Outlook anywhere quit working
I have a client running SBS 2008 and using Exchange 2007. Everything was fine running outlook anywhere with all external clients for the past 3 months. Something happened which I can't find in any log and all Entourage users just quit working. Then this morning no one can connect using Outlook Anywhere.
Since everyone was broke, I just decided to reconfigure Outlook anywhere from scratch. OWA works fine so everyone still has access to their email.
I get everything all reconfigured and when I try to connect my Outlook 2007 client using autodiscover it finds the settings and then just repeatedly asks for the password over and over again.
Then I tried another machine using Outlook 2003 and it does the same thing.
I have been using https://www.testexchangeconnectivity.com/ to test my settings. When using the Outlook Exchange Web services connectivity test everything passes.
But when I used the Outlook Anywhere with Autodiscover test it fails with:
Testing Http Authentication Methods for URL https://remote.domain.com/rpc/rpcproxy.dll
Http Authentication Test failed
Tell me more about this issue and how to resolve it
Additional Details
Did not find all required authentication methods
Methods Found: NTLM
Methods Required: Basic
But when I use the get-outlookanywhere command it shows basic as the client authentication and IIS authentication. I have also just for kicks add both basic and ntlm to the IIS authentication.
From what I can see the setup is all correct. I know originally I didn't have to do to much to get it work. It was pretty much set out of the box when I turned the feature on.
If anyone can tell me where additional log files might be would be appreciated and/or how to get this working again.
This is the only client I have running Exchange 07 so I don't nearly the amount of experience with it as I do with Exchange 03.
Since everyone was broke, I just decided to reconfigure Outlook anywhere from scratch. OWA works fine so everyone still has access to their email.
I get everything all reconfigured and when I try to connect my Outlook 2007 client using autodiscover it finds the settings and then just repeatedly asks for the password over and over again.
Then I tried another machine using Outlook 2003 and it does the same thing.
I have been using https://www.testexchangeconnectivity.com/ to test my settings. When using the Outlook Exchange Web services connectivity test everything passes.
But when I used the Outlook Anywhere with Autodiscover test it fails with:
Testing Http Authentication Methods for URL https://remote.domain.com/rpc/rpcproxy.dll
Http Authentication Test failed
Tell me more about this issue and how to resolve it
Additional Details
Did not find all required authentication methods
Methods Found: NTLM
Methods Required: Basic
But when I use the get-outlookanywhere command it shows basic as the client authentication and IIS authentication. I have also just for kicks add both basic and ntlm to the IIS authentication.
From what I can see the setup is all correct. I know originally I didn't have to do to much to get it work. It was pretty much set out of the box when I turned the feature on.
If anyone can tell me where additional log files might be would be appreciated and/or how to get this working again.
This is the only client I have running Exchange 07 so I don't nearly the amount of experience with it as I do with Exchange 03.
Since its the IIS permision issue, if the above doesnt work, I would try to synchronize the internet user password in IIS metabase. This once saved the day for me when dealing with logon issues on IIS server. It was quite a long time ago, but if you have problems with autentication, give it a try.
Hope it helps
Hope it helps
Also if you have IIS 7.
try Disabling the Kernal mode AUthentication
http://technet.microsoft.com/en-us/library/bb123889.aspx
How to set Authentication in IIS
http://technet.microsoft.com/en-us/library/bb124149.aspx
try Disabling the Kernal mode AUthentication
http://technet.microsoft.com/en-us/library/bb123889.aspx
How to set Authentication in IIS
http://technet.microsoft.com/en-us/library/bb124149.aspx
Once dealing with RPC over HTTPS, I found that the username was required to be entered in format:
DOMAN\username
Give it a try, if it doesnt help, found an microsoft article about reseting the password for iwam user:
http://support.microsoft.com/kb/297989/en-us
Also an crazy Microsoft option would be to completely reset the permissions on IIS virtual folders:
http://support.microsoft.com/kb/883380
http://www.msexchange.org/tutorials/Resetting-OWA-Folder-IIS-security-permissions-Exchange-2003.html
Both are for older versions of IIS & Exchange, but if you run virtualized SBS 2008, I would take a snapshot of it and try it.
