiation wasn't successful. This could have occurred as a result of a network error or because of a problem with the certificate installation.
Elapsed Time: 151 ms.
Attempting to contact the Autodiscover service using the HTTP redirect method.
The Autodiscover service was successfully contacted using the HTTP redirect method.
Additional Details
Elapsed Time: 1770 ms.
Test Steps
Attempting to resolve the host name autodiscover.pickardconstruction.com in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 205.204.84.106
Elapsed Time: 21 ms.
Testing TCP port 80 on host autodiscover.pickardconstruction.com to ensure it's listening and open.
The port was opened successfully.
Additional Details
Elapsed Time: 100 ms.
The Microsoft Connectivity Analyzer is checking the host autodiscover.pickardconstruction.com for an HTTP redirect to the Autodiscover service.
The redirect (HTTP 301/302) response was received successfully.
Additional Details
Redirect URL:
https://cpanelemaildiscovery.cpanel.net/autodiscover/autodiscover.xml HTTP Response Headers: Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Length: 0 Content-Type: application/xml Date: Fri, 28 Feb 2014 01:49:00 GMT Location:
https://cpanelemaildiscovery.cpanel.net/autodiscover/autodiscover.xml Server: Apache/2.2.23 (Unix) mod_ssl/2.2.23 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4
FrontPage/5.0.2.2635 PHP/5.3.21
Elapsed Time: 184 ms.
Attempting to test potential Autodiscover URL
https://cpanelemaildiscovery.cpanel.net/autodiscover/autodiscover.xml
Testing of the Autodiscover URL was successful.
Additional Details
Elapsed Time: 1463 ms.
Test Steps
Attempting to resolve the host name cpanelemaildiscovery.cpanel.net in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 208.74.124.130, 208.74.124.133, 208.74.125.50, 208.74.125.51, 208.74.123.82
Elapsed Time: 109 ms.
Testing TCP port 443 on host cpanelemaildiscovery.cpanel.net to ensure it's listening and open.
The port was opened successfully.
Additional Details
Elapsed Time: 135 ms.
Testing the SSL certificate to make sure it's valid.
The certificate passed all validation requirements.
Additional Details
Elapsed Time: 358 ms.
Test Steps
The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server cpanelemaildiscovery.cpanel.net on port 443.
The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
Additional Details
Remote Certificate Subject: CN=*.cpanel.net, OU=Domain Control Validated, O=*.cpanel.net, Issuer: SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona,
C=US.
Elapsed Time: 278 ms.
Validating the certificate name.
The certificate name was validated successfully.
Additional Details
The host name that was found, cpanelemaildiscovery.cpanel.net, is a wildcard certificate match for common name *.cpanel.net.
Elapsed Time: 0 ms.
Certificate trust is being validated.
The certificate is trusted and all certificates are present in the chain.
Test Steps
The Microsoft Connectivity Analyzer is attempting to build certificate chains for certificate CN=*.cpanel.net, OU=Domain Control Validated, O=*.cpanel.net.
One or more certificate chains were constructed successfully.
Additional Details
A total of 2 chains were built. The highest quality chain ends in root certificate OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US.
Elapsed Time: 30 ms.
Analyzing the certificate chains for compatibility problems with versions of Windows.
No Windows compatibility problems were identified.
Additional Details
The certificate chain has been validated up to a trusted root. Root =
[email protected], CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network.
Elapsed Time: 4 ms.
Testing the certificate date to confirm the certificate is valid.
Date validation passed. The certificate hasn't expired.
Additional Details
The certificate is valid. NotBefore = 8/18/2011 6:11:10 PM, NotAfter = 10/18/2016 5:19:12 AM
Elapsed Time: 0 ms.
Checking the IIS configuration for client certificate authentication.
Client certificate authentication wasn't detected.
Additional Details
Accept/Require Client Certificates isn't configured.
Elapsed Time: 349 ms.
Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
The Microsoft Connectivity Analyzer successfully retrieved Autodiscover settings by sending an Autodiscover POST.
Additional Details
Elapsed Time: 509 ms.
Test Steps
The Microsoft Connectivity Analyzer is attempting to retrieve an XML Autodiscover response from URL
https://cpanelemaildiscovery.cpanel.net/autodiscover/autodiscover.xml for user
[email protected].
The Autodiscover XML response was successfully retrieved.
Additional Details
Autodiscover Account Settings XML response: <?xml version="1.0"?> <Autodiscover xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006"> <Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">
<User> <DisplayName>[email protected]</DisplayName> </User> <Account> <AccountType>email</AccountType> <Action>settings</Action> <Protocol> <Type>IMAP</Type> <Server>have02b.have1.com</Server>
<Port>993</Port> <DirectoryPort>0</DirectoryPort> <ReferralPort>0</ReferralPort> <SSL>on</SSL> <DomainRequired>off</DomainRequired> <SPA>off</SPA> <AuthRequired>on</AuthRequired>
<LoginName>[email protected]</LoginName> </Protocol> <Protocol> <Type>SMTP</Type> <Server>have02b.have1.com</Server> <Port>465</Port> <DirectoryPort>0</DirectoryPort> <ReferralPort>0</ReferralPort>
<SSL>on</SSL> <DomainRequired>off</DomainRequired> <SPA>off</SPA> <AuthRequired>on</AuthRequired> <LoginName>[email protected]</LoginName> </Protocol> </Account> </Response>
</Autodiscover> HTTP Response Headers: Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Length: 1362 Content-Type: text/xml Date: Fri, 28 Feb 2014 01:49:02 GMT Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_perl/2.0.5
Perl/v5.8.8
Elapsed Time: 509 ms.
Autodiscover settings for Outlook Anywhere are being validated.
The Microsoft Connectivity Analyzer wasn't able to validate Outlook Anywhere Autodiscover settings.
Tell me more about this issue and how to resolve it
Additional Details
The EXCH provider section is missing from the Autodiscover response.
Elapsed Time: 0 ms.

2010 / 2013 Coexistance: Outlook-Anywhere

Hey there,
Can somebody please explain to me why I need to set Outlook-Anywhere on my legacy (2010) servers if I'm not using Outlook Anywhere externally in the org and don't intend to? Keep reading that it's a must so that 2013 can proxy requests, but not really sure
why it would need to proxy requests if I didn't want to allow OA externally (and going through 2013 CAS).
I'll also add that the only namespace I've cutover is Autodiscover. I have around 2000 mailboxes migrated over from 2010 on to 2013 and I don't really see any problems (still a good thousand on 2010). Not sure if I was supposed to point rpcclientaccessarray
records at my 2013 cas, or what advantage that would give. 2010 Exchange mailbox users can connect to 2013 mailboxes when given access (presumably due to Autodiscover). Everything just seems to work.
So please, if someone could tell me the error of my ways or reaffirm that everything's going according to plan I'd really appreciate it. Apologies if my questions are a little diffuse!
Joe

Hi Joe,
If Exchange 2010 users don’t need to use Outlook Anywhere for external accessing, we can remain the Outlook Anywhere disabled in Exchange 2010. Exchange 2010 mailbox can still retrieve Exchange services (EWS, OOF, OWA, ECP, OAB) by using Autodiscover service
(SCP for Exchange 2010 internal users).
For Exchange 2013 mailbox, all Outlook connectivity takes place over Outlook Anywhere(RPC/HTTP)
even for internal connectivity. The Outlook Anywhere is enabled by default in Exchange 2013.
Regards,
Winnie Liang
TechNet Community Support

Outlook anywhere external issues

Hi
I have exchange 2013 installed FRESH. I have configured all the URLs properly and autodiscover is published externally as an A record (autodiscover.domain.com)
There are no issues inside.
HOWEVER I can NOT access outlook anywhere from outside. I get a pop up that says "Outlook can not log on. Verify you are connected to the network and are using the proper server and
server mailbox name.....". exchange remote connectivity analyzer shows me this error "An HTTP 401 Unauthorized response was received from the remote Unknown server. This is usually the result of an incorrect username or password."
I can access our OWA and autodiscover properly from outside. I can also reach https://autodiscover.domain.com/autodiscover/autodiscover.xml. When I use "test autoconfiguration" from outlook the tests are all successful. IISauthentication
is set to "basic,ntlm". I tried both NTLM & basic. I also tried multiple accounts. Nothing works
I appreciate your help.

