It was brought to my attention that autodiscover was not behaving correctly externally. I ran it through Microsoft's Exchange connectivity tester @ http://www.testexchangeconnectivity.com/ and received the following output:
To resolve this first simple part I just went into the EMS and gave it an ExternalURL via:
Get-AutodiscoverVirtualDirectory | set-AutodiscoverVirtualDirectory -ExternalUrl https://autodiscover.domain.com/Autodiscover/Autodiscover.xml
I now received this error:
"Failed to ping RPC Endpoint 6004 (NSPI Proxy Interface)"
..and also RPC_S_SERVER_UNAVAILABLE error (0x6ba) was thrown by the RPC Runtime
Most curious about an RPC error at this level. Perhaps a connection between the Hub/Cas and MBX server or MBX server and AD/DCs/GCs? The environment was not 2008, nor was it using IPv6.
The following is what fixed my issue:
Using the configurations here I was able to remedy the situation. Basically what happened was that it could not use DSPROXY via HTTP, and it is a known issue. The fix is to:
1. Changes for Mailbox servers..
a. create a DWORD called "Do Not Refer HTTP to DSProxy" at HKLM\System\CCS\Services\MSExchangeSA\Parameters\ and the value set to 1. This will, as it spells out, stop it from trying to use DSProxy when using HTTP.
b. HKLM\System\CCS\Services\MSExchangeSA \Parameters key "NSPI Target Server" to the FQDN of the domain controller that you would like used for profile creation.
2. Changes for Client Access Servers..
a. Ensure that the "PeriodicPollingMinutes" key at HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeServiceHost\RpcHttpConfigurator\ is set to zero. This will ensure that the system won't continue to over write our settings every 15 minutes.
3. b. Also modify "ValidPorts" at HKLM\Software\Microsoft\RPC\RPCProxy such that it lists the DCs which can be accessed via port 6004. An example of this would be:
4. Changes for all Global Catalog (GC) servers..
a. Be sure that there is an REG_MULTI_SZ entry created named NSPI interface protocol sequences at HKLM\System\CurrentControlSet\Services\NTDS\Parameters\ and the value set to "ncacn_http:6004"
Testing autodiscover/Outlook anywhere now yields the following output in the connectivity tester:
You can double check these settings by configuring a profile in Outlook, then Ctrl+RightClicking the outlook icon on the system tray, and running "Test E-Mail Autoconfiguration."
For the full explanation I highly recommend reading the official blog post by Siddhartha Mathu at: