Outlook mobile Autodetect doesn't work reliably

Brase, Daniel 321 Reputation points
2021-02-08T11:51:59.533+00:00

Hi all,

we're migrating our hybrid Exchange users to Outlook mobile on iOS and have issues configuring the profiles. Autodetect doesn't work in most cases. When we type in the email address of a user Outlook should switch to the modern authentication dialog but it doesn't most of the time. We have to try several times until it works. To troubleshoot the issue I used Remote Connectivity Analyzer and the Test-HMAEAS script from Github. I guess both send a request to https://prod-api.acompli.net/autodetect. To go a bit deeper I wrote a loop around the Test-HMAEAS script and noticed that it seems that behind prod.acompli.net there are two load balancing pools: https://prod3-api.acompli.net and https://prod5-api.acompli.net. The interesting thing is, the timeouts are only on prod3 and with prod5 we have no issues. To have a better understanding I attached a report (csv) that proves there are issues with prod3. With a Exchange Online email address there are almost no errors even with prod3.

Microsoft Support (case #23994663) said, they see the problem unfortunately they cannot help me even if they wanted because they don't have access to the autodetect infrastructure or outlook support and the in app support tells me we should fill out the configuration manually. This is nice, because as far as I know, it isn't possible to configure the Outlook mobile app manually with a mailbox that leverages hybrid modern authentication and even if, I don't know what to fill in. Is anyone out there understanding what's going on or may have a look?

Thanks, Daniel.

65405-test-hmaeas.txt

Microsoft Exchange Online Management
Microsoft Exchange Online Management
Microsoft Exchange Online: A Microsoft email and calendaring hosted service.Management: The act or process of organizing, handling, directing or controlling something.
4,229 questions
Microsoft Exchange Hybrid Management
Microsoft Exchange Hybrid Management
Microsoft Exchange: Microsoft messaging and collaboration software.Hybrid Management: Organizing, handling, directing or controlling hybrid deployments.
1,906 questions
{count} votes

23 answers

Sort by: Most helpful
  1. Brase, Daniel 321 Reputation points
    2021-02-09T11:49:01.76+00:00

    Hi @Jade Liang-MSFT ,

    the issue is not iOS related only. I see the same behavior on Android with Gmail. After some testing a can say it seems that the acompli servers aren't the main problem. It's more a problem in autodiscover on outlook.office365.com. I tested around with fiddler and could see when the connection failed we got a wrong autodiscover redirect url. We have configured a single Autodiscover domain for a multiple domain setup in hybrid configuration. But sometimes we get autodiscover.<maildomain>.de instead of autodiscover.<autodiscover-domain>.de. There are no a records configured for our mail domain except the autodiscover one. Even though we have SRV-Record for using Teams calendar, this should not matter at this point. However, it's strange that we sometime get the autodiscover domain as redirect url and sometimes the mail domain. Latter doesn't work, because there are no a records for autodiscover. I would have expected that due to the hybrid configuration Office365 should be well aware of the mail domains and their single autodiscover domain. I'm not sure but I guess these screnshots are related. If we go to outlook.office.com sometimes we get the rediect URL and sometimes we get a 500 error:

    65831-2021-02-09-12h39-53.png
    65730-2021-02-09-12h41-56.png


  2. JeffYang-MSFT 6,241 Reputation points Microsoft Vendor
    2021-02-12T08:28:30.84+00:00

    Hi @Brase, Daniel ,

    Welcome!

    According to all your description above, seems that you are encountering issues about configuring Exchange email account to your Outlook for mobile apps, right? If so, please kindly understand that the Outlook tag here we mainly focus on general issues about Outlook desktop client and know little about Outlook for mobiles. To make your issue more clear, please forgive me for asking a few more questions about your issue:

    • Can you successfully access this specific email account via your web mail?
    • As I know, the AutoDiscover feature you mentioned works not only in Outlook for mobile but also in Outlook desktop client for Windows. So, can this email account be successfully added to your Outlook desktop client? In order to further confirm if the issue is related to this specific email account itself, please try to add your email account to Outlook desktop client and see if the issue has any difference there.
    • Besides, since the issue can sometimes work fine. Have you noticed any difference about the environment(such as Network, different devices and others) when the issue occurs or work fine?

    Any update, please feel free to post back and share with us.


    If an Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


  3. Brase, Daniel 321 Reputation points
    2021-02-16T16:33:53.89+00:00

    To me it looks very strange. I've tested around with Outlook for Microsoft 365 Version 2011 Build 16.0.13426.20524. For better understanding here some declaration:

    • Domains and email addresses were replaced for privacy
    • Hybrid email address: test1@Anonymous .de
    • Online email address: test2@Anonymous .de
    • Mail domain: foo.de
    • Autodiscover domain: autodiscover.bar.de
    • We have configured all our mail domains with SRV-Records in DNS pointing to a single autodiscover domain: autodiscover.bar.de. We mainly configured Autodiscover in this way because we started with teams about a year ago. Normally I would say even this configuration shouldn't be necessary because of the single Autodiscover domain but otherwise the calendar in Teams doesn't work. We neither configured a native Autodiscover nor a http redirect for all domain because of to much effort.