Hi,
Firstly, I'd like to explain, restarting IIS just helps the new settings take effect faster.
Addording to your description, all external users cannot use Outlook Anywhere.
And to narrow down the cause I'd like to confirm the detail result of ExRCA Outlook Anywhere test, especially the partition which has the error.
Thanks，
If you have feedback for TechNet Subscriber Support, contact
[email protected]
Angela Shi
TechNet Community Support

IE not set cookie for downloaded js file.Why?

I'm trying to download a js file from a different domain like main page is from www.abc.com but js file is from www.def.com. www.def.com sets a cookie . All major browsers get the cookie and sends it in the other requests to www.def.com.But
IE sends this cookie to www.abc.com. Cookie has also domain field set www.def.com. Any possible solution?

How, specifically, is the cookie set?
When you use document.cookie to set a cookie, ALL BROWSERS set the cookie in the domain in which the script runs (e.g. the page that includes it). NO BROWSERS set the cookie in the domain from which the script downloaded.
When you use a SET-COOKIE response header to set a cookie, MOST browsers set the cookie in the domain from which the download occurs. Internet Explorer will IGNORE that cookie (not setting it anywhere) unless a P3P statement is supplied. See
http://blogs.msdn.com/b/ieinternals/archive/2013/09/17/simple-introduction-to-p3p-cookie-blocking-frame.aspx

Exchange 2013 - How to configure Outlook Anywhere with certificate based authentication?

Hello,
is it possible to secure Outlook Anywhere in Exchange 2013 with certficate based authentication?
I found documentation to configure CBA for OWA and ActiveSync, but not for Outlook Anywhere.
We would like to secure external access to the mailboxes via Outlook by using CBA.
Thanks a lot in advance!
Regards,
André

Hi,
Let’s begin with the answer in the following thread:
http://social.technet.microsoft.com/Forums/en-US/e4b44ff0-4416-44e6-aa78-be4c1c03f433/twofactor-authentication-outlook-anywhere-2010?forum=exchange2010
Based on my experience, Outlook client only has the following three authentication methods:Basic, NTML, Negotiate. And for more information about Security for Outlook Anywhere, you can refer to the following article:
http://technet.microsoft.com/en-us/library/bb430792(v=exchg.141).aspx
If you have any question, please feel free to let me know.
Thanks,
If you have feedback for TechNet Subscriber Support, contact
[email protected]
Angela Shi
TechNet Community Support

Exchange Outlook Anywhere does not work!

Hi,
Im having issues to get the Outlook Anywhere to work.
Running Exchange 2010 SP2 with RU1 (two HT/CAS/MBX servers) + TMG + HL.
I have a Geotrust SAN certificate (autodiscover.company.com, mail.company.com, mapi.company.local, legacy.company.com + fqdn of the servers)
CASArray = mapi.comany.local = HL
Outlook Anywhere is configured: mail.company.com / basic auth
All DNS records that are included in the certificate are pointed towards TMG.
TMG should be configured accordingly aswell as our HL. (have asked our guys to verify this several times...but you never know)
from testexchangeconnectivity.com I have various results.
If running RPC/HTTP test with manual specifications it fails...
RPC proxy server: mail.company.com
Exchange Server: mail.company.com or mapi.company.local
msstd: mail.company.com
but...
If running the RPC/HTTP test with Exchange server specified as FQDN like SRV01.company.local it works?

Hi again,
RPC ports is set under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\RpcProxy, se a bunch of 6001, 6002 and 6004 that corresponds to my mapi.company.local, netbios names and more...
these ports are only beeing used on the exchange server itself? they are capsuled in a 443 package passing through TMG and HL right?
I can telnet via the HL on port 6001, result:
ncacn_http/1.0
HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\RpcProxy
Value name: ValidPorts
Value data: ExchangeServer :6001-6002; ExchangeServerFQDN
:6001-6002; ExchangeServer :6004; ExchangeServerFQDN :6004
Note: *
ExchangeServer should be the NetBIOS name of Mailbox server.
* ExchangeServerFQDN
should be the fully qualified domain name (FQDN) of Mailbox server.
When you test in testexchangeconnectivity.com, the Exchange server should be the FQDN name instead of the external URL.
So please change the registry key and reboot the server to take effert. And then try again to see if this works.
Fiona Liao
TechNet Community Support

