Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 387
  • Last Modified:

Connecting Outlook over RRAS VPN

Hello all,

I've been having problem with my remote users (including myself) not able to connect Outlook (2003 & 2007) over the RRAS VPN at the office.  We have windows server 2003 (std & ent) and MS Exchange 2003 (ent).  On one of the servers, we have configured RRAS.  For a while, users were able to synchronize Outlook and access their data without any problem.  Just a week ago, their Outlook wouldn't open and they received a message "Microsoft Exchange is unavailable" even though they connected to VPN successfully and were able to access data on the file server.  

I have a thought of what is going on but I thought I seek expertise opinions from the community.  After I connected via VPN, I tried to do nslookup from home (of course it's not going to show that my dc is the default server to resolve address) and entered in the exchange server name.  It resolved into a different IP address (not my private internal number).  Additionally, when I tried to nslookup my remaining servers' hostname, it resolved to the same one that I did for the exchange's hostname.  The last thing I tried was to ping all the servers' ip address, and I got replies.  However, when I did a ping to all the servers' hostname, I got a reply from the strange IP address that was resolved when I nslookup using the hostnames.  

So at this point, I'm sure it has to do with DNS, but I'm not sure where to look.

Thank you in advance for your expertise opinions and insights.

0
christian_dinh
Asked:
christian_dinh
  • 11
  • 10
  • 5
1 Solution
 
wfcraven12Commented:
have you thought about setting the users up using RPC/HTTP instead of relying on VPN?  I've switched our AE's over to that and it's worked out great b/c a lot of hotels/resorts they go to block GRE.  Just thought I'd throw that option out there.
0
 
christian_dinhAuthor Commented:
wfcraven12,

I've been trying to configure RPC over HTTP on my environment, but I have no luck (after so many attempts and white paper instructions), I can't seem to get it working.  

anyhow, thank you for your prompt input.
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 
christian_dinhAuthor Commented:
weareit,

I was using references' from the Petri site during my configurations.  Still no luck.

Thanks for the input.
0
 
wfcraven12Commented:
what issues did you have using rpc/http?  did you make sure the user's AD profile had OMA enabled?  my first time setting it up (using those same instructions ironically) was pretty rough but after I got the first one working it was all butter....
0
 
weareitCommented:
Agreed the first time you configure RPC over HTTPS it is rough but you do it once successfully and the rest are smooth sailing.

What issues were you having?

-saige-
0
 
christian_dinhAuthor Commented:
OMA is enabled on the user's profile.  After setting up all the Exchange configurations, and ports in the Registry, I tried to run the outlook.exe /rpcdiag, to ensure it's connecting via HTTPs, but it's not.  It was still tunneling through TCP rather than HTTPS.
0
 
wfcraven12Commented:
well let's break it down a bit more simply.  can you take a system that's configured to use RPC/HTTP & hook it up to an external line (dsl/cable) to see what error you get?
0
 
christian_dinhAuthor Commented:
Two messages:

1) Outlook could not log on.  Check to make sure you are connected to the network and are using the proper server and mailbox name.  the connection to the Microsoft Exchange server is unavailable.  Outlook must be online or connected to complete this action;

2) Microsoft Exchange is unavailable.

when I run outlook.exe /rpcdiag, there's nothing under the 'Connection' tab.
0
 
wfcraven12Commented:
so when you go to the RPC conection settings on the Outlook client how do you have it setup?  what's the address?  for example i have ours pointing to our owa URL.

0
 
christian_dinhAuthor Commented:
I configured it to point to 'mail.FQDN.com'

0
 
wfcraven12Commented:
is it safe for me to assume that is the address of your OWA/Frontend server?
0
 
christian_dinhAuthor Commented:
It is the address of the OWA, but we don't have a FE server.  The OWA's HTTPS connection tunnels back to our network, sitting behind our FW.

0
 
wfcraven12Commented:
are you behind a proxy?

http://support.microsoft.com/kb/822595

0
 
christian_dinhAuthor Commented:
No...just a firewall and through the router going out.
0
 
wfcraven12Commented:
okay.  so i'll assume in the RPC/HTTP connection settings box in Outlook, just the first box is check with the URL & the proxy address box is unchecked.

and what happens when you open up IE and type  https://mail.FQDN.com/rpc ???

do you see a pop up screen giving you a warning about the certificate? If so, then click on "view certificate" and then click on "install certificate". Now you have installed that SSL certificate and you should not see this pop up screen agian. Try shutting down Internet Explorer, restarting it, and then going to that web page again. Now you should not see that pop up warning screen about the SSL
0
 
christian_dinhAuthor Commented:
When I go to https://mail.FQDN.com/rpc, it gives me the authentication screen to enter my username and password.  When I enter the credentials, it would not go through.  The authentication screen keeps popping up.  NO SSL error message nor whatsoever.
0
 
weareitCommented:
Try using domain\username

-saige-
0
 
wfcraven12Commented:
weareit is right.  & after putting in the domain\username you should see something like directory listing not allowed.  
0
 
christian_dinhAuthor Commented:
even enter in the domain\username format, the authentication screen keeps popping up.  

Thanks all for your efforts.
0
 
weareitCommented:
Are you using domain or FQDN Domain?

i.e. - MYDOMAIN.LOCAL

MYDOMAIN\UName

MYDOMAIN.LOCAL\UName

-saige-
0
 
christian_dinhAuthor Commented:
Both formats are not working:

Domain.NET\username;

FQDN\Username

0
 
weareitCommented:
Then it's time to start looking at the server configuration itself.

I'll post back

-saige-
0
 
wfcraven12Commented:
if LOCAL DOMAIN\username isn't working it's an IIS issue I believe.
0
 
wfcraven12Commented:
Go into IIS & make sure your web extensions allow RPC Proxy Server Extension.  The rpcproxy.dll file needs to be allowed & it SHOULD be pointing to C:\WINDOWS\system32\rpcproxy\rpcproxy.dll.
0
 
christian_dinhAuthor Commented:
The RPC Proxy Server Extension had been set to Allowed, and point to the C:\windows\system32\rpcproxy\rpcproxy.dll

0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

  • 11
  • 10
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now