FIX: Autodiscover requests return a "500 Internal Server" error in Forefront Unified Access Gateway (UAG) 2010 Service Pack 2


Consider the following scenario:
  • Single sign-on (SSO) authentication is disabled for an application configuration that uses the Autodiscover service in Microsoft Forefront Unified Access Gateway (UAG) 2010.
  • Trunk authentication is enabled on the relevant trunk.
  • Service Pack 2 for Microsoft Forefront Unified Access Gateway (UAG) 2010 is installed.

In this scenario, Autodiscover requests may be unsuccessful, and the following error message is returned to the client:

500 - Internal Server error

When this problem occurs, external clients cannot use Autodiscover to set up new profiles. Additionally, existing clients may be repeatedly prompted to confirm that they trust the Autodiscover fully qualified domain name (FQDN) for configuring their settings.

To confirm that you are experiencing this problem, use a web browser to access the Autodiscover FQDN from an external client. For example, browse to a URL that resembles the following:
If you receive the "500" error message, you are most likely experiencing this problem.


To resolve this problem, install the service pack that is described in the following Microsoft Knowledge Base article:

2744025 Description of Forefront Unified Access Gateway 2010 Service Pack 3


To work around this problem, do one of the following:
  • Consider why SSO is disabled. If it is required, enable SSO for the application that uses the Autodiscover service.
  • Uninstall Service Pack 2 for Forefront Unified Access Gateway 2010.


Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.


For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updates