Access to Outlook Anywhere does not work

Good evening,
I recently installed an Exchange Server 2013 CAS / MB.
Until now, the server presented a few errors (mainly in the
event log) that does not seem to significantly influence functionality.
This week I published the server on the Internet and verified various malfunctions
related to the access from outside.
In particular from outside:
1 - OWA does not work with Windows integrated authentication, it works with the Forms based authentication;
2 - Outlook Anywhere does not work from internet.
I've done a lot of research and testing without success.
With regard to the first issue (which is not a priority but can relate to second one)
add that in Firefox I get a first authentication request. If
I enter credentials it ask again for identical authentication (repeatly), if I cancel it shows a second one that instead allows me access (are slightly different).
I assume that the first is the integrated Windows application and the second is basic authentication.
Internet Explorer shows me only the first authentication request and if I cancel shows blank page.
The problem is
priority 2:
Outlook connects without problems on LAN network, the Internet
seems to download the correct information
(autodiscover), but then does not connect
to the server (connection to Microsoft Exchange is unavailable).
If you manually edit the settings,
auto-configuration server returns as
a [email protected]. If I change
manually the server (and proxy settings
http), the result does not change.
- Setting information -
The server is installed
in the LAN network and is exposed on the Internet through
a firewall (Pat on port 443, et al. not 80)
on a public address.
The public and private DNS have been configured with a
host record (A) and two
CNAME (webmail and autodiscover).
The internal Outlook clients connect
with autodiscover and HTTPS /
NTLM / SSL (Outlook connectivity
status).
IMAP, SMTP, POP, ActiveSync function.
Exchange remote connectivity analizer retrieves Autodiscover information but doesn't pass test for RPC/HTTP access (it discard accesson
port 443 and try port 80, SPF isn't configured).
The navigation to the url
https://proxyexternalURL/rpc/rpcproxy.dll has the same behaviour like problem 1.
Test-OutlookConnectivity returns unmanaged error ('WARNING: An unexpected error has occurred and a Watson dump is being generated: Failed to find the probe result for invoke now request id -- and probe workdefinition id --').
Errors in eventviewer: 5011 - WAS (one time), 139 - MSExchange OWA (some not ripetitive), 3028 - MSExchangeApplicationLogic (every 6 hours), 106 - MSExchange common (many during working hour), 65535 - application (some at nighttime 00.00 - 03.00 a.m.), 1006
- MSExchangeDiagnostic (every 30 min), 6002 - MSExchange Mid-Tier Storage (about every 5 minutes), 5 - MSExcahnge Workload Management (one time).
Ask for further information.
- Cmdlet and Autodiscover output -
Get-OutlookAnywhere | fl name,*auth*,*ssl*,*host*
Name                               : Rpc (Default Web site)
ExternalClientAuthenticationMethod : Basic
InternalClientAuthenticationMethod : Ntlm
IISAuthenticationMethods           : {Basic, Ntlm, Negotiate}
SSLOffloading                      : True
ExternalClientsRequireSsl          : True
InternalClientsRequireSsl          : True
ExternalHostname                   : webmail.name_domain.test
InternalHostname                   : webmail.name_domain.test
Get-OutlookProvider | ft -autosize
Name   Server CertPrincipalName                     TTL
EXCH           msstd:webmail.name_domain.test        1
EXPR            msstd:webmail.name_domain.test        1
WEB
    1
Get-AutodiscoverVirtualDirectory | fl name,*auth*,*url*
Name                          : Autodiscover (Default Web site)
InternalAuthenticationMethods : {Basic, WSSecu.testy, OAuth}
ExternalAuthenticationMethods : {Basic, WSSecu.testy, OAuth}
LiveIdNegotiateAuthentication : False
WSSecu.testyAuthentication      : True
LiveIdBasicAuthentication     : False
BasicAuthentication           : True
DigestAuthentication          : False
WindowsAuthentication         : False
OAuthAuthentication           : True
AdfsAuthentication            : False
InternalUrl                   :
ExternalUrl                   :
Get-MapiVirtualDirectory | fl name,*auth*,*url*
Name                          : mapi (Default Web site)
IISAuthenticationMethods      : {Basic, Ntlm, Negotiate}
InternalAuthenticationMethods : {Basic, Ntlm, Negotiate}
ExternalAuthenticationMethods : {Basic, Ntlm, Negotiate}
InternalUrl                   : https://webmail.name_domain.test/mapi
ExternalUrl                   : https://webmail.name_domain.test/mapi
Autodiscover.xml
<?xml version="1.0" encoding="utf-8"?>
<Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
<Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">
    <User>
      <DisplayName>user</DisplayName>
      <LegacyDN>/o=organization_name/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=e4c0c18c8f214afbb5152bb08823179d-user</LegacyDN>
      <AutoDiscoverSMTPAddress>user@name_domain.test</AutoDiscoverSMTPAddress>
      <DeploymentId>d60c71c9-3740-404c-a38c-aa24e6105432</DeploymentId>
    </User>
    <Account>
      <AccountType>email</AccountType>
      <Action>settings</Action>
      <MicrosoftOnline>False</MicrosoftOnline>
      <Protocol>
        <Type>EXCH</Type>
        <Server>72036b30-a4d4-4b42-9c39-445bd04c23a6@name_domain.test</Server>
        <ServerDN>/o=organization_name/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=72036b30-a4d4-4b42-9c39-445bd04c23a6@name_domain.test</ServerDN>
        <ServerVersion>73C082C8</ServerVersion>
        <MdbDN>/o=organization_name/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=72036b30-a4d4-4b42-9c39-445bd04c23a6@name_domain.test/cn=Microsoft Private MDB</MdbDN>
        <PublicFolderServer>webmail.name_domain.test</PublicFolderServer>
        <AD>DC2.name_domain.test</AD>
        <ASUrl>https://webmail.name_domain.test/EWS/Exchange.asmx</ASUrl>
        <EwsUrl>https://webmail.name_domain.test/EWS/Exchange.asmx</EwsUrl>
        <EmwsUrl>https://webmail.name_domain.test/EWS/Exchange.asmx</EmwsUrl>
        <EcpUrl>https://webmail.name_domain.test/ecp/</EcpUrl>
        <EcpUrl-um>?rfr=olk&p=customize/voicemail.aspx&exsvurl=1&realm=name_domain.test</EcpUrl-um>
        <EcpUrl-aggr>?rfr=olk&p=personalsettings/EmailSubscriptions.slab&exsvurl=1&realm=name_domain.test</EcpUrl-aggr>
        <EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?rfr=olk&exsvurl=1&IsOWA=<IsOWA>&MsgID=<MsgID>&Mbx=<Mbx>&realm=name_domain.test</EcpUrl-mt>
        <EcpUrl-ret>?rfr=olk&p=organize/retentionpolicytags.slab&exsvurl=1&realm=name_domain.test</EcpUrl-ret>
        <EcpUrl-sms>?rfr=olk&p=sms/textmessaging.slab&exsvurl=1&realm=name_domain.test</EcpUrl-sms>
        <EcpUrl-publish>customize/calendarpublishing.slab?rfr=olk&exsvurl=1&FldID=<FldID>&realm=name_domain.test</EcpUrl-publish>
        <EcpUrl-photo>PersonalSettings/E.testAccount.aspx?rfr=olk&chgPhoto=1&exsvurl=1&realm=name_domain.test</EcpUrl-photo>
        <EcpUrl-tm>?rfr=olk&ftr=TeamMailbox&exsvurl=1&realm=name_domain.test</EcpUrl-tm>
        <EcpUrl-tmCreating>?rfr=olk&ftr=TeamMailboxCreating&SPUrl=<SPUrl>&.testle=<.testle>&SPTMAppUrl=<SPTMAppUrl>&exsvurl=1&realm=name_domain.test</EcpUrl-tmCreating>
        <EcpUrl-tmE.testing>?rfr=olk&ftr=TeamMailboxE.testing&Id=<Id>&exsvurl=1&realm=name_domain.test</EcpUrl-tmE.testing>
        <EcpUrl-extinstall>Extension/InstalledExtensions.slab?rfr=olk&exsvurl=1&realm=name_domain.test</EcpUrl-extinstall>
        <OOFUrl>https://webmail.name_domain.test/EWS/Exchange.asmx</OOFUrl>
        <UMUrl>https://webmail.name_domain.test/EWS/UM2007Legacy.asmx</UMUrl>
        <OABUrl>https://webmail.name_domain.test/OAB/e66d9a4a-6ed2-4512-b72f-522381524dd9/</OABUrl>
        <ServerExclusiveConnect>off</ServerExclusiveConnect>
        <CertPrincipalName>msstd:webmail.name_domain.test</CertPrincipalName>
      </Protocol>
      <Protocol>
        <Type>EXPR</Type>
        <Server>webmail.name_domain.test</Server>
        <SSL>On</SSL>
        <AuthPackage>Basic</AuthPackage>
        <ASUrl>https://webmail.name_domain.test/ews/exchange.asmx</ASUrl>
        <EwsUrl>https://webmail.name_domain.test/ews/exchange.asmx</EwsUrl>
        <EmwsUrl>https://webmail.name_domain.test/ews/exchange.asmx</EmwsUrl>
        <EcpUrl>https://webmail.name_domain.test/ecp/</EcpUrl>
        <EcpUrl-um>?rfr=olk&p=customize/voicemail.aspx&exsvurl=1&realm=name_domain.test</EcpUrl-um>
        <EcpUrl-aggr>?rfr=olk&p=personalsettings/EmailSubscriptions.slab&exsvurl=1&realm=name_domain.test</EcpUrl-aggr>
        <EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?rfr=olk&exsvurl=1&IsOWA=<IsOWA>&MsgID=<MsgID>&Mbx=<Mbx>&realm=name_domain.test</EcpUrl-mt>
        <EcpUrl-ret>?rfr=olk&p=organize/retentionpolicytags.slab&exsvurl=1&realm=name_domain.test</EcpUrl-ret>
        <EcpUrl-sms>?rfr=olk&p=sms/textmessaging.slab&exsvurl=1&realm=name_domain.test</EcpUrl-sms>
        <EcpUrl-publish>customize/calendarpublishing.slab?rfr=olk&exsvurl=1&FldID=<FldID>&realm=name_domain.test</EcpUrl-publish>
        <EcpUrl-photo>PersonalSettings/E.testAccount.aspx?rfr=olk&chgPhoto=1&exsvurl=1&realm=name_domain.test</EcpUrl-photo>
        <EcpUrl-tm>?rfr=olk&ftr=TeamMailbox&exsvurl=1&realm=name_domain.test</EcpUrl-tm>
        <EcpUrl-tmCreating>?rfr=olk&ftr=TeamMailboxCreating&SPUrl=<SPUrl>&.testle=<.testle>&SPTMAppUrl=<SPTMAppUrl>&exsvurl=1&realm=name_domain.test</EcpUrl-tmCreating>
        <EcpUrl-tmE.testing>?rfr=olk&ftr=TeamMailboxE.testing&Id=<Id>&exsvurl=1&realm=name_domain.test</EcpUrl-tmE.testing>
        <EcpUrl-extinstall>Extension/InstalledExtensions.slab?rfr=olk&exsvurl=1&realm=name_domain.test</EcpUrl-extinstall>
        <OOFUrl>https://webmail.name_domain.test/ews/exchange.asmx</OOFUrl>
        <UMUrl>https://webmail.name_domain.test/ews/UM2007Legacy.asmx</UMUrl>
        <OABUrl>https://webmail.name_domain.test/OAB/e66d9a4a-6ed2-4512-b72f-522381524dd9/</OABUrl>
        <ServerExclusiveConnect>on</ServerExclusiveConnect>
        <CertPrincipalName>msstd:webmail.name_domain.test</CertPrincipalName>
        <EwsPartnerUrl>https://webmail.name_domain.test/ews/exchange.asmx</EwsPartnerUrl>
        <GroupingInformation>LAN</GroupingInformation>
      </Protocol>
      <Protocol>
        <Type>WEB</Type>
        <Internal>
          <OWAUrl AuthenticationMethod="Basic, Fba">https://webmail.name_domain.test/</OWAUrl>
          <Protocol>
            <Type>EXCH</Type>
            <ASUrl>https://webmail.name_domain.test/EWS/Exchange.asmx</ASUrl>
          </Protocol>
        </Internal>
        <External>
          <OWAUrl AuthenticationMethod="Basic">https://webmail.name_domain.test/</OWAUrl>
          <Protocol>
            <Type>EXPR</Type>
            <ASUrl>https://webmail.name_domain.test/ews/exchange.asmx</ASUrl>
          </Protocol>
        </External>
      </Protocol>
      <Protocol>
        <Type>EXHTTP</Type>
        <Server>webmail.name_domain.test</Server>
        <SSL>On</SSL>
        <AuthPackage>Ntlm</AuthPackage>
        <ASUrl>https://webmail.name_domain.test/EWS/Exchange.asmx</ASUrl>
        <EwsUrl>https://webmail.name_domain.test/EWS/Exchange.asmx</EwsUrl>
        <EmwsUrl>https://webmail.name_domain.test/EWS/Exchange.asmx</EmwsUrl>
        <EcpUrl>https://webmail.name_domain.test/ecp/</EcpUrl>
        <EcpUrl-um>?rfr=olk&p=customize/voicemail.aspx&exsvurl=1&realm=name_domain.test</EcpUrl-um>
        <EcpUrl-aggr>?rfr=olk&p=personalsettings/EmailSubscriptions.slab&exsvurl=1&realm=name_domain.test</EcpUrl-aggr>
        <EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?rfr=olk&exsvurl=1&IsOWA=<IsOWA>&MsgID=<MsgID>&Mbx=<Mbx>&realm=name_domain.test</EcpUrl-mt>
        <EcpUrl-ret>?rfr=olk&p=organize/retentionpolicytags.slab&exsvurl=1&realm=name_domain.test</EcpUrl-ret>
        <EcpUrl-sms>?rfr=olk&p=sms/textmessaging.slab&exsvurl=1&realm=name_domain.test</EcpUrl-sms>
        <EcpUrl-publish>customize/calendarpublishing.slab?rfr=olk&exsvurl=1&FldID=<FldID>&realm=name_domain.test</EcpUrl-publish>
        <EcpUrl-photo>PersonalSettings/E.testAccount.aspx?rfr=olk&chgPhoto=1&exsvurl=1&realm=name_domain.test</EcpUrl-photo>
        <EcpUrl-tm>?rfr=olk&ftr=TeamMailbox&exsvurl=1&realm=name_domain.test</EcpUrl-tm>
        <EcpUrl-tmCreating>?rfr=olk&ftr=TeamMailboxCreating&SPUrl=<SPUrl>&.testle=<.testle>&SPTMAppUrl=<SPTMAppUrl>&exsvurl=1&realm=name_domain.test</EcpUrl-tmCreating>
        <EcpUrl-tmE.testing>?rfr=olk&ftr=TeamMailboxE.testing&Id=<Id>&exsvurl=1&realm=name_domain.test</EcpUrl-tmE.testing>
        <EcpUrl-extinstall>Extension/InstalledExtensions.slab?rfr=olk&exsvurl=1&realm=name_domain.test</EcpUrl-extinstall>
        <OOFUrl>https://webmail.name_domain.test/EWS/Exchange.asmx</OOFUrl>
        <UMUrl>https://webmail.name_domain.test/EWS/UM2007Legacy.asmx</UMUrl>
        <OABUrl>https://webmail.name_domain.test/OAB/e66d9a4a-6ed2-4512-b72f-522381524dd9/</OABUrl>
        <ServerExclusiveConnect>On</ServerExclusiveConnect>
        <CertPrincipalName>msstd:webmail.name_domain.test</CertPrincipalName>
      </Protocol>
      <Protocol>
        <Type>EXHTTP</Type>
        <Server>webmail.name_domain.test</Server>
        <SSL>On</SSL>
        <AuthPackage>Basic</AuthPackage>
        <ASUrl>https://webmail.name_domain.test/ews/exchange.asmx</ASUrl>
        <EwsUrl>https://webmail.name_domain.test/ews/exchange.asmx</EwsUrl>
        <EmwsUrl>https://webmail.name_domain.test/ews/exchange.asmx</EmwsUrl>
        <EcpUrl>https://webmail.name_domain.test/ecp/</EcpUrl>
        <EcpUrl-um>?rfr=olk&p=customize/voicemail.aspx&exsvurl=1&realm=name_domain.test</EcpUrl-um>
        <EcpUrl-aggr>?rfr=olk&p=personalsettings/EmailSubscriptions.slab&exsvurl=1&realm=name_domain.test</EcpUrl-aggr>
        <EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?rfr=olk&exsvurl=1&IsOWA=<IsOWA>&MsgID=<MsgID>&Mbx=<Mbx>&realm=name_domain.test</EcpUrl-mt>
        <EcpUrl-ret>?rfr=olk&p=organize/retentionpolicytags.slab&exsvurl=1&realm=name_domain.test</EcpUrl-ret>
        <EcpUrl-sms>?rfr=olk&p=sms/textmessaging.slab&exsvurl=1&realm=name_domain.test</EcpUrl-sms>
        <EcpUrl-publish>customize/calendarpublishing.slab?rfr=olk&exsvurl=1&FldID=<FldID>&realm=name_domain.test</EcpUrl-publish>
        <EcpUrl-photo>PersonalSettings/E.testAccount.aspx?rfr=olk&chgPhoto=1&exsvurl=1&realm=name_domain.test</EcpUrl-photo>
        <EcpUrl-tm>?rfr=olk&ftr=TeamMailbox&exsvurl=1&realm=name_domain.test</EcpUrl-tm>
        <EcpUrl-tmCreating>?rfr=olk&ftr=TeamMailboxCreating&SPUrl=<SPUrl>&.testle=<.testle>&SPTMAppUrl=<SPTMAppUrl>&exsvurl=1&realm=name_domain.test</EcpUrl-tmCreating>
        <EcpUrl-tmE.testing>?rfr=olk&ftr=TeamMailboxE.testing&Id=<Id>&exsvurl=1&realm=name_domain.test</EcpUrl-tmE.testing>
        <EcpUrl-extinstall>Extension/InstalledExtensions.slab?rfr=olk&exsvurl=1&realm=name_domain.test</EcpUrl-extinstall>
        <OOFUrl>https://webmail.name_domain.test/ews/exchange.asmx</OOFUrl>
        <UMUrl>https://webmail.name_domain.test/ews/UM2007Legacy.asmx</UMUrl>
        <OABUrl>https://webmail.name_domain.test/OAB/e66d9a4a-6ed2-4512-b72f-522381524dd9/</OABUrl>
        <ServerExclusiveConnect>On</ServerExclusiveConnect>
        <CertPrincipalName>msstd:webmail.name_domain.test</CertPrincipalName>
      </Protocol>
    </Account>
</Response>
</Autodiscover>
Get-OwaVirtualDirectory | fl name,*auth*,*url*
Name                          : owa (Default Web Site)
ClientAuthCleanupLevel        : High
InternalAuthenticationMethods : {Basic, Fba}
BasicAuthentication           : True
WindowsAuthentication         : False
DigestAuthentication          : False
FormsAuthentication           : True
LiveIdAuthentication          : False
AdfsAuthentication            : False
OAuthAuthentication           : False
ExternalAuthenticationMethods : {Basic}
Url                           : {}
SetPhotoURL                   :
Exchange2003Url               :
FailbackUrl                   :
InternalUrl                   : https://webmail.name_domain.test/
ExternalUrl                   : https://webmail.name_domain.test/

