?
Solved

Exchange 2007 SP1  Outlook Anywhere Troubleshoot

Posted on 2009-04-17
23
Medium Priority
?
424 Views
Last Modified: 2012-05-06
I am in process of configuring a new Exchange 2007 SP1 box, hosted on Windows 2008 Enterprise 64-bit.  

I have installed and configured a new SSL Cert to code (UCC) and OWA works great inside and outside the firewall.

The customer is using Outlook 2003 exclusively for their mail application.

To test Outlook Anywhere, I am using Microsoft's Testing Site (https://testexchangeconnectivity.com/Default.aspx)

I perform the Outlook 2003 Test - but it fails on the very last step:

      Attempting to ping RPC Endpoint 6001 (Exchange Information Store) on server mail.server.com
       Failed to ping Endpoint

I have ports 80 and 443 open to the Exchange Server through a NAT (as I said, OWA works).  But that's it.

I have read in Simon's blog that I should not have to open those ports - but I as of right now I can't figure out what I have yet to configure to make this work WITHOUT opening them.  

Ideas?
0
Comment
Question by:trivalent
  • 13
  • 9
23 Comments
 
LVL 1

Author Comment

by:trivalent
ID: 24170124
More info:

It does not appear to work on the inside.  We'll start the troubleshooting there.

If I run Outlook 2003 with the /rpc switch - I do NOT have any HTTPS connections listed.

When I use the RPCPING utility from a workstation, I get an Exception 1722 error.
0
 
LVL 9

Expert Comment

by:esmith69
ID: 24170266
You shouldn't need to have port 80 open on the firewall--only port 443.

There is a known issue with server 2008 where you sometimes have to either disable IPv6 or manually edit the HOSTS file.  Let me see if I can dig up the article that helped me when I had this issue not too long ago.
0
 
LVL 9

Expert Comment

by:esmith69
ID: 24170280
Here is the MS article:  http://support.microsoft.com/kb/950138

Also check out the many posts/suggestions at this page:  http://blog.aaronmarks.com/?p=65
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
LVL 1

Author Comment

by:trivalent
ID: 24170333
Funny, I was reading that link just as you suggested it...

I have removed IPv6 (unchecked) from my Local Area Connection... .and a telnet localhost 6004 is successful (blank screen).  Should I go further?
0
 
LVL 9

Expert Comment

by:esmith69
ID: 24170352
I would do it one step at a time and then test after each thing you change.
0
 
LVL 1

Author Comment

by:trivalent
ID: 24170368
To clarify - I ALREADY had the IPv6 unchecked from before... and it does not work.   Does a successful telnet to localhost on 6004 prove that I don't need to make any registry modifications?
0
 
LVL 1

Author Comment

by:trivalent
ID: 24170515
Are there any changes I have to make in IIS 7 in Server 2008 to get this to work properly?   Do I need to change any authentication settings on the Virtual Directories for RPC?
0
 
LVL 65

Expert Comment

by:Mestha
ID: 24170535
You shouldn't need to make any authentication changes, if you wanted to support both authentication types then you have to use PowerShell and then set set-outlookanywhere commandlet.
However that wouldn't cause this error - the error you posted is purely down to something in the server being unable to communicate.

Simon.
0
 
LVL 9

Expert Comment

by:esmith69
ID: 24170604
Try running the "test-outlookwebservices" powershell command.  Might need to add the  |list to display all the details.
0
 
LVL 1

Author Comment

by:trivalent
ID: 24170725
Here are the results:

[PS] C:\Windows\System32>Test-OutlookWebServices |list


Id      : 1003
Type    : Information
Message : About to test AutoDiscover with the e-mail address Administrator@herb
          rucks.com.

Id      : 1007
Type    : Information
Message : Testing server hprmail.herbrucks.local with the published name https:
          //hprmail.herbrucks.local/EWS/Exchange.asmx & .

Id      : 1019
Type    : Information
Message : Found a valid AutoDiscover service connection point. The AutoDiscover
           URL on this object is https://hprmail.herbrucks.local/Autodiscover/A
          utodiscover.xml.

Id      : 1013
Type    : Error
Message : When contacting https://hprmail.herbrucks.local/Autodiscover/Autodisc
          over.xml received the error Unable to connect to the remote server

Id      : 1013
Type    : Error
Message : When contacting https://hprmail.herbrucks.local/Autodiscover/Autodisc
          over.xml received the error No connection could be made because the t
          arget machine actively refused it 10.0.0.7:443

Id      : 1006
Type    : Error
Message : The Autodiscover service could not be contacted.



