Solved

Outlook Anywhere

Posted on 2009-07-06
10
363 Views
Last Modified: 2012-08-14
Hi guys,

I have an Exchange 2007 server and ActiveSync over the net works fine from my mobile devices.  However, when trying to create a connection from Outlook 2007 via Outlook Anywhere/RCP over HTTP is says is cannot resolve the name of the server.

We create our ActiveSync connections pretty much the same way and in prinicple, I understand the process to be the same as Outlook Anywhere.  Is this a port issue, does Outlook Anywhere use different ports than ActiveSync?

Cheers.
0
Comment
Question by:AstraeusLTD
  • 7
  • 3
10 Comments
 

Author Comment

by:AstraeusLTD
ID: 24783706
Official MS answer is no, only 443 need be open.  However, tried and tested; the answer is yes.  Port 1030 and 135 must be forwarded to the Exchange/AD server.

However, now that I can resolve my name against the mail server I am now experiencing a dofferent issue.  When it resolves, it changes my external FQDN to the internal one.  I need to keep it as the external FQDN.  How do I force Outlook to do so, or change Exchange to only ever give out the external address?
0
 
LVL 65

Expert Comment

by:Mestha
ID: 24784126
First - you are incorrect with the port openings. Port 443 is the ONLY port that needs to be open. You do not need to have any other port open. Close port 135 as that opens your server to attack. If you have to open port 135 then your server is not configured correctly. 135 is a massive security hole and should never be open to the internet.

With regards to Outlook Anywhere, if you are using Outlook 2007 then Autodiscover should be setting up Outlook for you automatically. The behaviour you are seeing is correct. The Exchange server name will change to the internal server name. That is because the external information that Outlook uses to make the connection to the server is stored elsewhere, in the Advanced Options, under Connection. That should be automatically populated by Autodiscover.

Have you enabled Outlook Anywhere in Exchange 2007? Did you install the RPC Proxy?

I suggest that you start by using a test account on the Microsoft test web site here:
https://testexchangeconnectivity.com/
Verify everything is setup correctly to use Autodiscover and Outlook Anywhere.
Autodiscover is NOT an optional feature. You need to get that working correctly for external users to work correctly.

Simon.
0
 

Author Comment

by:AstraeusLTD
ID: 24784489
>> First - you are incorrect with the port openings. Port 443 is the ONLY port that needs to be open.

I understand the risk, but the only way that I could get the mailbox name to resolve, was to have those two ports open.

I'm working through the Connectivity site - cheers.

How do I correct the need to have ports 135 and 1030 forwarded?
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 65

Expert Comment

by:Mestha
ID: 24785109
If the feature and the client had been configured correctly then you do not need to have those ports open. Therefore close them. End of story. Your server is exposed - I don't really think you do understand the risk. If you worked for me, you would be fired for opening port 135 to the internet - it is that great a risk.

The reason the name only resolved with that port open is because you didn't configure the additional settings and Outlook required a NETBIOS connection to the server.

Simon.
0
 

Author Comment

by:AstraeusLTD
ID: 24785144
>> I don't really think you do understand the risk

I understand that it is a risk.  It is purely for troubleshooting purposes.

>> you didn't configure the additional settings

That's what I was asking "How do I correct the need to have ports 135 and 1030 forwarded?"
0
 
LVL 65

Expert Comment

by:Mestha
ID: 24785446
Have you configured the feature correctly, as I stated in my first posting?
Have you got Autodiscover to work? If you allow autodiscover to do the configuration for you, then everything just works - that is what it is designed to do.

Even for troubleshooting I would still never open port 135. It only takes an attacker 30 seconds to find that port is open and you will be fighting off the attacks for days. If it has been open for any length of time then I would be treating the system has compromised.

Simon.
0
 

Author Comment

by:AstraeusLTD
ID: 24785715
>> If you allow autodiscover to do the configuration for you

I ran the Outlook Anywhere config in the GUI.  But otherwise, I'm still yet to find out where this is done.
0
 

Author Comment

by:AstraeusLTD
ID: 24786880
http://technet.microsoft.com/en-us/library/aa997436(EXCHG.65).aspx

"Then, open the appropriate ports on the internal firewall:

TCP port 135  RPC endpoint mapper"
0
 

Accepted Solution

by:
AstraeusLTD earned 0 total points
ID: 24787076
RPC Virtual DIrectory was set to Accept certificates - needed to be set to Ignore.
0
 

Author Comment

by:AstraeusLTD
ID: 24839731
My comments have been altered by EE.
0

Featured Post

Networking for the Cloud Era

Join Microsoft and Riverbed for a discussion and demonstration of enhancements to SteelConnect:
-One-click orchestration and cloud connectivity in Azure environments
-Tight integration of SD-WAN and WAN optimization capabilities
-Scalability and resiliency equal to a data center

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A safe way to clean winsxs folder from your windows server 2008 R2 editions
Many people use more than one email account and so it becomes difficult for them to manage them when they use separate accounts,  so, in this article, I have shared an easy way to add Other Mail Accounts in your Google Inbox. It helps to combine all…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question