Exchange Hybrid - Outlook 2013 Autodiscover Issue

%3CLINGO-SUB%20id%3D%22lingo-sub-1442699%22%20slang%3D%22en-US%22%3EExchange%20Hybrid%20-%20Outlook%202013%20Autodiscover%20Issue%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1442699%22%20slang%3D%22en-US%22%3E%3CP%3EHello%20Everyone%2C%3C%2FP%3E%3CP%3EI've%20spent%20many%20hours%20googling%20trying%20to%20figure%20this%20one%20out%20and%20Im%20stuck.%20We're%20new%20to%20Office%20365%20and%20in%20the%20process%20of%20getting%20our%20on-premise%20Exchange%202013%20server%20to%20work%20with%20Exchange%20Online.%20We%20ran%20through%20the%20Microsoft%20Office%20365%20Hybrid%20Configuration%20Wizard%20and%20migrated%20a%20couple%20of%20email%20boxes%20from%20onpremise%20to%20the%20cloud.%20We%20have%20Azure%20AD%20Connect%20setup%20to%20replicate%20users%20from%20specific%20OU's%20and%20have%20Exchange%20Hybrid%20Deployment%20selected.%20Any%20feedback%20would%20be%20appreciate%2C%20thanks%3C%2FP%3E%3CP%3E-Public%20DNS%20Autodiscover%20record%20points%20to%20on-premises%20Exchange%202013%20Server%20-%20Same%20public%20ip%20as%20OWA%3CBR%20%2F%3E-Internal%20DNS%20Autodiscover%20record%20points%20to%20internal%20IP%20of%20on-premises%20Exchange%202013%20Server%3CBR%20%2F%3E-In%20a%20perfect%20world%20we'd%20have%20our%20on-premise%20server%20send%20email%20to%20Zix%20for%20threat%20prevention%20but%20for%20these%20accounts%20im%20bypassing%20this%20by%20using%20the%20send%20connector%20that%20the%20hybrid%20wizard%20setup.%20This%20is%20domainorg.mail.onmicrosoft.com%20deliver%20to%20MX%20record%20associated%20with%20recipient%20domain.%3CBR%20%2F%3E-This%20quote%20is%20where%20the%20issue%20appears%20to%20be%20occuring%2C%20where%20the%20redirect%20isn't%20taking%20place%20properly.%3CBR%20%2F%3E%22For%20On-premise%20mailbox%2C%20it%20remain%20use%20previous%20autodiscover%20lookup%20behavior%20to%20find%20endpoint%20and%20access%20to%20Exchange.%3CBR%20%2F%3EFor%20migrated%20mailbox%2C%20autodiscover%20service%20will%20redirect%20On-premise%20autodiscover%20record%20to%20Office%20365%20(autodiscover-s.outlook.com)%2C%20and%20access%20to%20Office%20365.%22%3CBR%20%2F%3E-Microsoft%20Support%20and%20Recovery%20Assistant%20-%20Selecting%20%22I%20need%20help%20setting%20up%20my%20Office%20365%20email%20in%20Outlook%22%20comes%20back%20with%20a%20username%20%2F%20password%20is%20incorrect%20error%20message.%3CBR%20%2F%3E-Microsoft%20Remote%20Connectivity%20Analyzer%20comes%20back%20with%20%22The%20Microsoft%20Connectivity%20Analyzer%20is%20attempting%20to%20retrieve%20an%20XML%20Autodiscover%20response%20from%20URL%20%3CA%20href%3D%22https%3A%2F%2Fautodiscover-s.outlook.com%2FAutodiscover%2FAutodiscover.xml%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fautodiscover-s.outlook.com%2FAutodiscover%2FAutodiscover.xml%3C%2FA%3E%20for%20user%20XXXX%20The%20Microsoft%20Connectivity%20Analyzer%20failed%20to%20obtain%20an%20Autodiscover%20XML%20response.