Forum Discussion
Teams Room System with Exchage 2010 Hybrid
LinusCansby That statement is surprising to me because on-premises autodiscover would simply refer the MTR (after the initial HTTP POST) to Office 365 autodiscover, at which point authentication would occur, and then full supported connection to EWS services against the EXO mailbox. I fully agree that EWS on Ex2010 is not supported but I've never seen a statement that says autodiscover wouldn't work - especially to refer you to a higher version of Exchange. Do you have an authoritative URL that states that Ex2010 not supported for autodiscover with MTR?
Marc Mönnikes You should look at the MTR logs, event logs, and if needed, watch the network traffic to get a better handle on the issue. This could be a failure in multiple places:
- If you are not using certificates from a public CA on your Exchange and AD-FS environments, then the MTR system will require your Root CA certificate in its Trusted Root certificate store. Without, secure TLS sessions will not work from MTR to the remote systems.
- If you are using certificates from a public CA, make sure the MTR has the appropriate Root & Intermediary certificates in its certificate store. You could still have a certificate chain problem that would prevent secure TLS sessions from working.
- If you have a proxy server in your environment, MTR may need the proxy information configured in order to egress from your corporate network.
- Additionally, the proxy server must have authentication (sometimes called pre-authentication) turned off and should not utilize SSL-break inspection (sometimes called SSL decrypt). Implementation of either of those two proxy features causes all sorts of problems, including the scenario you are describing.
- If you have AD-FS in your environment, there was a known issue in with MTR version 4.0.105 with AD-FS implementations that blocked basic authentication capabilities. Modern Authentication is supported in the newest version of MTR (4.4.25) but Ex2010 doesn't support it. Due to your hybrid environment, you'll need basic authentication available in order to complete the initial autodiscover request.
- Additionally, you should take a look at EXO and see if you have basic authentication turned off there.
rovert506 Depends what you think is an authoritative URL. But this statement is from Microsoft:
"Microsoft Teams Rooms doesn't support Exchange AutoDiscover redirects via Exchange 2010."
https://docs.microsoft.com/en-us/MicrosoftTeams/rooms/rooms-operations
LinusCansby HA - indeed, I see the entry at the very bottom. Thanks for the reference.
- If you are not using certificates from a public CA on your Exchange and AD-FS environments, then the MTR system will require your Root CA certificate in its Trusted Root certificate store. Without, secure TLS sessions will not work from MTR to the remote systems.
- Hello,
thank you for your fast reply.
Autodiscover points to "on premise" Exchange 2010 server.
Is there a workaround?
RegardsMarc Mönnikes You can test to add a autodiscover record in the MTR localhost file. Check a IP for
autodiscover.outlook.com and use that in the localhosts file.Hello,
first of all, "thank you" to everyone who joined the discussion with tips and tricks.
Today i have used a dedicated DNS server (internal) for the device.
On this server i have created a cname entry for autodiscover.domainname.com to the outlook 365 autodiscover server.
So my exchange server is not used.
Similar as the idea to add IP adress to host file.
Now, the device shows no error.
Exchange 2010 seems not to be supported.
It is really hard to find this information.
Tomorrow i will do some tests with the device.
Hope, the workaround will help until we migrate to exchange 2016
Thank you
Regards
