Avatar of TANGLAD
TANGLAD asked on

Outlook RPC/HTTPS dosen't work on LAN but works fine from outside.

Outlook RPC/HTTPS works great when remote, but when on LAN it doesnt connect. Outlook says "Trying to connect......."

When I try outlook /rpcdiag I can see that it tries to connect but fails and then after a while it connects using TCP/IP instead off HTTPS.

AND that is because when on LAN  the PC's can't connect to https://mail.myexternaldomain.com

If I (on LAN) in internet explorer tries OWA using: https://mail.myexternaldomain.com/exchange it fails. But https://myInternalExchangeServer/exchange works fine and from outside the https://mail.myexternaldomain.com/exchange works fine.

So ther is a LAN problem with https://mail.myexternaldomain.com

Tried to run

NSLOOKUP mail.myexternaldomain.com and it answers this and it seems to be the correct answer.

Server:  exchange.mydomain.local
Address:  192.168.22.3

Non-authoritative answer:
Name:    mail.myexternaldomain.com
Address:  my.external.ip.address


SO WHY CAN'T I CONNECT when on LAN????

Maybe this is not an Exchange / Outlook /RPC/HTTPS question but a DNS question.
Networking ProtocolsWindows Server 2003Exchange

Avatar of undefined
Last Comment
TANGLAD

8/22/2022 - Mon
rseitzz

I think you need to make an internal DNS record for mail.myexternaldomain.com and point it to the internal IP of your exchange server.
ASKER
TANGLAD

OK nice idea. Just tried it but it didn't help.
Mestha

That is what you need to do.
You need what is known as a split DNS system, so that the external name resolves internally.
http://www.amset.info/netadmin/split-dns.asp

You need to use a DNS system rather than a host file, otherwise it will not work outside the network.

Do ensure though that your clients are using internal machines for DNS, and not external.

-M
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck
ASKER
TANGLAD

Have tried this but it doesn't help.

I have similiar setups at other customers where it works fine without making this split dns thing.


Can it be a problem that the RPC/HTTPS name is MAIL.myexternaldomain.com instead of for example WEBMAIL.myexternaldomain.com

If its a problem I can try making WEBMAIL.myexternaldomain.com and then create a new certificate.

Any suggestions?
ASKER CERTIFIED SOLUTION
Mestha

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
ASKER
TANGLAD

I have followed this one you gave me:

http://www.amset.info/netadmin/split-dns.asp

Now when I do a NSLOOKUP mail.myexternaldomain.com it ansvers with local ip addresses, so the split dns does a change in the NSLOOKUP response and therefor works.

But there is still a difference when i do these two tests on a lan pc:

test 1: in Internet Explorer browse to https://exchange/exchange then I get something about the certificate (as supposed because its a selfsigned certificate and I can just go further and see the inbox of the administrator) So this method works.

test 2: in Internet Explorer browse to https://mail.myexternaldomain.com/exchange then I get a logon box to connect to mail.myexternaldomain.com and no matter what I type as user and pw I'm not connected.

tried username
tried domain\username
tried domain.local\username


Mestha

Are you not using forms based authentication then?

The valid method for authentication on a default configuration with the popup box is domain\username and then the password.

-M
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
ASKER
TANGLAD

I just tried on a pc with outlook /rpcdiag and it connected quickly using https. (great!)

Tomorrow morning I will try outlook /rpcdiag on the most troublefull pc.

I will let you know the result.
ASKER
TANGLAD

Outlook https is still troublesome. The split DNS works but what can then be the reason why pc's wont connect with https on LAN but no problem from outside https outlook connections?

First I thought it was performance problems on the server but then the problem would also affect connections from outside i think.
Mestha

There should be no reason why it doesn't work internally if it works correctly externally, unless something has been done to block access to internal users or something doesn't resolve correctly.

I have nothing else to suggest, in my experience this feature either works or it doesn't.

-M
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck
ASKER
TANGLAD

I agree. The only reasons must be:

- Resolving
- Network latency (timeouts)
ASKER
TANGLAD

With your split DNS solution (and an asociated ptr record) I can successfully use OWA on LAN connecting to  https://mail.myexternaldomain.com/exchange

Without split DNS I could not do that.

But still Outlook doesn't connect using https on LAN.

Then I don't think it's a name resolution issue anymore.

I donøt know what to look for now.
Mestha

It is unusual for RPC over HTTPS to be used internally. IO have done it, and it works fine, but many do not. I have no idea what could be stopping it to work.

-M
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
ASKER
TANGLAD

It's used on laptops and are supposed to work whenever the user wants. Both internal and external. I have it working on three other customers, and it has worked for this customer too.

Thanks for brainstorming Mestha. I will leave the question open for a while.
ASKER
TANGLAD

Now it works. I think it was a network utilization issue on the LAN.