Solved

Connecting Outlook over RRAS VPN

Posted on 2007-12-04
26
374 Views
Last Modified: 2013-11-16
Hello all,

I've been having problem with my remote users (including myself) not able to connect Outlook (2003 & 2007) over the RRAS VPN at the office.  We have windows server 2003 (std & ent) and MS Exchange 2003 (ent).  On one of the servers, we have configured RRAS.  For a while, users were able to synchronize Outlook and access their data without any problem.  Just a week ago, their Outlook wouldn't open and they received a message "Microsoft Exchange is unavailable" even though they connected to VPN successfully and were able to access data on the file server.  

I have a thought of what is going on but I thought I seek expertise opinions from the community.  After I connected via VPN, I tried to do nslookup from home (of course it's not going to show that my dc is the default server to resolve address) and entered in the exchange server name.  It resolved into a different IP address (not my private internal number).  Additionally, when I tried to nslookup my remaining servers' hostname, it resolved to the same one that I did for the exchange's hostname.  The last thing I tried was to ping all the servers' ip address, and I got replies.  However, when I did a ping to all the servers' hostname, I got a reply from the strange IP address that was resolved when I nslookup using the hostnames.  

So at this point, I'm sure it has to do with DNS, but I'm not sure where to look.

Thank you in advance for your expertise opinions and insights.

0
Comment
Question by:christian_dinh
  • 11
  • 10
  • 5
26 Comments
 
LVL 8

Expert Comment

by:wfcraven12
ID: 20404507
have you thought about setting the users up using RPC/HTTP instead of relying on VPN?  I've switched our AE's over to that and it's worked out great b/c a lot of hotels/resorts they go to block GRE.  Just thought I'd throw that option out there.
0
 

Author Comment

by:christian_dinh
ID: 20404642
wfcraven12,

I've been trying to configure RPC over HTTP on my environment, but I have no luck (after so many attempts and white paper instructions), I can't seem to get it working.  

anyhow, thank you for your prompt input.
0
 
LVL 12

Accepted Solution

by:
weareit earned 500 total points
ID: 20404645
0
 

Author Comment

by:christian_dinh
ID: 20404693
weareit,

I was using references' from the Petri site during my configurations.  Still no luck.

Thanks for the input.
0
 
LVL 8

Expert Comment

by:wfcraven12
ID: 20404717
what issues did you have using rpc/http?  did you make sure the user's AD profile had OMA enabled?  my first time setting it up (using those same instructions ironically) was pretty rough but after I got the first one working it was all butter....
0
 
LVL 12

Expert Comment

by:weareit
ID: 20404746
Agreed the first time you configure RPC over HTTPS it is rough but you do it once successfully and the rest are smooth sailing.

What issues were you having?

-saige-
0
 

Author Comment

by:christian_dinh
ID: 20404750
OMA is enabled on the user's profile.  After setting up all the Exchange configurations, and ports in the Registry, I tried to run the outlook.exe /rpcdiag, to ensure it's connecting via HTTPs, but it's not.  It was still tunneling through TCP rather than HTTPS.
0
 
LVL 8

Expert Comment

by:wfcraven12
ID: 20404780
well let's break it down a bit more simply.  can you take a system that's configured to use RPC/HTTP & hook it up to an external line (dsl/cable) to see what error you get?
0
 

Author Comment

by:christian_dinh
ID: 20404926
Two messages:

1) Outlook could not log on.  Check to make sure you are connected to the network and are using the proper server and mailbox name.  the connection to the Microsoft Exchange server is unavailable.  Outlook must be online or connected to complete this action;

2) Microsoft Exchange is unavailable.

when I run outlook.exe /rpcdiag, there's nothing under the 'Connection' tab.
0
 
LVL 8

Expert Comment

by:wfcraven12
ID: 20405068
so when you go to the RPC conection settings on the Outlook client how do you have it setup?  what's the address?  for example i have ours pointing to our owa URL.