DOMAN\username
Give it a try, if it doesnt help, found an microsoft article about reseting the password for iwam user:
http://support.microsoft.com/kb/297989/en-us
Also an crazy Microsoft option would be to completely reset the permissions on IIS virtual folders:
http://support.microsoft.com/kb/883380
http://www.msexchange.org/tutorials/Resetting-OWA-Folder-IIS-security-permissions-Exchange-2003.html
Both are for older versions of IIS & Exchange, but if you run virtualized SBS 2008, I would take a snapshot of it and try it.
ASKER
I changed the IIS authentication back to just Basic.
I went back into IIS and directly looked at the RPC virtual directory. The only things enabled are:
Basic: Response Type HTTP 401 Challenge
Windows Authentication Response Type HTTP 401 Challenge
I didn't really see anything in the Exchange rollup 8 patch that dealt with Outlook Anywhere to want to mess with that right now. I am not getting any errors in any of the event logs. I mean up until about noon yesterday, this was running fine.
I should have mentioned this in my original post. Anytime I run a get or set outlookanywhere command I get a warning:
Warning iis://server/domain.local/
I went back into IIS and directly looked at the RPC virtual directory. The only things enabled are:
Basic: Response Type HTTP 401 Challenge
Windows Authentication Response Type HTTP 401 Challenge
I didn't really see anything in the Exchange rollup 8 patch that dealt with Outlook Anywhere to want to mess with that right now. I am not getting any errors in any of the event logs. I mean up until about noon yesterday, this was running fine.
I should have mentioned this in my original post. Anytime I run a get or set outlookanywhere command I get a warning:
Warning iis://server/domain.local/
I asked you to apply rollup up update 8 so that you can disable kernel mode authentication... it get's disabled when we apply the rollup update 8....
or else you can run this command and disable it...
%systemroot%\system32\inet
Also check this article and disable IPv6 on the server.... http://technet.microsoft.com/en-us/library/cc671176.aspx
Also in the IIS, the RPC authentication should only be "Basic"....
Disable the "Windows Authentication"
In EMC... it should be "Basic" and then run a test at testexchangeconnectivity.c
or else you can run this command and disable it...
%systemroot%\system32\inet
Also check this article and disable IPv6 on the server.... http://technet.microsoft.com/en-us/library/cc671176.aspx
Also in the IIS, the RPC authentication should only be "Basic"....
Disable the "Windows Authentication"
In EMC... it should be "Basic" and then run a test at testexchangeconnectivity.c
also try this command in exchange management shell....
Get-OutlookAnywhere | FL
Get-OutlookAnywhere | FL
ASKER
lastostlast,
In the process of installing the rollup 8 update and then check into IPv6.
FYI: when I run the : Get-OutlookAnywhere | FL
It displays all of the outlook anywhere info, it just gives me that warning first. I don't know if that is normal or not.
I definitely appreciate the help.
In the process of installing the rollup 8 update and then check into IPv6.
FYI: when I run the : Get-OutlookAnywhere | FL
It displays all of the outlook anywhere info, it just gives me that warning first. I don't know if that is normal or not.
I definitely appreciate the help.
oh ok...
in the results that you get when u run "get-outlookanywhere -fl".... check for the Metabase path and see what it shows...
ideally it should show "iis://server/domain.local
in the results that you get when u run "get-outlookanywhere -fl".... check for the Metabase path and see what it shows...
ideally it should show "iis://server/domain.local
ASKER
Ok the rollup 8 is running now.
Yeah in the metabase path, it is showing : iis://server/domain.local/
It just gives me that warning every time.
Yeah in the metabase path, it is showing : iis://server/domain.local/
It just gives me that warning every time.
Consider removing RPC components, deleted RPC virtual directories from IIS and installing rpc components again and then disabling Outlook Anywhere and Enabling Outlook Anywhere again...from Exchange Management Console..
ASKER
lastlostlast
Ran rollup 8. IIS only has basic installed. I still get the same error on the connectivity test. It only sees NTLM and not basic.
I think I am going to try XCHExperts suggestion of removing and adding back the RPC components as that is what is failing in the test and I get getting the RPC warning when I run the get outlook command, unless you have any other suggestions. Probably have to wait until this evening since the server will probably need to be restarted a couple times.
Just for kicks i tried connecting again with Outlook 2003 since it doesn't use autodiscover and continue to get the password prompt over and over again.
Ran rollup 8. IIS only has basic installed. I still get the same error on the connectivity test. It only sees NTLM and not basic.
