Solved

Outlook anywhere quit working

Posted on 2009-07-15
28
1,821 Views
Last Modified: 2012-05-07
I have a client running SBS 2008 and using Exchange 2007.   Everything was fine running outlook anywhere with all external clients for the past 3 months.  Something happened which I can't find in any log and all Entourage users just quit working.  Then this morning no one can connect using Outlook Anywhere.

Since everyone was broke,  I just decided to reconfigure Outlook anywhere from scratch.  OWA works fine so everyone still has access to their email.

I get everything all reconfigured and when I try to connect my Outlook 2007 client using autodiscover it finds the settings and then just repeatedly asks for the password over and over again.

Then I tried another machine using Outlook 2003 and it does the same thing.

I have been using https://www.testexchangeconnectivity.com/ to test my settings.  When using the Outlook Exchange Web services connectivity test everything passes.

But when I used the Outlook Anywhere with Autodiscover test it fails with:

Testing Http Authentication Methods for URL https://remote.domain.com/rpc/rpcproxy.dll
  Http Authentication Test failed
   Tell me more about this issue and how to resolve it
 
 Additional Details
  Did not find all required authentication methods
Methods Found: NTLM
Methods Required: Basic

But when I use the get-outlookanywhere command it shows basic as the client authentication and IIS authentication.  I have also just for kicks add both basic and ntlm to the IIS authentication.

From what I can see the setup is all correct.  I know originally I didn't have to do to much to get it work.  It was pretty much set out of the box when I turned the feature on.

If anyone can tell me where additional log files might be would be appreciated and/or how to get this working again.

This is the only client I have running Exchange 07 so I don't nearly the amount of experience with it as I do with Exchange 03.
0
Comment
Question by:jbmos2333
  • 13
  • 6
  • 5
  • +2
28 Comments
 
LVL 13

Expert Comment

by:lastlostlast
ID: 24861260
There are no particular log files that we can check for Outlook anywhere except iislogs that are generated...

Now for the Exchange 2007... check the rollup update applied to the server... the lates 1 is rollup update 8.... http://www.microsoft.com/downloads/details.aspx?FamilyID=e1f5c8b2-c4f2-4eba-849b-e464d4f2869c&displaylang=en

Also in the IIS, check the authentication on RPC virtual directory. It should be set to "Basic" authentication only... the same should be set as the Outlook anywhere authentication in the EMC...
0
 
LVL 7

Expert Comment

by:celazkon
ID: 24861387
Since its the IIS permision issue, if the above doesnt work, I would try to synchronize the internet user password in IIS metabase. This once saved the day for me when dealing with logon issues on IIS server. It was quite a long time ago, but if you have problems with autentication, give it a try.
Hope it helps
0
 
LVL 8

Expert Comment

by:Npatang
ID: 24861431
Also if you have IIS 7.
try Disabling the Kernal mode AUthentication
http://technet.microsoft.com/en-us/library/bb123889.aspx
How to set Authentication in IIS
http://technet.microsoft.com/en-us/library/bb124149.aspx
0
 
LVL 7

Expert Comment

by:celazkon
ID: 24861473
Once dealing with RPC over HTTPS, I found that the username was required to be entered in format:
DOMAN\username

Give it a try, if it doesnt help, found an microsoft article about reseting the password for iwam user:
http://support.microsoft.com/kb/297989/en-us

Also an crazy Microsoft option would be to completely reset the permissions on IIS virtual folders:
http://support.microsoft.com/kb/883380
http://www.msexchange.org/tutorials/Resetting-OWA-Folder-IIS-security-permissions-Exchange-2003.html

Both are for older versions of IIS & Exchange, but if you run virtualized SBS 2008, I would take a snapshot of it and try it.
0
 

Author Comment

by:jbmos2333
ID: 24861521
I changed the IIS authentication back to just Basic.  

