Applies ToExchange Server 2019 Exchange Server 2016 Exchange Server 2013

Symptoms

When you try to request free/busy information for a user in a different forest in a trusted cross-forest topology, the request fails and generates the following error message:

  • MessageText: "Autodiscover failed for email address user@domain.com with error Microsoft.Exchange.InfoWorker.Common.Availability.AutoDiscoverFailedException: The remote server returned an error: (400) Bad Request.. The request information is Discovery URL : https:// targetdomain.com/Autodiscover/Autodiscover.xml, EmailAddress : <User>SMTP:user@ targetdomain.com. ---> System.Net.WebException: The remote server returned an error: (400) Bad Request.

       at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)

  •    at Microsoft.Exchange.InfoWorker.Common.Availability.AutoDiscoverRequest.EndInvoke(IAsyncResult asyncResult)

    --- End of inner exception stack trace ---

Cause

This is a known issue in the April 2021 and May 2021 security update for Microsoft Exchange Server 2019, 2016, and 2013.

Workaround

To work around this issue, use either of the following methods.

Method 1

Do not use a service account when you configure the availability address space. To configure  the address space effectively, follow these steps:

  1. Create a "<targetdomain>\<fbaccount>" account in the target forest.Note: This can be a regular user account. No mailbox is required.

  2. Grant permissions to the new account in the target forest:

    • set-AvailabilityConfig -PerUserAccount <targetdomain>\<fbaccount>

  3. In the source forest, remove the existing availability address space:

    • remove-AvailabilityAddressSpace <ID of the AvailabilityAddressSpace of Target domain>

  4. Add a new availability address space. This time, set -UseServiceAccount to $false, and use the -Credentials option:

    • Add-AvailabilityAddressSpace -ForestName <Target Forest Name> -AccessMethod PerUserFB -UseServiceAccount $false -Credentials (Get-Credential)

  5. When you are prompted for credentials, enter the credentials for targetdomain\fbaccount.

  6. Restart Internet Information Services (IIS) by running the following PowerShell cmdlet:

  • Restart-Service W3SVC, WAS

Method 2

  1. Configure federated sharing between the Exchange organizations.

  2. Restart Internet Information Services (IIS) by running the following PowerShell cmdlet:

  • Restart-Service W3SVC, WAS

References

Configure federated sharing between Exchange organizations | Microsoft Docs

Description of the security update for Microsoft Exchange Server 2019, 2016, and 2013: April 13, 2021 (KB5001779)

Facebook LinkedIn Електронна пошта
ПІДПИСАТИСЯ НА RSS-КАНАЛИ

Потрібна додаткова довідка?

Потрібні додаткові параметри?

Discover Community

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Microsoft 365 subscription benefits

Microsoft 365 training

Microsoft security

Accessibility center

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.

Ask the Microsoft Community

Microsoft Tech Community

Windows Insiders

Microsoft 365 Insiders