"(400) Bad Request" error during Autodiscover for per-user free/busy in a trusted cross-forest topology

Symptoms

When you try to request free/busy information for a user in a different forest in a trusted cross-forest topology, the request fails and generates the following error message:

  • MessageText: "Autodiscover failed for email address user@domain.com with error Microsoft.Exchange.InfoWorker.Common.Availability.AutoDiscoverFailedException: The remote server returned an error: (400) Bad Request.. The request information is Discovery URL : https:// targetdomain.com/Autodiscover/Autodiscover.xml, EmailAddress : <User>SMTP:user@ targetdomain.com. ---> System.Net.WebException: The remote server returned an error: (400) Bad Request.

       at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)

  •    at Microsoft.Exchange.InfoWorker.Common.Availability.AutoDiscoverRequest.EndInvoke(IAsyncResult asyncResult)

    --- End of inner exception stack trace ---

Cause

This is a known issue in the April 2021 and May 2021 security update for Microsoft Exchange Server 2019, 2016, and 2013.

Workaround

To work around this issue, use either of the following methods.

Method 1

Do not use a service account when you configure the availability address space. To configure  the address space effectively, follow these steps:

  1. Create a "<targetdomain>\<fbaccount>" account in the target forest.

    Note: This can be a regular user account. No mailbox is required.

  2. Grant permissions to the new account in the target forest:

    • set-AvailabilityConfig -PerUserAccount <targetdomain>\<fbaccount>

  3. In the source forest, remove the existing availability address space:

    • remove-AvailabilityAddressSpace <ID of the AvailabilityAddressSpace of Target domain>

  4. Add a new availability address space. This time, set -UseServiceAccount to $false, and use the -Credentials option:

    • Add-AvailabilityAddressSpace -ForestName <Target Forest Name> -AccessMethod PerUserFB -UseServiceAccount $false -Credentials (Get-Credential)

  5. When you are prompted for credentials, enter the credentials for targetdomain\fbaccount.

  6. Restart Internet Information Services (IIS) by running the following PowerShell cmdlet:

  • Restart-Service W3SVC, WAS

Method 2

  1. Configure federated sharing between the Exchange organizations.

  2. Restart Internet Information Services (IIS) by running the following PowerShell cmdlet:

  • Restart-Service W3SVC, WAS

References

Configure federated sharing between Exchange organizations | Microsoft Docs

Description of the security update for Microsoft Exchange Server 2019, 2016, and 2013: April 13, 2021 (KB5001779)

Need more help?

Expand your skills
Explore Training
Get new features first
Join Microsoft Insiders

Was this information helpful?

What affected your experience?

Any additional feedback? (Optional)

Thank you for your feedback!

×