none
Autodiscover 401 Error

    Question

  • Hi,

    I am trying to get Autodiscover working on my Exchange 2010 Server. I am getting the following error from the Microsoft Remote Connectivity Analyzer:

    Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
      Autodiscover settings weren't obtained when the Autodiscover POST request was sent.
     
    Additional Details
     
    Elapsed Time: 724 ms.
     
    Test Steps
     
    The Microsoft Connectivity Analyzer is attempting to retrieve an XML Autodiscover response from URL https://mail2010.mydomain.org/Autodiscover/Autodiscover.xml for user administrator@mydomain.org.
      The Microsoft Connectivity Analyzer failed to obtain an Autodiscover XML response.
     
    Additional Details
     
    An HTTP 401 Unauthorized response was received from the remote Unknown server. This is usually the result of an incorrect username or password. If you are attempting to log onto an Office 365 service, ensure you are using your full User Principal Name (UPN).
    Headers received:
    Content-Type: text/html
    Server: Microsoft-IIS/7.5
    WWW-Authenticate: Basic realm="mail2010.mydomain.org",Negotiate,NTLM
    X-Powered-By: ASP.NET
    Date: Sat, 04 Jan 2014 05:22:01 GMT
    Content-Length: 58
    Elapsed Time: 723 ms.

    Any thoughts on how to troubleshoot this error?

    Saturday, January 04, 2014 5:22 AM

Answers

  • OK, I managed to solve the problem. NTLMv1 needs to be enabled for this to work. I had my server set to use only NTLMv2, which is why I was getting this error. Still, this behavior does not make sense to me - seems like this is a bug.
    • Marked as answer by Іван Saturday, January 18, 2014 4:12 PM
    Saturday, January 18, 2014 4:12 PM

All replies

  • If you do a Get-ClientAccessServer | Fl What is set for : AutoDiscoverServiceInternalUri.
    Check if its pointing to correct url, if not set it to the URL you want users to connect to
    Saturday, January 04, 2014 2:40 PM
  • Hi,

    I set it to the correct value, but I am still getting the same error from the analyzer.

    Saturday, January 04, 2014 6:59 PM
  • Hi,

    According to the test result, ExRCA accessed the URL:
    https://mail2010.mydomain.org/Autodiscover/Autodiscover.xml

    As far as I know, the proper URL is as following when Outlook tries to connect by using DNS:
    https://autodiscover.contoso.com/autodiscover/autodiscover.xml

    Thus, to confirm Autodiscover service externally works well, we need the following configuration:
    1. Add an DNS entry about Autodicover.smtpaddresssuffixes points to the proper IP address.
    2. Add the host name Autodicover.smtpaddresssuffixes in your certificate.

    Thanks,

     


    Angela Shi
    TechNet Community Support

    Monday, January 06, 2014 9:31 AM
  • Hi,

    I had that URL configured in an earlier iteration - I was getting the same exact result from connectivity analyzer, so I know the problem does not lie there.

    Tuesday, January 07, 2014 12:40 AM
  • Hi,

    To narrow down the cause, I’d to recommend the following troubleshooting:

    1. Check the result of accessing the following URL:
    https://autodisocover.domain.com/autodiscover/autodiscover.xml
    2. Check the configuration of Autodiscover service:
    Get-autodiscovervirtualdirectory |fl
    3. Check your certificate: get-exchangecertificate |fl

    Thanks,

     


    Angela Shi
    TechNet Community Support

    Wednesday, January 08, 2014 3:14 AM
  • Hi,

    1. Do you mean open the URL in IE?

    2. & 3. Nothing in particular jumps out at me as problematic. Anything specific I should be looking at? Or do you want me to paste the entire output here?

    Thanks

    Friday, January 10, 2014 3:17 AM
  • OK, I managed to solve the problem. NTLMv1 needs to be enabled for this to work. I had my server set to use only NTLMv2, which is why I was getting this error. Still, this behavior does not make sense to me - seems like this is a bug.
    • Marked as answer by Іван Saturday, January 18, 2014 4:12 PM
    Saturday, January 18, 2014 4:12 PM
  • Hello

    Error 401 is an authentication error.

    Try and make "DisableLoopbackCheck" key under -

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa

    Reset IIS, and check.

    Sunday, January 19, 2014 3:16 AM
  • Hi,

    Please see my post above, I tracked this down to an NTLM version issue.

    Sunday, January 19, 2014 2:37 PM