We help IT Professionals succeed at work.

Exchange 2007-  LOCAL outlook works, internet does not  NOT FIREWALL

875 Views
Last Modified: 2008-06-01
I had some major issues with permissions and such,  I fixed them by folowwing this:
msft KB:
941201
http://support.microsoft.com/kb/941201

that fixed the issue,
OWA works EVERYWHERE

however all of my clients who are on the internet can not connect via outlook,  they will get the password prompt, but then it just says tyring to connect...

i tried making an entirely new profile on a new computer,  on the internet,  when i click "check name"  i would get the login / pass prompt, and that would tell me if put in the wrong password or not,  however after this it just freezes then comes back and says it can not connect to the out look server.

If i make a new account on a machine, local to the exchange server, it works fine.

before this everything was fine and working great, nothing has changed on the router or Firewall, port 443 is forwarded to the exchange server (as i said OWA works fine)

my issues is most defiently related to RPC/HTTP  ON THE SERVER SIDE

tks
Comment
Watch Question

Author

Commented:
btw,  all handheld devices WM5 and WM6 are working fine and syncing fine.

outlook is the ONLY issue. and that only fails when going across the internet

RPC maybe?

tks
John Gates, CISSPLead IT Security Analyst, Global Threat Management
CERTIFIED EXPERT

Commented:
IMAP is on port 143 so how are you having your outlook clients connect?  Do you have port 143 open from your exchange server to the Internet (P.S. I do not suggest doing this ;-)


-D-
John Gates, CISSPLead IT Security Analyst, Global Threat Management
CERTIFIED EXPERT

Commented:
If you are using POP3 then you need port 110 open to the Internet.

Author

Commented:
all ports are fine,  we only have 443 open and 25,  443 is all that is needed.  not firewall or nat issues..



all the problem outlook clients are using RPC over HTTP..2007 and 2003 outlooks

local outlook tcp clients are fine

I was messing with some permissions of a unrelated folder, and that is what started these problems.

tks alot

Author

Commented:
I can see a successful network logon  in the  event viewer -> security folder when a problem outlook client tries to connect...

but as i said outlook will just time out and give the "The connection to the Microsoft Exchange server is unavailable"  outlook must be online...

in the advanced outlook connection status  it just shows "connecting"  for both directory and referral"

Author

Commented:
one update:

when i access:
https://exchange.server/RPC 

from a web browser

i get a password prompt,  and when i supply proper pass i get:

Directory Listing Denied


idealy what should be seeing here??

tks
Expert of the Year 2007
Expert of the Year 2006

Commented:
The test for https://host.domain.com/rpc is to confirm certificate acceptance, nothing else. You will always get an error, although a directory listing error doesn't seem correct. Normally it is something else - "access denied" - which is normal.

Therefore I would have to suspect that something is wrong either with the virtual directory or the proxy component.

Have you tried to move the web functionality to another web server?
Is the RPC over HTTPS proxy component installed in Windows?
Internally, do the clients connect over HTTPS or TCP/IP when you look at the Diag screen?

Simon.

--
If your question has been answered, pleased remember to accept the answer and close the question.

Author

Commented:
Yes,  everything is installed right.  this exact machine was working FINE last Friday, nothing has changed except i was chaning the permissions on a UN RELATED FOLDER FOR FILE SHARING PURPOSES

Im almost positive this is a permission issue....nothing else has changed.

I have remote access to several off site machines to test the outlook connectivity over RPC over HTTPS.

i have a laptop here, that has a sprint card too.  IT WILL NOT connect over HTTPS (rpcdiag just says connecting...  to the right dns btw)
if i then disconnect from sprint, and connect to my local network, outlook will connect over TCP succesffully according to RPCdiag.

When you say something is wrong with the virtual directory, are you talking about the RPC virtual dir, accessed by IIS manager?


I can mess up anything further by reinstalling the RPC component right?



thanks for your help!
Expert of the Year 2007
Expert of the Year 2006
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION

Author

Commented:
as i said above, i can see in the exchagne server's event viewer the login attempts from the remote RPC over HTTP clients, and it says login successful.

so i know they are getting through the firewall, as well i see the counter increasing on my port 443 forward rule.

Author

Commented:
thanks again just saw your comment!

when you say

-delete the virtual directory in iis manager

which directory by name are you speaking?

thanks again!

Author

Commented:
anyone?  i cant move on and im really get railed over here..

i dont want to delete the wrong directory...do i need to delete RPCwithcert as well?

Author

Commented:
Ok so i assuemd that rpc and RPCcert were what i needed to delete.

i think i was right,

however nothing has changed.

I still can not click check name

and all clients show RPCdiag just show  connecting....

this has to be premissions...that is ALL i messed with.  how can i reset permissions or go back to default?

how can i pay for support?  i dont care, we need this to work, we will pay whatever

Author

Commented:
update;

after reinstalling RPC,  now when i access:

https://server/rpc

I keep getting the login prompt, even when given the right info,

before at https://server/rpc    i could log in but i would get browsing the virtual directory is not allowed

Author

Commented:
WOW

its working....  here was what i did:

i did the re-install of rpc  as said by SIMON (thanks man, you saved me!)

however still RPC did not work after this.

I had to switch outlook anywhere to basic authenticaion  then it started working..

weird

Author

Commented:
just so ppl know,

i had been using NLNM authentication before with no issues....however clients with the reg edit of outlook are still able to log in with out a username / pass prompt.

tks again
Expert of the Year 2007
Expert of the Year 2006

Commented:
You need to match the authentication type. Therefore if you have it set to use Integrated authentication on the virtual directory then you need to set it to use NTLM in Outlook, if basic then basic needs to be set in Outlook.
While Exchange doesn't allow you set to both authentication types you can set both in IIS manager.

If NTLM is set and the workstation is part of the domain then you will not get a username/password prompt. If you set it to use basic then you will get a username and password authentication prompt. NO idea what registry entry you are on about for the clients.

Simon.

--
If your question has been answered, pleased remember to accept the answer and close the question.

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.