Outlook Anywhere, works with iphone but not outlook 2007

David
David used Ask the Experts™
on
Hi All

Ok ive finally got round to setting up outlook anywhere on my exchange 2007, we are not using a ISA server, i have installed a SSL certificate with multiple aliases.

Ive managed to add the exchange email account to my iphone and my apple mail client "microsoft entourage" but i cant seem to get it working on apples mail software or any of the microsoft email software like outlook 2007 and i dont know why or where to start?

Why will it work on one and not the other with the same login details?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

Commented:
Do you have the RPC over HTTP proxy installed and running?  Without this, your Outlook Web Access and WebDAV apps like Entourage and Activesync (Windows Mobile devices & iPhones) will work just fine, but Outlook configured for RPC/HTTPS will not.   Apple's mail software doesn't support it at all, so you'll need to use Entourage in this case.  Apple mail will use POP3 or IMAP4, and that's a totally different question.

Does Outlook configured using standard MAPI profile work, when either connected via VPN or when behind the same firewall?

Here is your Outlook config doc: http://technet.microsoft.com/en-us/library/cc179036.aspx
You can use the RPC ping util to test, also: http://support.microsoft.com/kb/831051


Author

Commented:
I thought entourage and iphone used the RPC/HTTPS?

I have setup on the exchange server outlook anywhere on basic authentication and i have also installed the RPC component

So looking at them links the configuration of the outlook client looks good but it wont connect, should i try swapping both exchnage server and the outlook client from basic authentication to NTLM?

And with the RCP ping is this a utility that has to be run from a local server? Or is it something i can run from a external XP machine? Whats the main command i should run?
Expert of the Quarter 2009
Expert of the Year 2009

Commented:
The iPhone does not use Outlook Anywhere - it uses Exchange ActiveSync like Windows Mobile devices.
Entourage doesn't use Outlook Anywhere (aka RPC over HTTPS) either. That is exclusive to Outlook.

Create a test account on the server and then use the Microsoft test site to confirm if things work correctly:
https://testexchangeconnectivity.com/

Simon.
Success in ‘20 With a Profitable Pricing Strategy

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Author

Commented:
Thats a handy site, but it tells me autodiscovery failed, which to be honest im a little confused by

I have contacted my ISP to add a A record for the mail.mydomain.com to point to a public IP address which is NATted to our internal exchange IP address. So why doesnt autodiscovery work?

Our ISP is strict with its firewall rules as we are a school could we need more ports opened?
Expert of the Quarter 2009
Expert of the Year 2009

Commented:
You do not need more ports, you just need to resolve autodiscover issues.
You should have autodiscover.example.com pointing to your Exchange server, furthermore the SSL certificate should be a SAN/UC type with autodiscover.example.com set as one of the additional names.
Autodiscover is not an optional feature as it is used by Outlook 2007 for configuration and day to day use as it is connected with the availability service as well.

Simon.

Author

Commented:
Ok i will get the autodiscover.mydomain.com added to the cert and get the ISP to point autodiscover.mydomain to my exchange server

Are we saying a new sub domain called autodiscover or just a A record under mydomain.com called autodiscover?
Expert of the Quarter 2009
Expert of the Year 2009

Commented:
Whatever the domain host calls it - basically autodiscover.example.com needs to resolve to the Exchange server's external IP address.

Simon.

Author

Commented:
Ok thanks i will get the ISP to set that up and hopefully it will be ready to test again tomorrow sometime, so hopefully i will have more info then

Author

Commented:
Ok now the autodiscover is setup the test runs and pass all but one test (any ideas?)

