I have an f5 load balanced 4 node exchange 2013 installation that has all facilities working- except outlook anywhere.
The exchange testconnectivity test fails for both Outlook connectivity and Autodiscover connectivity.
I have verified that the urls are published correctly and exist on the certificate. Using the connectivity test I am getting a 401 error: (yes the credentials work internally)
An HTTP 401 Unauthorized response was received from the remote Unknown server. This is usually the result of an incorrect username or password. If you are attempting to
log onto an Office 365 service, ensure you are using your full User Principal Name (UPN).
HTTP Response Headers:
request-id: 36c2a29b-4f18-49ee-a8dc-747e3fcbfde8
Set-Cookie: ClientId=UCXAVARP0ELHULUFLNQ; expires=Wed, 15-Feb-2017 23:16:31 GMT; path=/; HttpOnly,LastMRH_Session=2a64f5f1;path=/;secure,MRHSession=16a55c5fdb2054d1761b8a722a64f5f1;path=/;secure
Server: Microsoft-IIS/8.5
WWW-Authenticate: Negotiate YHgGCSqGSIb3EgECAgMAfmkwZ6ADAgEFoQMCAR6kERgPMjAxNjAyMTYyMzE2MzFapQQCAlEbpgMCATypEBsOUkZTLk5TVy5HT1YuQVWqGDAWoAMCAQGhDzANGwtzdmItZXhjaDAyJKwRBA8wDaEDAgEBogYEBGoAAMA=,NTLM,Basic
realm="autodiscover.company.com"
X-Powered-By: ASP.NET
X-FEServer: (one of our exchange servers)
Date: Tue, 16 Feb 2016 23:16:30 GMT
Content-Length: 0
Expires: Thu, 01 Dec 1994 16:00:00 GMT
The F5's I think are configured correctly as they are showing the kerberos ticket passed through to AD. IIS
Outlook Anywhere Authentication types are set to
ExternalClientAuthenticationMethod : NtlmInternalClientAuthenticationMethod : Ntlm
IISAuthenticationMethods : {Basic, Ntlm, Negotiate}
I have tried logging on to our external autodiscover site- autodiscover.company.com/autodiscover/autodiscover.xml. It prompts for credentials but will not accept any credentials at all. Is this correct?
I cannot make this work. any guidance appreciated.