Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

sbs2003 with remote users without Outlook POP accounts

Posted on 2009-04-22
20
Medium Priority
?
485 Views
Last Modified: 2013-11-30
I have a customer with sbs2003.  We have several new techs that are remote laptop users only.  I need to be able to give them access to their email, but they don't ever get on the network.  Is it possible to setup exchange so that they can just setup a typical POP Outlook account on their laptops??  I tried setting them up with just mail.xxxx.com for both pop and smtp servers.  With that, they can receive, but not send.
0
Comment
Question by:anacinc
  • 9
  • 4
  • 4
  • +1
20 Comments
 
LVL 15

Expert Comment

by:abhaigh
ID: 24206038
are you running a firewall between your remote users and the exchange box?

If so, you need to open a connection to port 25 to the exchange box for these people in order for them to send
0
 

Author Comment

by:anacinc
ID: 24206074
We have a Dlink DIR 825 router, and yes I have forwared port 25 to my server
0
 
LVL 2

Accepted Solution

by:
Dave_Angel_Portsmouth earned 2000 total points
ID: 24206107
Abhaigh is right.

Another alternative is to use RCP over HTTPS instead of POP which is very reliable and secure.

Have a look at:
http://www.petri.co.il/how-can-i-configure-rpc-over-https-on-exchange-2003-single-server-scenario.htm
 
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 

Author Comment

by:anacinc
ID: 24206128
In order to use that I have to have them on the network first so that I can authenticate an exchange account.  These are users that never come in.
0
 
LVL 15

Expert Comment

by:abhaigh
ID: 24206148
do you have them configured to log into the system to send? If you have your system configured to not be an open relay then you will need to make sure that they login before they will be able to send
0
 
LVL 65

Expert Comment

by:Mestha
ID: 24206149
That is not correct. The users do not have to come on to the network to use RPC over HTTPS. Even if they did, SBS has VPN functionality to give them access to the network.

RPC over HTTPS was designed for hosted Exchange providers, non of their users go on to their network.

Simon.
0
 
LVL 15

Expert Comment

by:abhaigh
ID: 24206210
you could always have them use OWA
0
 

Author Comment

by:anacinc
ID: 24207051
I have tried having them make the change on their email setups to login to the server before sending and that still didn't work.

I will look at RPC over HTTPS again, because eventhough OWA works it is very slow.  Plus they want to be able to download their emails into their PST files and then if they need to send later they can get on with their Sprint aircards and send out.
0
 
LVL 2

Expert Comment

by:Dave_Angel_Portsmouth
ID: 24207093
I'd suggest you use OST files rather than PST files, as PST files will remove the email from the server, whilst using OST doesn't. You can choose to download the whole message using either file type.

This is particually pertinant when you dont have control over the client machine.
0
 
LVL 15

Expert Comment

by:abhaigh
ID: 24207197
agreed - in this scenario - if you can get them working via rpc pver http - the OST file is the only way forward
0
 

Author Comment

by:anacinc
ID: 24207899
I am unable to get the RPC over HTTPS to work!?? And, in my attempts to do so, I have locked out my companyweb. UARGH!

When I open my Outlook it asks me for a password, but never accepts it.  How do I test that I have it set correctly on my server.
0
 
LVL 65

Expert Comment

by:Mestha
ID: 24209079
Are you enabling Outlook over the Internet through the Configure internet and email wizard? If not then you should be, as this is SBS.

Password prompts usually are caused by one of two things.
1. Certificate acceptance - the client is unable to accept the certificate because it cannot cope with the certificate prompt.
2. Authentication type mismatch - integrated on the virtual directory and basic in the client - or vice versa.

You can test it through the Microsoft test site using a test account here:
https://testexchangeconnectivity.com/

Simon.
0
 

Author Comment

by:anacinc
ID: 24209133
I don't see anywhere to enable Outlook over the internet in the Configure internet and email wizard??
0
 

Author Comment

by:anacinc
ID: 24209207
The test failed.  Below are the errors.


The SSLCertificate failed one or more certificate validation checks.
   Tell me more about this issue and how to resolve it
 
 Additional Details
  A network error occurred while communicating with remote host: Exception Details: Message: Authentication failed because the remote party has closed the transport stream. Type: System.IO.IOException Stack Trace: at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult) at System.Net.Security.SslStream.AuthenticateAsClient(String targetHost, X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, Boolean checkCertificateRevocation) at System.Net.Security.SslStream.AuthenticateAsClient(String targetHost) at Microsoft.Exchange.Tools.ExRca.Tests.SSLCertificateTest.PerformTestReally()  
0
 

Author Comment

by:anacinc
ID: 24209875
my new error is this:

  Attempting to Resolve the host name mail.xxx.com in DNS.
  Host successfully Resolved
 Additional Details
  IP(s) returned: xxx.xxx.xxx.xxx
 
 Testing TCP Port 443 on host mail.xxxx.com to ensure it is listening/open.
  The port was opened successfully.
 
 Testing SSLCertificate for validity.
  The SSLCertificate failed one or more certificate validation checks.
 Additional Details
  The SSL Certificate failed validation Exception Details: Message: The remote certificate is invalid according to the validation procedure........
 
 
0
 
LVL 65

Expert Comment

by:Mestha
ID: 24216199
That would appear to be rather self-explanatory. The certificate isn't valid, which is a common failure for RPC over HTTPS. You really need to change the certificate for a commercial certificate.
If you want to practise, then RapidSSL do a 30 day trial certificate that is fully trusted.
If you want to purchase one, then the cheapest are GoDaddy. https://CertificatesForExchange.com/ 

Simon.
0
 
LVL 2

Expert Comment

by:Dave_Angel_Portsmouth
ID: 24216380
Anacinc,

Are you testing the certificate from outside?

the name on the certificate has to match the server exactly. if you are browsing to an internal address and have not set up the certificate for that address, it will fail.

Your answer there is to create either a record in the HOSTS file pointing to the server internally with the external name, or create a DNS record to the same affect.

Start with an internal machine and verify you can browse to the server with the name on the certificate and ensure that you dont get any errors. YOu will have to import the certificate to that client if you havent bought an external cert as Mestha has suggested.
0
 

Author Comment

by:anacinc
ID: 24218052
I managed to get it to work. I created the certificate with windows using my external ip address. I exported the certificate from the server and then imported to the workstation. Then set up the client and it finally works.  I'm now playing with using the server name vs ip just in case down the road they change ISPs.
0
 
LVL 2

Expert Comment

by:Dave_Angel_Portsmouth
ID: 24218966
Congrats!

If you are worried about changing ISPs\loosing your IP address, using dyndns's serivice really works well.
0
 

Author Closing Comment

by:anacinc
ID: 31573333
The suggested solution was a complicated process, but a process that worked non the less.
0

Featured Post

Receive 1:1 tech help

Solve your biggest tech problems alongside global tech experts with 1:1 help.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Exchange database can often fail to mount thereby halting the work of all users connected to it. Finding out why database isn’t mounting is crucial and getting the server back online. Stellar Phoenix Mailbox Exchange Recovery is a champion product t…
In my humble opinion (IMHO), TouchDown from Symantec is the best in class for this type of application, but Symantec has end-of-lifed it and although one can keep using it, it will no longer be supported or upgraded.  Time to look for alternatives t…
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question