I think I am going to try XCHExperts suggestion of removing and adding back the RPC components as that is what is failing in the test and I get getting the RPC warning when I run the get outlook command, unless you have any other suggestions. Probably have to wait until this evening since the server will probably need to be restarted a couple times.
Just for kicks i tried connecting again with Outlook 2003 since it doesn't use autodiscover and continue to get the password prompt over and over again.
ok... also did u check the IPv6?
Disable it if you haven't....
Disable it if you haven't....
Yeah...looks like RPC Components itself are not properly installed or IIS is not able to read RPC virtual directory properly from Metabase and so running powershell command for get-outlookanywhere giving a warning....
ASKER
lastlostlast:
Yeah I read the IPv6 info, apparently if you are running SBS 2008 it doesn't apply. If you try to remove IPV6 on SBS it pretty much breaks everything. Someone posted a comment on SBS 2008 at the bottom of the technet article.
I am waiting approval from the client to see if I could do the rpc repair now or if I need to wait until this evening. I will post updates as soon as I get approval to this.
Yeah I read the IPv6 info, apparently if you are running SBS 2008 it doesn't apply. If you try to remove IPV6 on SBS it pretty much breaks everything. Someone posted a comment on SBS 2008 at the bottom of the technet article.
I am waiting approval from the client to see if I could do the rpc repair now or if I need to wait until this evening. I will post updates as soon as I get approval to this.
ASKER
Just to verify so I don't break anything else.
Can I just delete the RPC virtual directory and then recreate it right in IIS and add the Basic authentication without affecting any other Exchange server process?
Can I just delete the RPC virtual directory and then recreate it right in IIS and add the Basic authentication without affecting any other Exchange server process?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
good deal..thats what i wanted to verify. With this being the only client on this system that I have access to I have nothing to compare it against. Very very weird that it just broke.
Anyway, the client asked me to hold off until this evening. So i won't have any more updates for a while.
Anyway, the client asked me to hold off until this evening. So i won't have any more updates for a while.
ASKER
Ok here is where I am at now. I did a complete uninstall of the RPC components and reinstall and then disabled and re-enabled Outlook anywhere.
I am still getting the RPC/HTTP error on the www.testexchangeconnectivity.com that the authentication method is NTLM and not basic. And when I run get-outlookanywhere it is set as basic.
A difference before the reinstall. The RPC directory was in the SBS Web Applications group. That is by default on the SBS setup. And where OWA etc is located.
After the reinstall it put the RPC directories in the default web site which wasn't being used at all. I assume it needed added to the SBS directory in IIS. That is where it was before.
I have also stopped getting the warning when i run get-outlookanywhere that RPC directory isn't there.
I am still getting the RPC/HTTP error on the www.testexchangeconnectivity.com that the authentication method is NTLM and not basic. And when I run get-outlookanywhere it is set as basic.
A difference before the reinstall. The RPC directory was in the SBS Web Applications group. That is by default on the SBS setup. And where OWA etc is located.
After the reinstall it put the RPC directories in the default web site which wasn't being used at all. I assume it needed added to the SBS directory in IIS. That is where it was before.
I have also stopped getting the warning when i run get-outlookanywhere that RPC directory isn't there.
ASKER
I wonder if thats the problem, the name RPC is set to the default web site. But OWA is on the SBS Applications site. What if I created the RPC directories under the SBS site and was able to change the Name in outlook anywhere to RPC (SBS Web Applications).
I am going to look for a cmdlet to change that setting, if anyones if that might work or what the command would be, I appreciate it.
I am going to look for a cmdlet to change that setting, if anyones if that might work or what the command would be, I appreciate it.
IF it gets default install in Default Web site then it may be default behavior then....you can below article to create it in different website
http://blogs.msdn.com/saurabh_singh/archive/2008/08/30/troubleshooting-ts-gateway-connectivity-on-windows-2008-iis-7-0.aspx
http://blogs.msdn.com/saurabh_singh/archive/2008/08/30/troubleshooting-ts-gateway-connectivity-on-windows-2008-iis-7-0.aspx
Any update ???
ASKER
Sorry for the delay. The entire server just crashed at the end of last week and I had a to do bare metal restore from backup of the entire SBS system and then get everything functioning again.
It was the strangest thing. System after system just started failing until the server wouldn't even boot up. Anyway. The server is up and running and has been stable since Friday.