[PS] C:\Windows\System32>
0
 
LVL 9

Expert Comment

by:esmith69
ID: 24170770
ok..  also run

get-outlookprovider |list

some of the postings on that aaronmarks.com site talk about needing to make sure that the outlookprovider value is set correctly as well.  I think I remember having to mess with this as well when I recently had this issue.
0
 
LVL 9

Expert Comment

by:esmith69
ID: 24170787
I would definitely make sure you go through the various posts and suggestions on that page.

Sometimes another way to get things to work is to disable outlook anywhere, remove the rpc component from within the control panel, then re-add the rpc component and re-enable outlook anywhere from within EMC.
0
 
LVL 1

Author Comment

by:trivalent
ID: 24170801
More results:

[PS] C:\Windows\System32>get-outlookprovider |list


CertPrincipalName :
Server            :
TTL               : 1
AdminDisplayName  :
ExchangeVersion   : 0.1 (8.0.535.0)
Name              : EXCH
DistinguishedName : CN=EXCH,CN=Outlook,CN=AutoDiscover,CN=Client Access,CN=Herb
                    rucks,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC
                    =herbrucks,DC=local
Identity          : EXCH
Guid              : fb4b9d90-588d-4964-8b49-b6661da4a702
ObjectCategory    : herbrucks.local/Configuration/Schema/ms-Exch-Auto-Discover-
                    Config
ObjectClass       : {top, msExchAutoDiscoverConfig}
WhenChanged       : 4/16/2009 3:08:52 PM
WhenCreated       : 4/16/2009 3:08:52 PM
OriginatingServer : hprdc01.herbrucks.local
IsValid           : True

CertPrincipalName :
Server            :
TTL               : 1
AdminDisplayName  :
ExchangeVersion   : 0.1 (8.0.535.0)
Name              : EXPR
DistinguishedName : CN=EXPR,CN=Outlook,CN=AutoDiscover,CN=Client Access,CN=Herb
                    rucks,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC
                    =herbrucks,DC=local
Identity          : EXPR
Guid              : 91d62da1-40f1-4f26-9043-ce7938ae22b7
ObjectCategory    : herbrucks.local/Configuration/Schema/ms-Exch-Auto-Discover-
                    Config
ObjectClass       : {top, msExchAutoDiscoverConfig}
WhenChanged       : 4/16/2009 3:08:52 PM
WhenCreated       : 4/16/2009 3:08:52 PM
OriginatingServer : hprdc01.herbrucks.local
IsValid           : True

CertPrincipalName :
Server            :
TTL               : 1
AdminDisplayName  :
ExchangeVersion   : 0.1 (8.0.535.0)
Name              : WEB
DistinguishedName : CN=WEB,CN=Outlook,CN=AutoDiscover,CN=Client Access,CN=Herbr
                    ucks,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=
                    herbrucks,DC=local
Identity          : WEB
Guid              : d9a5aa1d-f72a-45e5-9d88-37174aa2d124
ObjectCategory    : herbrucks.local/Configuration/Schema/ms-Exch-Auto-Discover-
                    Config
ObjectClass       : {top, msExchAutoDiscoverConfig}
WhenChanged       : 4/16/2009 3:08:52 PM
WhenCreated       : 4/16/2009 3:08:52 PM
OriginatingServer : hprdc01.herbrucks.local
IsValid           : True



[PS] C:\Windows\System32>
0
 
LVL 1

Author Comment

by:trivalent
ID: 24170965
Sometimes another way to get things to work is to disable outlook anywhere, remove the rpc component from within the control panel, then re-add the rpc component and re-enable outlook anywhere from within EMC.

Tried this.... but still the same.

I have also installed Rollup 7.... but same issues abound.

Here's how I am testing:

I have a local Outlook 2003 Client and I have configured the RPC / HTTP settings.  I am trying to connect - but when I enter my credentials, they don't seem to take.  I just get prompted over and over.

0
 
LVL 9

Expert Comment

by:esmith69
ID: 24171062
Have you checked the event logs on the Exchange server yet?
0
 
LVL 1

Author Comment

by:trivalent
ID: 24171063
We are improving - here are some new results from Test-OutlookWebServices

[PS] C:\Windows\System32>Test-OutlookWebServices |list


Id      : 1003
Type    : Information
Message : About to test AutoDiscover with the e-mail address Administrator@herb
          rucks.com.

