Solved

Help with setup of Exchange server

Posted on 2004-09-10
16
315 Views
Last Modified: 2008-01-09
OK, I have been battling for a while to get this configuration going but no luck.

I have our public domain (xyz.com.au) and our local domain xyz.local. xyz.local is an Active Directory domain, while xyz.com.au is a standard DNS domain.

DNS for xyz.com.au has an entry for mail.xyz.com.au that points to say 1.1.1.75 and DNS internally has mail.xyz.local that points to 192.168.1.252.

Our firewall routes ports 25, 110 and 80 from our mail servers external IP Address to our internal IP Address.

Now, internally, when I use Outlook and add a new mailbox, when I enter a server name of mail.xyz.com.au and a valid username all works fine, but server name gets changed to its internal server name mail.xyz.local. No problems...it works...Just somethiing I noticed.

Now, for the part that doesnt work. I have a number of laptop users, all who have Outlook 2003. I am trying to get RPC over HTTP working So I can use "Exchange over the Internet". The prolem I am having is that when I try to do a Check Name from External to the local network, ie from Home, I get an Internet Explorer Authentication Box from Realm mail.xyz.com.au. The authentication never passes and so I can never get it to work. I cant uses the previously working "Check Name" from on the local network as the server name changed to the internal server name.

Any ideas what is going wrong?

Andrew
0
Comment
Question by:andrewharris
  • 9
  • 7
16 Comments
 
LVL 104

Accepted Solution

by:
Sembee earned 500 total points
ID: 12025828
With RPC over HTTP you need to configure the same name to work both internally and externally.
This looking like mail.xyz.com.au
Your HTTPS certitficate also needs to be using this name.

You then configure the RPC settings in Account Settings, Connection.
Enable the option "Connect to my Exchange Mailbox using HTTP" and then enter the "Exchange proxy Settings". Throughout the dialogue you will enter the external name - mail.xyz.com.au.

If you want to see a screenshot of a completed configuration, look here: http://www.amset.info/exchange/rpc-http-client.asp

The name check will still resolve to the machine's internal name on your .local domain - it is supposed to do that.

Simon.
0
 
LVL 4

Author Comment

by:andrewharris
ID: 12026246
You are a star...I can now get into Outlook. The missing thing was the 'Use HTTP THEN TCP/IP' for FAST networks was unchecked.

One issue though is that I get this now:
Task 'Mailbox - Andrew Harris' reported error (0x8004011D) : 'The server is not available. Contact your administrator if this condition persists.'
Task 'Mailbox - Andrew Harris - Sending' reported error (0x80040115) : 'The connection to the Microsoft Exchange Server is unavailable.  Outlook must be online or connected to complete this action.'

Any ideas?

Andrew
0
 
LVL 104

Expert Comment

by:Sembee
ID: 12031310
They are MAPI errors.
If you remove RPC-HTTP does it work when you are on the network? You need to rule out a problem with your mailbox.

Simon.
0
 
LVL 4

Author Comment

by:andrewharris
ID: 12031997
Well, at first I did have the problem while connected localy, but I sorted a DNS problem and that works fine. So now I only get it when connected Remotely.

The problem I get is when I first get Outlook started, it moves straight to being "Disconnected".

Andrew
0
 
LVL 104

Expert Comment

by:Sembee
ID: 12034664
Going straight to disconnected means that there is still a problem with connection to the Exchange server.

Do the following on network:

Try creating a new profile without the RPC-HTTP settings and see if that connects.
If so, add the RPC-HTTP settings. See if it still connects.

Once you have confirmed the above stages, take the machine off net to see if it works.

Simon.
0
 
LVL 4

Author Comment

by:andrewharris
ID: 12036577
I did that, thats what my last post was (trying) to say.

Connected locally, with and without RPC-HTTP all is OK. Connected remotely with RPC-HTTP I get this problem. I need to add too, that if I take cached mode off then I cant even start outlook remotely.

Andrew
0
 
LVL 104

Expert Comment

by:Sembee
ID: 12038163
Getting RPC-HTTP to work is a step by step process - trying to rush ahead usually results in problems. It is actually quite complex to get going - but once it is running, very easy to implement and maintain.

When on network start Outlook with the rpcdiag switch

outlook /rpcdiag

All elements should be connecting with https. In addition, if the machine is a member of the domain you shouldn't get prompted for a username and password.
If anything is connecting with TCP/IP then RPC-HTTP isn't working correctly.

Next, repeat the process outside of the network and see which component is failing.

If it works fully inside then there has to be something wrong either with the firewall configuration, dns or something else interfering with the connection.

Simon.
0
 
LVL 4

Author Comment

by:andrewharris
ID: 12040554
Sembee,

I take your point on rushing and can see why.

I still get a prompt for username/password and have had to set the Proxy Authentication to use Basic Authentication as NTLM never Authenticates sucessfully (This may be due to a group Policy Setting we have...I am looking into that).

Both internally and externally, /rpcdiag show that I am using HTTPS. The part that worries me is that, once Outlook is started, /rpcdiag shows 2 entries, and both are for our Domain Controller. Do I need to make the Exchange Server a Domain Controller?

Andrew
0
Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

 
LVL 104

Expert Comment

by:Sembee
ID: 12046996
Don't make the Exchange server a domain controller. Lots of people do that and it causes lots of problems. It isn't recommended and Exchange is a lot happier on a member server.

