So I was deploying an Exchange hybrid for one of our customers and had a unique experience with their Proxy Server.
In previous blogs, my colleagues and I have basically said that all connections should not be passing through a Proxy Server. If you absolutely have to use a Proxy Server then it should be configured to whitelist the URLs from Microsoft’s own documentation about the Datacentre IPs as well as removing all forms of pre-authentication.
When we do this for Exchange, there are generally three places that we have to configure this:
- Internet Explorer settings (IE > Tools > Internet Options > Connections)
- TCP/IP Stack settings (netsh winhttp set proxy)
- Exchange Server settings (Set-ExchangeServer -InternetWebProxy)
In this particular instance, I was configuring the Proxy URL bypass list for the Azure AD Connect server and discovered that there is a fourth way the proxy server can be set. This particular method is applicable to .NET applications and uses the machine.config file within the .NET Framework.
<system.net> <defaultProxy enabled="true" useDefaultCredentials="true"> <proxy usesystemdefault="true" proxyaddress="http://proxyurl:port>" bypassonlocal="true" /> <bypasslist> <add address="http://[a-z]+url\.com/" /> </bypasslist> </defaultProxy> </system.net>
When you restart the service or application then the proxy settings will take effect.