Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Exchange 2007-  LOCAL outlook works, internet does not  NOT FIREWALL

Posted on 2007-10-07
17
Medium Priority
?
847 Views
Last Modified: 2008-06-01
I had some major issues with permissions and such,  I fixed them by folowwing this:
msft KB:
941201
http://support.microsoft.com/kb/941201

that fixed the issue,
OWA works EVERYWHERE

however all of my clients who are on the internet can not connect via outlook,  they will get the password prompt, but then it just says tyring to connect...

i tried making an entirely new profile on a new computer,  on the internet,  when i click "check name"  i would get the login / pass prompt, and that would tell me if put in the wrong password or not,  however after this it just freezes then comes back and says it can not connect to the out look server.

If i make a new account on a machine, local to the exchange server, it works fine.

before this everything was fine and working great, nothing has changed on the router or Firewall, port 443 is forwarded to the exchange server (as i said OWA works fine)

my issues is most defiently related to RPC/HTTP  ON THE SERVER SIDE

tks
0
Comment
Question by:dough1518
  • 12
  • 3
  • 2
17 Comments
 

Author Comment

by:dough1518
ID: 20031829
btw,  all handheld devices WM5 and WM6 are working fine and syncing fine.

outlook is the ONLY issue. and that only fails when going across the internet

RPC maybe?

tks
0
 
LVL 18

Expert Comment

by:John Gates, CISSP
ID: 20032144
IMAP is on port 143 so how are you having your outlook clients connect?  Do you have port 143 open from your exchange server to the Internet (P.S. I do not suggest doing this ;-)


-D-
0
 
LVL 18

Expert Comment

by:John Gates, CISSP
ID: 20032147
If you are using POP3 then you need port 110 open to the Internet.
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 

Author Comment

by:dough1518
ID: 20032188
all ports are fine,  we only have 443 open and 25,  443 is all that is needed.  not firewall or nat issues..



all the problem outlook clients are using RPC over HTTP..2007 and 2003 outlooks

local outlook tcp clients are fine

I was messing with some permissions of a unrelated folder, and that is what started these problems.

tks alot
0
 

Author Comment

by:dough1518
ID: 20032320
I can see a successful network logon  in the  event viewer -> security folder when a problem outlook client tries to connect...

but as i said outlook will just time out and give the "The connection to the Microsoft Exchange server is unavailable"  outlook must be online...

in the advanced outlook connection status  it just shows "connecting"  for both directory and referral"
0
 

Author Comment

by:dough1518
ID: 20032460
one update:

when i access:
https://exchange.server/RPC 

from a web browser

i get a password prompt,  and when i supply proper pass i get:

Directory Listing Denied


idealy what should be seeing here??

tks
0
 
LVL 104

Expert Comment

by:Sembee
ID: 20033556
The test for https://host.domain.com/rpc is to confirm certificate acceptance, nothing else. You will always get an error, although a directory listing error doesn't seem correct. Normally it is something else - "access denied" - which is normal.

Therefore I would have to suspect that something is wrong either with the virtual directory or the proxy component.

Have you tried to move the web functionality to another web server?
Is the RPC over HTTPS proxy component installed in Windows?
Internally, do the clients connect over HTTPS or TCP/IP when you look at the Diag screen?

Simon.

--
If your question has been answered, pleased remember to accept the answer and close the question.
0
 

Author Comment

by:dough1518
ID: 20034847
Yes,  everything is installed right.  this exact machine was working FINE last Friday, nothing has changed except i was chaning the permissions on a UN RELATED FOLDER FOR FILE SHARING PURPOSES

Im almost positive this is a permission issue....nothing else has changed.

I have remote access to several off site machines to test the outlook connectivity over RPC over HTTPS.

i have a laptop here, that has a sprint card too.  IT WILL NOT connect over HTTPS (rpcdiag just says connecting...  to the right dns btw)
if i then disconnect from sprint, and connect to my local network, outlook will connect over TCP succesffully according to RPCdiag.

When you say something is wrong with the virtual directory, are you talking about the RPC virtual dir, accessed by IIS manager?


I can mess up anything further by reinstalling the RPC component right?



thanks for your help!
0
 
LVL 104

Accepted Solution

by:
Sembee earned 2000 total points
ID: 20034926
The following should work, but I haven't tried it personally.

- Disable Outlook Anywhere in Exchange 2007
- Remove the RPC Proxy in Windows components
- Delete the virtual directory in IIS manager
- Run IISRESET to write the change to the IIS Metabase.
- Reinstall the RPC Proxy in Windows components
- Re-enable Outlook Anywhere in Exchange 2007

That should get it back to the default settings.

If it was permissions related I would expect another error. The error you have got seems connected to something with the IIS configuration, application pool, something like that.

Simon.

--
If your question has been answered, pleased remember to accept the answer and close the question.
0
 

Author Comment

by:dough1518
ID: 20034928
as i said above, i can see in the exchagne server's event viewer the login attempts from the remote RPC over HTTP clients, and it says login successful.

so i know they are getting through the firewall, as well i see the counter increasing on my port 443 forward rule.
0
 

Author Comment

by:dough1518
ID: 20034941
thanks again just saw your comment!

when you say

-delete the virtual directory in iis manager

which directory by name are you speaking?

thanks again!
0
 

Author Comment

by:dough1518
ID: 20035119
anyone?  i cant move on and im really get railed over here..

i dont want to delete the wrong directory...do i need to delete RPCwithcert as well?
0
 

Author Comment

by:dough1518
ID: 20035290
Ok so i assuemd that rpc and RPCcert were what i needed to delete.

i think i was right,

however nothing has changed.

I still can not click check name

and all clients show RPCdiag just show  connecting....

this has to be premissions...that is ALL i messed with.  how can i reset permissions or go back to default?

how can i pay for support?  i dont care, we need this to work, we will pay whatever
0
 

Author Comment

by:dough1518
ID: 20035306
update;

after reinstalling RPC,  now when i access:

https://server/rpc

I keep getting the login prompt, even when given the right info,

before at https://server/rpc    i could log in but i would get browsing the virtual directory is not allowed
0
 

Author Comment

by:dough1518
ID: 20035370
WOW

its working....  here was what i did:

i did the re-install of rpc  as said by SIMON (thanks man, you saved me!)

however still RPC did not work after this.

I had to switch outlook anywhere to basic authenticaion  then it started working..

weird
0
 

Author Comment

by:dough1518
ID: 20035386
just so ppl know,

i had been using NLNM authentication before with no issues....however clients with the reg edit of outlook are still able to log in with out a username / pass prompt.

tks again
0
 
LVL 104

Expert Comment

by:Sembee
ID: 20035763
You need to match the authentication type. Therefore if you have it set to use Integrated authentication on the virtual directory then you need to set it to use NTLM in Outlook, if basic then basic needs to be set in Outlook.
While Exchange doesn't allow you set to both authentication types you can set both in IIS manager.

If NTLM is set and the workstation is part of the domain then you will not get a username/password prompt. If you set it to use basic then you will get a username and password authentication prompt. NO idea what registry entry you are on about for the clients.

Simon.

--
If your question has been answered, pleased remember to accept the answer and close the question.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Scripts are great for performing batch jobs against users, however sometimes the GUI is all you need.
There are literally thousands of Exchange recovery applications out there. So how do you end up picking one that’s ideal for your business & purpose? By carefully scouting the product’s features, the benefits it offers you, & reading ample reviews f…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
Suggested Courses

581 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question