trivalent
asked on
Exchange 2007 SP1 Outlook Anywhere Troubleshoot
I am in process of configuring a new Exchange 2007 SP1 box, hosted on Windows 2008 Enterprise 64-bit.
I have installed and configured a new SSL Cert to code (UCC) and OWA works great inside and outside the firewall.
The customer is using Outlook 2003 exclusively for their mail application.
To test Outlook Anywhere, I am using Microsoft's Testing Site (https://testexchangeconnectivity.com/Default.aspx)
I perform the Outlook 2003 Test - but it fails on the very last step:
Attempting to ping RPC Endpoint 6001 (Exchange Information Store) on server mail.server.com
Failed to ping Endpoint
I have ports 80 and 443 open to the Exchange Server through a NAT (as I said, OWA works). But that's it.
I have read in Simon's blog that I should not have to open those ports - but I as of right now I can't figure out what I have yet to configure to make this work WITHOUT opening them.
Ideas?
I have installed and configured a new SSL Cert to code (UCC) and OWA works great inside and outside the firewall.
The customer is using Outlook 2003 exclusively for their mail application.
To test Outlook Anywhere, I am using Microsoft's Testing Site (https://testexchangeconnectivity.com/Default.aspx)
I perform the Outlook 2003 Test - but it fails on the very last step:
Attempting to ping RPC Endpoint 6001 (Exchange Information Store) on server mail.server.com
Failed to ping Endpoint
I have ports 80 and 443 open to the Exchange Server through a NAT (as I said, OWA works). But that's it.
I have read in Simon's blog that I should not have to open those ports - but I as of right now I can't figure out what I have yet to configure to make this work WITHOUT opening them.
Ideas?
You shouldn't need to have port 80 open on the firewall--only port 443.
There is a known issue with server 2008 where you sometimes have to either disable IPv6 or manually edit the HOSTS file. Let me see if I can dig up the article that helped me when I had this issue not too long ago.
There is a known issue with server 2008 where you sometimes have to either disable IPv6 or manually edit the HOSTS file. Let me see if I can dig up the article that helped me when I had this issue not too long ago.
Here is the MS article: http://support.microsoft.com/kb/950138
Also check out the many posts/suggestions at this page: http://blog.aaronmarks.com/?p=65
Also check out the many posts/suggestions at this page: http://blog.aaronmarks.com/?p=65
ASKER
Funny, I was reading that link just as you suggested it...
I have removed IPv6 (unchecked) from my Local Area Connection... .and a telnet localhost 6004 is successful (blank screen). Should I go further?
I have removed IPv6 (unchecked) from my Local Area Connection... .and a telnet localhost 6004 is successful (blank screen). Should I go further?
I would do it one step at a time and then test after each thing you change.
ASKER
To clarify - I ALREADY had the IPv6 unchecked from before... and it does not work. Does a successful telnet to localhost on 6004 prove that I don't need to make any registry modifications?
ASKER
Are there any changes I have to make in IIS 7 in Server 2008 to get this to work properly? Do I need to change any authentication settings on the Virtual Directories for RPC?
You shouldn't need to make any authentication changes, if you wanted to support both authentication types then you have to use PowerShell and then set set-outlookanywhere commandlet.
However that wouldn't cause this error - the error you posted is purely down to something in the server being unable to communicate.
Simon.
However that wouldn't cause this error - the error you posted is purely down to something in the server being unable to communicate.
Simon.
Try running the "test-outlookwebservices" powershell command. Might need to add the |list to display all the details.
ASKER
Here are the results:
[PS] C:\Windows\System32>Test-O
Id : 1003
Type : Information
Message : About to test AutoDiscover with the e-mail address Administrator@herb
rucks.com.
Id : 1007
Type : Information
Message : Testing server hprmail.herbrucks.local with the published name https:
//hprmail.herbrucks.local/
Id : 1019
Type : Information
Message : Found a valid AutoDiscover service connection point. The AutoDiscover
URL on this object is https://hprmail.herbrucks.local/Autodiscover/A
utodiscover.xml.
Id : 1013
Type : Error
Message : When contacting https://hprmail.herbrucks.local/Autodiscover/Autodisc
over.xml received the error Unable to connect to the remote server
Id : 1013
Type : Error
Message : When contacting https://hprmail.herbrucks.local/Autodiscover/Autodisc
over.xml received the error No connection could be made because the t
arget machine actively refused it 10.0.0.7:443
Id : 1006
Type : Error
Message : The Autodiscover service could not be contacted.
