Tuesday, August 30, 2022

"(400) Bad Request" error during Autodiscover for per-user free/busy in a trusted cross-forest topology [MS]


When you try to request free/busy information for a user in a different forest in a trusted cross-forest topology, the request fails and generates the following error message:

  • MessageText: "Autodiscover failed for email address user@domain.com with error Microsoft.Exchange.InfoWorker.Common.Availability.AutoDiscoverFailedException: The remote server returned an error: (400) Bad Request.. The request information is Discovery URL : https:// targetdomain.com/Autodiscover/Autodiscover.xml, EmailAddress : <User>SMTP:user@ targetdomain.com. ---> System.Net.WebException: The remote server returned an error: (400) Bad Request.

       at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)

  •    at Microsoft.Exchange.InfoWorker.Common.Availability.AutoDiscoverRequest.EndInvoke(IAsyncResult asyncResult)

    --- End of inner exception stack trace ---


This is a known issue in the April 2021 and May 2021 security update for Microsoft Exchange Server 2019, 2016, and 2013.


To work around this issue, use either of the following methods.

Method 1

Do not use a service account when you configure the availability address space. To configure  the address space effectively, follow these steps:

  1. Create a "<targetdomain>\<fbaccount>" account in the target forest.

    Note: This can be a regular user account. No mailbox is required.

  2. Grant permissions to the new account in the target forest:

    • set-AvailabilityConfig -PerUserAccount <targetdomain>\<fbaccount>

  3. In the source forest, remove the existing availability address space:

    • remove-AvailabilityAddressSpace <ID of the AvailabilityAddressSpace of Target domain>

  4. Add a new availability address space. This time, set -UseServiceAccount to $false, and use the -Credentials option:

    • Add-AvailabilityAddressSpace -ForestName <Target Forest Name> -AccessMethod PerUserFB -UseServiceAccount $false -Credentials (Get-Credential)

  5. When you are prompted for credentials, enter the credentials for targetdomain\fbaccount.

  6. Restart Internet Information Services (IIS) by running the following PowerShell cmdlet:

  • Restart-Service W3SVC, WAS

Method 2

  1. Configure federated sharing between the Exchange organizations.

  2. Restart Internet Information Services (IIS) by running the following PowerShell cmdlet:

  • Restart-Service W3SVC, WAS


Configure federated sharing between Exchange organizations | Microsoft Docs

Description of the security update for Microsoft Exchange Server 2019, 2016, and 2013: April 13, 2021 (KB5001779)

No comments:

Post a Comment

Search This Blog

&quot;We can&#x27;t sign you in because you aren&#x27;t set up to use Skype for Business&quot; error in Skype for Business Server 2015 [MS]

"We can't sign you in because you aren't set up to use Skype for Business"...