%3CBR%20%2F%3E-I%20don't%20have%20MFA%20enabled%20for%20this%20test%20user%3CBR%20%2F%3E-Here%20is%20more%20info%20from%20Microsoft%20Remote%20Connectivity%20Analyzer%20below%3A%3CBR%20%2F%3EAdditional%20Details%3CBR%20%2F%3EAn%20HTTP%20401%20Unauthorized%20response%20was%20received%20from%20the%20remote%20Unknown%20server.%20This%20is%20usually%20the%20result%20of%20an%20incorrect%20username%20or%20password.%20If%20you%20are%20attempting%20to%20log%20onto%20an%20Office%20365%20service%2C%20ensure%20you%20are%20using%20your%20full%20User%20Principal%20Name%20(UPN).%3CBR%20%2F%3EHTTP%20Response%20Headers%3A%3CBR%20%2F%3Erequest-id%3A%2035ec9589-1d16-478a-84e6-a073e631548e%3CBR%20%2F%3EX-CalculatedBETarget%3A%20BLAPR15MB4068.namprd15.prod.outlook.com%3CBR%20%2F%3EX-BackEndHttpStatus%3A%20401%3CBR%20%2F%3EX-RUM-Validated%3A%201%3CBR%20%2F%3EX-AutoDiscovery-Error%3A%20LiveIdBasicAuth%3AInvalidCreds%3A%26lt%3B228594863%26gt%3B%3CREQUESTID%3E%26lt%3B957273394%26gt%3B%3CFALSE%3E%3CHRD-BUSINESS-0MS-61MS-PPSERVER%3E%3CFALSE%3E%26lt%3B0%26gt%3B%26lt%3B3%26gt%3B%3CRST2-BUSINESS-0MS-24MS-0MS-PPSERVER%3ELiveIdSTS-LogonFailure-'0x80048821'%3CMANAGEDBUSINESS%3E%3CLOGONFAILED-BADPASSWORD%3E%3CBADPASSWORD%3E%3CTID%3E%3B%3CBR%20%2F%3EX-DiagInfo%3A%20BLAPR15MB4068%3CBR%20%2F%3EX-BEServer%3A%20BLAPR15MB4068%3CBR%20%2F%3EX-Proxy-RoutingCorrectness%3A%201%3CBR%20%2F%3EX-Proxy-BackendServerStatus%3A%20401%3CBR%20%2F%3EX-FEServer%3A%20DM5PR15CA0049%3CBR%20%2F%3EContent-Length%3A%200%3CBR%20%2F%3ECache-Control%3A%20private%3CBR%20%2F%3EDate%3A%20Fri%2C%2005%20Jun%202020%2001%3A52%3A31%20GMT%3CBR%20%2F%3EServer%3A%20Microsoft-IIS%2F10.0%3CBR%20%2F%3EWWW-Authenticate%3A%20Basic%20Realm%3D%22%22%3CBR%20%2F%3EX-AspNet-Version%3A%204.0.30319%3CBR%20%2F%3EX-Powered-By%3A%20ASP.NET%3C%2FTID%3E%3C%2FBADPASSWORD%3E%3C%2FLOGONFAILED-BADPASSWORD%3E%3C%2FMANAGEDBUSINESS%3E%3C%2FRST2-BUSINESS-0MS-24MS-0MS-PPSERVER%3E%3C%2FFALSE%3E%3C%2FHRD-BUSINESS-0MS-61MS-PPSERVER%3E%3C%2FFALSE%3E%3C%2FREQUESTID%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CP%3E%3C%2FP%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1442699%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EExchange%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1444287%22%20slang%3D%22en-US%22%3ERe%3A%20Exchange%20Hybrid%20-%20Outlook%202013%20Autodiscover%20Issue%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1444287%22%20slang%3D%22en-US%22%3ESome%20additional%20notes%3A%3CBR%20%2F%3E-We%E2%80%99re%20using%20E1%3CBR%20%2F%3E-No%20MFA%20is%20enabled%20on%20a%20test%20account%2C%20still%20in%2014%20day%20grace%20but%20have%20another%20account%20with%20MFA%2C%20neither%20work.%3CBR%20%2F%3E-I%E2%80%99ve%20tried%20Outlook%202013%20and%202016%20but%20neither%20can%20connect%20to%20an%20email%20account%20migrated%20from%20on-prem%20to%20exchange%20online.%3CBR%20%2F%3E-I%20think%20issue%20is%20fully%20related%20to%20the%20test%20connectivity%20site%20failing%20on%20wrong%20username%2Fpassword%20on%20autodiscover-s.outlook.com%3CBR%20%2F%3E%3CBR%20%2F%3EThanks%3C%2FLINGO-BODY%3E
Highlighted
New Contributor

