Outlook Anywhere NTLM with ISA 2006, AutoDiscover failing, isa denying the url (Exchange 2013

Hi all,

we are trying to get outlook anywhere working using NTLM, at the moment im stuck on autodiscover failing on my ntlm rule.

Rule Settings:-
From: Anywhere
To: Internalmail.domain
Traffic: HTTP/HTTPS
Listener:-
Certificate: Valid GoDaddy
Authentication: HTTP Autentication, only Integrated Checked
Redirect all HTTP to HTTPS
Public Name: autodiscover.domain.co.uk, mail.domain.co.uk
Paths: /unfiedmessaging/*,/rpc/*,/public/*,/OAB/*,/ews/*,/AutoDiscover/*

NTLM is set on anywhere for the exchange 2013 server

testconnectivity.microsoft.com returns these errors
Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
 	Autodiscover settings weren't obtained when the Autodiscover POST request was sent.
 	
	Additional Details
 	
Elapsed Time: 430 ms.
 	
	Test Steps
 	
	The Microsoft Connectivity Analyzer is attempting to retrieve an XML Autodiscover response from URL https://autodiscover.domain.co.uk/autodiscover/autodiscover.xml for user test2013@domain.co.uk.
 	The Microsoft Connectivity Analyzer failed to obtain an Autodiscover XML response.
 	 Tell me more about this issue and how to resolve it
 	
	Additional Details
 	
An HTTP 403 error was received because ISA Server denied the specified URL.
Headers received:
Connection: close
Pragma: no-cache
Content-Length: 2024
Cache-Control: no-cache
Content-Type: text/html
Elapsed Time: 430 ms.

Open in new window

LVL 1
awilderbeastAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Mahesh SharmaCommented:
Probably you may try changing authentication delegation in the isa connection to basic authentication
0
awilderbeastAuthor Commented:
but wont that break it, with me wanting to use NTLM?
0
awilderbeastAuthor Commented:
i tried it anyway and it failed
0
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

Mahesh SharmaCommented:
What about authentication
Is it for All user or All Authenticated Users
0
awilderbeastAuthor Commented:
auth is set to all authenticated users
0
Mahesh SharmaCommented:
Try with All Users & test it out
0
awilderbeastAuthor Commented:
i have done, same error both times, apart from with all users, all traffic goes as anon. with auth on, the last denied entry comes through as the user
0
awilderbeastAuthor Commented:
turns out my ISA configuration was correct, i needed some exchange configuration that MS sorted for me
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
awilderbeastAuthor Commented:
as above
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Forefront ISA Server

From novice to tech pro — start learning today.