Follow the results of the test
Outlook Anywhere (RPC over HTTP).
Has been used an account for which
outlook anywhere works. The account
for which the outlook anywhere does not work is
an administrative account and therefore
can not be used in the test.
Autodiscovery returns the
same result for both mailbox.
I'm testing RPC/HTTP connectivity.
Testing RPC over HTTP has not been exceeded.
Test steps
Microsoft connectivity Analyzer is attempting to test the Autodiscover service for user_test@domain_name.test.
Test the Autodiscover service has not been exceeded.
Test steps
I'm trying to contact the Autodiscover service with each method available.
I was not able to contact the Autodiscover service with no method.
Test steps
I'm trying to test the possible URL for the Autodiscover service https://domain_name.test/AutoDiscover/AutoDiscover.xml
The test of this potential URL for the Autodiscover service has not been exceeded.
Test steps
I'm trying to resolve the host name domain_name. DNS test.
I was able to resolve the host name.
IP addresses are returned: xxx.yyy.zzz.www
I'm testing the TCP port 443 on the host domain_name. tests to check that is open and listening.
The door has been opened properly.
I'm testing the validity of your SSL certificate.
The SSL certificate has not exceeded one or more validation controls.
Test steps
Microsoft connectivity Analyzer is attempting to obtain the SSL certificate from the remote server domain_name. test on port 443.
Microsoft connectivity Analyzer got the remote SSL certificate.
Remote certificate subject: E = it_staff@domain_name.test, CN = * domain_name. test, OU = it staff, O = domain_name, L = city, S = state, C = test issuer: E = it_staff@domain_name.test, CN = * domain_name. test, OU = it staff, O = domain_name,
L = city, S = state, C = test.
I am validating the certificate name.
I could not validate the certificate name.
More info about this issue and how to resove it
The host name domain_name. testing does not match any name found on the certificate and server = it_staff@domain_name.test, CN = * domain_name. test, OU = it staff, O = domain_name, L = city, S = state, C = test.
I'm trying to test the possible URL for the Autodiscover service https://autodiscover.domain_name.test/AutoDiscover/AutoDiscover.xml
The test of this potential URL for the Autodiscover service has not been exceeded.
Test steps
I'm trying to resolve the host name autodiscover. domain_name. DNS test.
I was able to resolve the host name.
IP addresses are returned: xxx.yyy.zzz.kkk
I'm testing the TCP port 443 on the host autodiscover. domain_name. tests to check that is open and listening.
The door has been opened properly.
I'm testing the validity of your SSL certificate.
The SSL certificate has not exceeded one or more validation controls.
Test steps
Microsoft connectivity Analyzer is attempting to obtain the SSL certificate from the remote server autodiscover. domain_name. test on port 443.
Microsoft connectivity Analyzer got the remote SSL certificate.
Other details
Remote certificate subject: CN = webmail. domain_name. test, OU = it staff, O = domain_name, L = city, S = city, C = test issuer: CN = domain_name-DC1-CA, DC = domain_name, DC = test.
I am validating the certificate name.
I validated the certificate name.
Other details
I found the host name autodiscover. domain_name. test in the voice of the alternative name of the certificate object.
Elapsed time: 1 ms.
I am validating the reliability of certificates.
I was not able to validate the reliability of the certificate.
Test steps
Microsoft connectivity Analyzer is attempting to generate certificate chains to a certificate CN = webmail. domain_name. test, OU = it staff, O = domain_name, L = city, S = city, C = test.
I failed to build a certificate chain for the certificate.
Other details
Failed to generate the certificate chain.
May be missing the required intermediate certificates.
I'm trying to contact the Autodiscover service using the HTTP redirect method.
I was not able to contact the Autodiscover service using the HTTP redirect method.
Test steps
I'm trying to resolve the host name autodiscover. domain_name. DNS test.
I was able to resolve the host name.
IP addresses are returned: xxx.yyy.zzz.kkk
I'm testing the TCP port 80 on the host autodiscover. domain_name. tests to check that is open and listening.
The specified port is blocked, is not listening or doesn't produce the expected response.
More info about this issue and how to resove it
I encountered a network error while communicating with the remote host.
I'm trying to
find the
SRV DNS record _audiscover._tcp.domain_name.test.
I failed to find
the SRV record of the
Autodiscover service
in DNS.
Some clarifications:
1 - xxx.yyy.zzz.www and xxx.yyy.zzz.kkk
are two static public addresses
of which only the latter exposes Exchange services;
2 - The certificate
*. Domain_name.test is not related
to Exchange services;
3 -I imported the certificate
of the issuing CA on the standalone test PC to validate the certificate.
3- The port 80 is not open and are not published SRV records.
Best regards.

Exchange 2010 Autodiscovery & Outlook Anywhere kind of but really not working

This is driving me nuts. We have a single Exchange Server 2010 running (everything is on one box). It works fine internally (all Outlook clients can see and grab the login info from the user login). OWA works from outside, mail delivers nicely. My problems
all seem to stem around some mysterious problem in autodiscover and outlook anywhere.
Our domain is internally like this: mycompany2.com and outside like this: mycompanyllc.com
So the mail server inside looks like server1.mycompany2.com and outside: mail.mycompanyllc.com - from what I can see it's all set up correctly in both.
I've run the connectivity analyzer and apart from a minor certificate warning ('Your certificate may not be trusted on Windows if the "Update Root Certificates" feature isn't enabled) it passes every test on the site for EAS and Outlook Anywhere
(and for good measure I ran everything, all green checks!). Autodiscover works in the test, everything gets found and pointed to the right place.
When I have a user that wants to configure Outlook 2010 or 2013 outside
the org. they start the wizard, type their name, their email, their password. The server or user can't be found and no matter what they do it won't find it. If you go in and manually configure the
internal server name, domain, username you can connect. It just won't set it up automatically. The odd thing is, in the analyzer the autodiscovery XML is found and downloaded fine, all the server name info and detail is displayed.
In Outlook 2013, both Exchange and EAS connection doesn't work even though phones can be set up through EAS (although they require the same kind of manual setup--autodiscover doesn't seem to work even though it keeps telling me everything
is fine).
I'm at wits end, all the tests show it's working, but in the real world the server can't be found. It's right on the DNS servers, it's right in the tests, it responds correctly manually. I'd love users to be able to set up their own mail without a 10 page
printout of all the manual settings. It's all relatively late model hardware, Outlook 2010 or 2013, and a fully patched up to date Exchange 2010 server. Anyone have an idea?
Curt Kessler - FLC

