Getting a http 400 Bad Request when you hit autodiscover on exchange 2016?
Quick test by going to https://yourserver/autodiscover/autodiscover.xml
Have you got an older Exchange install and is the user on that exchange? Would the users AD object be a reasonable size, eg lots of group memberships, several certs etc?
Chances are you have this problem: https://support.microsoft.com/en-us/help/2988444 and need to add the MaxFieldLength and the MaxRequestBytes dword reg entries to HKLM\SYSTEM\CurrentControlSet\Services\HTTP\Parameters with a value of 65534 (decimal).
A similar issue occurs with MS PKI with SCEP, same fix.
Note server restart required, iis reset not good enough.
There are lots of posts out there like this one: http://www.michev.info/Blog/Post/1370 telling you that after an internal AD Schema update (eg for new exchange version) you need to run your AADConnect wizard and update your AD schema in the metaverse. (thanks to the author of that post for setting me straight)
I had an issue today where I was still getting AAD errors after running the update to aadconnect. Errors were for 4 systemmailbox accounts, specifically an “invalid username” error … but hang on, those on prem service accounts shouldn’t sync to AAD and anyway what is username, there is no attribute in AD called username nor in the metaverse.
Quick check of the sync rules, the filter to exclude sync to AAD of on prem service accounts is actually for mailnickname starting systemmailbox rather than samaccountname, displayname or UPN.
My colleage had completed our Exchange 2016 schema update, hence creating the 4 accounts but the first server was not yet built and the accounts mailnickname value was empty.
I suspect during first server build the mailnickname value gets populated, but in the meantime I inserted the samaccountname as the mailnickname and the accounts are no longer trying to sync to AAD, as I want, and we will watch carefully for errors as we build the first server.
It has been 3 months since I checked my RSS feed, spending most of today doing it and turning up some lots of new and useful info.
Here is one great item, a free community Powershell MP from SquaredUp
I reckon a must have. For Ops Mgr 2012 R2 and above.
Make sure your Azure AD proxy is the latest version and update to latest version if it isn’t. Since mid 2017 the app auto updates.
If that doesn’t update the cert try this in powershell:
You will be prompted for a feature enter “ApplicationProxy” (no quotes).
Of course do this at your own risk, take backup’s snaps etc.