This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(179.20000000000002, 0%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELC%3C/text%3E%3C/svg%3E)
Hi,
I have an environment with Exchange 2013 coexistence with 2019 hybrid, oauth enabled. There are F5 load balancers and firewall in between Internet and Exchange servers.
When we tested internal network, Outlook 2019 works fine. all OK.
We we tested external network, Outlook with IOS/Andriod also works fine, no issue was found now.
However, when we wanna double confirm oAuth, we got errors when running command "Test-oAuthConnectivity" and using "Microsoft Remote Connectivity Analyzer".
Please kindly advise whats going on? which part could cause this issue? Thanks.
Error:
Testing Outlook Mobile Hybrid Modern Authentication (HMA) for SMTP email address: ******@contos.com.
Testing Outlook Mobile Hybrid Modern Authentication (HMA) failed.
Additional DetailsElapsed Time: 8990 ms.
Test StepsSending an Autodiscover request to the on-premises Exchange Autodiscover service: on-premises Exchange Autodiscover service didn't return a valid response that passed analysis.Test
Steps
Sending an Autodiscover request to the on-premises Exchange Autodiscover service:
The on-premises Exchange Autodiscover service didn't return a valid response.Additional
DetailsException details:
Message: The underlying connection was closed: An unexpected error occurred on a receive.
Type: System.Net.WebException
Stack trace:
at System.Net.HttpWebRequest.GetResponse()
at Microsoft.M365.RCA.Services.RcaHttpRequest.GetResponse()
Exception details:
Message: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.
Type: System.IO.IOException
Stack trace:
at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.FixedSizeReader.ReadPacket(Byte[] buffer, Int32 offset, Int32 count)
at System.Net.Security._SslStream.StartFrameHeader(Byte[] buffer, Int32 offset, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security._SslStream.StartReading(Byte[] buffer, Int32 offset, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security._SslStream.ProcessRead(Byte[] buffer, Int32 offset, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.TlsStream.Read(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.PooledStream.Read(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.Connection.SyncRead(HttpWebRequest request, Boolean userRetrievedStream, Boolean probeRead)
Exception details:
Message: An existing connection was forcibly closed by the remote host
Type: System.Net.Sockets.SocketException
Stack trace:
at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(163.2, 59%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESL%3C/text%3E%3C/svg%3E)
Just wanted to check if the answer shared below helped. If it helped, then would request you to please "Accept the answer" as it would be helpful to others in the community as well.
Hi @Louis CI Lo
Thanks for the share so that others experiencing the same thing can easily reference this!
Since the Microsoft Q&A community has a policy that "[The question author cannot accept their own answer. They can only accept answers by others)], I'll repost your solution in case you'd like to "[Accept] the answer :)
***[ Exchange 2013 coexistence with 2019, autodiscover from external not working] ***
**Resolution: **
The root cause is the Firewall setting.
[https://learn.microsoft.com/en-us/connectivity-analyzer/exchange-remote-connectivity-analyzer-tool](https://learn.microsoft.com/en-us/connectivity-analyzer/exchange-remote-connectivity-analyzer-tool)
Regards
Shaofan
Hi @Louis CI Lo ,
Might be related to this.
Have you enabled TLS1.2?
https://learn.microsoft.com/en-us/exchange/exchange-tls-configuration?view=exchserver-2019
Regards
Shaofan
Hi,
I found out 1 of our Exchange 2013 server doing Test-OauthConnectivity is succeed. All other failed even Exchange 2019.
We have 3 * EX13 and 3 * EX19 servers in environment. With F5 as load-balancer.
I will check more about TLS setting for them, will update the status later.
Meanwhile I wanna check, can TLS settings different between these servers? Or we must set them all same?
Thank you very much.
It can. but it is generally recommended to have the same TLS settings.
Hi all,
Thanks all of your information. For future reference:
We found out the root cause is the Firewall setting.
https://learn.microsoft.com/en-us/connectivity-analyzer/exchange-remote-connectivity-analyzer-tool
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(137.6, 98%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAS%3C/text%3E%3C/svg%3E)
First point related DNS records, update the virtual directories to 2019 and migrate all mailboxes to 2019, then shut down the 2013 temporarily. If all works well, then you could decommission your 2013 server.
For the migration, refer to the step-by-step guide: How Do I Migrate from Exchange 2013 to 2019?
Please Note: Since the web sites are not hosted by Microsoft, the links may change without notice. Microsoft does not guarantee the accuracy of this information.
Hi Amit,
We have already changed DNS point to 2019 and updtae all Virtual Directory. But we can't move mailbox to 2019 if we don't know what's wrong in this situation.
Any other method can check? Thank you.