Step back a bit more if you will for a moment please? Does OWA work with that certificate?

You shouldn't be seeing the domain controller listed. For both entries it should be the internal FQDN of the Exchange server. Don't worry - that is by design.

Thus, you have entered mail.domain.com but your internal address is exchange.domain.local then exchange.domain.local is what rpcdiag will show.

The authentication problems are well known - there is a fix for that. http://support.microsoft.com/?kbid=820281

RPC Proxy needs to be installed on the Exchange server.
HTTPS needs to be installed on the Exchange server.
The clients need to be pointing at the Exchange server either internally or externally by DNS - ie mail.domain.com needs to resolve correctly whether you are inside or outside - although the results may be different.
Something isn't right with the setup.

What I should have asked right at the start is whether this is Exchange 2003 SP1 which has been configired with the GUI or Exchange 2003 no sp which has been configuired by manual registry edits. It can make a difference.

Simon.
0
 
LVL 4

Author Comment

by:andrewharris
ID: 12049066
Simon,

Thanks for your patience....

The Certificate we are using was generated by an internal Cerificate Server for mail.xyz.com.au and works fine. OWA works fine and IE doesnt complain.

When you said "You shouldn't be seeing the domain controller listed", where "shouldnt" I be seeing it? I think you mean in rpcdiag, in which case I definately see the FQDN of my DC wth a "type" of "Directory"
0
 
LVL 4

Author Comment

by:andrewharris
ID: 12049082
opps...Wrong button:-/

Lastly, my Exchange Setup is Exchange 2003 SP1 Configured bu GUI.


Andrew
0
 
LVL 104

Expert Comment

by:Sembee
ID: 12049439
I would usually recommend a purchased certificate. These cause less problems for RPC-HTTP implementations. However as you have managed to get IE to accept the certificate Outlook should be fine.

I did mean in RPCDIAG - when I run it from a production system I built earlier in the year the only server listed is the Exchange server.
Take a look at this page and you will see two screenshots, one of a working installation and one of a fautly installation:

http://www.amset.info/exchange/rpc-http-diag.asp

I have lots of patience - you have to in this industry. Doesn't help that I am around 12 hours different on the time zone (UK).

Simon.
0
 
LVL 4

Author Comment

by:andrewharris
ID: 12050711
Simon,

Your patience is appreciated :-).

No hassle on the Timezone diff'. I am normall up at your time, just the last few days I have had no excuses to be up so I haven't been (Take the opportunities when you can ;-)).

From reading through http://www.amset.info/exchange/rpc-http-server.asp I can see one issue that I haven't addressed. Thats the ValidPorts Registry Entry.

I am in the process of doing this now. Will let you know.

Andrew
0
 
LVL 4

Author Comment

by:andrewharris
ID: 12050919
OK, I am confused....

I take this:

Dual Server Installation - where Exchange is on a separate machine to the domain controller

exchange-server = Backend Exchange Server
dc = Domain Controller with Global Catalog
external.com = External certificate/domain name

exchange-server:6001-6002;
exchange-server.domain.com:6001-6002;
dc:6001-6002;
dc.domain.com:6001-6002;
exchange-server:6004;
exchange-server.domain.com:6004;
dc:6004;
dc.domain.com:6004;
mail.external.com:6001-6002;
mail.external.com:6004;
dc:593;
dc.domain.com:593;
exchange-server:593;
exchange-server.domain.com:593;
mail.external.com:593;

And change it to previously documented domain names. Is this right:

mail = Backend Exchange Server
kwik-e-mart = Domain Controller with Global Catalog
xyz.local = Internal Domain
xyz.com.au = External certificate/domain name

mail:6001-6002;
mail.xyz.local:6001-6002;
kwik-e-mart:6001-6002;
kwik-e-mart.xyz.local:6001-6002;
mail:6004;
mail.xyz.local:6004;
kwik-e-mart:6004;
kwik-e-mart.xyz.local:6004;
mail.xyz.com.au:6001-6002;
mail.xyz.com.au:6004;
kwik-e-mart:593;
kwik-e-mart.xyz.local:593;
mail:593;
mail.xyz.local:593;
mail.xyz.com.au:593;

Andrew
0
 
LVL 4

Author Comment

by:andrewharris
ID: 12053625
Well, that did it. I changed it to:

mail:6001-6002;
mail.xyz.local:6001-6002;
kwik-e-mart:6001-6002;
kwik-e-mart.xyz.local:6001-6002;
mail:6004;
mail.xyz.local:6004;
kwik-e-mart:6004;
kwik-e-mart.xyz.local:6004;
mail.xyz.com.au:6001-6002;
mail.xyz.com.au:6004;
kwik-e-mart:593;
kwik-e-mart.xyz.local:593;
mail:593;
mail.xyz.local:593;
mail.xyz.com.au:593;

And all is now working (After a reboot). Simon...you are a god send...Respect!!!

Andrew
0
 
LVL 104

Expert Comment

by:Sembee
ID: 12058657
I was tied up all day with a client so couldn't respond... but glad to hear you have it working.
Technically you shouldn't need the registry entries, but there have been various reports of at least some of them still being required.

Thanks for the points...

Simon.
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lotus Notes – formerly IBM Notes – is an email client application, while IBM Domino (earlier Lotus Domino) is an email server. The client possesses a set of features that are even more advanced as compared to that of Outlook. Likewise, IBM Domino is…
Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now