Solved

Outlook 2003 POP & SMTP Server Question

Posted on 2006-11-01
25
227 Views
Last Modified: 2010-03-06
Hi,

We have many area managers in our company that are on the road and collect their email using their O2 3G cards.

They collect their email directly from our exchange server using one of our fixed IP addresses as the POP server and send using smtp.o2.co.uk.

This all works fine until they come inside our network and connect with the wireless network.  They obviously then want to use the direct address of our exchange server in their account settings?

Any ideas how to get around this problem?  If i setup multiple accounts then one will always error on send & receive?

A solution would save me a lot of grief!

Cheers

Chris
0
Comment
Question by:Sailo100
  • 14
  • 11
25 Comments
 
LVL 104

Expert Comment

by:Sembee
ID: 17852726
What is your Exchange server? Exchange 2003? If so, your better option would be to use RPC over HTTPS rather than POP3. That makes a direct connection to the Exchange server over the internet, it doesn't require a VPN, just a simple Internet connection. With a correctly configured DNS setup you can make it so that they can move on and off the network very easily.

Another option maybe some DNS tricks. Do these users have to authenticate to O2's SMTP server? If not, then you could change the address of the O2 SMTP server in their software to a host name under your control.

For example, you could create a alias called o2-mail.domain.co.uk (where domain.co.uk is your own domain) then point that alias at o2.
Internally, you could create a host called 02-mail.domain.co.uk that points to your internal server.

If you want to use Exchange when the users are inside, then you are looking at two profiles, because Exchange and POP3 are two very different things.

Simon.
0
 

Author Comment

by:Sailo100
ID: 17859742
Hi Simon,

I have investigated RPC over HTTPS but from what i can gather that involves us buying more hardware which is not something my budget currently permits!

I will look into your suggestion regarding the DNS?

Do you have more of a detailed explanation of how i would set this up?

Thanks

Chris
0
 
LVL 104

Expert Comment

by:Sembee
ID: 17859806
Where did you get the impression that RPC over HTTPS required more hardware? If you meet the basic requirements then you don't.

Basic requirements for RPC over HTTPS - Exchange 2003 on Windows 2003 with at least one Windows 2003 DC/GC. Clients - Windows XP SP2 with Outlook 2003.

Microsoft make it read like you need a frontend server and/or an ISA server, but you don't. Yes they have made it easier to deploy with those features but it is not a hard requirement.

The only additional purchase you may have to make is a commercial SSL certificate - if you already have one for OWA then the same certificate would work.

RPC over HTTPS is far away the best solution for you, rather than the awful POP3 (which is last in my list of remote access for email methods, after RPC over HTTPS, Outlook with a VPN, OWA and IMAP).

Simon.
0
 

Author Comment

by:Sailo100
ID: 17859848
Oh right.... i didn't realise this?  I think all of the standard microsoft diagrams have warped my mind!

We already have mail.domain.com setup with an SSL certificate!

What else do i need to do to setup RPC over HTTPS then?  Do you have a simple guide or tutorial you can point me in the direction of?

I'm just leaving the office now so i'll pick this up in the morning!

Cheers

Chris
0
 
LVL 104

Expert Comment

by:Sembee
ID: 17859927
On a single Exchange server deployment it is simply a matter of installing a component on the Exchange server, then making some registry changes on both Exchange and on the GC/DC. No firewall ports to open.
Then you make a change to the Outlook configuration and the users can connect over any internet connection.

I have the registry changes on my web site: http://www.amset.info/exchange/rpc-http.asp

Simon.
0
 

Author Comment

by:Sailo100
ID: 17861259
My Exchange Server is the DC/GC?  Does that make any difference?

Also...How secure is this method?
0
 
LVL 104

Expert Comment

by:Sembee
ID: 17861295
The fact that your Exchange server is also your domain controller makes no difference. You just make the domain controller change on your Exchange server.

How secure? More secure than POP3 which sends usernames and passwords across in the clear. It uses HTTPS, so everything goes across encrypted.

Simon.
0
 

Author Comment

by:Sailo100
ID: 17861702
I have changed the points on this question to 500 if you can help me sort the RPC - HTTPs out?

I have followed all the instructions on your site and am now at the point where i am trying outlook /rpcdiag (i am using my pc at home) but cannot get past the username & passwaord screen?

Any ideas?

I have tried domain\username but to no results?
0
 

Author Comment

by:Sailo100
ID: 17865491
Ok so i'm in the office now and tried testing the rpc using https://server/rpc from inside the network!

I accepted the certificate and now it's asking for username and password which it does not accept?
0
 
LVL 104

Expert Comment

by:Sembee
ID: 17866012
If you are getting a certificate prompt then the feature will not work.
You have to browse to https://host.domain.com/rpc (where host.domain.com is the name on the certificate) for the test to be valid.

Rule number one with RPC over HTTPS - get it working inside. So your test from last night wasn't really valid because you were outside of the network.

Ensure that anonymous authentication is not enabled on the /rpc virtual directory in IIS manager. It should be basic and integrated authentication only.

