Julian Mooren1709156280 Posted July 17, 2017 Share Posted July 17, 2017 Hi, Im configuring Exchange 2016 in my lab environment and having problems with the "Autodiscover" service. When I remove the 401 Authentication on the autodiscover vServer everything is working flawless. After reading serveral whitepapers and blogs this should be the correct configuration: - OWA: FBA - ECP: FBA - ActiveSync: 401 - Autodiscover: 401 - Remaing: None This is the result of the Microsoft Remote Connectivity Tool: The Microsoft Connectivity Analyzer is attempting to retrieve an XML Autodiscover response from URL https://autodiscover.domain.de:443/Autodiscover/Autodiscover.xml for user test@domain.de. The Microsoft Connectivity Analyzer failed to obtain an Autodiscover XML response. Additional Details An HTTP 401 Unauthorized response was received from the remote Unknown server. This is usually the result of an incorrect username or password. If you are attempting to log onto an Office 365 service, ensure you are using your full User Principal Name (UPN).HTTP Response Headers:request-id: ebc671e7-1ca1-4b92-8207-6b003f426345X-CasErrorCode: UnauthenticatedRequestCache-Control: privateServer: Microsoft-IIS/10.0WWW-Authenticate: Negotiate,NTLM,Basic realm="autodiscover.domain.de"X-AspNet-Version: 4.0.30319X-Powered-By: ASP.NETX-FEServer: EX01Date: Mon, 17 Jul 2017 14:50:22 GMTContent-Length: 0Set-Cookie: NSC_TMAA=2829d751fe703f17f0c06ff44ebb4033;HttpOnly;Path=/;,NSC_TMAS=247fc3bab2d6b592609a6e80a405f4f3;Secure;HttpOnly;Path=/;,NSC_TMAP=xyz;Path=/;expires=Wednesday, 09-Nov-1999 23:12:40 GMT;,NSC_TMAV=xyz;Path=/;expires=Wednesday, 09-Nov-1999 23:12:40 GMT;Elapsed Time: 1011 ms. The config of my AAA server looks like: Name: AAA_Exchange2016 Certificate: Wildcard Primary Authentication: LDAP (SAM & UPN Policy) --> SSO Attribut "userPrincipalName" 401 Based Servers: ActiveSync, Autodiscover Form Based Servers: OWA, ECP Session Policy: OWA SSO Profile (HTTP.REQ.URL.CONTAINS("/owa/auth/logon.aspx") Load Balancing vServer Name: lb_exch2016_autodiscovery Protocol: SSL Persistence: SourceIP Timeout: 30mins 401 Based Authentication: ON Authentication Virtual Server: AAA_Exchange2016 Content Switch Policies nsconmsg -d current -g_hits result: NetScaler NS11.1: Build 49.16.ncreltime:mili second between two records Mon Jul 17 16:01:00 2017 Index rtime totalcount-val delta rate/sec symbol-name&device-no 0 7148 183336 9 1 route_tot_hits route(127.0.0.0_255.0.0.0) 1 0 638887 79 11 route_tot_hits route(192.168.2.0_255.255.255.0) 2 0 175948 4 0 route_tot_hits route(0.0.0.0_0.0.0.0_192.168.2.253) 3 7161 529 6 0 pol_hits Policy(LDAP_Lab_SAM) 4 0 814 6 0 pol_hits Policy(LDAP_Lab_UPN) 5 0 242 6 0 pcp_hits cspolicy(cs_pol_autodiscovery) 6 0 69 1 0 pcp_hits tmsession(SETTMSESSPARAMS_ADV_POL) 7 0 62 6 0 pcb_hits cs_pol(cs_pol_autodiscovery)(cs_exchange2016) 8 0 69 1 0 pcb_hits policyBinding_26_10000000081_GLOBAL REQ_DEFAULT_65534(SETTMS ESSPARAMS_ADV_POL) 9 0 183357 21 2 route_tot_hits route(127.0.0.0_255.0.0.0) 10 0 638993 106 14 route_tot_hits route(192.168.2.0_255.255.255.0) 11 0 175971 23 3 route_tot_hits route(0.0.0.0_0.0.0.0_192.168.2.253) 12 0 2297 1 0 ssl_ctx_tot_session_hits vserver_ssl_192.168.2.250:443(cs_exchange201 6) 13 7074 183369 12 1 route_tot_hits route(127.0.0.0_255.0.0.0) 14 0 639058 65 9 route_tot_hits route(192.168.2.0_255.255.255.0) 15 0 175976 5 0 route_tot_hits route(0.0.0.0_0.0.0.0_192.168.2.253) Did I miss something? Link to comment Share on other sites More sharing options...
Robert Pate Posted April 16, 2018 Share Posted April 16, 2018 Hi, I am having similar issues. Did you ever figure this out? Link to comment Share on other sites More sharing options...
Julian Mooren1709156280 Posted April 17, 2018 Author Share Posted April 17, 2018 Hello Robert, you need to disable ADAL on the client (registry) or upgrade to NetScaler >= 12.x HKCU\SOFTWARE\Microsoft\Office\16.0\Common\Identity\EnableADAL (REG_DWORD 0) For more Information: https://support.citrix.com/article/CTX216539 Julian Link to comment Share on other sites More sharing options...
Robert Pate Posted April 17, 2018 Share Posted April 17, 2018 Hi Julian, I actually saw this article, though we are already using NS 12.0, plus are using Outlook 2013 clients. Thanks for the info though. Link to comment Share on other sites More sharing options...
Sascha Böcker Posted May 3, 2019 Share Posted May 3, 2019 I have the same issue with the Microsoft Connectivity Analyzer and Autodiscover. NetScaler Firmware: NS12.1 51.19.nc Link to comment Share on other sites More sharing options...
Mauro Trabucco Posted January 13, 2020 Share Posted January 13, 2020 Hi everyone, I have the same issue. We tried also to set HKCU\SOFTWARE\Microsoft\Office\16.0\Common\Identity\EnableADAL (REG_DWORD 0), but it didn't work. Do you solve with some settings. Thanks a lot, Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now