Solved

Outlook Anywhere is failing with 401 Authorisation response

Posted on 2011-03-25
6
1,453 Views
Last Modified: 2012-05-11
We are evaluating Ex2010sp1 on WS2008sp2 and finding the set up experience a little discouraging to say the least - but we are learning.

SSL cert is certified to the domain and MAIL, AUTODISCOVER & OWA.
OWA is working fine overt HTTPS.
Trying to configure Outlook Anywhere is throwing a 401 error when we test the audtodiscover connection using www.testexchangeconnectivity.com.

Our Autodiscover, EWS, rcpwithcert
SSL Enabled (Client ignore), Authorisation: Anon, Basic, Windows+Kernal-Mode
OAB
SSL Enabled (Client ignore), Authorisation: Anon, Basic, Windows

In the registry
DisableLoopbackCheck is set 1

All the other checks before autodiscover are successful.

Attempting to send an Autodiscover POST request to potential Autodiscover URLs. 
  Autodiscover settings weren't obtained when the Autodiscover POST request was sent. 
   Test Steps 
   ExRCA is attempting to retrieve an XML Autodiscover response from URL https://mydomain.net/AutoDiscover/AutoDiscover.xml for user firstname.surname@mydomain.net. 
  ExRCA failed to obtain an Autodiscover XML response. 
   Additional Details 
  A Web exception occurred because an [b]HTTP 401 - Unauthorized response was received from Unknown.[/b] 

Open in new window


0
Comment
Question by:robc00
  • 4
  • 2
6 Comments
 
LVL 31

Expert Comment

by:MegaNuk3
Comment Utility
Did you add Anon auth into all those directories?
0
 
LVL 31

Accepted Solution

by:
MegaNuk3 earned 500 total points
Comment Utility
Add an external DNS SRV record that points to an external name on your cert, which resolves to the external IP address of your CAS server:
http://support.microsoft.com/kb/940881
0
 

Author Closing Comment

by:robc00
Comment Utility
Yes the anon auth was against all the accounts
As per the MS instruction I removed the autodiscover from the external DNS and gave it time to propergate.
Created a SRV record for the autodiscover and hey-presto the connectivity test passed successfully.
I will not confress to know the true nature of what I did and Why but I bow to your rank of Genius.
Well done & thanks
0
Want to promote your upcoming event?

Attending an event? Speaking at a conference? Or exhibiting at a tradeshow? Easily inform your contacts by using a promotional banner in your email signature. This will ensure your organization’s most important contacts are in the know.

 
LVL 31

Expert Comment

by:MegaNuk3
Comment Utility
No problem, thanks for the points.
I'd remove Anon auth from those directories if I were you.
0
 

Author Comment

by:robc00
Comment Utility
Removing Anon Auth from the autodiscover causes the 401 to remerge - all the others have been adjusted.
0
 
LVL 31

Expert Comment

by:MegaNuk3
Comment Utility
By default the permission should be Windows Auth only. Then right click on windows auth and choose advanced settings and ensure kernel mode auth is not enabled.

Below is my article on how to do a complete autodiscover reset:

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_4962-7-Steps-to-AutoDiscover-Heaven.html
0

Featured Post

Want to promote your upcoming event?

Is your company attending an event or exhibiting at a trade show soon? Are you speaking at a conference? Spread the word by using a promotional banner in your email signature. This will ensure your organization’s most important contacts are in the know.

Join & Write a Comment

Resolve DNS query failed errors for Exchange
Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now