[PS] C:\Windows\System32>
[PS] C:\Windows\System32>Test-O
Id : 1003
Type : Information
Message : About to test AutoDiscover with the e-mail address Administrator@herb
rucks.com.
Id : 1007
Type : Information
Message : Testing server hprmail.herbrucks.local with the published name https:
//hprmail.herbrucks.local/
Id : 1019
Type : Information
Message : Found a valid AutoDiscover service connection point. The AutoDiscover
URL on this object is https://hprmail.herbrucks.local/Autodiscover/A
utodiscover.xml.
Id : 1013
Type : Error
Message : When contacting https://hprmail.herbrucks.local/Autodiscover/Autodisc
over.xml received the error Unable to connect to the remote server
Id : 1013
Type : Error
Message : When contacting https://hprmail.herbrucks.local/Autodiscover/Autodisc
over.xml received the error No connection could be made because the t
arget machine actively refused it 10.0.0.7:443
Id : 1006
Type : Error
Message : The Autodiscover service could not be contacted.
[PS] C:\Windows\System32>
ok.. also run
get-outlookprovider |list
some of the postings on that aaronmarks.com site talk about needing to make sure that the outlookprovider value is set correctly as well. I think I remember having to mess with this as well when I recently had this issue.
get-outlookprovider |list
some of the postings on that aaronmarks.com site talk about needing to make sure that the outlookprovider value is set correctly as well. I think I remember having to mess with this as well when I recently had this issue.
I would definitely make sure you go through the various posts and suggestions on that page.
Sometimes another way to get things to work is to disable outlook anywhere, remove the rpc component from within the control panel, then re-add the rpc component and re-enable outlook anywhere from within EMC.
Sometimes another way to get things to work is to disable outlook anywhere, remove the rpc component from within the control panel, then re-add the rpc component and re-enable outlook anywhere from within EMC.
ASKER
More results:
[PS] C:\Windows\System32>get-ou
CertPrincipalName :
Server :
TTL : 1
AdminDisplayName :
ExchangeVersion : 0.1 (8.0.535.0)
Name : EXCH
DistinguishedName : CN=EXCH,CN=Outlook,CN=Auto
rucks,CN=Microsoft Exchange,CN=Services,CN=Co
=herbrucks,DC=local
Identity : EXCH
Guid : fb4b9d90-588d-4964-8b49-b6
ObjectCategory : herbrucks.local/Configurat
Config
ObjectClass : {top, msExchAutoDiscoverConfig}
WhenChanged : 4/16/2009 3:08:52 PM
WhenCreated : 4/16/2009 3:08:52 PM
OriginatingServer : hprdc01.herbrucks.local
IsValid : True
CertPrincipalName :
Server :
TTL : 1
AdminDisplayName :
ExchangeVersion : 0.1 (8.0.535.0)
Name : EXPR
DistinguishedName : CN=EXPR,CN=Outlook,CN=Auto
rucks,CN=Microsoft Exchange,CN=Services,CN=Co
=herbrucks,DC=local
Identity : EXPR
Guid : 91d62da1-40f1-4f26-9043-ce
ObjectCategory : herbrucks.local/Configurat
Config
ObjectClass : {top, msExchAutoDiscoverConfig}
WhenChanged : 4/16/2009 3:08:52 PM
WhenCreated : 4/16/2009 3:08:52 PM
OriginatingServer : hprdc01.herbrucks.local
IsValid : True
CertPrincipalName :
Server :
TTL : 1
AdminDisplayName :
ExchangeVersion : 0.1 (8.0.535.0)
Name : WEB
DistinguishedName : CN=WEB,CN=Outlook,CN=AutoD
ucks,CN=Microsoft Exchange,CN=Services,CN=Co
herbrucks,DC=local
Identity : WEB
Guid : d9a5aa1d-f72a-45e5-9d88-37
ObjectCategory : herbrucks.local/Configurat
Config
ObjectClass : {top, msExchAutoDiscoverConfig}
WhenChanged : 4/16/2009 3:08:52 PM
WhenCreated : 4/16/2009 3:08:52 PM
OriginatingServer : hprdc01.herbrucks.local
IsValid : True
[PS] C:\Windows\System32>
[PS] C:\Windows\System32>get-ou
CertPrincipalName :
Server :
TTL : 1
AdminDisplayName :
ExchangeVersion : 0.1 (8.0.535.0)
Name : EXCH
DistinguishedName : CN=EXCH,CN=Outlook,CN=Auto
rucks,CN=Microsoft Exchange,CN=Services,CN=Co
=herbrucks,DC=local