I went back into IIS and directly looked at the RPC  virtual directory.  The only things enabled are:

Basic:  Response Type HTTP 401 Challenge
Windows Authentication  Response Type HTTP 401 Challenge

I didn't really see anything in the Exchange rollup 8 patch that dealt with Outlook Anywhere to want to mess with that right now.  I am not getting any errors in any of the event logs.  I mean up until about noon yesterday, this was running fine.

I should have mentioned this in my original post.  Anytime I run a get or set outlookanywhere command I get a warning:

Warning iis://server/domain.local/W3Svc/1/Root/RPC was not found. Make sure you have typed it correctly.
0
 
LVL 13

Expert Comment

by:lastlostlast
ID: 24861597
I asked you to apply rollup up update 8 so that you can disable kernel mode authentication... it get's disabled when we apply the rollup update 8....

or else you can run this command and disable it...
%systemroot%\system32\inetsrv\AppCmd.exe set config /section:system.webServer/security/authentication/windowsAuthentication /useKernelMode:false

Also check this article and disable IPv6 on the server.... http://technet.microsoft.com/en-us/library/cc671176.aspx

Also in the IIS, the RPC authentication should only be "Basic"....
Disable the "Windows Authentication"
In EMC... it should be "Basic" and then run a test at testexchangeconnectivity.com
0
 
LVL 13

Expert Comment

by:lastlostlast
ID: 24861608
also try this command in exchange management shell....
Get-OutlookAnywhere | FL
0
 

Author Comment

by:jbmos2333
ID: 24861667
lastostlast,
In the process of installing the rollup 8 update and then check into IPv6.

FYI: when I run the : Get-OutlookAnywhere | FL

It displays all of the outlook anywhere info, it just gives me that warning first.  I don't know if that is normal or not.

I definitely appreciate the help.
0
 
LVL 13

Expert Comment

by:lastlostlast
ID: 24861726
oh ok...

in the results that you get when u run "get-outlookanywhere -fl".... check for the Metabase path and see what it shows...

ideally it should show "iis://server/domain.local/W3Svc/1/Root/RPC"

0
 

Author Comment

by:jbmos2333
ID: 24861812
Ok the rollup 8 is running now.

Yeah in the metabase path,  it is showing : iis://server/domain.local/W3Svc/1/Root/RPC

It just gives me that warning every time.

0
 
LVL 8

Expert Comment

by:XCHExpert
ID: 24861982
Consider removing RPC components, deleted RPC virtual directories from IIS and installing rpc components again and then disabling Outlook  Anywhere and Enabling Outlook Anywhere again...from Exchange Management Console..
0
 

Author Comment

by:jbmos2333
ID: 24862149
lastlostlast
Ran rollup 8.  IIS only has basic installed.  I still get the same error on the connectivity test.  It only sees NTLM and not basic.

I think I am going to try XCHExperts suggestion of removing and adding back the RPC components as that is what is failing in the test and I get getting the RPC warning when I run the get outlook command, unless you have any other suggestions.  Probably have to wait until this evening since the server will probably need to be restarted a couple times.

Just for kicks i tried connecting again with Outlook 2003 since it doesn't use autodiscover and continue to get the password prompt over and over again.
0
 
LVL 13

Expert Comment

by:lastlostlast
ID: 24862211
ok... also did u check the IPv6?

Disable it if you haven't....
0
 
LVL 8

Expert Comment

by:XCHExpert
ID: 24862212
Yeah...looks like RPC Components itself are not properly installed or IIS is not able to read RPC virtual directory properly from Metabase and so running powershell command for get-outlookanywhere giving a warning....
0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 

Author Comment

by:jbmos2333
ID: 24862473
lastlostlast:
Yeah I read the IPv6 info, apparently if you are running SBS 2008 it doesn't apply.  If you try to remove IPV6 on SBS it pretty much breaks everything.  Someone posted a comment on SBS 2008 at the bottom of the technet article.

I am waiting approval from the client to see if I could do the rpc repair now or if I need to wait until this evening.  I will post updates as soon as I get approval to this.


0
 

Author Comment

by:jbmos2333
ID: 24862513
Just to verify so I don't break anything else.

