Monday, October 4, 2010

Autodiscover issue with ISA2006 or Forefront TMG

I had a client where autodiscover was working fine internally however external clients could not perform autodiscover requests. The client is running forefront threat management gateway 2010.

When running the exchange remote connectivity analyzer from http://www.testexchangeconnectivity.com I received the following error:

ExRCA is attempting to send an Autodiscover POST request to potential Autodiscover URLs.
Autodiscover settings weren't obtained when the Autodiscover POST request was sent.
Test Steps
Attempting to Retrieve XML AutoDiscover Response from url https://autodiscover.vnc.qld.edu.au/AutoDiscover/AutoDiscover.xml for user administrator@vnc.qld.edu.au
Failed to obtain AutoDiscover XML response.
Tell me more about this issue and how to resolve it
Additional Details
An HTTP 403 error was received because ISA Server denied the specified URL.

ExRCA is attempting to contact the Autodiscover service using the HTTP redirect method.
The attempt to contact Autodiscover using the HTTP Redirect method failed.
Test Steps
Attempting to resolve the host name autodiscover.vnc.qld.edu.au in DNS.
Host successfully resolved
Additional Details
IP(s) returned: 203.206.132.236

Testing TCP Port 80 on host autodiscover.vnc.qld.edu.au to ensure it is listening and open.
The port was opened successfully.
Checking Host autodiscover.vnc.qld.edu.au for an HTTP redirect to AutoDiscover
ExRCA failed to get an HTTP redirect response for Autodiscover.
Tell me more about this issue and how to resolve it
Additional Details
An HTTP 403 error was received because ISA Server denied the specified URL.

ExRCA is attempting to contact the Autodiscover service using the DNS SRV redirect method.
Failed to contact AutoDiscover using the DNS SRV redirect method.
Test Steps
Attempting to locate SRV record _autodiscover._tcp.vnc.qld.edu.au in DNS.
The Autodiscover SRV record wasn't found in DNS.
Tell me more about this issue and how to resolve it




To resolve this open the exchange rule on your ISA server or TMG. On the public names tab add the autodiscover record.



On the paths tab add in the autodiscover directory.

7 comments:

  1. Many thanks for your help Clint.

    now I'm having problem with:

    Checking the IIS configuration for client certificate authentication.
    Client certificate authentication was detected.

    Additional Details
    Accept/Require client certificates were found. Set the IIS configuration to Ignore Client Certificates if you aren't using this type of authentication.

    ReplyDelete
  2. Thanks for that - saved me pulling my hair out!

    ReplyDelete
  3. Thank you very much for posting this Clint, information here has saved me today!

    ReplyDelete
  4. Thanks so much for posting this - Definitely solved my issue!!!!
    MS should update their publish exchange 2010 web server wizard in TMG to add autodiscover!

    ReplyDelete
  5. Superstar Clint, still got it buddy! - Steven

    ReplyDelete