Solved

Outlook Anywhere is failing with 401 Authorisation response

Posted on 2011-03-25
6
1,468 Views
Last Modified: 2012-05-11
We are evaluating Ex2010sp1 on WS2008sp2 and finding the set up experience a little discouraging to say the least - but we are learning.

SSL cert is certified to the domain and MAIL, AUTODISCOVER & OWA.
OWA is working fine overt HTTPS.
Trying to configure Outlook Anywhere is throwing a 401 error when we test the audtodiscover connection using www.testexchangeconnectivity.com.

Our Autodiscover, EWS, rcpwithcert
SSL Enabled (Client ignore), Authorisation: Anon, Basic, Windows+Kernal-Mode
OAB
SSL Enabled (Client ignore), Authorisation: Anon, Basic, Windows

In the registry
DisableLoopbackCheck is set 1

All the other checks before autodiscover are successful.

Attempting to send an Autodiscover POST request to potential Autodiscover URLs. 
  Autodiscover settings weren't obtained when the Autodiscover POST request was sent. 
   Test Steps 
   ExRCA is attempting to retrieve an XML Autodiscover response from URL https://mydomain.net/AutoDiscover/AutoDiscover.xml for user firstname.surname@mydomain.net. 
  ExRCA failed to obtain an Autodiscover XML response. 
   Additional Details 
  A Web exception occurred because an [b]HTTP 401 - Unauthorized response was received from Unknown.[/b] 

Open in new window


0
Comment
Question by:robc00
  • 4
  • 2
6 Comments
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35217544
Did you add Anon auth into all those directories?
0
 
LVL 31

Accepted Solution

by:
MegaNuk3 earned 500 total points
ID: 35217584
Add an external DNS SRV record that points to an external name on your cert, which resolves to the external IP address of your CAS server:
http://support.microsoft.com/kb/940881
0
 

Author Closing Comment

by:robc00
ID: 35219813
Yes the anon auth was against all the accounts
As per the MS instruction I removed the autodiscover from the external DNS and gave it time to propergate.
Created a SRV record for the autodiscover and hey-presto the connectivity test passed successfully.
I will not confress to know the true nature of what I did and Why but I bow to your rank of Genius.
Well done & thanks
0
Are end users causing IT problems again?

You’ve taken the time to design and update all your end user’s email signatures, only to find out they’re messing up the HTML, changing the font and ruining the imagery. What can you do to prevent this? Find out how you can save your signatures from end users today.

 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35221429
No problem, thanks for the points.
I'd remove Anon auth from those directories if I were you.
0
 

Author Comment

by:robc00
ID: 35221603
Removing Anon Auth from the autodiscover causes the 401 to remerge - all the others have been adjusted.
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35221719
By default the permission should be Windows Auth only. Then right click on windows auth and choose advanced settings and ensure kernel mode auth is not enabled.

Below is my article on how to do a complete autodiscover reset:

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_4962-7-Steps-to-AutoDiscover-Heaven.html
0

Featured Post

Do email signature updates give you a headache?

Do you feel like you are constantly making changes to email signatures? Are the images not formatting how you want them to? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Not sure what the best email signature size is? Are you worried about email signature image size? Follow this best practice guide.
Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
This video discusses moving either the default database or any database to a new volume.

914 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now