The only outstanding issue that I have is that Outlook Anywhere is still not working with the same error message from www.testexchangeconnectivity.com as before. Here is the report:
Copy to Clipboard Expand/Collapse
Testing Outlook Anywhere using the Autodiscover Service to obtain Settings
Failed to test Outlook Anywhere using the Autodiscover Service to obtain Settings
Test Steps
Attempting to test Autodiscover for jbarker@domain.com
Successfully tested Autodiscover
Test Steps
Attempting each method of contacting the AutoDiscover Service
The AutoDiscover Service was successfully tested.
Test Steps
Attempting to test potential AutoDiscover URL https://domain.com/AutoDiscover/AutoDiscover.xml
Testing AutoDiscover URL succeeded
Test Steps
Attempting to Resolve the host name domain.com in DNS.
Host successfully Resolved
Additional Details
Testing TCP Port 443 on host domain.com to ensure it is listening/open.
The port was opened successfully.
Testing SSL Certificate for validity.
The certificate passed all validation requirements.
Test Steps
Validating certificate name
Successfully validated the certificate name
Additional Details
Validating certificate trust
The test passed with some warnings encountered. Please expand additional details.
Additional Details
Testing certificate date to ensure validity
Date Validation passed. The certificate is not expired.
Additional Details
Attempting to Retrieve XML AutoDiscover Response from url https://domain.com/AutoDiscover/AutoDiscover.xml for user jbarker@domain.com
Successfully Retrieved AutoDiscover XML Response
Additional Details
Validating Autodiscover Settings for Outlook Anywhere
Outlook Anywhere Autodiscover Settings validated
Testing RPC/HTTP connectivity
RPC/HTTP test failed
Test Steps
Attempting to Resolve the host name remote.domain.com in DNS.
Host successfully Resolved
Additional Details
Testing TCP Port 443 on host remote.domain.com to ensure it is listening/open.
The port was opened successfully.
Testing SSL Certificate for validity.
The certificate passed all validation requirements.
Test Steps
Validating certificate name
Successfully validated the certificate name
Additional Details
Validating certificate trust
The test passed with some warnings encountered. Please expand additional details.
Additional Details
Only able to build certificate chain when using the Root Certificate Update functionality from Windows Update. Your server may not be properly configured to send down the required intermediate certificates to complete the chain. Consult the certificate installation instructions or FAQ's from your Certificate Authority for more information
Testing certificate date to ensure validity
Date Validation passed. The certificate is not expired.
Additional Details
Certificate is valid: NotBefore = 5/7/2009 10:26:28 AM, NotAfter = 5/7/2010 10:26:28 AM
Testing Http Authentication Methods for URL https://remote.domain.com/rpc/rpcproxy.dll
Http Authentication Test failed
Tell me more about this issue and how to resolve it
Additional Details
Did not find all required authentication methods
Methods Found: NTLM
Methods Required: Basic
I have attached the Get-OutllookAnywhere results. And as you can see the authentication is set for Basic and not NTLM.
serversettings.jpg
It was the strangest thing. System after system just started failing until the server wouldn't even boot up. Anyway. The server is up and running and has been stable since Friday.
The only outstanding issue that I have is that Outlook Anywhere is still not working with the same error message from www.testexchangeconnectivity.com as before. Here is the report:
Copy to Clipboard Expand/Collapse
Testing Outlook Anywhere using the Autodiscover Service to obtain Settings
Failed to test Outlook Anywhere using the Autodiscover Service to obtain Settings
Test Steps
Attempting to test Autodiscover for jbarker@domain.com
Successfully tested Autodiscover
Test Steps
Attempting each method of contacting the AutoDiscover Service
The AutoDiscover Service was successfully tested.
Test Steps
Attempting to test potential AutoDiscover URL https://domain.com/AutoDiscover/AutoDiscover.xml
Testing AutoDiscover URL succeeded
Test Steps
Attempting to Resolve the host name domain.com in DNS.
Host successfully Resolved
Additional Details
Testing TCP Port 443 on host domain.com to ensure it is listening/open.
The port was opened successfully.
Testing SSL Certificate for validity.
The certificate passed all validation requirements.
Test Steps
Validating certificate name
Successfully validated the certificate name
Additional Details
Validating certificate trust
The test passed with some warnings encountered. Please expand additional details.
Additional Details
Testing certificate date to ensure validity
Date Validation passed. The certificate is not expired.
