?
Solved

Outlook Anywhere is failing with 401 Authorisation response

Posted on 2011-03-25
6
Medium Priority
?
1,543 Views
Last Modified: 2012-05-11
We are evaluating Ex2010sp1 on WS2008sp2 and finding the set up experience a little discouraging to say the least - but we are learning.

SSL cert is certified to the domain and MAIL, AUTODISCOVER & OWA.
OWA is working fine overt HTTPS.
Trying to configure Outlook Anywhere is throwing a 401 error when we test the audtodiscover connection using www.testexchangeconnectivity.com.

Our Autodiscover, EWS, rcpwithcert
SSL Enabled (Client ignore), Authorisation: Anon, Basic, Windows+Kernal-Mode
OAB
SSL Enabled (Client ignore), Authorisation: Anon, Basic, Windows

In the registry
DisableLoopbackCheck is set 1

All the other checks before autodiscover are successful.

Attempting to send an Autodiscover POST request to potential Autodiscover URLs. 
  Autodiscover settings weren't obtained when the Autodiscover POST request was sent. 
   Test Steps 
   ExRCA is attempting to retrieve an XML Autodiscover response from URL https://mydomain.net/AutoDiscover/AutoDiscover.xml for user firstname.surname@mydomain.net. 
  ExRCA failed to obtain an Autodiscover XML response. 
   Additional Details 
  A Web exception occurred because an [b]HTTP 401 - Unauthorized response was received from Unknown.[/b] 

Open in new window


0
Comment
Question by:robc00
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
6 Comments
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35217544
Did you add Anon auth into all those directories?
0
 
LVL 31

Accepted Solution

by:
MegaNuk3 earned 2000 total points
ID: 35217584
Add an external DNS SRV record that points to an external name on your cert, which resolves to the external IP address of your CAS server:
http://support.microsoft.com/kb/940881
0
 

Author Closing Comment

by:robc00
ID: 35219813
Yes the anon auth was against all the accounts
As per the MS instruction I removed the autodiscover from the external DNS and gave it time to propergate.
Created a SRV record for the autodiscover and hey-presto the connectivity test passed successfully.
I will not confress to know the true nature of what I did and Why but I bow to your rank of Genius.
Well done & thanks
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35221429
No problem, thanks for the points.
I'd remove Anon auth from those directories if I were you.
0
 

Author Comment

by:robc00
ID: 35221603
Removing Anon Auth from the autodiscover causes the 401 to remerge - all the others have been adjusted.
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35221719
By default the permission should be Windows Auth only. Then right click on windows auth and choose advanced settings and ensure kernel mode auth is not enabled.

Below is my article on how to do a complete autodiscover reset:

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_4962-7-Steps-to-AutoDiscover-Heaven.html
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will help to fix the below errors for MS Exchange Server 2013 I. Certificate error "name on the security certificate is invalid or does not match the name of the site" II. Out of Office not working III. Make Internal URLs and Externa…
If you troubleshoot Outlook for clients, you may want to know a bit more about the OST file before doing your next job. IMAP can cause a lot of drama if removed in the accounts without backing up.
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
This video discusses moving either the default database or any database to a new volume.
Suggested Courses

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question