Identity : EXCH
Guid : fb4b9d90-588d-4964-8b49-b6
ObjectCategory : herbrucks.local/Configurat
Config
ObjectClass : {top, msExchAutoDiscoverConfig}
WhenChanged : 4/16/2009 3:08:52 PM
WhenCreated : 4/16/2009 3:08:52 PM
OriginatingServer : hprdc01.herbrucks.local
IsValid : True
CertPrincipalName :
Server :
TTL : 1
AdminDisplayName :
ExchangeVersion : 0.1 (8.0.535.0)
Name : EXPR
DistinguishedName : CN=EXPR,CN=Outlook,CN=Auto
rucks,CN=Microsoft Exchange,CN=Services,CN=Co
=herbrucks,DC=local
Identity : EXPR
Guid : 91d62da1-40f1-4f26-9043-ce
ObjectCategory : herbrucks.local/Configurat
Config
ObjectClass : {top, msExchAutoDiscoverConfig}
WhenChanged : 4/16/2009 3:08:52 PM
WhenCreated : 4/16/2009 3:08:52 PM
OriginatingServer : hprdc01.herbrucks.local
IsValid : True
CertPrincipalName :
Server :
TTL : 1
AdminDisplayName :
ExchangeVersion : 0.1 (8.0.535.0)
Name : WEB
DistinguishedName : CN=WEB,CN=Outlook,CN=AutoD
ucks,CN=Microsoft Exchange,CN=Services,CN=Co
herbrucks,DC=local
Identity : WEB
Guid : d9a5aa1d-f72a-45e5-9d88-37
ObjectCategory : herbrucks.local/Configurat
Config
ObjectClass : {top, msExchAutoDiscoverConfig}
WhenChanged : 4/16/2009 3:08:52 PM
WhenCreated : 4/16/2009 3:08:52 PM
OriginatingServer : hprdc01.herbrucks.local
IsValid : True
[PS] C:\Windows\System32>
ASKER
Sometimes another way to get things to work is to disable outlook anywhere, remove the rpc component from within the control panel, then re-add the rpc component and re-enable outlook anywhere from within EMC.
Tried this.... but still the same.
I have also installed Rollup 7.... but same issues abound.
Here's how I am testing:
I have a local Outlook 2003 Client and I have configured the RPC / HTTP settings. I am trying to connect - but when I enter my credentials, they don't seem to take. I just get prompted over and over.
Tried this.... but still the same.
I have also installed Rollup 7.... but same issues abound.
Here's how I am testing:
I have a local Outlook 2003 Client and I have configured the RPC / HTTP settings. I am trying to connect - but when I enter my credentials, they don't seem to take. I just get prompted over and over.
Have you checked the event logs on the Exchange server yet?
ASKER
We are improving - here are some new results from Test-OutlookWebServices
[PS] C:\Windows\System32>Test-O
Id : 1003
Type : Information
Message : About to test AutoDiscover with the e-mail address Administrator@herb
rucks.com.
Id : 1007
Type : Information
Message : Testing server hprmail.herbrucks.local with the published name https:
//hprmail.herbrucks.local/
Id : 1019
Type : Information
Message : Found a valid AutoDiscover service connection point. The AutoDiscover
URL on this object is https://hprmail.herbrucks.local/Autodiscover/A
utodiscover.xml.
Id : 1006
Type : Information
Message : The Autodiscover service was contacted at https://hprmail.herbrucks.l
ocal/Autodiscover/Autodisc
Id : 1016
Type : Success
Message : [EXCH]-Successfully contacted the AS service at https://hprmail.herbr
ucks.local/EWS/Exchange.as
Id : 1015
Type : Success
Message : [EXCH]-Successfully contacted the OAB service at https://hprmail.herb
rucks.local/EWS/Exchange.a
Id : 1014
Type : Success
Message : [EXCH]-Successfully contacted the UM service at https://hprmail.herbr
ucks.local/UnifiedMessagin
liseconds.
Id : 1016
Type : Information
Message : [EXPR]-The AS is not configured for this user.
Id : 1015
Type : Information
Message : [EXPR]-The OAB is not configured for this user.
Id : 1014
Type : Information
Message : [EXPR]-The UM is not configured for this user.
Id : 1017
Type : Success
Message : [EXPR]-Successfully contacted the RPC/HTTP service at https://hmail.h
erbrucks.com/Rpc. The elapsed time was 0 milliseconds.
Id : 1006
Type : Success
Message : The Autodiscover service was tested successfully.
