AshlingGarry
asked on
Autodiscover Externally 403 Forbidden Error
Hi,
Trying to get OLA working externally with Exchange 2010.
Correct autodiscover.ourdomain.com
External DNS Name setup correctly and nslookup working externally
ExternalURl set through powershell.
The https://autodiscover.ourdomain.com/AutoDiscover/AutoDiscover.xml is resolving to the xml file internally without issue.
Externally, I get a 403:Forbidden. Access is denied error. when I try the URL above
Authentication on the Autodiscover Website is Basic and Windows Enabled, all else disabled. (tried it with Anonymous enabled also.)
testexchangeconnectivity.c
Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
Autodiscover settings weren't obtained when the Autodiscover POST request was sent.
Test Steps
ExRCA is attempting to retrieve an XML Autodiscover response from URL https://autodiscover.ourdomain.com/AutoDiscover/AutoDiscover.xml for user smtp@ourdomain.com.
ExRCA failed to obtain an Autodiscover XML response.
Additional Details
An HTTP 403 forbidden response was received. The response appears to have come from Unknown. Body of the response: You do not have permission to view this directory or page.
Any ideas would be much appreciated.
Kind regards.
Trying to get OLA working externally with Exchange 2010.
Correct autodiscover.ourdomain.com
External DNS Name setup correctly and nslookup working externally
ExternalURl set through powershell.
The https://autodiscover.ourdomain.com/AutoDiscover/AutoDiscover.xml is resolving to the xml file internally without issue.
Externally, I get a 403:Forbidden. Access is denied error. when I try the URL above
Authentication on the Autodiscover Website is Basic and Windows Enabled, all else disabled. (tried it with Anonymous enabled also.)
testexchangeconnectivity.c
Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
Autodiscover settings weren't obtained when the Autodiscover POST request was sent.
Test Steps
ExRCA is attempting to retrieve an XML Autodiscover response from URL https://autodiscover.ourdomain.com/AutoDiscover/AutoDiscover.xml for user smtp@ourdomain.com.
ExRCA failed to obtain an Autodiscover XML response.
Additional Details
An HTTP 403 forbidden response was received. The response appears to have come from Unknown. Body of the response: You do not have permission to view this directory or page.
Any ideas would be much appreciated.
Kind regards.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Log entry below - not sure if can provide any more info?
2011-10-25 13:55:09 x.x.x.x POST /AutoDiscover/AutoDiscover
2011-10-25 13:55:48 x.x.x.x POST /AutoDiscover/AutoDiscover
2011-10-25 13:56:35 ::1 POST /powershell serializationLevel=Full;Ex
2011-10-25 13:55:09 x.x.x.x POST /AutoDiscover/AutoDiscover
2011-10-25 13:55:48 x.x.x.x POST /AutoDiscover/AutoDiscover
2011-10-25 13:56:35 ::1 POST /powershell serializationLevel=Full;Ex
The port number used in the request is 80, which indicates that plain http is being used. Hence the 403.4 SSL Required response. I haven't seen TestExchangeConnectivity recently, but is there a field where you type the URL in? If so, did you type https or http?
ASKER
I have the option to ignore trust for SSL - I tried this ticked and unticked.
I can't resolve the https://autodiscover.ourdomain.com/AutoDiscover/AutoDiscover.xml externally.
I get 403 forbidden, internally it works fine..
I can't resolve the https://autodiscover.ourdomain.com/AutoDiscover/AutoDiscover.xml externally.
I get 403 forbidden, internally it works fine..
Something strange is happening if the recorded port number is 80 - it should be 443 for https. Have a look at your router configuration - maybe incoming port 443 is mapped to port 80 internally? Or do you have an ISA server? The problem may be there.
ASKER
I had to reset the AutoDiscover Virtual Directory within IIS, and ensure that the external DNS entries existed for each of the SMTP Domains. (They were registered on our SAN certificate)
Thanks for your help.
Thanks for your help.
ASKER
Final solution found was contributed to by the Experts above.
ASKER