We don't use TMG we use a WatchGuard Firewall and it is configured to allow all traffic to this server (that's why manual works fine with Outlook and OWA).
When I run the get-autodiscovervirtualdirectory it returns my internal server under the Server, and nothing more, so this possibly could be it?? I'm definitely not good at IIS at all, I would need guidance to investigate that further...
This is my EXRCA results, the first fail is because it tests the root of mydomain.com rather than mail.mydomain.com which is a different server. I've replaced some names for security purposes:
The Microsoft Connectivity Analyzer is attempting to test Autodiscover for
[email protected].
Autodiscover was tested successfully.
Test Steps
Attempting each method of contacting the Autodiscover service.
The Autodiscover service was tested successfully.
Test Steps
Attempting to test potential Autodiscover URL https://mydomain.com/AutoDiscover/AutoDiscover.xml
Testing of this potential Autodiscover URL failed.
Test Steps
Attempting to resolve the host name franklinlc.com in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 76.79.142.101
Testing TCP port 443 on host franklinlc.com to ensure it's listening and open.
The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
The SSL certificate failed one or more certificate validation checks.
Test Steps
The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server franklinlc.com on port 443.
The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
Additional Details
Remote Certificate Subject: CN=apps.franklinlc.com, OU=Domain Control Validated, O=apps.franklinlc.com, Issuer: SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale,
S=Arizona, C=US.
Validating the certificate name.
Certificate name validation failed.
<label for="testSelectWizard_ctl12_ctl06_ctl00_ctl00_ctl02_ctl01_tmmArrow">Tell
me more about this issue and how to resolve it</label>
Additional Details
Host name franklinlc.com doesn't match any name found on the server certificate CN=apps.franklinlc.com, OU=Domain Control Validated, O=apps.franklinlc.com.
Attempting to test potential Autodiscover URL https://autodiscover.mydomain.com/AutoDiscover/AutoDiscover.xml
Testing of the Autodiscover URL was successful.
Test Steps
Attempting to resolve the host name autodiscover.mydomain.com in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 76.xx.xx.xx this is the mail server IP address
Testing TCP port 443 on host autodiscover.franklinlc.com to ensure it's listening and open.
The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
The certificate passed all validation requirements.
Test Steps
The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server autodiscover.mydomain.com on port 443.
The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
Additional Details
Remote Certificate Subject: CN=mail.franklinlc.com, OU=Domain Control Validated, O=mail.mydomain.com, Issuer: SERIALNUMBER=xxxxxxxxxxxxx, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale,
S=Arizona, C=US.
Validating the certificate name.
The certificate name was validated successfully.
Additional Details
Host name autodiscover.mydomain.com was found in the Certificate Subject Alternative Name entry.
Testing the certificate date to confirm the certificate is valid.
Date validation passed. The certificate hasn't expired.
Additional Details
The certificate is valid. NotBefore = 9/28/2012 10:20:20 PM, NotAfter = 9/28/2015 10:20:20 PM
Checking the IIS configuration for client certificate authentication.
Client certificate authentication wasn't detected.
Additional Details
Accept/Require Client Certificates isn't configured.
Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
The Microsoft Connectivity Analyzer successfully retrieved Autodiscover settings by sending an Autodiscover POST.
Test Steps
The Microsoft Connectivity Analyzer is attempting to retrieve an XML Autodiscover response from URL https://autodiscover.mydomain.com/AutoDiscover/AutoDiscover.xml for user [email protected].
The Autodiscover XML response was successfully retrieved.
Additional Details
Autodiscover Account Settings
XML response:
<?xml version="1.0"?>
<Autodiscover xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
<Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">
    <User>
      <DisplayName>Curt Kessler</DisplayName>
      <LegacyDN>/o=mydomain/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=Curt Kessler</LegacyDN>
      <DeploymentId>14a1e263-943a-4609-865c-ba22802e45aa</DeploymentId>
    </User>
    <Account>
      <AccountType>email</AccountType>
      <Action>settings</Action>
      <Protocol>
        <Type>EXCH</Type>
        <Server>FLC5.internaldomainname.com</Server>
        <ServerDN>/o=mydomain/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=FLC5</ServerDN>
        <ServerVersion>7383807B</ServerVersion>
        <MdbDN>/o=mydomain/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=FLC5/cn=Microsoft Private MDB</MdbDN>
        <ASUrl>https://mail.mydomain.com/ews/exchange.asmx</ASUrl>
        <OOFUrl>https://mail.mydomain.com/ews/exchange.asmx</OOFUrl>
        <OABUrl>https://mail.mydomain.com/OAB/9c85c0c4-48f4-4aa8-99b2-f640651b130a/</OABUrl>
        <UMUrl>https://mail.mydomain.com/ews/UM2007Legacy.asmx</UMUrl>
        <Port>0</Port>
        <DirectoryPort>0</DirectoryPort>
        <ReferralPort>0</ReferralPort>
        <PublicFolderServer>FLC5.internaldomainname.com</PublicFolderServer>
        <AD>PRIME.internaldomainname.com</AD>
        <EwsUrl>https://mail.mydomain.com/ews/exchange.asmx</EwsUrl>
        <EcpUrl>https://flc5.internaldomainname.com/ecp/</EcpUrl>
        <EcpUrl-um>?p=customize/voicemail.aspx&exsvurl=1</EcpUrl-um>
        <EcpUrl-aggr>?p=personalsettings/EmailSubscriptions.slab&exsvurl=1</EcpUrl-aggr>
        <EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?exsvurl=1&IsOWA=<IsOWA>&MsgID=<MsgID>&Mbx=<Mbx></EcpUrl-mt>
        <EcpUrl-ret>?p=organize/retentionpolicytags.slab&exsvurl=1</EcpUrl-ret>
        <EcpUrl-sms>?p=sms/textmessaging.slab&exsvurl=1</EcpUrl-sms>
      </Protocol>
      <Protocol>
        <Type>EXPR</Type>
        <Server>mail.mydomain.com</Server>
        <ASUrl>https://mail.mydomain.com/ews/exchange.asmx</ASUrl>
        <OOFUrl>https://mail.mydomain.com/ews/exchange.asmx</OOFUrl>
        <OABUrl>https://mail.mydomain.com/OAB/9c85c0c4-48f4-4aa8-99b2-f640651b130a/</OABUrl>
        <UMUrl>https://mail.mydomain.com/ews/UM2007Legacy.asmx</UMUrl>
        <Port>0</Port>
        <DirectoryPort>0</DirectoryPort>
        <ReferralPort>0</ReferralPort>
        <SSL>On</SSL>
        <AuthPackage>Ntlm</AuthPackage>
        <EwsUrl>https://mail.mydomain.com/ews/exchange.asmx</EwsUrl>
        <EcpUrl>https://mail.mydomain.com/ecp/</EcpUrl>
        <EcpUrl-um>?p=customize/voicemail.aspx&exsvurl=1</EcpUrl-um>
        <EcpUrl-aggr>?p=personalsettings/EmailSubscriptions.slab&exsvurl=1</EcpUrl-aggr>
        <EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?exsvurl=1&IsOWA=<IsOWA>&MsgID=<MsgID>&Mbx=<Mbx></EcpUrl-mt>
        <EcpUrl-ret>?p=organize/retentionpolicytags.slab&exsvurl=1</EcpUrl-ret>
        <EcpUrl-sms>?p=sms/textmessaging.slab&exsvurl=1</EcpUrl-sms>
      </Protocol>
      <Protocol>
        <Type>WEB</Type>
        <Port>0</Port>
        <DirectoryPort>0</DirectoryPort>
        <ReferralPort>0</ReferralPort>
        <Internal>
          <OWAUrl AuthenticationMethod="Basic, Ntlm, Fba, WindowsIntegrated">https://flc5.internaldomainname.com/owa/</OWAUrl>
          <Protocol>
            <Type>EXCH</Type>
            <ASUrl>https://mail.mydomain.com/ews/exchange.asmx</ASUrl>
          </Protocol>
        </Internal>
        <External>
          <OWAUrl AuthenticationMethod="Fba">https://mail.mydomain.com/owa/</OWAUrl>
          <Protocol>
            <Type>EXPR</Type>
            <ASUrl>https://mail.mydomain.com/ews/exchange.asmx</ASUrl>
          </Protocol>
        </External>
      </Protocol>
    </Account>
</Response>
</Autodiscover>
I've replaced my public domain with mydomain.com and my internal domain with internaldomainname.com, and hidden the IP, but everything else is the same. The tests all pass
Curt Kessler - FLC

Outlook anywhere settings, in Autodiscover?

So in Outlook, I got all my Outlook Anywhere settings configured, great! But where do I go to edit them on the server?
I don't have a GPO for any of this and I gather Outlook Anywhere is configured in Autodiscover? Is it EMS?

First, run set-outlookprovider -identity EXPR -Server servername and get-outlookanywhere |fl command in EMS. This command will let you know about the configuration of Outlook. You can edit the Outlook Anywhere configuration by using the custom installation
wizard. Autodiscover is simply the best way for managing Outlook configurations.
Set-OutlookProvider EXPR -OutlookProviderFlags:ServerExclusiveConnect
You can run this powershell command to make connection with the Outlook Anywhere using TCP/IP.
You can easily change the OutlookProviderFlags to change/edit the Outlok anywhere seetings e.g. you can set the value to ServerExclusiveConnect or to None to clear the flag
Hi Blake - can you change the first line to be get-outlook provider -identity EXPR ? Its currently at "set-"
Not sure if I'd be recommending the serverExclusiveConnect option off the bat, most customers I see do not leverage that.   Do they want to do OA internally too? I don't see that mentioned above
The OutlookProviderFlags parameter specifies that Outlook 2010 clients should connect using RPC over HTTP (Outlook Anywhere) before trying RPC over TCP connections. This increases the speed at which Outlook 2010 clients will connect when clients
are primarily accessing Exchange over the Internet. The value can be set to
ServerExclusiveConnect or to None to clear the flags. For Outlook 2010 clients that access Exchange over both organization intranets and the Internet, the recommended value is
None, which is also the default setting.
Cheers,
Rhoderick
Microsoft Senior Exchange PFE
Blog:
http://blogs.technet.com/rmilne
Twitter:   LinkedIn:
  Facebook:
  XING:
Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

