SOLVED

Issues with integration of exchange on-prem to Teams

Copper Contributor

We are having issues with out Oauth setup.

Multiple people and experienced people with MS have not found the solution and premium support doesn't know the answer as well.

 

autodiscover.xxx.com point to hybrid.xxxx.com externally. 

If we test from on-prem to outside it works. If we test from out to inside we cannot get a successful connection. 

 

In the curl tests we did it somehow returns our internal ip instead of the external ip/dns name like it should. 

After weeks of trying we had 2 different occasions where it worked briefly and it returned the correct output but most of the times its broken. No one seems to know why and we are stuck in our migration.

 

Does someone know where this can be setup? We have an external and internal F5/proxy.

 

This is the wrong output:

[xxx@xxxx:Active:In Sync] ~ # curl -vk https://10.52.144.30/owa/
* Trying 10.xx.xxx.xx...
* Connected to 10.xx.xxx.xx (10.xx.xxx.xx) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server accepted to use h2
* Server certificate:
* subject: C=xx; ST=xxxxx; L='xxxxx; O=xxxxxx (xxx); CN=hybrid.xxx.nl
* start date: Oct 18 10:02:13 2023 GMT
* expire date: Oct 18 09:57:00 2024 GMT
* issuer: C=xx; O=xxx Trustlink B.V.; CN=xxx Europe SSL CA G2
* SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* TCP_NODELAY set
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0xed6280)
> GET /owa/ HTTP/1.1
> Host: 10.xx.xxx.xx
> User-Agent: curl/7.47.1
> Accept: */*
>
* Connection state changed (MAX_CONCURRENT_STREAMS updated)!
< HTTP/2.0 302
< content-type:text/html; charset=utf-8
< location:https://10.xx.xxx.xx/owa/auth/logon.aspx?url=https%3a%2f%2f10.xx.xxx.xx%2fowa%2f&reason=0
< server:Microsoft-IIS/10.0
< request-id:dbd48089-6001-4bfe-9781-d006f18c2048
< x-owa-version:15.2.1258.27
< x-powered-by:ASP.NET
< x-feserver:SR13009
< date:Tue, 02 Jan 2024 14:45:43 GMT
< content-length:210
<
<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="https://10.xx.xxx.xx/owa/auth/logon.aspx?url=https%3a%2f%2f10.xx.xxx.xx%2fowa%2f&amp;reason=0">here</a>.</h2>
</body></html>
* Connection #0 to host 10.xx.xxx.xx left intact

 

This is the correct output that worked briefly for one minute or so:

[xxxx@xxxx:Active:In Sync] / # curl --header 'Host: hybrid.xxx.nl' https://hybrid.xxx.nl/owa

<html><head><title>Object moved</title></head><body>

<h2>Object moved to <a href="https://hybrid.xxx.nl/owa/auth/logon.aspx?url=https%3a%2f%2fhybrid.xxx.nl%2fowa&amp;reason=0">here</a>.</h2>

</body></html>

 

This is the error message from the analyzer:

 

Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
Autodiscover settings weren't obtained when the Autodiscover POST request was sent.
Test Steps

The Microsoft Connectivity Analyzer is attempting to retrieve an XML Autodiscover response from URL https://autodiscover.xxx.nl/Autodiscover/Autodiscover.xml for user email address removed for privacy reasons.
The Microsoft Connectivity Analyzer failed to obtain an Autodiscover XML response.
Additional Details
Exception details:
Message: The underlying connection was closed: An unexpected error occurred on a receive.
Type: System.Net.WebException
Stack trace:
at System.Net.HttpWebRequest.GetResponse()
at Microsoft.M365.RCA.Services.RcaHttpRequest.GetResponse()

Exception details:
Message: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.
Type: System.IO.IOException
Stack trace:
at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.FixedSizeReader.ReadPacket(Byte[] buffer, Int32 offset, Int32 count)
at System.Net.Security._SslStream.StartFrameHeader(Byte[] buffer, Int32 offset, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security._SslStream.StartReading(Byte[] buffer, Int32 offset, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security._SslStream.ProcessRead(Byte[] buffer, Int32 offset, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.TlsStream.Read(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.PooledStream.Read(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.Connection.SyncRead(HttpWebRequest request, Boolean userRetrievedStream, Boolean probeRead)

Exception details:
Message: An existing connection was forcibly closed by the remote host
Type: System.Net.Sockets.SocketException
Stack trace:
at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size)

Attempting to contact the Autodiscover service using the DNS SRV redirect method.
The Microsoft Connectivity Analyzer failed to contact the Autodiscover service using the DNS SRV redirect method.
Test Steps

Attempting to locate SRV record _autodiscover._tcp.xxx.nl in DNS.
The Autodiscover SRV record wasn't found in DNS.
 Tell me more about this issue and how to resolve it
Additional Details
No DNS SRV records were found for _autodiscover._tcp.xxx.nl.

 

2 Replies
best response confirmed by masterog-305 (Copper Contributor)
Solution

Hi @masterog-305,

it seems the issue lies in how your network routes traffic. The curl outputs indicate requests from outside are directed to internal instead of external IP/DNS. 
Check:

  1. DNS Settings: Ensure that your DNS settings are correctly configured to route traffic to the correct IP addresses.

  2. Firewall/Proxy Settings: Check your firewall or proxy settings to ensure that they are not blocking or rerouting traffic incorrectly.

  3. SSL/TLS Configuration: From the curl output, it seems like the SSL/TLS handshake is successful, but it’s worth checking if there are any issues with the SSL/TLS configuration that could be causing problems.

  4. Autodiscover Configuration: The error message from the analyzer suggests that there might be an issue with the Autodiscover configuration. Ensure that the Autodiscover service is correctly configured and that it can be accessed from both inside and outside your network.

  5. Network Routing: Check your network routing settings to ensure that traffic is being correctly routed from the outside to the inside.



Please click Mark as Best Response & Like if my post helped you to solve your issue.
This will help others to find the correct solution easily. It also closes the item.


If the post was useful in other ways, please consider giving it Like.


Kindest regards,


Leon Pavesic
(LinkedIn)

@LeonPavesic 

 

As you suggested and we expected it was a nat rule typo that caused all this. It was an external party that made the error and they told us everything was allright on their side.

 

Glad that it works now and thanks for the time and help =)

1 best response

Accepted Solutions
best response confirmed by masterog-305 (Copper Contributor)
Solution

Hi @masterog-305,

it seems the issue lies in how your network routes traffic. The curl outputs indicate requests from outside are directed to internal instead of external IP/DNS. 
Check:

  1. DNS Settings: Ensure that your DNS settings are correctly configured to route traffic to the correct IP addresses.

  2. Firewall/Proxy Settings: Check your firewall or proxy settings to ensure that they are not blocking or rerouting traffic incorrectly.

  3. SSL/TLS Configuration: From the curl output, it seems like the SSL/TLS handshake is successful, but it’s worth checking if there are any issues with the SSL/TLS configuration that could be causing problems.

  4. Autodiscover Configuration: The error message from the analyzer suggests that there might be an issue with the Autodiscover configuration. Ensure that the Autodiscover service is correctly configured and that it can be accessed from both inside and outside your network.

  5. Network Routing: Check your network routing settings to ensure that traffic is being correctly routed from the outside to the inside.



Please click Mark as Best Response & Like if my post helped you to solve your issue.
This will help others to find the correct solution easily. It also closes the item.


If the post was useful in other ways, please consider giving it Like.


Kindest regards,


Leon Pavesic
(LinkedIn)

View solution in original post