[PS] C:\Windows\System32>
[PS] C:\Windows\System32>Test-O
Id : 1003
Type : Information
Message : About to test AutoDiscover with the e-mail address Administrator@herb
rucks.com.
Id : 1007
Type : Information
Message : Testing server hprmail.herbrucks.local with the published name https:
//hprmail.herbrucks.local/
Id : 1019
Type : Information
Message : Found a valid AutoDiscover service connection point. The AutoDiscover
URL on this object is https://hprmail.herbrucks.local/Autodiscover/A
utodiscover.xml.
Id : 1006
Type : Information
Message : The Autodiscover service was contacted at https://hprmail.herbrucks.l
ocal/Autodiscover/Autodisc
Id : 1016
Type : Success
Message : [EXCH]-Successfully contacted the AS service at https://hprmail.herbr
ucks.local/EWS/Exchange.as
Id : 1015
Type : Success
Message : [EXCH]-Successfully contacted the OAB service at https://hprmail.herb
rucks.local/EWS/Exchange.a
Id : 1014
Type : Success
Message : [EXCH]-Successfully contacted the UM service at https://hprmail.herbr
ucks.local/UnifiedMessagin
liseconds.
Id : 1016
Type : Information
Message : [EXPR]-The AS is not configured for this user.
Id : 1015
Type : Information
Message : [EXPR]-The OAB is not configured for this user.
Id : 1014
Type : Information
Message : [EXPR]-The UM is not configured for this user.
Id : 1017
Type : Success
Message : [EXPR]-Successfully contacted the RPC/HTTP service at https://hmail.h
erbrucks.com/Rpc. The elapsed time was 0 milliseconds.
Id : 1006
Type : Success
Message : The Autodiscover service was tested successfully.
[PS] C:\Windows\System32>
ASKER
Have you checked the event logs on the Exchange server yet?
Logs are clean thus far.
Logs are clean thus far.
what about the IIS logs?
ASKER
what about the IIS logs?
I used to look for these in Windows\System32.....there
I used to look for these in Windows\System32.....there
ASKER
Some good news ....
Per a suggestion in another blog - I changed the RPC Authentication in IIS 7 to allow Windows Integrated (it was disabled)... which makes sense.
Now, I can do a RPC Ping successfully.
I have also been able to configure an Outlook 2003 Client semi-successfully. I'm able to make a first login to the Server via RPC - but then I bomb out with an OAB error. The OAB error should be solvable pretty quickly....
Per a suggestion in another blog - I changed the RPC Authentication in IIS 7 to allow Windows Integrated (it was disabled)... which makes sense.
Now, I can do a RPC Ping successfully.
I have also been able to configure an Outlook 2003 Client semi-successfully. I'm able to make a first login to the Server via RPC - but then I bomb out with an OAB error. The OAB error should be solvable pretty quickly....
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Glad to hear you're making some progress. As for the OAB, you probably just need to ensure that one is specified for the mailbox database.
Always forget that, that was it!
Thanks to all for your contributions.
Always forget that, that was it!
Thanks to all for your contributions.
ASKER
Update on this....
I was able to get OA working on the inside; not not the outside. After pouring through hundreds of documents from Sembee and many, many others I decided to open a case with MS.
Looking at a DCDiag revealed that the Exchange Server and the DC were not able to communicate with RPC.... because (drum roll).. the SIDs were the same. You heard that right.
When I initially set up the environment, I created a Windows 2008 'Template' VM and ran SysPrep on it. I must have forgot to check the box that says 'Generalize' which generates a new SID. Strange thing is, everything was working as normal, even when both servers had the same SID.
Whoops.
I rebuilt the environment and all is well.
I was able to get OA working on the inside; not not the outside. After pouring through hundreds of documents from Sembee and many, many others I decided to open a case with MS.
Looking at a DCDiag revealed that the Exchange Server and the DC were not able to communicate with RPC.... because (drum roll).. the SIDs were the same. You heard that right.
When I initially set up the environment, I created a Windows 2008 'Template' VM and ran SysPrep on it. I must have forgot to check the box that says 'Generalize' which generates a new SID. Strange thing is, everything was working as normal, even when both servers had the same SID.
Whoops.
I rebuilt the environment and all is well.
ASKER
It does not appear to work on the inside. We'll start the troubleshooting there.
If I run Outlook 2003 with the /rpc switch - I do NOT have any HTTPS connections listed.
When I use the RPCPING utility from a workstation, I get an Exception 1722 error.