Exchange Auto Discover Error

Sirez · December 30, 2020, 2:16pm

Did anyone solve this? Im facing the same issue. If needed I will provide more details of course!
Thanks in advance.

francislavoie · December 30, 2020, 2:38pm

Yeah, it’s from 2017, so please fill out the help thread template.

Sirez · December 30, 2020, 3:31pm

1. Caddy version (`caddy:latest`):

2. How I run Caddy:

Docker Compose File

a. System environment:

Docker on Ubuntu

c. Service/unit/compose file:

version: "3.3"

services:
  caddy:
    image: caddy:latest
    restart: unless-stopped
    container_name: 'caddy'
    hostname: 'caddy'
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ./config:/etc/caddy/
      - ./site:/srv
      - caddy_data:/data
      - caddy_config:/config:ro


volumes:
  caddy_data:
  caddy_config:

networks:
  default:
    external:
      name: reverse-proxy

d. My complete Caddyfile or JSON config:

mail.domain.de {

 # internal dns to point on mailserver (owa works, only autodiscover is the problem)
  reverse_proxy https://mail.domain.de  {
  #  tls internal
    transport http {
      tls
      tls_insecure_skip_verify
    }
  }

}


autodiscover.domain.de {
  reverse_proxy https://autodiscover.domain.de {
  #  tls internal
    transport http {
      tls
      tls_insecure_skip_verify
    }
  }
  header {
    header_up Host {http.request.host}
    header_up X-Real-IP {http.request.remote.host}
    header_up X-Forwarded-For {http.request.remote.host}
    header_up X-Forwarded-Port {http.request.port}
    header_up X-Forwarded-Proto {http.request.scheme}
  }
}

3. The problem I’m having:

I can’t connect from the outside with Outlook clients. OWA works, but Autodiscovery/Exchange Anywhere doesn’t.

4. Error messages and/or full log output:

caddy    | {"level":"error","ts":1609339062.029815,"logger":"http.log.error","msg":"read tcp 172.25.0.4:36644->10.56.2.10:443: 
read: connection reset by peer","request":{"remote_addr":"109.40.129.178:30478","proto":"HTTP/1.1","method":"RPC_IN_DATA",
"host":"mail.domain.de","uri":"/rpc/rpcproxy.dll?XXXXXXX@domain.de:6001",
"headers":{"Cache-Control":["no-cache"],"Connection":["Keep-Alive"],"User-Agent":["MSRPC"],"Cookie":["OutlookSession=\"{} Outlook=16.0.13231.20110 OS=6.2.9200 CPUArchitecture=9\"; ClientId=XXXXXXX"],"Pragma":["no-cache"],"Accept":["application/rpc"],"Content-Length":["1073741824"],"Authorization":["NTLM TlRMTVNTUAADAAAAGAAYAIIAAAAyATIBmgAAAAwADABYAAAACAAIAGQAAAAWABYAbAAAAAAAAADMAQAABYKIogoAYUoAAAAP0gKYc5+/y4flyXEXih6JaVMAWQBTAEMATwBNAHAAYQB0AHQAUwBNAEIATAAxADAAMQAzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFF7TQc4GStauqw680UmRO0BAQAAAAAAAPYq/Qy53tYBk/nfW3v5YwUAAAAAAgAMAFMAWQBTAEMATwBNAAEACABFAFgAMAAxAAQAFABzAHkAcwBjAG8AbQAuAGkAbgB0AAMAHgBFAFgAMAAxAC4AcwB5AHMAYwBvAG0ALgBpAG4AdAAFABQAcwB5AHMAYwBvAG0ALgBpAG4AdAAHAAgA9ir9DLne1gEGAAAAwAAAAAAAAAAEAAAAAIAAA/U4J9sGr5OnnRAb7gTU2aI29bIDgQMKABAAvxok2vq5qPGWhLl67S0A2QkAMABIAFQAVABQAC8AbQBhAGkAbAAuAHMAeQBzAGMAbwBtAC0AZwBtAGIAaAAuAGQAZQAAAAAAAAAAAA=="]},"tls":{"resumed":false,"version":771,"cipher_suite":49196,"proto":"","proto_mutual":true,"server_name":"mail.domain.de"}},"duration":119.476219477,"status":502,"err_id":"7pcxgbuv3","err_trace":"reverseproxy.(*Handler).ServeHTTP (reverseproxy.go:441)"}

5. What I already tried:

Could this be related to this?:
https://github.com/caddyserver/caddy/issues/2732
When I use the Microsoft Connetion Analyzer, I get a cert error. Is Outlook ok with a let’s encrypt cert, or do I need to export the cert from my Exchange Server?
As this is in productive use, I changed port forwading back pls dont wonder.

francislavoie · December 30, 2020, 4:00pm

Sirez:

  header {
    header_up Host {http.request.host}
    header_up X-Real-IP {http.request.remote.host}
    header_up X-Forwarded-For {http.request.remote.host}
    header_up X-Forwarded-Port {http.request.port}
    header_up X-Forwarded-Proto {http.request.scheme}
  }

FYI this block is not useful; this will try to replace a header called header_up when it has the value X-Host to {http.request.host}, and so on (i.e. find and replace). Doesn’t make sense. See the header docs:

header_up is a reverse_proxy subdirective, it’s not part of the header directive.

And even then, you don’t need any of those, because the reverse_proxy’s defaults handle that properly for you anyways:

This is not a subdirective to reverse_proxy. tls is its own directive, which allows you to configure TLS for incoming connections to your site.

Anyways, I don’t know much about Microsoft business software. One guess is that it might be using NTLM?

You could try installing this plugin then changing transport http to transport http_ntlm and see if it works:

francislavoie · December 30, 2020, 4:05pm

Nevermind I don’t think it’s NTLM. Looking at your error logs, looks like it is MSRPC, because it has the HTTP method set to RPC_IN_DATA, which is non-standard.

Sirez · December 30, 2020, 4:09pm

So you can’t realize this with caddy, as this is mentioned here: Reverse proxy MSRPC in Caddy v2 · Issue #2732 · caddyserver/caddy · GitHub?
EDIT: Ah, I saw your comment on GitHub

francislavoie · December 30, 2020, 4:23pm

Yeah, not yet.

If you need this as soon as possible for business reasons, I recommend reaching out for a support contract:

Sirez · December 31, 2020, 7:35am

Nah I don’t need it in the near future, was just playing around with it. I think then I’ll use an alternative.
Anyways, thank you very much for your input on this topic. Have a good New Year!

system · January 29, 2021, 2:16pm

This topic was automatically closed after 30 days. New replies are no longer allowed.