Solved

Outlook Anywhere is failing with 401 Authorisation response

Posted on 2011-03-25
6
1,508 Views
Last Modified: 2012-05-11
We are evaluating Ex2010sp1 on WS2008sp2 and finding the set up experience a little discouraging to say the least - but we are learning.

SSL cert is certified to the domain and MAIL, AUTODISCOVER & OWA.
OWA is working fine overt HTTPS.
Trying to configure Outlook Anywhere is throwing a 401 error when we test the audtodiscover connection using www.testexchangeconnectivity.com.

Our Autodiscover, EWS, rcpwithcert
SSL Enabled (Client ignore), Authorisation: Anon, Basic, Windows+Kernal-Mode
OAB
SSL Enabled (Client ignore), Authorisation: Anon, Basic, Windows

In the registry
DisableLoopbackCheck is set 1

All the other checks before autodiscover are successful.

Attempting to send an Autodiscover POST request to potential Autodiscover URLs. 
  Autodiscover settings weren't obtained when the Autodiscover POST request was sent. 
   Test Steps 
   ExRCA is attempting to retrieve an XML Autodiscover response from URL https://mydomain.net/AutoDiscover/AutoDiscover.xml for user firstname.surname@mydomain.net. 
  ExRCA failed to obtain an Autodiscover XML response. 
   Additional Details 
  A Web exception occurred because an [b]HTTP 401 - Unauthorized response was received from Unknown.[/b] 

Open in new window


0
Comment
Question by:robc00
  • 4
  • 2
6 Comments
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35217544
Did you add Anon auth into all those directories?
0
 
LVL 31

Accepted Solution

by:
MegaNuk3 earned 500 total points
ID: 35217584
Add an external DNS SRV record that points to an external name on your cert, which resolves to the external IP address of your CAS server:
http://support.microsoft.com/kb/940881
0
 

Author Closing Comment

by:robc00
ID: 35219813
Yes the anon auth was against all the accounts
As per the MS instruction I removed the autodiscover from the external DNS and gave it time to propergate.
Created a SRV record for the autodiscover and hey-presto the connectivity test passed successfully.
I will not confress to know the true nature of what I did and Why but I bow to your rank of Genius.
Well done & thanks
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35221429
No problem, thanks for the points.
I'd remove Anon auth from those directories if I were you.
0
 

Author Comment

by:robc00
ID: 35221603
Removing Anon Auth from the autodiscover causes the 401 to remerge - all the others have been adjusted.
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35221719
By default the permission should be Windows Auth only. Then right click on windows auth and choose advanced settings and ensure kernel mode auth is not enabled.

Below is my article on how to do a complete autodiscover reset:

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_4962-7-Steps-to-AutoDiscover-Heaven.html
0

Featured Post

Free Webinar: AWS Backup & DR

Join our upcoming webinar with experts from AWS, CloudBerry Lab, and the Town of Edgartown IT to discuss best practices for simplifying online backup management and cutting costs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
MS Outlook is a world-class email client application that is mainly used for e-communication globally.  In this article, we will discuss the basic idea about MS Outlook, its advanced features, and types of MS Outlook File formats.
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question