AutoDiscover not working behind WAF on 9.510

Hi NickT,

do you followed the guide from Sophos to configure your WAF?
https://sophserv.sophos.com/repo_kb/120454/file/Configuring%20UTM%20firewall%20for%20Exchange.pdf

Best Regards
DKKDG

I have.

I'm using the boxed Exchange Autodiscover firewall profile.

If I use a firewall profile with no protection, I get an SSL error.

The certificate couldn't be validated because SSL negotiation wasn't successful. This could have occurred as a result of a network error or because of a problem with the certificate installation.

Certificate is valid and properly installed.

Hi NickT,

which certificate did you use?

Look up in the guide.
There stands that you have to use the exchange certificate instead of the firewall.

Best Regards
DKKDG

I followed the guide to the letter.  I'm getting inconsistent results with the remote connectivity analyzer.  It either can't connect on port 443 or cannot handshake SSL.

I have two WAN connections for redundancy and load balancing.  There are virtual web servers linked to each WAN connection.  I have two A records for autodiscover.domain.com, one for each WAN connection.

It's worth noting that OWA works in this configuration.

Hi NickT,

do you have any other services on the UTM e.g. User Portal or Remote Access that listen on port 443?

If so change the port of the User Portal or Remote Access.

Keep in mind that changing the remote access port need a configuration update on your clients.

Best Regards
DKKDG

I do have other services listening on port 443, but they are listening on different public IPs.  We have 2 WAN connections, each with a block of 5 static IPs.  I'll double check to make sure there are no conflicts.

Interestingly, OWA works behind the WAF.

"Outlook Anywhere works, while autodiscover does not."

What do you see in the Web Application Firewall log when Autodiscover doesn't work?

Cheers - Bob
PS I moved this thread to the Web Server Security forum.