christian_dinh
asked on
Connecting Outlook over RRAS VPN
Hello all,
I've been having problem with my remote users (including myself) not able to connect Outlook (2003 & 2007) over the RRAS VPN at the office. We have windows server 2003 (std & ent) and MS Exchange 2003 (ent). On one of the servers, we have configured RRAS. For a while, users were able to synchronize Outlook and access their data without any problem. Just a week ago, their Outlook wouldn't open and they received a message "Microsoft Exchange is unavailable" even though they connected to VPN successfully and were able to access data on the file server.
I have a thought of what is going on but I thought I seek expertise opinions from the community. After I connected via VPN, I tried to do nslookup from home (of course it's not going to show that my dc is the default server to resolve address) and entered in the exchange server name. It resolved into a different IP address (not my private internal number). Additionally, when I tried to nslookup my remaining servers' hostname, it resolved to the same one that I did for the exchange's hostname. The last thing I tried was to ping all the servers' ip address, and I got replies. However, when I did a ping to all the servers' hostname, I got a reply from the strange IP address that was resolved when I nslookup using the hostnames.
So at this point, I'm sure it has to do with DNS, but I'm not sure where to look.
Thank you in advance for your expertise opinions and insights.
I've been having problem with my remote users (including myself) not able to connect Outlook (2003 & 2007) over the RRAS VPN at the office. We have windows server 2003 (std & ent) and MS Exchange 2003 (ent). On one of the servers, we have configured RRAS. For a while, users were able to synchronize Outlook and access their data without any problem. Just a week ago, their Outlook wouldn't open and they received a message "Microsoft Exchange is unavailable" even though they connected to VPN successfully and were able to access data on the file server.
I have a thought of what is going on but I thought I seek expertise opinions from the community. After I connected via VPN, I tried to do nslookup from home (of course it's not going to show that my dc is the default server to resolve address) and entered in the exchange server name. It resolved into a different IP address (not my private internal number). Additionally, when I tried to nslookup my remaining servers' hostname, it resolved to the same one that I did for the exchange's hostname. The last thing I tried was to ping all the servers' ip address, and I got replies. However, when I did a ping to all the servers' hostname, I got a reply from the strange IP address that was resolved when I nslookup using the hostnames.
So at this point, I'm sure it has to do with DNS, but I'm not sure where to look.
Thank you in advance for your expertise opinions and insights.
have you thought about setting the users up using RPC/HTTP instead of relying on VPN? I've switched our AE's over to that and it's worked out great b/c a lot of hotels/resorts they go to block GRE. Just thought I'd throw that option out there.
ASKER
wfcraven12,
I've been trying to configure RPC over HTTP on my environment, but I have no luck (after so many attempts and white paper instructions), I can't seem to get it working.
anyhow, thank you for your prompt input.
I've been trying to configure RPC over HTTP on my environment, but I have no luck (after so many attempts and white paper instructions), I can't seem to get it working.
anyhow, thank you for your prompt input.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
weareit,
I was using references' from the Petri site during my configurations. Still no luck.
Thanks for the input.
I was using references' from the Petri site during my configurations. Still no luck.
Thanks for the input.
what issues did you have using rpc/http? did you make sure the user's AD profile had OMA enabled? my first time setting it up (using those same instructions ironically) was pretty rough but after I got the first one working it was all butter....
Agreed the first time you configure RPC over HTTPS it is rough but you do it once successfully and the rest are smooth sailing.
What issues were you having?
-saige-
What issues were you having?
-saige-
ASKER
OMA is enabled on the user's profile. After setting up all the Exchange configurations, and ports in the Registry, I tried to run the outlook.exe /rpcdiag, to ensure it's connecting via HTTPs, but it's not. It was still tunneling through TCP rather than HTTPS.
well let's break it down a bit more simply. can you take a system that's configured to use RPC/HTTP & hook it up to an external line (dsl/cable) to see what error you get?
ASKER
Two messages:
1) Outlook could not log on. Check to make sure you are connected to the network and are using the proper server and mailbox name. the connection to the Microsoft Exchange server is unavailable. Outlook must be online or connected to complete this action;
2) Microsoft Exchange is unavailable.
when I run outlook.exe /rpcdiag, there's nothing under the 'Connection' tab.
1) Outlook could not log on. Check to make sure you are connected to the network and are using the proper server and mailbox name. the connection to the Microsoft Exchange server is unavailable. Outlook must be online or connected to complete this action;
2) Microsoft Exchange is unavailable.
when I run outlook.exe /rpcdiag, there's nothing under the 'Connection' tab.
so when you go to the RPC conection settings on the Outlook client how do you have it setup? what's the address? for example i have ours pointing to our owa URL.
ASKER
I configured it to point to 'mail.FQDN.com'
is it safe for me to assume that is the address of your OWA/Frontend server?
ASKER
It is the address of the OWA, but we don't have a FE server. The OWA's HTTPS connection tunnels back to our network, sitting behind our FW.
ASKER
No...just a firewall and through the router going out.
okay. so i'll assume in the RPC/HTTP connection settings box in Outlook, just the first box is check with the URL & the proxy address box is unchecked.
and what happens when you open up IE and type https://mail.FQDN.com/rpc ???
do you see a pop up screen giving you a warning about the certificate? If so, then click on "view certificate" and then click on "install certificate". Now you have installed that SSL certificate and you should not see this pop up screen agian. Try shutting down Internet Explorer, restarting it, and then going to that web page again. Now you should not see that pop up warning screen about the SSL
and what happens when you open up IE and type https://mail.FQDN.com/rpc ???
do you see a pop up screen giving you a warning about the certificate? If so, then click on "view certificate" and then click on "install certificate". Now you have installed that SSL certificate and you should not see this pop up screen agian. Try shutting down Internet Explorer, restarting it, and then going to that web page again. Now you should not see that pop up warning screen about the SSL
ASKER
When I go to https://mail.FQDN.com/rpc, it gives me the authentication screen to enter my username and password. When I enter the credentials, it would not go through. The authentication screen keeps popping up. NO SSL error message nor whatsoever.
Try using domain\username
-saige-
-saige-
weareit is right. & after putting in the domain\username you should see something like directory listing not allowed.
ASKER
even enter in the domain\username format, the authentication screen keeps popping up.
Thanks all for your efforts.
Thanks all for your efforts.
Are you using domain or FQDN Domain?
i.e. - MYDOMAIN.LOCAL
MYDOMAIN\UName
MYDOMAIN.LOCAL\UName
-saige-
i.e. - MYDOMAIN.LOCAL
MYDOMAIN\UName
MYDOMAIN.LOCAL\UName
-saige-
ASKER
Both formats are not working:
Domain.NET\username;
FQDN\Username
Domain.NET\username;
FQDN\Username
Then it's time to start looking at the server configuration itself.
I'll post back
-saige-
I'll post back
-saige-
if LOCAL DOMAIN\username isn't working it's an IIS issue I believe.
Go into IIS & make sure your web extensions allow RPC Proxy Server Extension. The rpcproxy.dll file needs to be allowed & it SHOULD be pointing to C:\WINDOWS\system32\rpcpro xy\rpcprox y.dll.
ASKER
The RPC Proxy Server Extension had been set to Allowed, and point to the C:\windows\system32\rpcpro xy\rpcprox y.dll