0
 

Author Comment

by:christian_dinh
ID: 20405084
I configured it to point to 'mail.FQDN.com'

0
 
LVL 8

Expert Comment

by:wfcraven12
ID: 20405109
is it safe for me to assume that is the address of your OWA/Frontend server?
0
 

Author Comment

by:christian_dinh
ID: 20405118
It is the address of the OWA, but we don't have a FE server.  The OWA's HTTPS connection tunnels back to our network, sitting behind our FW.

0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 8

Expert Comment

by:wfcraven12
ID: 20405182
are you behind a proxy?

http://support.microsoft.com/kb/822595

0
 

Author Comment

by:christian_dinh
ID: 20405215
No...just a firewall and through the router going out.
0
 
LVL 8

Expert Comment

by:wfcraven12
ID: 20405273
okay.  so i'll assume in the RPC/HTTP connection settings box in Outlook, just the first box is check with the URL & the proxy address box is unchecked.

and what happens when you open up IE and type  https://mail.FQDN.com/rpc ???

do you see a pop up screen giving you a warning about the certificate? If so, then click on "view certificate" and then click on "install certificate". Now you have installed that SSL certificate and you should not see this pop up screen agian. Try shutting down Internet Explorer, restarting it, and then going to that web page again. Now you should not see that pop up warning screen about the SSL
0
 

Author Comment

by:christian_dinh
ID: 20405405
When I go to https://mail.FQDN.com/rpc, it gives me the authentication screen to enter my username and password.  When I enter the credentials, it would not go through.  The authentication screen keeps popping up.  NO SSL error message nor whatsoever.
0
 
LVL 12

Expert Comment

by:weareit
ID: 20405799
Try using domain\username

-saige-
0
 
LVL 8

Expert Comment

by:wfcraven12
ID: 20405839
weareit is right.  & after putting in the domain\username you should see something like directory listing not allowed.  
0
 

Author Comment

by:christian_dinh
ID: 20405933
even enter in the domain\username format, the authentication screen keeps popping up.  

Thanks all for your efforts.
0
 
LVL 12

Expert Comment

by:weareit
ID: 20405945
Are you using domain or FQDN Domain?

i.e. - MYDOMAIN.LOCAL

MYDOMAIN\UName

MYDOMAIN.LOCAL\UName

-saige-
0
 

Author Comment

by:christian_dinh
ID: 20405978
Both formats are not working:

Domain.NET\username;

FQDN\Username

0
 
LVL 12

Expert Comment

by:weareit
ID: 20405998
Then it's time to start looking at the server configuration itself.

I'll post back

-saige-
0
 
LVL 8

Expert Comment

by:wfcraven12
ID: 20406089
if LOCAL DOMAIN\username isn't working it's an IIS issue I believe.
0
 
LVL 8

Expert Comment

by:wfcraven12
ID: 20406203
Go into IIS & make sure your web extensions allow RPC Proxy Server Extension.  The rpcproxy.dll file needs to be allowed & it SHOULD be pointing to C:\WINDOWS\system32\rpcproxy\rpcproxy.dll.
0
 

Author Comment

by:christian_dinh
ID: 20406337
The RPC Proxy Server Extension had been set to Allowed, and point to the C:\windows\system32\rpcproxy\rpcproxy.dll

0

Featured Post

Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

Join & Write a Comment

Introduction Ever had certain email messages or responses that you find yourself using over and over again? Do you use Google's Gmail system? If so, then this article is here to help you save time by teaching you how to create email templates from …
Are you using email marketing software? If not, you're missing out on effortless marketing and the reaching of desired conversion rates through email marketing software.
The purpose of this video is to demonstrate how to set up an account with Mailchimp. This will be demonstrated using a Windows 8 PC. Tools Used are: Mailchimp.com Go to Mailchimp.com : Enter an Email, Username, and Password. Click Create My Acco…
The purpose of this video is to demonstrate how to set up a Mailchimp campaign. This will include styling and adding elements to a newsletter/email. This will be demonstrated using a Windows 8 PC. Mailchimp will be used. Log into your Mailchim…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now