locked
ActiveSync Autodiscover fails when QueryBaseDNRestrictionEnabled set to $true in SP1 /hosting mode RRS feed

  • Question

  • Hi,

    I am trying to segregate mailbox users in a single Exchange organization by setting their QueryBaseDNRestrictionEnabled to $true because I don't want them to see each other in the address lists.

    The isolation works fine but there is one very strange problem that appears: the ActiveSync Autodiscover for a mailbox with QueryBaseDNRestrictionEnabled set to $true does not work (it works if QueryBaseDNRestrictionEnabled is set to $false and I tested this several times).

    I tested with ExRCA (the Exchange ActiveSync Autodiscover test) and it returns this error:

    Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
     Autodiscover settings weren't obtained when the Autodiscover POST request was sent.
      Test Steps
       ExRCA is attempting to retrieve an XML Autodiscover response from URL https://[our.domain.com]/autodiscover/Autodiscover.xml for user user.name@clientdomain.com.
       ExRCA failed to obtain an Autodiscover XML response.
        Additional Details
         None of the expected XML elements were found in the XML response.

    The Outlook Autodiscover test in ExRCA passes OK however.

    When doing the test with an iOS device (iPad or iPhone), after filling in the username and the password for the mailbox, the server field is not automatically populated from the Autodiscover (is empty). If I turn off the QueryBaseDNRestrictionEnabled attribute then the server field is properly populated and the configuration works straight away.

    I have properly set all my external URLs for both Autodiscover an ActiveSync virtual dirs.

    In summary - when QueryBaseDNRestrictionEnabled is set to $true it doesn't work, when set to $false - it works. And this is very strange since I don't see the relation between QueryBaseDNRestrictionEnabled and Autodiscover (but who knows what's going on under the hood :-) )

    Can anyone check if this is the case with their setup too? The steps to reproduce are:
    1. Enable QueryBaseDNRestrictionEnabled for a mailbox:

    Get-Mailbox -Organization "Your Organization" -Identity "Mailbox Identity" | Set-Mailbox -QueryBaseDNRestrictionEnabled $true

    2. Use ExRCA with the Exchange ActiveSync Autodiscover test for this mailbox

    Our setup is: Exchange 2010 SP1 with /Hosting, Rollup 6 applied

    Disclaimer: I know that SP1/ hosting has been deprecated by MS but we have consciously decided to continue using it and will not be switching to SP2 for the time being.

    Thank you
    Thursday, March 22, 2012 10:32 AM

Answers

  • That sounds very much like a bug. You should get a case opened so we can investigate. I'll check into this too.

    If you don't want any inside the same tenant to see anyone else you could consider simply enable HiddenFromAddressLists. If you only want to impact several users, then you are going the right way, but it looks like we might have a bug there.

    • Marked as answer by ddenev Friday, March 23, 2012 6:35 AM
    Thursday, March 22, 2012 8:49 PM

All replies

  • That sounds very much like a bug. You should get a case opened so we can investigate. I'll check into this too.

    If you don't want any inside the same tenant to see anyone else you could consider simply enable HiddenFromAddressLists. If you only want to impact several users, then you are going the right way, but it looks like we might have a bug there.

    • Marked as answer by ddenev Friday, March 23, 2012 6:35 AM
    Thursday, March 22, 2012 8:49 PM
  • Thank you for the reply. Could you please advise on where should I report the bug? I tried on connect.microsoft.com but Exchange is not listed there.
    Friday, March 23, 2012 6:35 AM
  • I am trying to segregate mailbox users in a single Exchange organization by setting their QueryBaseDNRestrictionEnabled to $true because I don't want them to see each other in the address list.

    seo next reviews

    Monday, March 26, 2012 6:55 AM
  • You need to call in to support and open a case. As it's a bug there should not be any charge.

    I am still trying to track this down internally, and if I find anything I will report back.

    Monday, March 26, 2012 3:45 PM
  • I don't know if you managed to reproduce the bug but if it will be of any help, I can send you the service/mailbox plan configuration file because it could also be some sort of a combination of features that triggers the bug.
    Monday, March 26, 2012 7:03 PM
  • I have a repro for it now. And SP2 doesn't change it. So my suggestion would be to open that bug, it's very easy to repro, and let's open a bug and see how/if we can get it fixed. 
    Tuesday, March 27, 2012 12:22 AM