[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1562
  • Last Modified:

Outlook Anywhere is failing with 401 Authorisation response

We are evaluating Ex2010sp1 on WS2008sp2 and finding the set up experience a little discouraging to say the least - but we are learning.

SSL cert is certified to the domain and MAIL, AUTODISCOVER & OWA.
OWA is working fine overt HTTPS.
Trying to configure Outlook Anywhere is throwing a 401 error when we test the audtodiscover connection using www.testexchangeconnectivity.com.

Our Autodiscover, EWS, rcpwithcert
SSL Enabled (Client ignore), Authorisation: Anon, Basic, Windows+Kernal-Mode
OAB
SSL Enabled (Client ignore), Authorisation: Anon, Basic, Windows

In the registry
DisableLoopbackCheck is set 1

All the other checks before autodiscover are successful.

Attempting to send an Autodiscover POST request to potential Autodiscover URLs. 
  Autodiscover settings weren't obtained when the Autodiscover POST request was sent. 
   Test Steps 
   ExRCA is attempting to retrieve an XML Autodiscover response from URL https://mydomain.net/AutoDiscover/AutoDiscover.xml for user firstname.surname@mydomain.net. 
  ExRCA failed to obtain an Autodiscover XML response. 
   Additional Details 
  A Web exception occurred because an [b]HTTP 401 - Unauthorized response was received from Unknown.[/b] 

Open in new window


0
robc00
Asked:
robc00
  • 4
  • 2
1 Solution
 
MegaNuk3Commented:
Did you add Anon auth into all those directories?
0
 
MegaNuk3Commented:
Add an external DNS SRV record that points to an external name on your cert, which resolves to the external IP address of your CAS server:
http://support.microsoft.com/kb/940881
0
 
robc00Author Commented:
Yes the anon auth was against all the accounts
As per the MS instruction I removed the autodiscover from the external DNS and gave it time to propergate.
Created a SRV record for the autodiscover and hey-presto the connectivity test passed successfully.
I will not confress to know the true nature of what I did and Why but I bow to your rank of Genius.
Well done & thanks
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
MegaNuk3Commented:
No problem, thanks for the points.
I'd remove Anon auth from those directories if I were you.
0
 
robc00Author Commented:
Removing Anon Auth from the autodiscover causes the 401 to remerge - all the others have been adjusted.
0
 
MegaNuk3Commented:
By default the permission should be Windows Auth only. Then right click on windows auth and choose advanced settings and ensure kernel mode auth is not enabled.

Below is my article on how to do a complete autodiscover reset:

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_4962-7-Steps-to-AutoDiscover-Heaven.html
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now