Hello Everyone,

I've spent many hours googling trying to figure this one out and Im stuck. We're new to Office 365 and in the process of getting our on-premise Exchange 2013 server to work with Exchange Online. We ran through the Microsoft Office 365 Hybrid Configuration Wizard and migrated a couple of email boxes from onpremise to the cloud. We have Azure AD Connect setup to replicate users from specific OU's and have Exchange Hybrid Deployment selected. Any feedback would be appreciate, thanks

-Public DNS Autodiscover record points to on-premises Exchange 2013 Server - Same public ip as OWA
-Internal DNS Autodiscover record points to internal IP of on-premises Exchange 2013 Server
-In a perfect world we'd have our on-premise server send email to Zix for threat prevention but for these accounts im bypassing this by using the send connector that the hybrid wizard setup. This is domainorg.mail.onmicrosoft.com deliver to MX record associated with recipient domain.
-This quote is where the issue appears to be occuring, where the redirect isn't taking place properly.
"For On-premise mailbox, it remain use previous autodiscover lookup behavior to find endpoint and access to Exchange.
For migrated mailbox, autodiscover service will redirect On-premise autodiscover record to Office 365 (autodiscover-s.outlook.com), and access to Office 365."
-Microsoft Support and Recovery Assistant - Selecting "I need help setting up my Office 365 email in Outlook" comes back with a username / password is incorrect error message.
-Microsoft Remote Connectivity Analyzer comes back with "The Microsoft Connectivity Analyzer is attempting to retrieve an XML Autodiscover response from URL https://autodiscover-s.outlook.com/Autodiscover/Autodiscover.xml for user XXXX The Microsoft Connectivity Analyzer failed to obtain an Autodiscover XML response.
-I don't have MFA enabled for this test user
-Here is more info from Microsoft Remote Connectivity Analyzer below:
Additional Details
An HTTP 401 Unauthorized response was received from the remote Unknown server. This is usually the result of an incorrect username or password. If you are attempting to log onto an Office 365 service, ensure you are using your full User Principal Name (UPN).
HTTP Response Headers:
request-id: 35ec9589-1d16-478a-84e6-a073e631548e
X-CalculatedBETarget: BLAPR15MB4068.namprd15.prod.outlook.com
X-BackEndHttpStatus: 401
X-RUM-Validated: 1
X-AutoDiscovery-Error: LiveIdBasicAuth:InvalidCreds:<UNH:228594863><RequestId=eacd7875-5817-4fca-b2b1-b8acc7dc0e28><UIPH:957273394><X-forwarded-for:957273394><PTS:False><HRD-Business-0ms-61ms-ppserver=><HRDCached:False><UP:0><BlockStatus:3><RST2-Business-0ms-24ms-0ms-ppserver=PROD-EST-011.ProdSlices rid:2a0b2260-88fe-4894-976c-c0fbcb1a0300-puid=>LiveIdSTS-LogonFailure-'0x80048821'<UserType:ManagedBusiness><LogonFailed-BadPassword><AS:BadPassword><Tid=>;
X-DiagInfo: BLAPR15MB4068
X-BEServer: BLAPR15MB4068
X-Proxy-RoutingCorrectness: 1
X-Proxy-BackendServerStatus: 401
X-FEServer: DM5PR15CA0049
Content-Length: 0
Cache-Control: private
Date: Fri, 05 Jun 2020 01:52:31 GMT
Server: Microsoft-IIS/10.0
WWW-Authenticate: Basic Realm=""
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET

1 Reply
Highlighted
Some additional notes:
-We’re using E1
-No MFA is enabled on a test account, still in 14 day grace but have another account with MFA, neither work.
-I’ve tried Outlook 2013 and 2016 but neither can connect to an email account migrated from on-prem to exchange online.
-I think issue is fully related to the test connectivity site failing on wrong username/password on autodiscover-s.outlook.com

Thanks