Additional Details
Attempting to Retrieve XML AutoDiscover Response from url https://domain.com/AutoDiscover/AutoDiscover.xml for user jbarker@domain.com
Successfully Retrieved AutoDiscover XML Response
Additional Details
Validating Autodiscover Settings for Outlook Anywhere
Outlook Anywhere Autodiscover Settings validated
Testing RPC/HTTP connectivity
RPC/HTTP test failed
Test Steps
Attempting to Resolve the host name remote.domain.com in DNS.
Host successfully Resolved
Additional Details
Testing TCP Port 443 on host remote.domain.com to ensure it is listening/open.
The port was opened successfully.
Testing SSL Certificate for validity.
The certificate passed all validation requirements.
Test Steps
Validating certificate name
Successfully validated the certificate name
Additional Details
Validating certificate trust
The test passed with some warnings encountered. Please expand additional details.
Additional Details
Only able to build certificate chain when using the Root Certificate Update functionality from Windows Update. Your server may not be properly configured to send down the required intermediate certificates to complete the chain. Consult the certificate installation instructions or FAQ's from your Certificate Authority for more information
Testing certificate date to ensure validity
Date Validation passed. The certificate is not expired.
Additional Details
Certificate is valid: NotBefore = 5/7/2009 10:26:28 AM, NotAfter = 5/7/2010 10:26:28 AM
Testing Http Authentication Methods for URL https://remote.domain.com/rpc/rpcproxy.dll
Http Authentication Test failed
Tell me more about this issue and how to resolve it
Additional Details
Did not find all required authentication methods
Methods Found: NTLM
Methods Required: Basic
I have attached the Get-OutllookAnywhere results. And as you can see the authentication is set for Basic and not NTLM.
serversettings.jpg
ASKER
After additional investigation, it appear the issue isn't with OutlookAnywhere so much as something that is wrong with IIS. Any know of an easy way to set IIS back to default, without losing sharepoiint data?
IIS didn't restore to default like every other program after the bare-bones restore. The link http://remote.domain.com quit function and I can't get it back again for what ever reason.
IIS didn't restore to default like every other program after the bare-bones restore. The link http://remote.domain.com quit function and I can't get it back again for what ever reason.
Someone dealing with similar IIS reset stuff:
https://www.experts-exchange.com/questions/23575987/Reset-IIS-7-back-to-its-original-state.html
Maybe it can help you a bit.
CLZ
https://www.experts-exchange.com/questions/23575987/Reset-IIS-7-back-to-its-original-state.html
Maybe it can help you a bit.
CLZ
ASKER
I ended up calling Microsoft. I have never had to do that before. I cannot pinpoint exactly one thing that was the issue. It took 8 hours and 5 techs to get it working again. Needless to say I did learn this.
Never ever add RPC virtual directories in IIS. In the SBS 2008 if you run into this issue if you reinstall the RPC roll you must reinstall the TS Gateway role as well.
Now there are several registry edits that they made, they modified several autoconfig files manually. We reinstalled the SSL Certs etc.
I have now discovered that the Microsoft Exchange Service Host service will not run. This process deals directly with the RPC over HTTP Autoconfig, so I am in the process of double checking with them to either disable the service as we have manually configured stuff now or if this needs to be resolved. But we did get Outlook Anywhere to run again Finally.
Never ever add RPC virtual directories in IIS. In the SBS 2008 if you run into this issue if you reinstall the RPC roll you must reinstall the TS Gateway role as well.
Now there are several registry edits that they made, they modified several autoconfig files manually. We reinstalled the SSL Certs etc.
I have now discovered that the Microsoft Exchange Service Host service will not run. This process deals directly with the RPC over HTTP Autoconfig, so I am in the process of double checking with them to either disable the service as we have manually configured stuff now or if this needs to be resolved. But we did get Outlook Anywhere to run again Finally.
ASKER
I appreciate the help definitely. While the RPC components weren't the total issue, it was definitely a big part. And I did learn to never to manually setup RPC virtual directories and point them to the components.
Good to see that your OL AW is workiing ...
Now for the Exchange 2007... check the rollup update applied to the server... the lates 1 is rollup update 8.... http://www.microsoft.com/downloads/details.aspx?FamilyID=e1f5c8b2-c4f2-4eba-849b-e464d4f2869c&displaylang=en
Also in the IIS, check the authentication on RPC virtual directory. It should be set to "Basic" authentication only... the same should be set as the Outlook anywhere authentication in the EMC...