How to solve issues with Exchange's Autodiscover (xml) and any peculiar clients like Windows Communication Apps [HxTsr.exe] with complex DNS config?

email cloudflare autodiscover autodiscovery exchangeonline

Solution 1:

Tips

  • Do create an extra test account.
  • Use https://testconnectivity.microsoft.com/tests/Eas/input as sanity check.
  • This test https://testconnectivity.microsoft.com/tests/O365Eas/input is smarter, but did not mimic the problematic client's behaviour.

Solution

I used Cloudflare DNS, added a forwarding rule to forward this particular non-existent resource:

https://apexdomain.tld/autodiscover/autodiscover.xml

to

https://autodiscover-s.outlook.com/Autodiscover/Autodiscover.xml

This shortens the autodiscovery chain significantly. (Confirmed by the Microsoft's tool.) Therefore, it also limits the number of things that can go wrong.

The problematic client now shows the modern authentication window very quickly as desired.

Notes

  • I disabled the Cloud worker delivering 404 for https://apexdomain.tld/autodiscover/autodiscover.xml, though I left it working for https://www.domain.tld/autodiscover/autodiscover.xml even though I do not see the chain getting there anymore. The only reason this URI was visited is because of the apex to www. forwarding rule. So I just figured out it can remove this route too ;), but for the record of test case, it has been active during the test.
  • I don't know if Cloudflare Rules take priority over Cloudflare Worker routes. You should configure them xOR anyway.

I find the complexity of autodiscover troublesome. Much can go wrong. Ironically the autodisover mechanism is so complex, one could create a autodiscovery's autodiscover config to automatically load where to start the autodiscovery for a particular domain. :/

  • Just before posting, I found a reference in the auto-search box to following post. The creative poster has encountered similar problems, including the 443 port error and a similar solution, just a different location (reverse proxy).

It perplexes me the post didn't show up in my google results, but I am happy to see some of our observations and resolutions overlap. ^^

Sources

https://practical365.com/fixing-autodiscover-root-domain-lookup-issues-mobile-devices/

https://www.datarepairtools.com/blog/autodiscover-not-working-while-connecting-to-office-365-account/

Related reading:

https://docs.microsoft.com/en-us/exchange/architecture/client-access/autodiscover?view=exchserver-2019#autodiscover-services-in-outlook

Related

iptables not working with "x-forwarded-for" (behind Cloudflare)
Wait for forEach with a promise inside to finish
Differentiate IE7 browser and browser in IE7 compatibility mode
PHP remove duplicate values from multidimensional array
Java8 Collections.sort (sometimes) does not sort JPA returned lists
How to create a transparent triangle with border using CSS?
How to get JSON response from a 3.5 asmx web service
How do I read a disk directly with .Net?
Go to local URL with Javascript
Android: Determine active input method from code
How to format numbers similar to Stack Overflow reputation format
Understanding async/await on NodeJS