Exchange 2010+Outlook Anywhere+Windows XP not working together

Hello,
We have Exchange 2010 installed on Server 2008 R2. CAS/Hub/mailbox roles on same server. Outlook Anywhere is enabled and using a Go Daddy signed certificate for OWA. Now my problem is that Windows XP (w SP3) PC's that are not located inside domain and
shoud use Outlook Anywhere cannot connect to that service. Outlook version is 2007 SP2. On the other hand, that same user can connect from a Windows 7 pc what is also located outside domain without problems. On XP pc windows keeps asking for password repeatedly,
on W7 pc it asks it and accepts and logs the user in and connects it to his mailbox. I have read numerous posts about this kind of issue, put so far none of them helped me. The certificate is issued to mail.domainname.ee and autodiscover.domainname.ee. The
internal name of the server is excha.domainname.ee, external name is mail.domainname.ee. Also I used the Set-OutlookProvider cmdlet to set EXPR to msstd:mail.domainname.ee and also tried msstd:excha.domainname.ee this change did not have any effect on XP pc.
What is wrong in XP and Outlook 2007 combination not being able to connect to Echange 2010?

I was suffering from a very similar issue. The one major difference for me is that I was using a wildcard ssl certificate for "*.contoso.com" which was not matching with the server name of owa.contoso.com.
Behaviour definitely seemed to only manifest with Windows XP on the open internet (not domain joined or internal) trying to use either Outlook 2007 or 2010 to connect to our internal Exchange 2010 server via RPC over HTTPS. Autodiscover was successful
but user would be repeatedly prompted for their credentials but they would never match.
The key changes that seemed to fix this for us were to make these updates -
Set-OutlookProvider EXPR -CertPrincipalName msstd:*.contoso.com
alternatively if you dont care whether the proxy server name exactly matches your ssl cert you can do this (not recommended) -
Set-OutlookProvider EXPR -CertPrincipalName none
These commands manipulate the Microsoft Exchange Proxy Settings under the Outlook Anywhere options under the connection tab of your mail profile. In particular the field labeled "Only connect to proxy servers that have this principal name in their
certificate"
Also, to force RPC over HTTPS and never try and timeout on TCP/IP connection (which cannot work through the firewall) -
Set-OutlookProvider EXPR -OutlookProviderFlags:ServerExclusiveConnect
This should click the checkbox for "On fast networks, connect using HTTP first, then connect using TCP/IP"
This should then allow autoconfigure to work fine when setting up your mail profile. If you want to check the settings page you should have something that looks like this -
Finally, please note that Autodiscover settings are updated periodically not instantly. I believe it is something like every 15m or so. As such, make the changes above and then wait for at least 15-30mins before making any other changes.
I ended up chasing my tail and then some complete red-herring *seemed* to fix the problem. It was actually something that I had changed 20mins before!

Outlook anywhere, auto discover and multi CAS's that are not an array

exchange forest: 4 X exchange 2010 SP3. root is HQ, sites are B, C & D.
I set up auto discover by a SRV record in DNS and auto discover works perfectly for HQ users.
But when a user from Site B tries it, the delivered XML sent to their Outlook will redirect that person up to the Site B's server where it fails due to a mutual
validation error. This is because Outlook is expecting the SSL cert from HQ but gets Site B's.
In exchange 2007 this would not be a problem as there were no redirects, the client access server that hosted the autodiscover service would fetch the email and send it onto outlook from Site B's mailbox. So what I am looking for is either a setting that
will stop this redirect or a work around, one that I can think of is to turn off Outlook Anywhere on other CAS’s, leaving it only running on the root, HQ.
I’m not worried about capacity we have at most at any one time 10 Windows Outlook users outside the office as all the rest the remote users are either using IMAP or ActiveSync. So is shutting down outlook anywhere on B,C &D. Or is there a setting
that I can change on HQ to make it that it always goes through HQ.
thanks

Hi,
Firstly, I’d like to explain, internal users in site B can always find the CAS serve in site B. Because Outlook clients firstly find the SCP records of the in-site list.
To make them use HQ site SCP record for its Autodiscover requests, we can set Site Affinity:
Set-ClientAccessServer -Identity "CAS in site HQ" –AutodiscoverServiceInternalURI "https://internalsitename/autodiscover/autodiscover.xml" -AutodiscoverSiteScope "site B",”site HQ”
http://technet.microsoft.com/en-us/library/aa998575(v=exchg.141).aspx
The previous command only ensures the following:
• If an Outlook client is a member of the HQ Active Directory site, it will use the HQ SCP record for its Autodiscover requests.
• If an Outlook client is a member of the Active Directory site B , it can use the HQ SCP record for its Autodiscover requests.
For more information, you can refer to the partition named configuring the Autodiscover service to use site affinity for internal communication in the following article:
http://technet.microsoft.com/en-us/library/jj591328(v=exchg.141).aspx#BKMK_ConfiguringSiteAffinityInternal
For external users, we can make the host name Autodisocver.domain.com points to the IP address of CAS sever in site HQ.
If you have any question, please feel free to let me know.
Thanks,
Angela Shi
TechNet Community Support

Auth Package in Outlook Anywhere AutoDiscover is coming in incorrectly

Let me describe our situation and environment:
We have Exchange 2013 running in a 2008r2 level domain and are using Outlook Anywhere / AutoDiscovery to configure non-domain joined clients (this situation will change later, but our current priority is getting the Exchange server running and worrying and
joining machines to the domain afterwards). I had tried some configuration changes, which ultimately did not work, and I rolled back those changes. On the ECP under Servers -> Servers -> My Exchange Server -> Outlook AnyWhere, there is
a box that lets you choose between NTLM, Basic, and Negotiate authentication. Exchange 2013 default is negotiate, which was working initially. After rolling back my changes, however, my clients get repeated password prompts, and their passwords
are rejected, if I have Outlook Anywhere authentication set to negotiate. It works fine if I keep it set on NTLM.
Under Servers -> Virtual Directories -> AutoDiscover (Default Website) -> Authentication, the boxes for Basic Authentication and Integrated Windows Authentication are checked. These are the default values if I remember correctly.
Even when I have my Outlook Anywhere authentication set to Negotiate, I have a section of code in the AutoDiscover XML file that Outlook pulls that looks like this:
<Type>EXPR</Type>
<Server>exchange.mycompany.com</Server>
<SSL>On</SSL>
<AuthPackage>Ntlm</AuthPackage>
My research tells me that EXPR controls Outlook Anywhere (RPC over HTTP). The AuthPackage seems to be incorrect here. It's still giving me NTLM instead of Negotiate. When I change Outlook Anywhere's authentication back to NTLM, everything
works (after giving the server about fifteen minutes or so to update).
What is the problem here? Why does the autodiscover return the wrong auth package for Outlook Anywhere? Is there a time delay between changing the authentication for Outlook Anywhere and Exchange updating my Outlook clients so that their settings
match? I know that if I go into an Outlook client that is getting prompted for a password after Outlook Anywhere authentication has been changed to Negotiate, I can manually adjust their Exchange Proxy Server settings and get it to work, but I really
want the AutoDiscover to simply deliver the correct auth package to begin with.
I don't mind using NTLM authentication; it works. But I really need to know WHY this is happening and what to do to fix it. Today, it may not matter, but it may matter in the future as network topology changes, and I will be expected to have
the answer.
To further clarify:
When I run Get-OutlookAnywhere | fl name, *, my internal and external Client Authentication Methods are set to Negotiate, but I still get the entry I showed above in the AutoDiscover XML file that specifies NTLM.

