Environment details:
- Mixed Exchange 2010/2013 environment.
- User mailboxes reside on Exchange 2010 servers only.
- Exchange 2010 (14.3.123.4) runs on Windows Server 2008 R2 ENT
- Exchange 2013 (15.0.712.24) runs on Windows Server 2012 STD
- "MaxTokenSize"=dword:0000bb80 value exists on all DCs and Exchange 2013 server
Script used: Check for MaxTokenSize Problems (http://gallery.technet.microsoft.com/scriptcenter/Check-for-MaxTokenSize-520e51e5)
Two scenarios:
Scenario A: User with 32 groups
Script results:
******************************************
There are 32 groups in the token.
22 are domain global scope security groups.
0 are domain local security groups.
0 are universal security groups inside of the users domain.
0 are universal security groups outside of the users domain.
The current userAccountControl value is 512.
Token size is 1376 and the user is not trusted for delegation.
Problem not detected.
******************************************
Scenario B: User with 170 groups
Script results:
******************************************
There are 170 groups in the token.
160 are domain global scope security groups.
0 are domain local security groups.
0 are universal security groups inside of the users domain.
0 are universal security groups outside of the users domain.
The current userAccountControl value is 512.
Token size is 2480 and the user is not trusted for delegation.
Problem not detected.
******************************************
Repro steps:
Trying to access Autodiscovery URL:
https://[server fqdn]/Autodiscover/Autodiscover.xml
Results:
Exchange 2010 CAS server WORKS in both scenarios (no MaxTokenSize related registry entries on it!)
Exchange 2013 works only in Scenario A. In Scenario B it throws "HTTP 400 Bad Request".
Ideas what to do next?