I'm currently in the process of migrating from Exchange 2019 to Office 365, but I'm running into some serious issues with Autodiscover. Everything seems set up correctly—our DNS records are good, the certificate is valid, and our virtual directories are functioning well. Email is flowing and Outlook works fine, yet Autodiscover is not cooperating. When I try to access mail.contoso.com/autodiscover/autodiscover.xml, I keep getting prompted for a username and password that it won't accept.
I've gone through the steps to rebuild the virtual directories and double-checked all the URLs and DNS settings, but everything looks fine. The only potential hiccup is that we disabled NTLM across the board a while back, and I've noticed that the error references NTLM.
Additionally, I ran the Microsoft Connectivity Analyzer and got an error stating it failed to obtain an Autodiscover XML response, getting an HTTP 401 Unauthorized error instead. Any advice on how to resolve these Autodiscover issues would be greatly appreciated!
3 Answers
It sounds like the NTLM disablement is causing these authentication popups. Since Kerberos is the main protocol, you should check if it's working properly and ensure that the Windows Authentication is enabled for the Autodiscover IIS service. Also, make sure the Autodiscover SPN is correctly set up in Active Directory for your Exchange server. Try running 'klist get http/Autodiscover.contoso.com' to verify this!
ExOL isn't aware of Kerberos when it comes to tasks like finalizing mailbox moves, so it defaults to NTLM. To move forward with your migration, you'll need to re-enable inbound NTLM on your Exchange servers. You might also need to whitelist your Autodiscover hostnames for NTLM access on your client systems.
Can you point me to a guide on how to re-enable NTLM on the servers? I'll search for one as well.
Are you using the hybrid configuration wizard to set up those connectors, or are you doing it manually? Knowing this could help pinpoint the issue better!
I'm using the wizard to set them up.
We have Kerberos set up on our Exchange. Will that even work with external connections? It's the 365 connector that’s struggling with Autodiscover specifically.