Autodiscover service is working internally but not externally. I have setup 2 CAS server and 2 ISA 2006 servers. When i am trying to connect from Internet, it found autodiscover.company.com once i logged in it's prompt me again to login but showing the mailbox server name (instead of autodiscover). I have set the clientauth to ntlm through set-outlookanywhere. Test email config showing that autodiscover is connected successfully.Autodiscover to https://autodiscover.Company.com/autodiscover/autodiscover.xml startingAutodiscover to https://autodiscover.Company.com/autodiscover/autodiscover.xml succeeded (0x0000000)I would really appreciate if anyone help me to resolve this.Thanks and Regards,Nitinnitin_pangerkar

Hi Nitin, Firstly, please check whether I understand current situation correctly. If I am off base, please let me know. The Outlook is able to connect to Autodiscover services to configure Outlook Profile successfully from Internet. Nevertheless, when you attempt to login the profile to access your mailbox through Outlook Anywhere, the Outlook is prompted for authentication again and again and not allow you to access mailbox. If I understand the problem correctly, I would like to explain that the issue may relate to Outlook Anywhere instead of Autodiscover. If I understand the problem incorrect, would you please describe the issue more detailed? Whether the Outlook prompts for authentication when Outlook connects to Autodiscover Service to configure profile. If you manually configure Outlook Anywhere profile on the client, whether the client is able to connect to Exchange server through Outlook Anywhere. For your reference: Using ISA Server 2006 with Outlook Anywhere http://technet.microsoft.com/en-us/library/bb331965.aspx ~~~~~~~~~~~~~~~~ Mike Shen TechNet Subscriber Support in forum If you have any feedback on our support, please contact tngfb@microsoft.com ~~~~~~~~~~~~~~~~

Hi Mike,Thanks for your reply. The Outlook is prompted for authentication again and again and not allow me to access mailbox. You are right. It seems the issue with outlook anywhere not the autodiscover. I have gone through the above link and have already setup the rule as per doc. I have also setup the rule forOWA and active sync and both are working fine.Please let me know if you need any more detail on this.Thanks and Regards,Nitinnitin_pangerkar

Hi Nitin, Thanks for your response. Firstly, I suggest you configure Outlook Anywhere in internal client to check whether the Outlook Anywhere is able to work internally. If the Outlook Anywhere works internally, we can conclude that the Outlook Anywhere is configured correctly on Exchange Server. We may need to check whether any Device or Firewall affect the RPC over HTTPs traffic. You can select the On fast network, connect using HTTP first, then connect using TCP/IP to force internal client connect to Exchange server through RPC over HTTP firstly. After that, please start Outlook with rpcdiag command and check the connection status. If the Outlook Anywhere works internally, you should be connect to Exchange through HTTP. If the Outlook Anywhere does not work internally, it will fail over to TCP connection. Thanks, Mike

Hi Mike,Thanks for your reply again.Outlook Anywhere is workingfine for internal clients. I checked the proxy settings and "Onslow network, connect using HTTP first, then connect using TCP/IP" was selected automatically and Proxy authentication NTLM. I used Test Email AutoConfiguration but couldn't find any error message from Internet. When I run TestExchange Connectivity(www.testexchangeconnectivity.com), I got the following error message. I have already set IIS Authentication Method to Basic and NTLM through Set-Outlookanywhere. Integrated Windows Authentication has selected for RPC. "Testing Http Authentication Methods for URL https://autodiscover.Company.com/rpc/rpcproxy.dll. Http Authentication Test failed." Thanks,Nitinnitin_pangerkar

