?
Solved

Outlook Anywhere

Posted on 2009-07-06
10
Medium Priority
?
392 Views
Last Modified: 2012-08-14
Hi guys,

I have an Exchange 2007 server and ActiveSync over the net works fine from my mobile devices.  However, when trying to create a connection from Outlook 2007 via Outlook Anywhere/RCP over HTTP is says is cannot resolve the name of the server.

We create our ActiveSync connections pretty much the same way and in prinicple, I understand the process to be the same as Outlook Anywhere.  Is this a port issue, does Outlook Anywhere use different ports than ActiveSync?

Cheers.
0
Comment
Question by:AstraeusLTD
  • 7
  • 3
10 Comments
 

Author Comment

by:AstraeusLTD
ID: 24783706
Official MS answer is no, only 443 need be open.  However, tried and tested; the answer is yes.  Port 1030 and 135 must be forwarded to the Exchange/AD server.

However, now that I can resolve my name against the mail server I am now experiencing a dofferent issue.  When it resolves, it changes my external FQDN to the internal one.  I need to keep it as the external FQDN.  How do I force Outlook to do so, or change Exchange to only ever give out the external address?
0
 
LVL 65

Expert Comment

by:Mestha
ID: 24784126
First - you are incorrect with the port openings. Port 443 is the ONLY port that needs to be open. You do not need to have any other port open. Close port 135 as that opens your server to attack. If you have to open port 135 then your server is not configured correctly. 135 is a massive security hole and should never be open to the internet.

With regards to Outlook Anywhere, if you are using Outlook 2007 then Autodiscover should be setting up Outlook for you automatically. The behaviour you are seeing is correct. The Exchange server name will change to the internal server name. That is because the external information that Outlook uses to make the connection to the server is stored elsewhere, in the Advanced Options, under Connection. That should be automatically populated by Autodiscover.

Have you enabled Outlook Anywhere in Exchange 2007? Did you install the RPC Proxy?

I suggest that you start by using a test account on the Microsoft test web site here:
https://testexchangeconnectivity.com/
Verify everything is setup correctly to use Autodiscover and Outlook Anywhere.
Autodiscover is NOT an optional feature. You need to get that working correctly for external users to work correctly.

Simon.
0
 

Author Comment

by:AstraeusLTD
ID: 24784489
>> First - you are incorrect with the port openings. Port 443 is the ONLY port that needs to be open.

I understand the risk, but the only way that I could get the mailbox name to resolve, was to have those two ports open.

I'm working through the Connectivity site - cheers.

How do I correct the need to have ports 135 and 1030 forwarded?
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 65

Expert Comment

by:Mestha
ID: 24785109
If the feature and the client had been configured correctly then you do not need to have those ports open. Therefore close them. End of story. Your server is exposed - I don't really think you do understand the risk. If you worked for me, you would be fired for opening port 135 to the internet - it is that great a risk.

The reason the name only resolved with that port open is because you didn't configure the additional settings and Outlook required a NETBIOS connection to the server.

Simon.
0
 

Author Comment

by:AstraeusLTD
ID: 24785144
>> I don't really think you do understand the risk

I understand that it is a risk.  It is purely for troubleshooting purposes.

>> you didn't configure the additional settings

That's what I was asking "How do I correct the need to have ports 135 and 1030 forwarded?"
0
 
LVL 65

Expert Comment

by:Mestha
ID: 24785446
Have you configured the feature correctly, as I stated in my first posting?
Have you got Autodiscover to work? If you allow autodiscover to do the configuration for you, then everything just works - that is what it is designed to do.

Even for troubleshooting I would still never open port 135. It only takes an attacker 30 seconds to find that port is open and you will be fighting off the attacks for days. If it has been open for any length of time then I would be treating the system has compromised.

Simon.
0
 

Author Comment

by:AstraeusLTD
ID: 24785715
>> If you allow autodiscover to do the configuration for you

I ran the Outlook Anywhere config in the GUI.  But otherwise, I'm still yet to find out where this is done.
0
 

Author Comment

by:AstraeusLTD
ID: 24786880
http://technet.microsoft.com/en-us/library/aa997436(EXCHG.65).aspx

"Then, open the appropriate ports on the internal firewall:

TCP port 135  RPC endpoint mapper"
0
 

Accepted Solution

by:
AstraeusLTD earned 0 total points
ID: 24787076
RPC Virtual DIrectory was set to Accept certificates - needed to be set to Ignore.
0
 

Author Comment

by:AstraeusLTD
ID: 24839731
My comments have been altered by EE.
0

Featured Post

Easily manage email signatures in Office 365

Managing email signatures in Office 365 can be a challenging task if you don't have the right tool. CodeTwo Email Signatures for Office 365 will help you implement a unified email signature look, no matter what email client is used by users. Test it for free!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

What is the biggest problem in managing an exchange environment today? It is the lack of backups, disaster recovery (DR) plan, testing of the DR plan or believing that it won’t happen to us.
Here is a method which can be used to help resolve a "Content Index Failed" error on a Microsoft Exchange Server.
Many of my clients call in with monstrous Gmail overloading issues with Outlook. A quick tip is to turn off the All Mail and Important folders from synching. Here is a quick video I made to show you how to turn off these and other folders in Gmail s…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
Suggested Courses

589 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question