0

we are trying to get outlook anywhere working using NTLM, at the moment im stuck on autodiscover failing on my ntlm rule.

Rule Settings:

From: Anywhere
To: Internalmail.domain
Traffic: HTTP/HTTPS
Listener:-
Certificate: Valid GoDaddy
Authentication: HTTP Autentication, only Integrated Checked
Redirect all HTTP to HTTPS
Public Name: autodiscover.domain.co.uk, mail.domain.co.uk
Paths: /unfiedmessaging/*,/rpc/*,/public/*,/OAB/*,/ews/*,/AutoDiscover/*

NTLM is set on anywhere for the exchange 2013 server

testconnectivity.microsoft.com returns these errors

Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
    Autodiscover settings weren't obtained when the Autodiscover POST request was sent.

    Additional Details

Elapsed Time: 430 ms.

    Test Steps

    The Microsoft Connectivity Analyzer is attempting to retrieve an XML Autodiscover response from URL https://autodiscover.domain.co.uk/autodiscover/autodiscover.xml for user test2013@domain.co.uk.
    The Microsoft Connectivity Analyzer failed to obtain an Autodiscover XML response.
     Tell me more about this issue and how to resolve it

    Additional Details

An HTTP 403 error was received because ISA Server denied the specified URL.
Headers received:
Connection: close
Pragma: no-cache
Content-Length: 2024
Cache-Control: no-cache
Content-Type: text/html
Elapsed Time: 430 ms.

ISA ERROR

Original Client IP  Client Agent    Authenticated Client    Referring Server    Destination Host Name   Transport   MIME Type   Object Source   Bidirectional   Filter Information  Network Interface   Raw IP Header   Raw Payload GMT Log Time    Source Port Processing Time Bytes Sent  Bytes Received  Result Code HTTP Status Code    Cache Information   Error Information   Log Record Type Log Time    Destination IP  Destination Port    Protocol    Action  Rule    Client IP   Client Username Source Network  Destination Network HTTP Method URL Server Name Service Source Proxy    Destination Proxy   Client Host Name    Authentication Server
0.0.0.0 Microsoft+Office/12.0+(TestExchangeConnectivity.com)    Yes     autodiscover.domain.co.uk   TCP     Internet        Req ID: 0fefa4e9; Compression: client=No, server=No, compress rate=0% decompress rate=0%    -   -   -   04/10/2013 10:42:43 0   16  2303    1488        12202 The ISA Server denied the specified Uniform Resource Locator (URL).   0x8 0x280   Web Proxy Filter    04/10/2013 11:42:43 192.168.1.10    443 https   Denied Connection   Exchange NTLM Access    207.46.14.63    domain\test2013 External        POST    http://autodiscover.domain.co.uk/autodiscover/autodiscover.xml  ISA Reverse Proxy   -   -   -
AlexW
  • 133
  • 5
  • Run a log trace on your ISA server for requests that match the traffic. ISA will tell you which rule is denying the traffic. – Chris McKeown Oct 04 '13 at 11:57
  • The ntlm rule (above) ive created is the one denying the traffic – AlexW Oct 04 '13 at 13:05
  • Could you paste the results of the deny in ISA? – Chris McKeown Oct 04 '13 at 18:27
  • Hang on, you're using integrated authentication on the inbound rule? Not sure this'll work for external clients - besides, Autodiscover connections probably won't be authenticated anyway – Chris McKeown Oct 07 '13 at 12:06
  • yeah we want to use NTLM auth for our domain joined hardware, you can see that a username is being passed to isa though, so it must be? – AlexW Oct 07 '13 at 13:15

0 Answers0