Solved

Outlook Anywhere

Posted on 2009-07-06
10
336 Views
Last Modified: 2012-08-14
Hi guys,

I have an Exchange 2007 server and ActiveSync over the net works fine from my mobile devices.  However, when trying to create a connection from Outlook 2007 via Outlook Anywhere/RCP over HTTP is says is cannot resolve the name of the server.

We create our ActiveSync connections pretty much the same way and in prinicple, I understand the process to be the same as Outlook Anywhere.  Is this a port issue, does Outlook Anywhere use different ports than ActiveSync?

Cheers.
0
Comment
Question by:AstraeusLTD
  • 7
  • 3
10 Comments
 

Author Comment

by:AstraeusLTD
ID: 24783706
Official MS answer is no, only 443 need be open.  However, tried and tested; the answer is yes.  Port 1030 and 135 must be forwarded to the Exchange/AD server.

However, now that I can resolve my name against the mail server I am now experiencing a dofferent issue.  When it resolves, it changes my external FQDN to the internal one.  I need to keep it as the external FQDN.  How do I force Outlook to do so, or change Exchange to only ever give out the external address?
0
 
LVL 65

Expert Comment

by:Mestha
ID: 24784126
First - you are incorrect with the port openings. Port 443 is the ONLY port that needs to be open. You do not need to have any other port open. Close port 135 as that opens your server to attack. If you have to open port 135 then your server is not configured correctly. 135 is a massive security hole and should never be open to the internet.

With regards to Outlook Anywhere, if you are using Outlook 2007 then Autodiscover should be setting up Outlook for you automatically. The behaviour you are seeing is correct. The Exchange server name will change to the internal server name. That is because the external information that Outlook uses to make the connection to the server is stored elsewhere, in the Advanced Options, under Connection. That should be automatically populated by Autodiscover.

Have you enabled Outlook Anywhere in Exchange 2007? Did you install the RPC Proxy?

I suggest that you start by using a test account on the Microsoft test web site here:
https://testexchangeconnectivity.com/
Verify everything is setup correctly to use Autodiscover and Outlook Anywhere.
Autodiscover is NOT an optional feature. You need to get that working correctly for external users to work correctly.

Simon.
0
 

Author Comment

by:AstraeusLTD
ID: 24784489
>> First - you are incorrect with the port openings. Port 443 is the ONLY port that needs to be open.

I understand the risk, but the only way that I could get the mailbox name to resolve, was to have those two ports open.

I'm working through the Connectivity site - cheers.

How do I correct the need to have ports 135 and 1030 forwarded?
0
 
LVL 65

Expert Comment

by:Mestha
ID: 24785109
If the feature and the client had been configured correctly then you do not need to have those ports open. Therefore close them. End of story. Your server is exposed - I don't really think you do understand the risk. If you worked for me, you would be fired for opening port 135 to the internet - it is that great a risk.

The reason the name only resolved with that port open is because you didn't configure the additional settings and Outlook required a NETBIOS connection to the server.

Simon.
0
 

Author Comment

by:AstraeusLTD
ID: 24785144
>> I don't really think you do understand the risk

I understand that it is a risk.  It is purely for troubleshooting purposes.

>> you didn't configure the additional settings

That's what I was asking "How do I correct the need to have ports 135 and 1030 forwarded?"
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 
LVL 65

Expert Comment

by:Mestha
ID: 24785446
Have you configured the feature correctly, as I stated in my first posting?
Have you got Autodiscover to work? If you allow autodiscover to do the configuration for you, then everything just works - that is what it is designed to do.

Even for troubleshooting I would still never open port 135. It only takes an attacker 30 seconds to find that port is open and you will be fighting off the attacks for days. If it has been open for any length of time then I would be treating the system has compromised.

Simon.
0
 

Author Comment

by:AstraeusLTD
ID: 24785715
>> If you allow autodiscover to do the configuration for you

I ran the Outlook Anywhere config in the GUI.  But otherwise, I'm still yet to find out where this is done.
0
 

Author Comment

by:AstraeusLTD
ID: 24786880
http://technet.microsoft.com/en-us/library/aa997436(EXCHG.65).aspx

"Then, open the appropriate ports on the internal firewall:

TCP port 135  RPC endpoint mapper"
0
 

Accepted Solution

by:
AstraeusLTD earned 0 total points
ID: 24787076
RPC Virtual DIrectory was set to Accept certificates - needed to be set to Ignore.
0
 

Author Comment

by:AstraeusLTD
ID: 24839731
My comments have been altered by EE.
0

Featured Post

The problems with reply email signatures

Do you wish that you could place an email signature under a reply? Well, unfortunately, you can't. That great Exchange/Office 365 signature you've created will just appear at the bottom of an email chain. What a pain! Is there really no way to solve this? Well, there might be...

Join & Write a Comment

Suggested Solutions

A procedure for exporting installed hotfix details of remote computers using powershell
Are you unable to connect or configure Hotmail email account in Microsoft Outlook 2010, 2007? Or Outlook.com emails are not downloading to Outlook? Lets’ see the problem and resolve Outlook Connector error syncing folder hierarchy (0x8004102A).
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now