    We noticed the following (analyzing traffic with fiddler in the background):

    • Once I run the application with a fresh profile I can see that after typing in the email address sometimes it takes some seconds until the service selection screen
      (Microsoft 365, Outlook.com, Exchange...) appears and sometimes it jumps directly to the services selection. In fiddler I can see that the tries with some seconds just have a time out and I don't get a response at all. Fiddler says timeout respectively http 502. IP address of the not responding host is either 40.74.19.160 (prod3-api.acompli.net) or 40.67.248.151 (prod5-api.acompli.net repsonds). As said before it seems that prod5-api.acompli.net responds a bit more reliably.
    • In any case the Outlook configuration dialog runs into the service selection screen. It doesn't matter whether I use an on premises (Hybrid) email address or Exchange Online email address. I would have expected that at least with an Exchange Online email address auto detect would find the correct service configuration. It seems that auto detect doesn't work at all for us.
    • Once I choose Microsoft 365 in the service selection screen the profile can be configured successfully for an Exchange Online address.
    • Once I choose Exchange with fiddler running in the background I can see that first it try to discovery the services issuing an autodiscover request to https://outlook.office365.com/autodiscover/autodiscover.json/v1.0/Email=Test1[@](/users/na/?userId=1a804da3-7ffe-0003-0000-000000000000).de&Protocol=Autodiscoverv1 which is forwarded to https://<autodiscover domain>/autodiscover/autodiscover.json?Email=Test1%40foo.de&Protocol=Autodiscoverv1&RedirectCount=1. The Problem here is, that our Exchange 2016 doesn't unterstand Protocol=Autodiscoverv1 and I get a json: {"ErrorCode":"InternalServerError","ErrorMessage":"InternalServerError"}. Exchange 2016 obviously only understands Protocol=Autodiscover or Protocol=Autodiscoverv2. To me it looks like a bug.
    • In addition sometimes we get https://autodiscover.<mail domain>/... instead of https://<autodiscover domain>/... in response to https://outlook.office365.com/autodiscover/autodiscover.json/v1.0/Email=Test1[@](/users/na/?userId=1a804da3-7ffe-0003-0000-000000000000).de&Protocol=Autodiscoverv1. That's also not correct.

    In my opinion we have three problems in total:

    • AutoDetect isn't working correctly either there's no response or a response Outlook cannot process correctly
    • Forward autodiscovery request with an incorrect syntax for Exchange 2016 (Autodiscoverv1 instead or just Autodiscover)
    • Sometimes getting incorrect autodiscover domain.

    The weirdest thing is that we have so much different result for a single straight forward process. Why we have so much different results? I would have expected that AutoDiscover on Office 365 is well aware of the single autodiscover domain and therefore it never response with autodiscover.foo.de instead of autodiscover.bar.de


  4. Brase, Daniel 321 Reputation points
    2021-02-19T09:36:56.27+00:00

    Hi @Jade Liang-MSFT ,

    No problem, I appreciate your help. SRV-Records are a fully supported configuration next to native and http redirect method. We deployed the srv records sometime in April 2020. There was no need to deploy Autodicover externally before because we accessed our Exchange through vpn only. I am well aware of the RCA and used it many times in other scenarios. Problem here is, that the Office 365 Outlook Connectivity Test currently doesn't support hybrid mailboxes. But the Outlook Hybrid Modern Authentication sometimes fails:
    69985-2021-02-19-10h11-56.png
    But the user is definitely synced to Office365. A subsequent test was successful. In the results I noticed again, that the failed test ran against prod3-api.acompli.net and the successful one against prod5-api.acompli.net. I didn't want to post the RCA results due to privacy reasons but saved it for later use. This may be coincidence but it also may not. It could also be that the autodetect servers rely on the Autodiscover service of Office365 and it doesn't respond to autodetect with a correct reply. Anyway, I agree that the problem may not be related to Outlook at most but is more related to Autodiscover, Hybrid Config, Exchange... Is it possible to move this thread to Exchange Autodiscover or something similar? Do I just have to add the proper tags to the thread?


  5. KyleXu-MSFT 26,211 Reputation points
    2021-02-24T09:26:52.303+00:00

    @Brase, Daniel

    About this original question that you posted, I would to confirm the following information with you:

    Are you using a hybrid environment? If you configure Office 365 mailbox on your mobile, does this phenomenon occurs? If you use Office 365 default domain name(@keyman .onmicrosoft.com) for migrated mailboxes, whether is this issue gone?

    There was no need to deploy Autodicover externally before because we accessed our Exchange through vpn only

    Could your access the Exchange server from the Internet without a VPN? If you cannot access it, I think this phenomenon may related with it.


    If the response is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments