Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 2 subscribers
  • Views 4168 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

autodiscover.domain.com getting blocked, causing Outlook 365 authentication window to not load properly

Matt Carlin

So our users aren't currently able to re-authenticate in Outlook if they change their password because the authentication window is popping up blank.

Here's the blocked error I get from the live log:

2019:12:09-15:11:18 utm httpproxy[24965]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="172.20.4.99" dstip="52.97.146.152" user="" group="" ad_domain="" statuscode="500" cached="0" profile="REF_HttProContaExterNetwo (profile)" filteraction="REF_HttCffRdsFilteActio (filter action)" size="150" request="0x9d48a00" url="autodiscover.domain.com/" referer="" error="Connection refused" authtime="0" dnstime="2" aptptime="0" cattime="70" avscantime="0" fullreqtime="2740" device="0" auth="0" ua="" exceptions="ssl" category="105" reputation="neutral" categoryname="Business"

I tried adding the URL to the exceptions list, skipping SSL scanning (and all of the checks actually for testing purposes), but that didn't make a difference.

I then found some similar topics online, with more or less the same issue verbatim, with the suggestion to add a DNS group for autodiscover.domain.com under Misc > Skip Transparent Mode Destination Hosts/Nets. However, this also did not work despite me seeing in three separate topics that this resolved the problem.

Adding the DNS group, I started seeing a new blocked error though:

2019:12:09-15:46:05 utm httpproxy[24965]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="POST" srcip="172.20.4.99" dstip="40.100.174.216" user="" group="" ad_domain="" statuscode="502" cached="0" profile="REF_HttProContaExterNetwo (profile)" filteraction="REF_HttCffRdsFilteActio (filter action)" size="2539" request="0xa86fc00" url="autodiscover.domain.com/.../autodiscover.xml" referer="" error="Input/output error" authtime="0" dnstime="3" aptptime="0" cattime="40" avscantime="694" fullreqtime="10363" device="0" auth="0" ua="Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.11328; Pro)" exceptions="" category="105" reputation="neutral" categoryname="Business" sandbox="-"

Some extra details:

  • The filter profile is in transparent mode, and it's set to "decrypt and scan".
  • The filter action allows all categories with "block spyware infection and communication" turned on and "block websites with a reputation threshold of: suspicious".
  • I make exceptions in the Web Protection > Filtering Options area, rather than using the filter action, because I have multiple filter actions (for other devices) and I find it easier to keep track of everything in the same place. I don't know if there's any real functional difference between the two though, but up until now everything has worked as expected with this approach.

Any ideas?

 

Thanks,

Matt



This thread was automatically locked due to age.
Parents Reply Children
No Data
Unfiltered HTML