Background
Exchange Server Standard 2013 (CU13) running on premises on Windows Server 2012 R2 (fully updated) on a 2012 R2 Active Directory Domain.
- External DNS is set correctly: autodiscover.mydomain.com successfully results from an external connection
- Wildcard SSL certificate is installed and functional
- I can access https://autodiscover.mydomain.com/autodiscover/autodiscover.xml from an external connection. I am prompted for username and password, which are accepted and I am then presented with a page showing Error 600 (expected result).
- AutoDiscover works and tests fine on the internal LAN.
Problem
However, I cannot get AutoDiscover to function over the Internet.
- I cannot get Outlook to connect via an external connection: not when using Outlook 2013 nor when using Outlook for Android or iOS. Outlook Web Access does work, but that is not relevant.
- https://testconnectivity.microsoft.com/ reports the following error:
.
Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
Autodiscover settings weren't obtained when the Autodiscover POST request was sent.
Additional Details
Test Steps
The Microsoft Connectivity Analyzer is attempting to retrieve an XML Autodiscover response from URL https://autodiscover.mydomain.com:443/Autodiscover/Autodiscover.xml for user testuser@mydomain.com.
The Microsoft Connectivity Analyzer failed to obtain an Autodiscover XML response.
Additional Details
An HTTP 401 Unauthorized response was received from the remote Unknown server.
This is usually the result of an incorrect username or password.
If you are attempting to log onto an Office 365 service, ensure you are using your full User Principal Name (UPN).
HTTP Response Headers:
request-id: 03440b6d-56e0-405c-9f4e-eb663abca5b
Set-Cookie: ClientId=AFD789F9E0A427AB; expires=Tue, 26-Sep-2017 12:53:11 GMT; path=/; HttpOnly
Server: Microsoft-IIS/8.5
WWW-Authenticate: Basic realm="autodiscover.mydomain.com",Negotiate,NTLM
X-Powered-By: ASP.NET
X-FEServer: EXCHANGE-SERVER
Date: Mon, 26 Sep 2016 12:53:11 GMT
Content-Length: 0
Elapsed Time: 424 ms.
Attempted Solutions
Per https://community.spiceworks.com/topic/550046-exchange-autodiscover-not-working-correctly-in-2010-2013-environment I have checked my bindings in IIS and see nothing amiss. Here they are:
Default Web Site: http Port:80 IP:*, net.pipe Binding:*, net.msmq Binding:localhost, msmq.formatname Binding:localhost, net.tcp Binding:808:*, https Port:443, http Port:80 IP:127.0.0.1, http Port:443 IP:127.0.0.1
Exchange Back End: http Port:81 IP:*, https Port:444 IP:*, net.pipe Binding:*Per https://social.technet.microsoft.com/Forums/exchange/en-US/cc9ffe71-b4fe-4217-9343-14956ccf30d9/autodiscover-authentication?forum=exchangesvrgenerallegacy and http://www.itnotes.eu/?p=2455 I have checked authentication methods for the
/Autodiscover
application in IIS. Anyonymous, Basic, and Windows are enabled for/Autodiscover
and Anonymous and Windows are enabled for the/Autodiscover
Exchange Back End
.- I have checked that
Authenticated users
have permissions to the/Autodiscover
applications in IIS. ForDefault Web Site
,/Autodiscover
hasAllow Read
permissions forAuthenticated Users
. ForExchange Back End
,/Autodiscover
hasAllow
Read & execute
,List folder contents
andRead
forAuthenticated Users
I'm really stuck here. I have no idea why this isn't working.