Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Outlook Anywhere

Posted on 2009-07-06
10
Medium Priority
?
390 Views
Last Modified: 2012-08-14
Hi guys,

I have an Exchange 2007 server and ActiveSync over the net works fine from my mobile devices.  However, when trying to create a connection from Outlook 2007 via Outlook Anywhere/RCP over HTTP is says is cannot resolve the name of the server.

We create our ActiveSync connections pretty much the same way and in prinicple, I understand the process to be the same as Outlook Anywhere.  Is this a port issue, does Outlook Anywhere use different ports than ActiveSync?

Cheers.
0
Comment
Question by:AstraeusLTD
  • 7
  • 3
10 Comments
 

Author Comment

by:AstraeusLTD
ID: 24783706
Official MS answer is no, only 443 need be open.  However, tried and tested; the answer is yes.  Port 1030 and 135 must be forwarded to the Exchange/AD server.

However, now that I can resolve my name against the mail server I am now experiencing a dofferent issue.  When it resolves, it changes my external FQDN to the internal one.  I need to keep it as the external FQDN.  How do I force Outlook to do so, or change Exchange to only ever give out the external address?
0
 
LVL 65

Expert Comment

by:Mestha
ID: 24784126
First - you are incorrect with the port openings. Port 443 is the ONLY port that needs to be open. You do not need to have any other port open. Close port 135 as that opens your server to attack. If you have to open port 135 then your server is not configured correctly. 135 is a massive security hole and should never be open to the internet.

With regards to Outlook Anywhere, if you are using Outlook 2007 then Autodiscover should be setting up Outlook for you automatically. The behaviour you are seeing is correct. The Exchange server name will change to the internal server name. That is because the external information that Outlook uses to make the connection to the server is stored elsewhere, in the Advanced Options, under Connection. That should be automatically populated by Autodiscover.

Have you enabled Outlook Anywhere in Exchange 2007? Did you install the RPC Proxy?

I suggest that you start by using a test account on the Microsoft test web site here:
https://testexchangeconnectivity.com/
Verify everything is setup correctly to use Autodiscover and Outlook Anywhere.
Autodiscover is NOT an optional feature. You need to get that working correctly for external users to work correctly.

Simon.
0
 

Author Comment

by:AstraeusLTD
ID: 24784489
>> First - you are incorrect with the port openings. Port 443 is the ONLY port that needs to be open.

I understand the risk, but the only way that I could get the mailbox name to resolve, was to have those two ports open.

I'm working through the Connectivity site - cheers.

How do I correct the need to have ports 135 and 1030 forwarded?
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 65

Expert Comment

by:Mestha
ID: 24785109
If the feature and the client had been configured correctly then you do not need to have those ports open. Therefore close them. End of story. Your server is exposed - I don't really think you do understand the risk. If you worked for me, you would be fired for opening port 135 to the internet - it is that great a risk.

The reason the name only resolved with that port open is because you didn't configure the additional settings and Outlook required a NETBIOS connection to the server.

Simon.
0
 

Author Comment

by:AstraeusLTD
ID: 24785144
>> I don't really think you do understand the risk

I understand that it is a risk.  It is purely for troubleshooting purposes.

>> you didn't configure the additional settings

That's what I was asking "How do I correct the need to have ports 135 and 1030 forwarded?"
0
 
LVL 65

Expert Comment

by:Mestha
ID: 24785446
Have you configured the feature correctly, as I stated in my first posting?
Have you got Autodiscover to work? If you allow autodiscover to do the configuration for you, then everything just works - that is what it is designed to do.

Even for troubleshooting I would still never open port 135. It only takes an attacker 30 seconds to find that port is open and you will be fighting off the attacks for days. If it has been open for any length of time then I would be treating the system has compromised.

Simon.
0
 

Author Comment

by:AstraeusLTD
ID: 24785715
>> If you allow autodiscover to do the configuration for you

I ran the Outlook Anywhere config in the GUI.  But otherwise, I'm still yet to find out where this is done.
0
 

Author Comment

by:AstraeusLTD
ID: 24786880
http://technet.microsoft.com/en-us/library/aa997436(EXCHG.65).aspx

"Then, open the appropriate ports on the internal firewall:

TCP port 135  RPC endpoint mapper"
0
 

Accepted Solution

by:
AstraeusLTD earned 0 total points
ID: 24787076
RPC Virtual DIrectory was set to Accept certificates - needed to be set to Ignore.
0
 

Author Comment

by:AstraeusLTD
ID: 24839731
My comments have been altered by EE.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This month, Experts Exchange sat down with resident SQL expert, Jim Horn, for an in-depth look into the makings of a successful career in SQL.
In this post, I will showcase the steps for how to create groups in Office 365. Office 365 groups allow for ease of flexibility and collaboration between staff members.
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
Suggested Courses

926 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question