Id      : 1007
Type    : Information
Message : Testing server hprmail.herbrucks.local with the published name https:
          //hprmail.herbrucks.local/EWS/Exchange.asmx & .

Id      : 1019
Type    : Information
Message : Found a valid AutoDiscover service connection point. The AutoDiscover
           URL on this object is https://hprmail.herbrucks.local/Autodiscover/A
          utodiscover.xml.

Id      : 1006
Type    : Information
Message : The Autodiscover service was contacted at https://hprmail.herbrucks.l
          ocal/Autodiscover/Autodiscover.xml.

Id      : 1016
Type    : Success
Message : [EXCH]-Successfully contacted the AS service at https://hprmail.herbr
          ucks.local/EWS/Exchange.asmx. The elapsed time was 31 milliseconds.

Id      : 1015
Type    : Success
Message : [EXCH]-Successfully contacted the OAB service at https://hprmail.herb
          rucks.local/EWS/Exchange.asmx. The elapsed time was 0 milliseconds.

Id      : 1014
Type    : Success
Message : [EXCH]-Successfully contacted the UM service at https://hprmail.herbr
          ucks.local/UnifiedMessaging/Service.asmx. The elapsed time was 15 mil
          liseconds.

Id      : 1016
Type    : Information
Message : [EXPR]-The AS is not configured for this user.

Id      : 1015
Type    : Information
Message : [EXPR]-The OAB is not configured for this user.

Id      : 1014
Type    : Information
Message : [EXPR]-The UM is not configured for this user.

Id      : 1017
Type    : Success
Message : [EXPR]-Successfully contacted the RPC/HTTP service at https://hmail.h
          erbrucks.com/Rpc. The elapsed time was 0 milliseconds.

Id      : 1006
Type    : Success
Message : The Autodiscover service was tested successfully.



[PS] C:\Windows\System32>
0
 
LVL 1

Author Comment

by:trivalent
ID: 24171264
Have you checked the event logs on the Exchange server yet?

Logs are clean thus far.  
0
 
LVL 9

Expert Comment

by:esmith69
ID: 24171281
what about the IIS logs?
0
 
LVL 1

Author Comment

by:trivalent
ID: 24171453
what about the IIS logs?

I used to look for these in Windows\System32.....there are some logfiles here but they don't appear to leave many clues.  There is an HTTP logs but it just has some entries from when I was testing OWA.
0
 
LVL 1

Author Comment

by:trivalent
ID: 24172777
Some good news ....

Per a suggestion in another blog - I changed the RPC Authentication in IIS 7 to allow Windows Integrated (it was disabled)... which makes sense.

Now, I can do a RPC Ping successfully.

I have also been able to configure an Outlook 2003 Client semi-successfully.  I'm able to make a first login to the Server via RPC - but then I bomb out with an OAB error.  The OAB error should be solvable pretty quickly....
0
 
LVL 9

Accepted Solution

by:
esmith69 earned 2000 total points
ID: 24173349
Checking the authentication settings in IIS was actually going to be one of my next suggestions.  Glad to hear you're making some progress.  As for the OAB, you probably just need to ensure that one is specified for the mailbox database.
0
 
LVL 1

Author Comment

by:trivalent
ID: 24183998
Glad to hear you're making some progress.  As for the OAB, you probably just need to ensure that one is specified for the mailbox database.

Always forget that, that was it!  

Thanks to all for your contributions.
0
 
LVL 1

Author Comment

by:trivalent
ID: 24219076
Update on this....

I was able to get OA working on the inside; not not the outside.  After pouring through hundreds of documents from Sembee and many, many others I decided to open a case with MS.

Looking at a DCDiag revealed that the Exchange Server and the DC were not able to communicate with RPC.... because (drum roll).. the SIDs were the same.   You heard that right.

When I initially set up the environment, I created a Windows 2008 'Template' VM and ran SysPrep on it.  I must have forgot to check the box that says 'Generalize' which generates a new SID.   Strange thing is, everything was working as normal, even when both servers had the same SID.

Whoops.

I rebuilt the environment and all is well.  
0

Featured Post

NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Want to know how to use Exchange Server Eseutil command? Go through this article as it gives you the know-how.
On September 18, Experts Exchange launched the first installment of the Help Bell, a new feature for Premium Members, Team Accounts, and Qualified Experts. The Help Bell will serve as an additional tool to help teams increase question visibility.
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
Suggested Courses

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question