Outlook ignores the EXPR/EXCH values when connected to Exchange 2013 for autodiscovery, rather it dynamically builds the EXHTTP values based on the AutoD server settings and uses those instead. You should reference those ExHTTP settings when you
look at the autodiscover results
Twitter!:
Please Note: My Posts are provided “AS IS” without warranty of any kind, either expressed or implied.
I also have the following bit of code in the autodiscover file
<Type>EXHTTP</Type>
<Server>mail.mycompany.com</Server>
<SSL>On</SSL>
<AuthPackage>Ntlm</AuthPackage>
This would seem to be the EXHTTP you were referencing. Again, this value is coming out as NTLM after I change my Outlook Anywhere Authentication method in ECP to Negotiate. Why? Is there a delay between changing that setting in ECP and when
it starts showing up in AutoDiscover queries? If so, what is that delay and how can I change it or force it to update immediately? Or is it that the setting in ECP does not change the auto discover setting and it has to be changed elsewhere?
If that's the case, what do I change, and where do I change it, to alter what autodiscover puts in for AuthPackage in the above snippet of code?

Autodiscover and Outlook Anywhere return http status 401

Hi, I'm having issues with Autodiscovery (externally) and Outlook Anywhere for some users on our Exchange 2010 (SP3, RU2) setup. Just for information, we have Exchange servers at two AD sites (same forest / domain) with each site having 2 combined client
access / hub transport servers and 3 mailbox servers (with 2 stretched DAG's across both sites). Site A is internet facing, but site B isn't.
Autodiscovery
Internally, it's working fine (using the Test E-mail AutoConfiguration option within Outlook 2010). But externally (using the Microsoft TestConnectivity site), autodiscovery fails, returning the following:
Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
Autodiscover settings weren't obtained when the Autodiscover POST request was sent.
+Additional Details
   Elapsed Time: 1783 ms.
   + Test Steps
The Microsoft Connectivity Analyzer is attempting to retrieve an XML Autodiscover response from URL   https://autodiscover.company.com/AutoDiscover/AutoDiscover.xml
for user [email protected].
The Microsoft Connectivity Analyzer failed to obtain an Autodiscover XML response.
  +Additional Details
  An HTTP 401 Unauthorized response was received from the remote Unknown server. This is usually the result of an incorrect username or password. If you    are attempting to log onto an Office 365 service, ensure you are using your
full User Principal Name (UPN).
  Headers received:
  Content-Type: text/html
  Server: Microsoft-IIS/7.5
  WWW-Authenticate: Negotiate,NTLM,Basic realm="autodiscover.company.com"
The odd thing is, if I browse to the autodiscover file location (externally), then I'm prompted for credentials. When I enter the same credentials that I input into the Microsoft connectivity analyser, I do actually get the correct https status 600 response.
Also, within EMS, when I run "Test-OutlookWebServices" on Client Access servers in site B, I see the following results...
RunspaceId : 5c80ec49-f6f8-4f7a-ae63-4ed61a3c966e
Id         : 1104
Type       : Error
Message    : The certificate for the URL https://ExchServer.domain.local/autodiscover/autodiscover.xml is incorrect. For SSL to work, the certificate
needs
              to have a subject of ExchServer.domain.local, but the subject that was found is webmail.Company.com. Consider correcting service discovery,
             or installing a correct SSL certificate.
RunspaceId : 5c80ec49-f6f8-4f7a-ae63-4ed61a3c966e
Id         : 1113
Type       : Error
Message    : When contacting https://ExchServer.domain.local:443/autodiscover/autodiscover.xml received the error The remote server returned
an error:
(500) Internal Server Error.
RunspaceId : 5c80ec49-f6f8-4f7a-ae63-4ed61a3c966e
Id         : 1123
Type       : Error
Message    : The Autodiscover service couldn't be contacted.
However - I can't see where Exchange has pulled the "...domain.local" address from for Autodiscovery. Both Get-AutodiscoveryVirtualDirectory and Get-ClientAccessServer both report the correct URLs/URIs with the FQDN of Company.Com (which are on
the GoDaddy certificate we use both internally and externally).
Outlook Anywhere
Whether my issues with Outlook Anywhere are related to Autodiscover, I'm not sure. Users who's mailbox is located at Site A (internet facing) are fine, and Outlook Anywhere works great. But users who's mailbox is at Site B, can't use Outlook Anywhere (Starting
Outlook in RPCDiag mode shows that it tries to connect, and sometimes establishes a connection for a couple of seconds, then disconnects completely).
Running "Test-OutlookConnectivity -Protocol:http" on a Client Access server at Site B, passes all but the last scenario (Mailbox::Logon), which throws up the following error:
RunspaceId                  : 5c80ec49-f6f8-4f7a-ae63-4ed61a3c966e
ServiceEndpoint             : ExchServer.domain.local
Id                          : MailboxLogon
ClientAccessServer          : ExchServer.domain.local.ad.local
Scenario                    : Mailbox::Logon.
ScenarioDescription         :
PerformanceCounterName      : Mailbox: Logon latency
Result                      : Failure
Error                       :
UserName                    : ad.local\extest_a91a4b4076f24
StartTime                   : 14/01/2014 16:33:27
Latency                     : -00:00:00.0010000
EventType                   : Error
LatencyInMillisecondsString : -1.00
Identity                    :
IsValid                     : True
Testing Outlook Anywhere using Microsoft RCA throws up the error:
RPC Proxy can't be pinged.
An HTTP 401 error was received...
Any help is greatly appreciated. Let me know if I've missed any info!
Thanks
Tony

Hi Guys,
My first chance today to respond!
Firstly - thanks for all the information. I really appreciate it.
Well, the good news is that Outlook Anywhere is now working at Site B. It looks like a combination of disabling Outlook Anywhere at Site B (thanks
Jon), and then being patient and allowing replication to do its stuff (thanks Rhoderck).
However RCA is still showing ‘Failed’ with the following error. If it helps to have the full output, please let me know. Just for info, I chose
the option to test using autodiscovery (rather than manually enter it), which passed fine.
Attempting to ping RPC proxy webmail.company.com.
RPC Proxy can't be pinged.
Additional Details
An HTTP 401 Unauthorized response was received from the remote Unknown server. This is usually the result of an incorrect username or password.
If you are attempting to log onto an Office 365 service, ensure you are using your full User Principal Name (UPN). Headers received: Content-Type: text/html Server: Microsoft-IIS/7.5 WWW-Authenticate: Negotiate,NTLM X-Powered-By: ASP.NET Date: Tue, 21 Jan
2014 09:55:41 GMT Content-Length: 58
Elapsed Time: 1063 ms.
RPCProxy - ValidPorts
Thanks for the 'SoundTrackOfMyLife' link... that looks to be almost identical to my scenario (with the exception of the Kemp LoadMasters). Following
through the troubleshooting, my CAS servers at Site A (Internet Facing) are showing the registry key 'ValidPorts' as...
SiteB-ExchCasSvr01:593;SiteB-ExchCasSvr01:49152-65535
So - should this be...
SiteB-ExchMbxSvr01:6001-6002;SiteB-ExchMbxSvr01:6004;SiteB-ExchMbxSvr01.domain.local:6001-6002;SiteB-ExchMbxSvr01.domain.local:6004;
i.e. I only add ports 6001,6002 and 6004 for mailbox servers only? If so, which sites mailbox servers should I put in here?
SSL Off Loading
We've only really implemented SSL Offloading on the advice from Kemp (it's built in to their Exchange 2010 template). Apparently, the advantage
is the LoadMasters have a dedicated hardware processor for decryption/encryption of SSL traffic, thus taking the load off the Exchange servers. Exactly how much of a load this would normally be for our Exchange servers is unknown. We've followed Kemp's documentation
on unchecking 'Require SSL' for the IIS directories on Site A, and also configured Outlook Anywhere with SSL Offloading through the EMC. This was required as the Kemp's are not re-encrypting traffic to the CAS servers (which are on the same site / LAN
segment), and we're not a bank... so don't need encryption between the LoadMasters and the client access servers.
However, Site B (non internet facing) has 'Require SSL' enabled on IIS directories, since (I guess) traffic is encrypted when performing CAS-CAS
proxying?
I am, as ever, open to suggestions on this design... since our original design was to use TMG for reverse proxy. It was only the end-of-life issue
with TMG, and the fact that we opted for the Kemp LoadMasters (which offered ESP as a replacement to TMG) that swung us down this path.
ESP and SSO are implements on the LoadMaster at Site A (internet facing), which is (was!) not the problem site.
Thanks again for your time and assistance guys. We’re almost there!
Tony

Autodiscover not setting outlook anywhere accordingly

Similar Messages

Maybe you are looking for