Simon.
0
 

Author Comment

by:Sailo100
ID: 17867469
Ok i have tried https://mail.domain.com/rpc from my terminal inside the network and it now doesn't ask for a certificate now but i still cannot get it to accept my username & password.  Anonymous is turned off on /rpc!

Any other tests i can perform?
0
 
LVL 104

Expert Comment

by:Sembee
ID: 17867516
When you authenticate, what do you use?

username and password?
domain\username and password?

If the former, use the latter.

Simon.
0
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 

Author Comment

by:Sailo100
ID: 17870864
I have tried all of the following :

username
domain\username
domain.local\username

But still no look!  Should i maybe consider removing RPC and reinstalling it?
0
 
LVL 104

Expert Comment

by:Sembee
ID: 17870958
Have you made all of the registry changes - the valid ports and the domain controller part?

Simon.
0
 

Author Comment

by:Sailo100
ID: 17872554
Yep i believe so.... i although i must admit i didn't try a reboot....

I can try that now.....

I have the following set:

We are using Windows 2003 Server Standard SP1 with Exchange 2003 Standard SP2

This machine is my DC also.

Server Properties -> RPC-HTTP
RPC-HTTP back-end server is checked!!

In the registry i added the following:

My Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\RpcProxy

ValidPorts  REG_SZ  

server:100-5000;server:6001-6002;server:6004;server.domain.local:6001-6002;server.domain.local:6004;mail.domain.com:6001-6002;mail.domain.com:6004;

Obviously i have replaced server with the name of my exchange server.  domain.local is the name of my internal domain and mail.domain.com is the sub domain that points to one of our external IP addresses.

We already had the following entry :

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters

NSPI Interface protocol sequences   REG_MULTI_SZ    

ncacn_http:6004

I apologise if I have missed something or misread something!!

Cheers

Chris
0
 
LVL 104

Expert Comment

by:Sembee
ID: 17880707
The registry settings look correct.
Is it working now? Internally?

Simon.
0
 

Author Comment

by:Sailo100
ID: 17880773
No it's still not accepting my credentials!

Just to double check... from inside my network i am entering https://mail.externaldomain.com/rpc

Is that right?
0
 

Author Comment

by:Sailo100
ID: 17880779
0
 
LVL 104

Expert Comment

by:Sembee
ID: 17882788
When testing the RPC site, not accepting the credentials is normal behaviour. You will get an odd failure after the third try. What the test is designed for is to confirm any certificate prompts. If you don't get any, then you can look at configuring the Outlook client.

Simon.
0
 

Author Comment

by:Sailo100
ID: 17883804
This is starting to do my head in!!

I have created a new mail profile on my local network that connects via HTTP

I entered mail.externaldomain.com into the URL box and checked both on fast networks.... and on slow networks....

And when i start outlook with this profile i get prompted for my credentials and still i cannot get past this screen!  I really don't understand why this is happening... all the instructions i am finding suggest it should just work!

I have also tried entering the following into IE on an external machine - https://mail.externaldomain.com/rpc/rpcproxy.dll which does ask for credentials and appears to accept them?

Surely i'm missing a tricky .... but i have no idea where?
0
 

Author Comment

by:Sailo100
ID: 17883832
Simon - Based on what you were saying here:

When testing the RPC site, not accepting the credentials is normal behaviour. You will get an odd failure after the third try. What the test is designed for is to confirm any certificate prompts. If you don't get any, then you can look at configuring the Outlook client.

I do not get asked for the certificate but the credentials yes.  3 times and then it fails with the following error :

HTTP Error 401.3 - Unauthorized: Access is denied due to an ACL set on the requested resource.
0
 
LVL 104

Expert Comment

by:Sembee
ID: 17884441
That is the correct error message on Windows 2003 SP1.
Did you enter the second information as mail.domain.com or msstd:mail.domain.com ?
See the screenshot on my web site here: http://www.amset.info/exchange/rpc-http-client.asp

Ensure that anonymous authentication is not set on the /rpc virtual directory. It should be basic and integrated only.

Simon.
0
 

Author Comment

by:Sailo100
ID: 17887520
Hi Simon,

I have gotten it to work now by changing the proxy authentication from NTLM to basic!

Can you tell me what difference this will make to the security and why NTLM maybe doesn't work?

Thanks for all your help?

Cheers

Chris
0
 
LVL 104

Accepted Solution

by:
Sembee earned 500 total points
ID: 17889254
It is all going over SSL, so from a security point of view it doesn't make any difference at all.
Is integrated authentication enabled on the /rpc virtual directory? If it isn't then that can stop NTLM from working.

Are you sure that Outlook is using HTTPS for everything? Use the RPCDIAG window to check.

Simon.
0
 

Author Comment

by:Sailo100
ID: 17890262
Well it says HTTPS on every line under CONN so i guess it's working?

I just checked integrated authentication and now NTLM seems to be working!!  So it's my belief we are maybe done here!!

Many Thanks for your help Simon!

Cheers

Chris
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Join & Write a Comment

"Migrate" an SMTP relay receive connector to a new server using info from an old server.
Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now