HTTP 400 Bad Request for Autodiscover via Exchange 2016

Getting a http 400 Bad Request when you hit autodiscover on exchange 2016?

Quick test by going to https://yourserver/autodiscover/autodiscover.xml

Have you got an older Exchange install and is the user on that exchange? Would the users AD object be a reasonable size, eg lots of group memberships, several certs etc?

Chances are you have this problem: and need to add the MaxFieldLength and the MaxRequestBytes dword reg entries to HKLM\SYSTEM\CurrentControlSet\Services\HTTP\Parameters with a value of 65534 (decimal).

A similar issue occurs with MS PKI with SCEP, same fix.

Note server restart required, iis reset not good enough.

AADConnect Invalid Username after AD Schema update


There are lots of posts out there like this one: telling you that after an internal AD Schema update (eg for new exchange version) you need to  run your AADConnect wizard and update your AD schema in the metaverse. (thanks to the author of that post for setting me straight)

I had an issue today where I was still getting AAD errors after running the update to aadconnect. Errors were for 4 systemmailbox accounts, specifically an “invalid username” error … but hang on, those on prem service accounts shouldn’t sync to AAD and anyway what is username, there is no attribute in AD called username nor in the metaverse.

Quick check of the sync rules, the filter to exclude sync to AAD of on prem service accounts is actually for mailnickname starting systemmailbox rather than samaccountname, displayname or UPN.

My colleage had completed our Exchange 2016 schema update, hence creating the 4 accounts but the first server was not yet built and the accounts mailnickname value was empty.

I suspect during first server build the mailnickname value gets populated, but in the meantime I inserted the samaccountname as the mailnickname and the accounts are no longer trying to sync to AAD, as I want, and we will watch carefully for errors as we build the first server.

Azure AD Proxy cert not auto renewing

Make sure your Azure AD proxy is the latest version and update to latest version if it isn’t. Since mid 2017 the app auto updates.

If that doesn’t update the cert try this in powershell:

Import-module AppProxyPSModule


You will be prompted for a feature enter “ApplicationProxy” (no quotes).

Of course do this at your own risk, take backup’s snaps etc.