Over the last several months, we have seen many customers adopting Microsoft Teams, even if their mailboxes are still hosted in an on-premises environment. One of the common issues in this scenario i...
Updated Nov 09, 2023
Version 8.0
Blog Post
We are having issues with our Oauth setup.
We don't use classic full hybrid yet but we want to enable calendar entergration from on-prem to Teams.
Multiple people and experienced people fromMS have not found the solution and premium support doesn't know the answer as well. This have been goin on for 3 months now and no one seems to know the issue and where to troubleshoot. Is it a f5 issue? exchange server issue? We have tried so many things but no luck.
autodiscover.xxx.com points to hybrid.xxxx.com externally.
If we test from on-prem to outside it works. If we test from out to inside we cannot get a successful connection.
In the curl tests we did it somehow returns our internal ip instead of the external ip/dns name like it should.
We had 2 different occasions where it worked briefly and it returned the correct output but most of the times its broken. No one seems to know why and we are stuck in our migration.
Does someone know where the redirection comes from? We have an external and internal F5/proxy.
Because when the redirection works the connection returns a success result.
This is the wrong output:
[xxx@xxxx:Active:In Sync] ~ # curl -vk https://10.52.144.30/owa/
* Trying 10.xx.xxx.xx...
* Connected to 10.xx.xxx.xx (10.xx.xxx.xx) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server accepted to use h2
* Server certificate:
* subject: C=xx; ST=xxxxx; L='xxxxx; O=xxxxxx (xxx); CN=hybrid.xxx.nl
* start date: Oct 18 10:02:13 2023 GMT
* expire date: Oct 18 09:57:00 2024 GMT
* issuer: C=xx; O=xxx Trustlink B.V.; CN=xxx Europe SSL CA G2
* SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* TCP_NODELAY set
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0xed6280)
> GET /owa/ HTTP/1.1
> Host: 10.xx.xxx.xx
> User-Agent: curl/7.47.1
> Accept: */*
>
* Connection state changed (MAX_CONCURRENT_STREAMS updated)!
< HTTP/2.0 302
< content-type:text/html; charset=utf-8
< location:https://10.xx.xxx.xx/owa/auth/logon.aspx?url=https%3a%2f%2f10.xx.xxx.xx%2fowa%2f&reason=0
< server:Microsoft-IIS/10.0
< request-id:dbd48089-6001-4bfe-9781-d006f18c2048
< x-owa-version:15.2.1258.27
< x-powered-by:ASP.NET
< x-feserver:SR13009
< date:Tue, 02 Jan 2024 14:45:43 GMT
< content-length:210
<
<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="https://10.xx.xxx.xx/owa/auth/logon.aspx?url=https%3a%2f%2f10.xx.xxx.xx%2fowa%2f&reason=0">here</a>.</h2>
</body></html>
* Connection #0 to host 10.xx.xxx.xx left intact
This is the correct output that worked briefly for one minute or so:
[xxxx@xxxx:Active:In Sync] / # curl --header 'Host: hybrid.xxx.nl' https://hybrid.xxx.nl/owa
<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="https://hybrid.xxx.nl/owa/auth/logon.aspx?url=https%3a%2f%2fhybrid.xxx.nl%2fowa&reason=0">here</a>.</h2>
</body></html>
This is the error message from the analyzer:
Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
Autodiscover settings weren't obtained when the Autodiscover POST request was sent.
Test Steps
The Microsoft Connectivity Analyzer is attempting to retrieve an XML Autodiscover response from URL https://autodiscover.xxx.nl/Autodiscover/Autodiscover.xml for user email address removed for privacy reasons.
The Microsoft Connectivity Analyzer failed to obtain an Autodiscover XML response.
Additional Details
Exception details:
Message: The underlying connection was closed: An unexpected error occurred on a receive.
Type: System.Net.WebException
Stack trace:
at System.Net.HttpWebRequest.GetResponse()
at Microsoft.M365.RCA.Services.RcaHttpRequest.GetResponse()
Exception details:
Message: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.
Type: System.IO.IOException
Stack trace:
at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.FixedSizeReader.ReadPacket(Byte[] buffer, Int32 offset, Int32 count)
at System.Net.Security._SslStream.StartFrameHeader(Byte[] buffer, Int32 offset, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security._SslStream.StartReading(Byte[] buffer, Int32 offset, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security._SslStream.ProcessRead(Byte[] buffer, Int32 offset, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.TlsStream.Read(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.PooledStream.Read(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.Connection.SyncRead(HttpWebRequest request, Boolean userRetrievedStream, Boolean probeRead)
Exception details:
Message: An existing connection was forcibly closed by the remote host
Type: System.Net.Sockets.SocketException
Stack trace:
at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size)
Attempting to contact the Autodiscover service using the DNS SRV redirect method.
The Microsoft Connectivity Analyzer failed to contact the Autodiscover service using the DNS SRV redirect method.
Test Steps
Attempting to locate SRV record _autodiscover._tcp.xxx.nl in DNS.
The Autodiscover SRV record wasn't found in DNS.
Tell me more about this issue and how to resolve it
Additional Details
No DNS SRV records were found for _autodiscover._tcp.xxx.nl.