sbs2003 with remote users without Outlook POP accounts

I have a customer with sbs2003.  We have several new techs that are remote laptop users only.  I need to be able to give them access to their email, but they don't ever get on the network.  Is it possible to setup exchange so that they can just setup a typical POP Outlook account on their laptops??  I tried setting them up with just mail.xxxx.com for both pop and smtp servers.  With that, they can receive, but not send.
anacincAsked:
Who is Participating?
 
Dave_Angel_PortsmouthCommented:
Abhaigh is right.

Another alternative is to use RCP over HTTPS instead of POP which is very reliable and secure.

Have a look at:
http://www.petri.co.il/how-can-i-configure-rpc-over-https-on-exchange-2003-single-server-scenario.htm
 
0
 
abhaighCommented:
are you running a firewall between your remote users and the exchange box?

If so, you need to open a connection to port 25 to the exchange box for these people in order for them to send
0
 
anacincAuthor Commented:
We have a Dlink DIR 825 router, and yes I have forwared port 25 to my server
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
anacincAuthor Commented:
In order to use that I have to have them on the network first so that I can authenticate an exchange account.  These are users that never come in.
0
 
abhaighCommented:
do you have them configured to log into the system to send? If you have your system configured to not be an open relay then you will need to make sure that they login before they will be able to send
0
 
MesthaCommented:
That is not correct. The users do not have to come on to the network to use RPC over HTTPS. Even if they did, SBS has VPN functionality to give them access to the network.

RPC over HTTPS was designed for hosted Exchange providers, non of their users go on to their network.

Simon.
0
 
abhaighCommented:
you could always have them use OWA
0
 
anacincAuthor Commented:
I have tried having them make the change on their email setups to login to the server before sending and that still didn't work.

I will look at RPC over HTTPS again, because eventhough OWA works it is very slow.  Plus they want to be able to download their emails into their PST files and then if they need to send later they can get on with their Sprint aircards and send out.
0
 
Dave_Angel_PortsmouthCommented:
I'd suggest you use OST files rather than PST files, as PST files will remove the email from the server, whilst using OST doesn't. You can choose to download the whole message using either file type.

This is particually pertinant when you dont have control over the client machine.
0
 
abhaighCommented:
agreed - in this scenario - if you can get them working via rpc pver http - the OST file is the only way forward
0
 
anacincAuthor Commented:
I am unable to get the RPC over HTTPS to work!?? And, in my attempts to do so, I have locked out my companyweb. UARGH!

When I open my Outlook it asks me for a password, but never accepts it.  How do I test that I have it set correctly on my server.
0
 
MesthaCommented:
Are you enabling Outlook over the Internet through the Configure internet and email wizard? If not then you should be, as this is SBS.

Password prompts usually are caused by one of two things.
1. Certificate acceptance - the client is unable to accept the certificate because it cannot cope with the certificate prompt.
2. Authentication type mismatch - integrated on the virtual directory and basic in the client - or vice versa.

You can test it through the Microsoft test site using a test account here:
https://testexchangeconnectivity.com/

Simon.
0
 
anacincAuthor Commented:
I don't see anywhere to enable Outlook over the internet in the Configure internet and email wizard??
0
 
anacincAuthor Commented:
The test failed.  Below are the errors.


The SSLCertificate failed one or more certificate validation checks.
   Tell me more about this issue and how to resolve it
 
 Additional Details
  A network error occurred while communicating with remote host: Exception Details: Message: Authentication failed because the remote party has closed the transport stream. Type: System.IO.IOException Stack Trace: at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult) at System.Net.Security.SslStream.AuthenticateAsClient(String targetHost, X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, Boolean checkCertificateRevocation) at System.Net.Security.SslStream.AuthenticateAsClient(String targetHost) at Microsoft.Exchange.Tools.ExRca.Tests.SSLCertificateTest.PerformTestReally()  
0
 
anacincAuthor Commented:
my new error is this:

  Attempting to Resolve the host name mail.xxx.com in DNS.
  Host successfully Resolved
 Additional Details
  IP(s) returned: xxx.xxx.xxx.xxx
 
 Testing TCP Port 443 on host mail.xxxx.com to ensure it is listening/open.
  The port was opened successfully.
 
 Testing SSLCertificate for validity.
  The SSLCertificate failed one or more certificate validation checks.
 Additional Details
  The SSL Certificate failed validation Exception Details: Message: The remote certificate is invalid according to the validation procedure........
 
 
0
 
MesthaCommented:
That would appear to be rather self-explanatory. The certificate isn't valid, which is a common failure for RPC over HTTPS. You really need to change the certificate for a commercial certificate.
If you want to practise, then RapidSSL do a 30 day trial certificate that is fully trusted.
If you want to purchase one, then the cheapest are GoDaddy. https://CertificatesForExchange.com/ 

Simon.
0
 
Dave_Angel_PortsmouthCommented:
Anacinc,

Are you testing the certificate from outside?

the name on the certificate has to match the server exactly. if you are browsing to an internal address and have not set up the certificate for that address, it will fail.

Your answer there is to create either a record in the HOSTS file pointing to the server internally with the external name, or create a DNS record to the same affect.

Start with an internal machine and verify you can browse to the server with the name on the certificate and ensure that you dont get any errors. YOu will have to import the certificate to that client if you havent bought an external cert as Mestha has suggested.
0
 
anacincAuthor Commented:
I managed to get it to work. I created the certificate with windows using my external ip address. I exported the certificate from the server and then imported to the workstation. Then set up the client and it finally works.  I'm now playing with using the server name vs ip just in case down the road they change ISPs.
0
 
Dave_Angel_PortsmouthCommented:
Congrats!

If you are worried about changing ISPs\loosing your IP address, using dyndns's serivice really works well.
0
 
anacincAuthor Commented:
The suggested solution was a complicated process, but a process that worked non the less.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.