TANGLAD
asked on
Outlook RPC/HTTPS dosen't work on LAN but works fine from outside.
Outlook RPC/HTTPS works great when remote, but when on LAN it doesnt connect. Outlook says "Trying to connect......."
When I try outlook /rpcdiag I can see that it tries to connect but fails and then after a while it connects using TCP/IP instead off HTTPS.
AND that is because when on LAN the PC's can't connect to https://mail.myexternaldomain.com
If I (on LAN) in internet explorer tries OWA using: https://mail.myexternaldomain.com/exchange it fails. But https://myInternalExchangeServer/exchange works fine and from outside the https://mail.myexternaldomain.com/exchange works fine.
So ther is a LAN problem with https://mail.myexternaldomain.com
Tried to run
NSLOOKUP mail.myexternaldomain.com and it answers this and it seems to be the correct answer.
Server: exchange.mydomain.local
Address: 192.168.22.3
Non-authoritative answer:
Name: mail.myexternaldomain.com
Address: my.external.ip.address
SO WHY CAN'T I CONNECT when on LAN????
Maybe this is not an Exchange / Outlook /RPC/HTTPS question but a DNS question.
When I try outlook /rpcdiag I can see that it tries to connect but fails and then after a while it connects using TCP/IP instead off HTTPS.
AND that is because when on LAN the PC's can't connect to https://mail.myexternaldomain.com
If I (on LAN) in internet explorer tries OWA using: https://mail.myexternaldomain.com/exchange it fails. But https://myInternalExchangeServer/exchange works fine and from outside the https://mail.myexternaldomain.com/exchange works fine.
So ther is a LAN problem with https://mail.myexternaldomain.com
Tried to run
NSLOOKUP mail.myexternaldomain.com and it answers this and it seems to be the correct answer.
Server: exchange.mydomain.local
Address: 192.168.22.3
Non-authoritative answer:
Name: mail.myexternaldomain.com
Address: my.external.ip.address
SO WHY CAN'T I CONNECT when on LAN????
Maybe this is not an Exchange / Outlook /RPC/HTTPS question but a DNS question.
I think you need to make an internal DNS record for mail.myexternaldomain.com and point it to the internal IP of your exchange server.
ASKER
OK nice idea. Just tried it but it didn't help.
That is what you need to do.
You need what is known as a split DNS system, so that the external name resolves internally.
http://www.amset.info/netadmin/split-dns.asp
You need to use a DNS system rather than a host file, otherwise it will not work outside the network.
Do ensure though that your clients are using internal machines for DNS, and not external.
-M
You need what is known as a split DNS system, so that the external name resolves internally.
http://www.amset.info/netadmin/split-dns.asp
You need to use a DNS system rather than a host file, otherwise it will not work outside the network.
Do ensure though that your clients are using internal machines for DNS, and not external.
-M
ASKER
Have tried this but it doesn't help.
I have similiar setups at other customers where it works fine without making this split dns thing.
Can it be a problem that the RPC/HTTPS name is MAIL.myexternaldomain.com instead of for example WEBMAIL.myexternaldomain.c om
If its a problem I can try making WEBMAIL.myexternaldomain.c om and then create a new certificate.
Any suggestions?
I have similiar setups at other customers where it works fine without making this split dns thing.
Can it be a problem that the RPC/HTTPS name is MAIL.myexternaldomain.com instead of for example WEBMAIL.myexternaldomain.c
If its a problem I can try making WEBMAIL.myexternaldomain.c
Any suggestions?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I have followed this one you gave me:
http://www.amset.info/netadmin/split-dns.asp
Now when I do a NSLOOKUP mail.myexternaldomain.com it ansvers with local ip addresses, so the split dns does a change in the NSLOOKUP response and therefor works.
But there is still a difference when i do these two tests on a lan pc:
test 1: in Internet Explorer browse to https://exchange/exchange then I get something about the certificate (as supposed because its a selfsigned certificate and I can just go further and see the inbox of the administrator) So this method works.
test 2: in Internet Explorer browse to https://mail.myexternaldomain.com/exchange then I get a logon box to connect to mail.myexternaldomain.com and no matter what I type as user and pw I'm not connected.
tried username
tried domain\username
tried domain.local\username
http://www.amset.info/netadmin/split-dns.asp
Now when I do a NSLOOKUP mail.myexternaldomain.com it ansvers with local ip addresses, so the split dns does a change in the NSLOOKUP response and therefor works.
But there is still a difference when i do these two tests on a lan pc:
test 1: in Internet Explorer browse to https://exchange/exchange then I get something about the certificate (as supposed because its a selfsigned certificate and I can just go further and see the inbox of the administrator) So this method works.
test 2: in Internet Explorer browse to https://mail.myexternaldomain.com/exchange then I get a logon box to connect to mail.myexternaldomain.com and no matter what I type as user and pw I'm not connected.
tried username
tried domain\username
tried domain.local\username
Are you not using forms based authentication then?
The valid method for authentication on a default configuration with the popup box is domain\username and then the password.
-M
The valid method for authentication on a default configuration with the popup box is domain\username and then the password.
-M
ASKER
I just tried on a pc with outlook /rpcdiag and it connected quickly using https. (great!)
Tomorrow morning I will try outlook /rpcdiag on the most troublefull pc.
I will let you know the result.
Tomorrow morning I will try outlook /rpcdiag on the most troublefull pc.
I will let you know the result.
ASKER
Outlook https is still troublesome. The split DNS works but what can then be the reason why pc's wont connect with https on LAN but no problem from outside https outlook connections?
First I thought it was performance problems on the server but then the problem would also affect connections from outside i think.
First I thought it was performance problems on the server but then the problem would also affect connections from outside i think.
There should be no reason why it doesn't work internally if it works correctly externally, unless something has been done to block access to internal users or something doesn't resolve correctly.
I have nothing else to suggest, in my experience this feature either works or it doesn't.
-M
I have nothing else to suggest, in my experience this feature either works or it doesn't.
-M
ASKER
I agree. The only reasons must be:
- Resolving
- Network latency (timeouts)
- Resolving
- Network latency (timeouts)
ASKER
With your split DNS solution (and an asociated ptr record) I can successfully use OWA on LAN connecting to https://mail.myexternaldomain.com/exchange
Without split DNS I could not do that.
But still Outlook doesn't connect using https on LAN.
Then I don't think it's a name resolution issue anymore.
I donøt know what to look for now.
Without split DNS I could not do that.
But still Outlook doesn't connect using https on LAN.
Then I don't think it's a name resolution issue anymore.
I donøt know what to look for now.
It is unusual for RPC over HTTPS to be used internally. IO have done it, and it works fine, but many do not. I have no idea what could be stopping it to work.
-M
-M
ASKER
It's used on laptops and are supposed to work whenever the user wants. Both internal and external. I have it working on three other customers, and it has worked for this customer too.
Thanks for brainstorming Mestha. I will leave the question open for a while.
Thanks for brainstorming Mestha. I will leave the question open for a while.
ASKER
Now it works. I think it was a network utilization issue on the LAN.