Can I just delete the RPC virtual directory and then recreate it right in IIS and add the Basic authentication without affecting any other Exchange server process?
0
 
LVL 8

Accepted Solution

by:
XCHExpert earned 500 total points
ID: 24862565
NO.....since RPC virtual directory is associated with RPC comonents it should be created by RPC components only when we install it...:)
0
 

Author Comment

by:jbmos2333
ID: 24862646
good deal..thats what i wanted to verify.  With this being the only client on this system that I have access to I have nothing to compare it against.  Very very weird that it just broke.

Anyway, the client asked me to hold off until this evening.  So i won't have any more updates for a while.
0
 

Author Comment

by:jbmos2333
ID: 24865718
Ok here is where I am at now.  I did a complete uninstall of the RPC components and reinstall and then disabled and re-enabled Outlook anywhere.

I am still getting the RPC/HTTP error on the www.testexchangeconnectivity.com  that the authentication method is NTLM and not basic.  And when I run get-outlookanywhere it is set as basic.

A difference before the reinstall.   The RPC directory was in the SBS Web Applications group.  That is by default on the SBS setup.  And where OWA etc is located.

After the reinstall it put the RPC directories in the default web site which wasn't being used at all.  I assume it needed added to the SBS directory in IIS.  That is where it was before.

I have also stopped getting the warning when i run get-outlookanywhere that RPC directory isn't there.
0
 

Author Comment

by:jbmos2333
ID: 24865751
I wonder if thats the problem, the name RPC is set to the default web site.  But OWA is on the SBS Applications site.   What if I created the RPC directories under the SBS site and was able to change the Name in outlook anywhere to RPC (SBS Web Applications).

I am going to look for a cmdlet to change that setting, if anyones if that might work or what the command would be, I appreciate it.
0
 
LVL 8

Expert Comment

by:XCHExpert
ID: 24868799
IF it gets default install in Default Web site then it may be default behavior then....you can below article to create it in different website

http://blogs.msdn.com/saurabh_singh/archive/2008/08/30/troubleshooting-ts-gateway-connectivity-on-windows-2008-iis-7-0.aspx
0
 
LVL 8

Expert Comment

by:XCHExpert
ID: 24897906
Any update ???
0
 

Author Comment

by:jbmos2333
ID: 24905478
Sorry for the delay.  The entire server just crashed at the end of last week and I had a to do bare metal restore from backup of the entire SBS system and then get everything functioning again.

It was the strangest thing.  System after system just started failing until the server wouldn't even boot up.  Anyway.  The server is up and running and has been stable since Friday.

The only outstanding issue that I have is that Outlook Anywhere is still not working with the same error message from www.testexchangeconnectivity.com as before.  Here is the report:

Copy to Clipboard      Expand/Collapse       
       Testing Outlook Anywhere using the Autodiscover Service to obtain Settings
       Failed to test Outlook Anywhere using the Autodiscover Service to obtain Settings
       Test Steps
              Attempting to test Autodiscover for jbarker@domain.com
       Successfully tested Autodiscover
       Test Steps

       Attempting each method of contacting the AutoDiscover Service
       The AutoDiscover Service was successfully tested.
       Test Steps
              Attempting to test potential AutoDiscover URL https://domain.com/AutoDiscover/AutoDiscover.xml
       Testing AutoDiscover URL succeeded
       Test Steps
              Attempting to Resolve the host name domain.com in DNS.
       Host successfully Resolved
       Additional Details




       Testing TCP Port 443 on host domain.com to ensure it is listening/open.
       The port was opened successfully.

