Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

ISA 2006 publishing Exchange 2007 Autodiscover - no auth prompt

2 views
Skip to first unread message

Paul Whitfield

unread,
Jan 28, 2009, 3:04:02 AM1/28/09
to
Hi,
Does anyone have Exchange (and Outlook) 2007 Autodiscover working from
external through ISA 2006? I have every other feature of Exchange (and
Outlook) 2007 working through ISA, but I am having trouble getting
Autodiscover to work. When I try to get Outlook 2007 to auto-configure using
autodiscovery, I enter in firstname...@externaldomain.com as the email
address (this is my primary SMTP address) and the password for my account
(twice). I am then prompted with a dialog "Allow this website to configure
firstname...@externaldomain.com server settings?
https://autodiscover.externaldomain.com/autodiscover/autodiscover.xml
(...etc)" and I click on Allow. Up to this point it appears to be operating
as I expect it to, but then it fails with "An encrypted connection to your
mail server is not available. Click Next to attempt using an unencrypted
connection."

When I check the ISA logs I can see:
DestPort Protocol Action Rule ClientUsername SourceNetwork DestinationNetwork HTTPMethod URL
443 https DeniedConnection Publish:OutlookAnywhere anonymous - - POST http://autodiscover.externaldomain.com/autodiscover/autodiscover.xml
443 https DeniedConnection Publish:OutlookAnywhere anonymous - - POST http://autodiscover.externaldomain.com/autodiscover/autodiscover.xml
80 http AllowedConnection Publish:OutlookAnywhere anonymous - - GET http://autodiscover.externaldomain.com/autodiscover/autodiscover.xml

If I am reading this right, the POST method is getting denied twice because
it has not authenticated (and is therefore anonymous). I have read that SSL
listeners using Forms Based Authentication (FBA) in ISA2006 will fail back to
Basic authentication when it recognises that the client is not a browser.
Accordingly I have got RPC/HTTP working with this failback Basic auth, but
the autodiscover part of Outlook 2007 does not seem to be failing back to
Basic auth and I am therefore not getting prompted for a username/password. I
am not sure if the email address and password entered in the wizard is meant
to help with this in some way, but it does not seem to be working.

However, if I connect via RPC/HTTP first and then use the option Test Email
AutoConfiguration (hold shift and right click on the Outlook icon in the
system tray), enter in the email address and password, have only "Use
Autodiscover" ticked, and click on the Test button, it succeeds. The ISA logs
show the first POST being denied becuase it is anonymous just like before,
but the second POST succeeds as it is authenticated as domain\username. I
think this is succeeding because I have SSO configured and I have already
authenticated.

Can anyone confirm that they are getting prompted for authentication or that
the details in the wizard should be providing the authentication? I am happy
to provide details of my config if it will help, but this post is already
very long.

Thanks
Paul Whitfield

Andrew Hodgson

unread,
Apr 6, 2009, 12:09:55 PM4/6/09
to
On Wed, 28 Jan 2009 00:04:02 -0800, Paul Whitfield
<PaulWh...@discussions.microsoft.com> wrote:

>Hi,
>Does anyone have Exchange (and Outlook) 2007 Autodiscover working from
>external through ISA 2006? I have every other feature of Exchange (and
>Outlook) 2007 working through ISA, but I am having trouble getting
>Autodiscover to work. When I try to get Outlook 2007 to auto-configure using
>autodiscovery, I enter in firstname...@externaldomain.com as the email
>address (this is my primary SMTP address) and the password for my account
>(twice). I am then prompted with a dialog "Allow this website to configure
>firstname...@externaldomain.com server settings?
>https://autodiscover.externaldomain.com/autodiscover/autodiscover.xml
>(...etc)" and I click on Allow. Up to this point it appears to be operating
>as I expect it to, but then it fails with "An encrypted connection to your
>mail server is not available. Click Next to attempt using an unencrypted
>connection."

Hi,

I am having exactly the same issue - with the autodiscover server -
everything else is working fine. Did you ever get a fix for it?

Thanks.
Andrew.

adbadb

unread,
May 7, 2010, 1:47:51 AM5/7/10
to
Hi Paul

Did you manage to fix this?

Regards

Adrian

PaulWhitfiel wrote:

ISA 2006 publishing Exchange 2007 Autodiscover - no auth prompt
28-Jan-09

Thanks
Paul Whitfield

Previous Posts In This Thread:

On Wednesday, January 28, 2009 3:04 AM
PaulWhitfiel wrote:

ISA 2006 publishing Exchange 2007 Autodiscover - no auth prompt

Thanks
Paul Whitfield


Submitted via EggHeadCafe - Software Developer Portal of Choice
Server Side Processing in ADO.NET/WCF Data Services
http://www.eggheadcafe.com/tutorials/aspnet/db179aed-47fa-4f86-a4bf-4f6f92a76585/server-side-processing-in.aspx

0 new messages