This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

HTTP/1.1 502 Invalid argument for Outlook 2016 requests to AutoDiscover URL

Hi there, I have an on-premise Exchange 2013 server published via WAF and have recently begun running into an issue with Outlook 2016 clients on the internal network.

When the Outlook client attempts to locate its configuration via AutoDiscover, the request ends up being intercepted by the UTM regardless of client proxy settings (and exclusions). UTM then refuses the connection request with an HTTP/1.1 502 Invalid argument error.

I have configured Proxy Auto Configuration with the relevant details to ensure direct connection to the internal server, however this has no effect on the Outlook client. I have also configured a Web Protection exception to skip all checks for our domain and this also has no effect.

What could be causing the "invalid argument" error, or is there any way to bypass the proxy entirely for the host autodiscover.mydomain.com?

Any guidance will be greatly appreciated.



This thread was automatically locked due to age.
Parents
  • Does internal client traffic flow throuh UTM to get to Exchange?

    Are internal devices connecting to Exchange in Https mode?   If yes and if using a Standard proxy, you need a proxy bypass to prevent UTM from doing the DNS lookup and possibly getting the external IP.

  • Hi Douglas,

    We are using Standard proxy mode for internal clients, and normally any requests to internal resources (including Exchange services) are accessed directly due to split-DNS configuration. And internal proxy clients are configured to bypass proxy (either via PAC/WPAD, GPO or manually). External clients would access published services via Sophos WAF.

    I'm baffled as to why Outlook 2016 is seemingly ignoring proxy bypass settings on the client and not accessing the internal resource directly using the internal host IP.

    That said, I would expect the request to pass through the proxy and loop back (not ideal, I know) and still be serviced by the Exchange server, however the 502 error is preventing this.

Reply
  • Hi Douglas,

    We are using Standard proxy mode for internal clients, and normally any requests to internal resources (including Exchange services) are accessed directly due to split-DNS configuration. And internal proxy clients are configured to bypass proxy (either via PAC/WPAD, GPO or manually). External clients would access published services via Sophos WAF.

    I'm baffled as to why Outlook 2016 is seemingly ignoring proxy bypass settings on the client and not accessing the internal resource directly using the internal host IP.

    That said, I would expect the request to pass through the proxy and loop back (not ideal, I know) and still be serviced by the Exchange server, however the 502 error is preventing this.

Children
  • I'm not an Outlook guy, but it sounds like that's where your problem is.  You description of the UTM configuration indicates that all is well in the UTM and that it's functioning as it should.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • It sounds like you have an error in your prixy svript.

    If you do not use proxy-specific function calls, you should be able to copy the proxy file, add a function call with sample dara, and then execute it with Windows Scripting Host (cscript)