      Testing NSPI Interface on Exchange Mailbox Server
       An error occured while testing the NSPI Interface.
      Test Steps
       
      Attempting to ping RPC Endpoint 6004 (NSPI Proxy Interface) on server myserver.mydomain
       Pinged Endpoint successfully
      Additional Details
        RPC Status Ok (0) returned in 688 ms.
      Testing NSPI "Check Name" for user jaadam06@mydomain.com against server myserver.mydomain
       An error occured while attempting to resolve the name
      Additional Details
        An unexpected error was returned from NspiResolveNames. Exception Details:
Message: NspiResolveNamesW failed with status code -2147220475
Type: RpcPingLib.NspiResolveNamesException
Stack Trace:
at RpcPingLib.RpcPing.CheckName(String argInternalServerFqdn, String endpoint, String nameToCheck)
at RpcPingLib.RpcPing.CheckName(String argInternalServerFqdn, String nameToCheck)
at Microsoft.Exchange.Tools.ExRca.Tests.OLACheckNameTest.PerformTestReally()
Expert of the Quarter 2009
Expert of the Year 2009

Commented:
That usually means either Outlook Anywhere isn't enabled, the RPC Proxy isn't installed or something else has gone wrong.
With Exchange 2007 Outlook Anywhere configures itself, no hacking around with the registry - you just have to enable it.

Is the server also a domain controller, or is there a separate domain controller?

Simon.

Author

Commented:
Hmmm

Well outlook anywhere is enabled and RPC is installed so i dont know???

The exchange server is seperate from the 2 DCs we have


Expert of the Quarter 2009
Expert of the Year 2009

Commented:
In that case I would disable Outlook Anywhere in Exchange 2007.
Then go in to Windows Components and remove the RPC Proxy.
In IIS manager remove the two RPC virtual directories.
Then run IISRESET from a command prompt to write the change to the IIS metabase.

Then reinstall RPC Proxy through Windows Components and enable the feature in Exchange. Wait at least 15 minutes before testing again.

Simon.

Author

Commented:
Ok ive just performed the changes you suggested and now just waiting the 15 minutes

Ive noticed the directory security on the Rpc virtual directory is set to "Enable anonymouse access", should i change this and enable basic authentication?
Expert of the Quarter 2009
Expert of the Year 2009

Commented:
That would cause a problem.
RPC should only have basic and sometimes integrated authentication enabled.

Simon.

Author

Commented:
Ok well on that site all the tests pass but the strange thing is im still struggling to get outlook 2007 working externally?

Any ideas?

Author

Commented:
Ok ive got it working by doing the following, but im not really happy with this setup

I changed the setting from basic to NTLM authentication on outlook anywhere
then chanegd the security settings on the RPC and RPCcert folder so basic was unticked and windows authentication was ticked

Now on outlook 2007 i manually setup the exchange account by doing the following
in the server name i put the local server name (servername.local)
ive then gone into more settings and connections tab and configured exchange proxy settings filling all and selecting ntlm the address is mail.mydomain.com and msstd:mail.mydomain.com

i then ok and click check name, a pop up box appears and i have to type in my username as (localdomain\username)

It then loads and works but what im not happy with is the fact the servername is the local name and the username has to include the localdomain can this be changed?
Expert of the Quarter 2009
Expert of the Year 2009

Commented:
All you have done is change the authentication method. This can be changed in Exchange 2007 as well and then autodiscover would use that information to configure the clients.

However if the client machine is not a member of the domain then you will get an authentication prompt. Outlook needs to authenticate against the domain - if pass through authentication (NTLM/Integrated) fails for some reason then you will get a prompt.

However basic authentication should always work.

Simon.

Author

Commented:
Ok so what your saying is i have to use the domainlocal\ in the username

What about the server name, is that something i can change without breaking email setup on all the staff?
Expert of the Quarter 2009
Expert of the Year 2009

Commented:
You cannot change the local server name that is entered in to the first box in Outlook, because that is where your mailbox is stored. The only way to change it would be to rename the server, which would mean removing Exchange completely, and if your domain is domain.local, renaming the domain as well.

Simon.

Author

Commented:
ok thanks

i was just aways under the assumption that the address you put in the outlook anywhere settings was the address that would go into the first box i outlook
Expert of the Quarter 2009
Expert of the Year 2009
Commented:
No. It is a mistake that many people make, and then wonder why it fails to work. Outlook Anywhere is an additional connection method - effectively a proxy to your mailbox. Therefore it is an additional setting, not a replacement.

If your Exchange 2007 server is setup correctly with Autodiscover working then you wouldn't even see any of the settings as it would be configured automatically.

Simon.

Author

Commented:
Well thanks for your guidance you got me throught this one and cleared up a few miss understandings

Thanks

David

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial