locked
Exchange 2010 AutoDiscover 401 unauthorized RRS feed

  • Question

  • HI

    i have problem on exchange 2010 autodiscover publishing via TMG , the test rule is ok but any user try to use Autodicover externally the TMG logs shows error 401 unauthorized .

    we faced this problem with external users only and i don't know if the below Blog is applicable for our case because it seems the author explain if you have this issue internal and our test commands have been tested successfully

    http://clintboessen.blogspot.com/2009/06/autodiscover-issue-401-unauthorized.html

    AND test result on https://www.testexchangeconnectivity.com as below

    ExRCA is attempting to retrieve an XML Autodiscover response from URL https://autodiscover.xxx.com/AutoDiscover/AutoDiscover.xml for user fadi@xx.com

    ExRCA failed to obtain an Autodiscover XML response.

    Additional Details



    An HTTP 401 Unauthorized response was received from the remote Unknown server. This is usually the result of an incorrect username or password. If you are attempting to log onto an Office 365 service, ensure you are using your full User Principal Name (UPN).

    Best Regards, Fadi.F.Haddad

    Friday, February 15, 2013 11:55 AM

Answers

  • it seems the problem was solved because now i can get good result  on test exchange connectivity website but not  on my mobile .  there was problem  on  password and this is what confused me because we have a public certificate . 

    Best Regards, Fadi.F.Haddad

    Monday, February 18, 2013 8:17 PM

All replies

  • How is your rule setup for AutoDiscover?  I have autodiscover.domain.com listed as a public name in my ActiveSync rule in which the listener is using FBA with AD and the "Authentication Delegation" tab on the rule is set to Basic Authentication.

    Jason Apt, Microsoft Certified Master | Exchange 2010 My Blog

    Friday, February 15, 2013 1:57 PM
  • I have rule on TMG with public name for autodiscover.domain.com , Basic authentication and RADIUS on listener and  "Authentication Delegation is no delegation but client can authenticate directly.   

    Best Regards, Fadi.F.Haddad

    Friday, February 15, 2013 11:22 PM
  • Hi Fadi,

    Can you create a separate rule ( for testing) with FBA on listener and basic auth in rule.

    Make sure audiscover fqdn should be added in rule and basic auth should be set in virtual directory of CAS .



    Yogesh Malhotra http://flickr/photos/yogeshmalhotra

    Saturday, February 16, 2013 3:11 AM
  • I tried the above instructions with same error. can send me step by step blog how to publish autodisvcoer on TMG if you have  

    Best Regards, Fadi.F.Haddad

    Saturday, February 16, 2013 9:28 PM
  • On Sat, 16 Feb 2013 21:28:23 +0000, Fadi Fawwaz Haddad wrote:
     
    >I tried the above instructions with same error. can send me step by step blog how to publish autodisvcoer on TMG if you have
     
    How about this?
    http://www.microsoft.com/en-us/download/details.aspx?displaylang=en&id=8946
     
    ---
    Rich Matheisen
    MCSE+I, Exchange MVP
     

    --- Rich Matheisen MCSE+I, Exchange MVP
    Saturday, February 16, 2013 10:02 PM
  • I tried the above instructions with same error. can send me step by step blog how to publish autodisvcoer on TMG if you have  

    Best Regards, Fadi.F.Haddad

    This is an old link for 2007 but still relevent for TMG :

    http://technet.microsoft.com/library/bb794751.aspx

    Also have you disable FBA on CAS ?


    Yogesh Malhotra http://flickr/photos/yogeshmalhotra

    Sunday, February 17, 2013 9:24 AM
  • yes i disabled FBA on CAS ,please give me time to review the above documents 

    Best Regards, Fadi.F.Haddad

    Sunday, February 17, 2013 8:52 PM
  • and the rule should say "all users" and not "authenticated users".

    Do you have that on the separate AutoD publishing rule?


    Cheers,

    Rhoderick

    Microsoft Senior Exchange PFE

    Blog: http://blogs.technet.com/rmilne  Twitter:   LinkedIn:   Facebook:   XING:

    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Sunday, February 17, 2013 11:50 PM
  • HI All,

    I have observed  that my rule is not working only for Activesync autodiscover only because  i tried outlook autodiscover on test connectivity website with successful test.

    when i tried activesync autodiscover on mobile and on  test connectivity website it failed .

    Authentication on Microsoft-Server-ActiveSync is Basic authentication only  .

    I have two rules one for autodicover and the other one is for others VD.

    Any Idea 


    Best Regards, Fadi.F.Haddad

    Monday, February 18, 2013 6:45 AM
  • My suggestion is to create a separate rule for EAS and then check it , keep above mentioned rules in mind.

    also share the connectivity test error if it still occurs after a new separate rule.

    Please note that separate Rules are not a necessity but still it's good to do it.

    Monday, February 18, 2013 7:40 AM
  • it seems the problem was solved because now i can get good result  on test exchange connectivity website but not  on my mobile .  there was problem  on  password and this is what confused me because we have a public certificate . 

    Best Regards, Fadi.F.Haddad

    Monday, February 18, 2013 8:17 PM