How do I resolve issues with Exchange 2007 OWA 404 Not Found, ActiveSnyc, and Outlook Anywhere RPC?

System:  Windows Server 2003 R2 64 Bit
Exchange 2007, Exchange 2007 SP1 Installed
Clean Installs (No Imports/Migrations)

These problems all started with another software vendor's install program installing .net 2.0 framework.  I was able to correct those problems since W3WP will run/load.  I was able to access OWA, ActiveSync, and so on for a short time, after a reboot, everything went to heck.  I've since removed that program from the system.

I tried disabling and reenabling Outlook Anywhere, except upon reenabling, I'm receiving this error:

Error:
The virtual directory 'Rpc' already exists under 'server.Domain.com/Default Web Site'.
Parameter name: VirtualDirectoryName

Exchange Management Shell command attempted:
enable-OutlookAnywhere -Server 'SERVER' -ExternalHostname 'server.domain.com' -DefaultAuthenticationMethod 'Basic' -SSLOffloading $false

I have uninstalled and reinstalled RPC, I've deleted and recreated the OWA virtual directory, but now I'm getting 404 File Not Found when accessing OWA.  ActiveSync clients receive "Your account in Microsoft Exchange Server does not have permission to synchronize with your current settings."

My overall goal is to setup a different web site (other than the default) and name it "outlook.domain.com" for OWA access.

At this point, we're down hard, users are viewing emails thru our spam filtering appliance as the exchange server is off-site.
FrankHolzkampAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
LeeDerbyshireConnect With a Mentor Commented:
What happens if you just try to navigate to https://servername/rpc in IE?  Any errors displayed?

How about if you try Test-OutlookWebServices in PS?  Any errors listed for https://servername/rpc ?
0
 
LeeDerbyshireCommented:
Have you gone into your IIS Manager, and confirmed that the usual Virtual Directories (EWS, Exadmin, Exchange, Exchweb, Microsoft-Server-ActiveSync, OWA, RPC) are still there?
0
 
FrankHolzkampAuthor Commented:
Yes, they're still there.  I may not have recreated OWA properly, but then /Exchange should still work, which it does not.
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
LeeDerbyshireCommented:
If all your mailboxes are native E2007 mailboxes (i.e. not legacy mailboxes from older versions, but in the same org.), then you don't need to worry about /Exchange, since all it will do is redirect you to /owa .  Why do you suspect that you did not recreate /owa properly.  Are you familiar with the powershell commands Remove-OWAVirtualDirectory and New-OWAVirtualDirectory ?
0
 
FrankHolzkampAuthor Commented:
I recreated OWA in IIS myself originally.  I ran Get/Remove/New commands in PS, then did an iisreset.

I was able to log onto OWA via https://server.domain.com/owa.

I have a cert for outlook.domain.com, I'd like to use this for OWA and ActiveSync instead of server.domain.com/X as future plans call for moving Exchange to its own server.

Separate from that, ActiveSync is still returning the error "Your account in MS Exchange Server does not have permission to synchronize with your current settings...."    I've checked, ActiveSync is Enabled as is my user account.
0
 
LeeDerbyshireCommented:
So, OWA is now working okay?

For the SSL issue, it is probably sufficient to add an A record for 'outlook' to your domain 'domain.com'.  You can add the cert to the server anytime, of course, but until your clients can use the outlook... name, they will get a warning about the server name not matching the cert name.

Did you try recreating the A/S Vdirs using PS?
0
 
FrankHolzkampAuthor Commented:
OWA is working now.

I don't know the command to recreate A/S via PS.

I understand how to setup SSL, but how do I setup OWA on a different domain?  Is this done thru PS or IIS?
0
 
FrankHolzkampAuthor Commented:
I used Get/Remove/New and recreated A/S.  All the devices are acting as if they've never been sync'd before however, they're working.