       Testing SSL Certificate for validity.
       The certificate passed all validation requirements.
       Test Steps

       Validating certificate name
       Successfully validated the certificate name
       Additional Details




       Validating certificate trust
       The test passed with some warnings encountered. Please expand additional details.
       Additional Details




       Testing certificate date to ensure validity
       Date Validation passed. The certificate is not expired.
       Additional Details






       Attempting to Retrieve XML AutoDiscover Response from url https://domain.com/AutoDiscover/AutoDiscover.xml for user jbarker@domain.com
       Successfully Retrieved AutoDiscover XML Response
       Additional Details










       Validating Autodiscover Settings for Outlook Anywhere
       Outlook Anywhere Autodiscover Settings validated

       Testing RPC/HTTP connectivity
       RPC/HTTP test failed
       Test Steps
              Attempting to Resolve the host name remote.domain.com in DNS.
       Host successfully Resolved
       Additional Details




       Testing TCP Port 443 on host remote.domain.com to ensure it is listening/open.
       The port was opened successfully.

       Testing SSL Certificate for validity.
       The certificate passed all validation requirements.
       Test Steps
              Validating certificate name
       Successfully validated the certificate name
       Additional Details




       Validating certificate trust
       The test passed with some warnings encountered. Please expand additional details.
       Additional Details
       Only able to build certificate chain when using the Root Certificate Update functionality from Windows Update. Your server may not be properly configured to send down the required intermediate certificates to complete the chain. Consult the certificate installation instructions or FAQ's from your Certificate Authority for more information

       Testing certificate date to ensure validity
       Date Validation passed. The certificate is not expired.
       Additional Details
       Certificate is valid: NotBefore = 5/7/2009 10:26:28 AM, NotAfter = 5/7/2010 10:26:28 AM



       Testing Http Authentication Methods for URL https://remote.domain.com/rpc/rpcproxy.dll
       Http Authentication Test failed
              Tell me more about this issue and how to resolve it


       Additional Details
       Did not find all required authentication methods
Methods Found: NTLM
Methods Required: Basic


I have attached the Get-OutllookAnywhere results.  And as you can see the authentication is set for Basic and not NTLM.




serversettings.jpg
0
 

Author Comment

by:jbmos2333
ID: 24952581
After additional investigation, it appear the issue isn't with OutlookAnywhere so much as something that is wrong with IIS.  Any know of an easy way to set IIS back to default, without losing sharepoiint data?

IIS didn't restore to default like every other program after the bare-bones restore.  The link http://remote.domain.com  quit function and I can't get it back again for what ever reason.
0
 
LVL 7

Expert Comment

by:celazkon
ID: 24955406
Someone dealing with similar IIS reset stuff:
http://www.experts-exchange.com/Software/Server_Software/Web_Servers/Microsoft_IIS/Q_23575987.html

Maybe it can help you a bit.
CLZ
0
 

Author Comment

by:jbmos2333
ID: 24969649
I ended up calling Microsoft.  I have never had to do that before.  I cannot pinpoint exactly one thing that was the issue.  It took 8 hours and 5 techs to get it working again.  Needless to say I did learn this.

Never ever add RPC virtual directories in IIS.  In the SBS 2008 if you run into this issue if you reinstall the RPC roll you must reinstall the TS Gateway role as well.

Now there are several registry edits that they made, they modified several autoconfig files manually.  We reinstalled the SSL Certs etc.

I have now discovered that the Microsoft Exchange Service Host service will not run.  This process deals directly with the RPC over HTTP Autoconfig, so I am in the process of double checking with them to either disable the service as we have manually configured stuff now or if this needs to be resolved.  But we did get Outlook Anywhere to run again  Finally.
0
 

Author Closing Comment

by:jbmos2333
ID: 31603835
I appreciate the help definitely.  While the RPC components weren't the total issue, it was definitely a big part.  And I did learn to never to manually setup RPC virtual directories and point them to the components.
0
 
LVL 8

Expert Comment

by:XCHExpert
ID: 24970440
Good to see that your OL AW is workiing ...
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Local Continuous Replication is a cost effective and quick way of backing up Exchange server data. The following article describes the steps required to configure Local Continuous Replication. Also, the article tells you how to restore from a backup…
Find out what Office 365 Transport Rules are, how they work and their limitations managing Office 365 signatures.
In this video we show how to create a User Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Mailb…
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now