Hi Nitin, Please understand that in internal fast network, by default, the Outlook connects to Exchange Server using RPC Over TCP. Therefore, in order to check whether Outlook Anywhere works internally, you need to select option On fast network. In addition, after Outlook connects to Exchange server, you need to right click the Outlook icon and click Connection Status. Please ensure the Conn tab shows HTTPs instead of TCP/IP. It is because Outlook will fail over to TCP connection if the RPC over HTTP connection fails. If the Outlook Anywhere works internally, I suggest you change authentication method to basic instead of the NTLM to check whether the issue persists. Note: Please configure Outlook Anywhere by using Basic authentication through both EMC and IISAdmin tool. After that, please restart IIS and check the result. In addition, if a San certificate is configured Web Site, I suggest you refer to following article to configure ISA server: Certificates with Multiple SAN Entries May Break ISA Server Web Publishing http://blogs.technet.com/isablog/archive/2007/08/29/certificates-with-multiple-san-entries-may-break-isa-server-web-publishing.aspx If the issue persists after changing Authentication method to Basic, please also check IIS log on CAS server. Whether you can see RPC_DATA_IN and RPC_DATA_OUT Verbs when the external client attempt to connect to Exchange Server like below: 2009-06-22 07:47:57 W3SVC1 192.168.1.1 RPC_IN_DATA /rpc/rpcproxy.dll mb.lab.com:6001 443 lab\administrator 192.168.1.7 MSRPC 200 0 64 2009-06-22 07:47:57 W3SVC1 192.168.1.1 RPC_OUT_DATA /rpc/rpcproxy.dll mb.lab.com:6001 443 lab\administrator 192.168.1.7 MSRPC 200 0 64 Note: 200 means successful. If you get other code, please post related IIS log here. ~~~~~~~~~~~~~~~~ Mike Shen TechNet Subscriber Support in forum If you have any feedback on our support, please contact tngfb@microsoft.com ~~~~~~~~~~~~~~~~

Hi Mike,I changed the Authentication to Basic but getting the same login prompt. When I ran Test Exchange Connectivity, It was successfully ping RPC proxy butgot thebelow error.Attempting to ping RPC Endpoint 6001 (Exchange Information Store) on server MBX001 Failed to ping Endpoint Additional Details An RPC Error was thrown by the RPC Runtime. Error 1818 1818 I am getting the following IIS logs2009-11-27 06:59:46 W3SVC1 CAS001 RPC_IN_DATA /rpc/rpcproxy.dll MBX001.domainname:6004 443 - ISA001 MSRPC 401 2 52009-11-27 06:59:46 W3SVC1 CAS001 RPC_OUT_DATA /rpc/rpcproxy.dll MBX001.domainname:6004 443 - ISA001 MSRPC 401 2 5Thanks,Nitinnitin_pangerkar

Is there a firewall somewhere here? That error is indicative of your CAS server not being able to contact the mailbox server on TCP 6004.err 1818# for decimal 1818 / hex 0x71a : RPC_S_CALL_CANCELLED winerror.h# The remote procedure call was cancelled.Thanks, Brian Desmond Active Directory MVP www.briandesmond.com Active Directory, 4th Edition - www.briandesmond.com/ad4/

Hi Nitin, In addition to Brain, the error 402.5 means access is denied due to server configuration favoring an alternate authentication method. Therefore, please check whether the Outlook Anywhere authentication method, IIS RPC Virtual Server authentication method and the Outlook client authentication method has been changed to Basic authentication. In addition, please restart IIS server on the CAS server after changing Authentication method. In addition, I suggest you run RPCPing tool on the Client Access Server to troubleshoot the issue. Whether are you able to get same error? For your reference: http://support.microsoft.com/kb/831051/en-us RPCPing.exe t ncacn_http o RpcProxy=<RPCProxyServer> -u 10 a connect v 3 E -P username,domain,password H 1 F 3 RpcPing t ncacn_http s ExchangeMBXServer o RpcProxy=RpcProxyServer P user,domain,password I user,domain,password H 1 F 3 a connect u 10 v 3 e 6001 RpcPing t ncacn_http s ExchangeMBXServer o RpcProxy=RpcProxyServer P user,domain,password I user,domain,password H 1 F 3 a connect u 10 v 3 e 6002 RpcPing t ncacn_http s ExchangeMBXServer o RpcProxy=RpcProxyServer P user,domain,password I user,domain,password H 1 F 3 a connect u 10 v 3 e 6004 Thanks, Mike

Hi Mike,Finally I was able to loginthrough outlook anywhere. I changed the Client authentication method, IIS authentication menthod and IIS RPC virtual server to Basic then I restarted IIS server.I really appreciate your help to resolve this issue.Thank you so much.Thanks and Regards,Nitinnitin_pangerkar

Hi Nitin, Thanks for your response. I am glad to know that the Outlook Anywhere issue could be solved after chaning authentication method to Basic. ~~~~~~~~~~~~~~~~ Mike Shen TechNet Subscriber Support in forum If you have any feedback on our support, please contact tngfb@microsoft.com ~~~~~~~~~~~~~~~~