How do I move these services to another domain name/web site on the same server, i.e. outlook.domain.com?
0
 
LeeDerbyshireCommented:
You don't need to move the services to another site in order to use a different name.  As long as the DNS record points to the right server, it will continue to work in the same way.  If you are definitely sure that you need an extra site, though, then you can create an extra web site in IIS Manager, configure the old and new sites with Host Header Names reflecting the DNS names you want them to respond to, and then use the PS commands to create new OWA Vdirs.  This time, though, you will need to supply the name of the new web site.  Do you have another reason for creating a new web site on the server?  There is no reason why you can't host one kind of content in the default web site, along with your OWA, and still have the server respond to two different DNS host names.
0
 
FrankHolzkampAuthor Commented:
Users that are not connected via a VPN are getting HTTP 400 Bad Request when logging into OWA and Outook Clients are getting user/pass dialogs.  I went into OWA properties (via EMC) and changed the authentication to user name only (specifying a domain), restarted IIS, no effect.  Suggestions?

Windows Update "suggests" I install .NET 3.0 SP1, I've seen many comments advising not to do this as it seems to crash OWA.  Should I install it?
0
 
LeeDerbyshireCommented:
Hmm, I can't imagine what difference a VPN connection would make.  It's supposed to be like a transparent connection to your LAN, isn't it?  Are local users using a different server name to the VPN users when they try to access OWA?

I wouldn't bother with .Net 3 until you need it.  It will break OWA if the install overrides the .Net version selection on the OWA VDir.  It's easily fixed by changing it back, but it's in a place where not many people would think of looking.
0
 
FrankHolzkampAuthor Commented:
I decided not to cloud the issues at hand and will not change the domain or make modifications until everything is in working order.

The HTTP 400 Bad Request was tracked down to a few users who changed their Internet Explorer settings, once I changed the security back to medium, automatically detect connection, and deleted the cache, they were able to login.

I'm still having diffculties with any user (vpn or otherwise) accessing Exchange thru Outlook 2007 clients, using Exchange over HTTPS.  They're prompted for a user/pass and no combination of domain/user server/user or user works.  I've tried my user account and administrator, which both are fairly comparable, yet neither work.  I've noticed the user name by itself, without the domain or server in front has a delay before prompting, whereas, the other combinations are instant rejections.

Suggestions?
0
 
FrankHolzkampAuthor Commented:
Ran the test, errored at 1006, so I did a remove/new autodiscover and now it tests fine, however, problem is unchanged, users are still getting a user/pass prompt that doesn't accept anything.

1003                                    Information About to test AutoDiscover with the e-mail...
1007                                    Information Testing server [removed]....
1019                                    Information Found a valid AutoDiscover service connect...
1006                                    Information The Autodiscover service was contacted at ...
1016                                        Success [EXCH]-Successfully contacted the AS servi...
1015                                        Success [EXCH]-Successfully contacted the OAB serv...
1014                                        Success [EXCH]-Successfully contacted the UM servi...
1016                                    Information [EXPR]-The AS is not configured for this u...
1015                                        Success [EXPR]-Successfully contacted the OAB serv...
1014                                    Information [EXPR]-The UM is not configured for this u...
1017                                        Success [EXPR]-Successfully contacted the RPC/HTTP...
1006                                        Success The Autodiscover service was tested succes...

Went to https://server/rpc, user/pass dialog, nothing was accepted.  Went into IIS, checked Directory Security settings.  Basic Authentication was selected.  Unchecked Basic Authentication and changed it to Integrated Windows Authentection, restarted IIS, clients can now connect.

Was I correct in checking Integrated Windows Authentication?  (I tried other variations, with Basic Auth).  Are there any adverse effects to requiring RPC to use SSL?
0
 
FrankHolzkampAuthor Commented:
I can't thank you enough for all your help.  Your responses helped me to dig deeper and actually work on my own problem instead of being handed a complete solution.  I remember the days of Novell and CLI's, I missed them, I'm glad MS has PS for Exchange.  Now it's just retraining myself to use it.  Thanks alot!
0
 
LeeDerbyshireCommented:
I'd think that having both Basic and Integrated enabled would be best.  But if it was already set to Basic alone, then I guess those are the default settings and who am I to contradict :-)  It's just possible that the Basic auth mechanism on the server is broken.

I can't think of any adverse effects to using SSL with RPC - quite the opposite.  It's known not to work with wildcard certs, and the servername you type into Outlook will need to match the certificate name.
0
All Courses

From novice to tech pro — start learning today.