Outlook connection error (0x8004011d)

Hello,

I have a windows 2008 with exchange server 2010. When I am over the office LAN, the outlook works fine. When I am at home and try to connect my outlook to the exchange server, over the internet, i get this message: 0x8004011D The server is not available. Contact your administrator if this condition persists.

I have a Cisco root and I have open ports: 25, 53, 80, 88, 135, 443, 389 TCP/UDP.

PS: My iPhone connects perfect with the server.
aalexandrosAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Rick FeeMessaging Engineer - Disaster Recovery EngineerCommented:
Is Outlook Anywhere configured on Exchange with a public trusted cert?   or is the self-signed cert installed on your workstation that your connecting via outlook.       If a self-signed does it have the same DNS namespace on the cert that owa is setup with?
0
aalexandrosAuthor Commented:
I am a litle confused. What is Outlook anywhere and what I have to do to configure it?

It's not the same when I am on my vlan1 and via internet?
0
aalexandrosAuthor Commented:
I am here again! I have enabled the outlook anywhere from my exchange server (client access tab) and still I can't connect my outlook via internet!
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Rick FeeMessaging Engineer - Disaster Recovery EngineerCommented:
Ok you have Outlook Anywhere now configured on your Exchange server you now need to confgure Outlook for Outlook Anywhere.

In Outlook go into the Account settings to More Settings and click the connection tab...and set your Outlook Anywhere settings like the image I have attached.

Now the DNS namespace for your cert needs to be the same as the DNS...So when you go to OWA?   When you go to OWA do you get warning about insecure site?     If so is the namespace on the cert the same as what your hitting from the internet?    so in this example...mail.domain.com for DNS and the same for the cert?

oa.gif
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
aalexandrosAuthor Commented:
Well, I just made those settings and now I get this warning:


outlook-error.PNG
0
Rick FeeMessaging Engineer - Disaster Recovery EngineerCommented:
Cool you are about there...hit your OWA site and you will see...and depending on the version of IE you will see a Certificate Error to the right of the http address...click on that and at the bottom...view certificate.    Now the issued to:  is that the same as your OWA site?  If so click Install Certificate... then in the wizard select Place all certificates in the flowing store, select Trusted Root Certificate Auth...

Now you should be able to connect...if now you will have to gen a new cert...this is a manual process so you would know if you did it.

creating a selfsigned cert with the public namespace, from the Exchange shell:

New-ExchangeCertificate -SubjectName "c=US,o=Anything,cn=mail.domain.com"

Next command:  Enable-ExchangeCertificate -thumbprint <thumbprintofcert> -services IIS

Now follow the same steps as above about installing the cert on your workstation that your attempting to connect remotely.

If this is just for you that is fine...but for a company you might want to invest in a UC Certificate...with this you don't need to install the cert on each workstation that you want Outlook Anywhere to connect.





0
aalexandrosAuthor Commented:
Right, we have to invest in a UC Certificate, that's real. We are not able to do this for each client!

I received a authontication error. The username and the password, are not the same as OWA?
0
Rick FeeMessaging Engineer - Disaster Recovery EngineerCommented:
So your not getting the proxy error now?     for login the DOMAIN\username     or   username@domain.local    

It will be the same auth because its all tied into AD
0
aalexandrosAuthor Commented:
WOW After outlook's restart, I got this error and I server does not accept my username and password:
error-code-0.PNG
0
Rick FeeMessaging Engineer - Disaster Recovery EngineerCommented:
Either your Exchange cert for OWA is not the same namespace as the public dns or you don't have the cert installed on the workstation.
0
aalexandrosAuthor Commented:
How can I check if I have installed a cert?

I made the procedure and I installed the cert from the IE and now enters to OWA without the warning page. The cert, as far as i can see, is the same as that I have set as server's address in outlook. :(
0
Rick FeeMessaging Engineer - Disaster Recovery EngineerCommented:
When you go to your OWA site...you hit https://webmail.mydomain.com/owa ...  webmail.mydomain.com is the DNS namespace.    Your certificate needs to have this same name space.   If you have not created any selfsigned certs you need to create one.

If you go to your OWA site click on the cert error

Is the Issued To:  the same as your OWA DNS site?    for instant webmail.mydomain.com

Image2.gif
0
aalexandrosAuthor Commented:
My OWA is at server1.mydomain.gr/exchange and the certificate, in the details, appears the server1. This is what i get from certificate details:


certificate.PNG
0
Rick FeeMessaging Engineer - Disaster Recovery EngineerCommented:
Ok you need to create a self-signed certificate with in the exchange shell:
New-ExchangeCertificate -SubjectName  "c=US,o=Anything,cn=server1.mydomain.gr"

it should display the new generated thumbprint...if not you can do get-exchangecertificate and it will appear

Next command: Enable-ExchangeCertificate -thumbprint  <thumbprintofcert> -services IIS

Now go to OWA and you the Issued to should be server1.mydomain.gr...now install this cert and Outlook Anywhere should work.
0
aalexandrosAuthor Commented:
At the second command, I have to type it exactly as <thumbprintofcert> or i have to inser a value? If yes, what value?

Whit the first command, I got a new thumbprint and appears the thumbprint, services and subject.
0
Rick FeeMessaging Engineer - Disaster Recovery EngineerCommented:
No you have to insert the thumbprint of the cert you created

If you run Get-ExchangeCertificate you should see the thumbprint for this cert...example of a thumbprint:

DD5AE4BEAA18E1D5CD28B0DC2B4B2BD3C5B35B39  example:

Enable-ExchangeCertificate  -thumbprint  DD5AE4BEAA18E1D5CD28B0DC2B4B2BD3C5B35B39
 -services IIS
0
aalexandrosAuthor Commented:
Yes, now the Issued is server1.mydomain.gr and I installed the certificate successfully!

When I open the outlook, i get again the error code 0. :(

(I have no changed something, again, in the outlook's settings)
0
Rick FeeMessaging Engineer - Disaster Recovery EngineerCommented:
ok it sounds like you have exchabge setup with a good cert...you have installed this cert on the workstation that your attemoting to connect to outlook.    In outlook you have setup proxy settings in outlook
0
Rick FeeMessaging Engineer - Disaster Recovery EngineerCommented:
My guess is this error 0 is indicating a problem with the certificate now...is this what you get:

There is a problem with the proxy server's security certificate.
 The name on the security certificate is invalid or does not match the  name  of the target site server1.mydomain.gr.
 
 Outlook is unable to connect to the proxy server. (Error Code 0)
0
Rick FeeMessaging Engineer - Disaster Recovery EngineerCommented:
Ugh and I forgot about the Exchange Remote Connectivity Analyzer https://www.testexchangeconnectivity.com/ 

Use this site to test your config...under Microsoft Office Outlook Connectivity Tests, select Outlook Anywhere...(RPC over HTTPS)     Let me know what you get.
0
aalexandrosAuthor Commented:
a) Yes, that's the message that you placed on your previous post!

There is a problem with the proxy server's security certificate.
The name on the security certificate is invalid or does not match the  name  of the target site server1.mydomain.gr.

Outlook is unable to connect to the proxy server. (Error Code 0)


b) Here are the results from the test:
connectivity-test--1-.PNG
connectivity-test--2-.PNG
connectivity-test--3-.PNG
0
Rick FeeMessaging Engineer - Disaster Recovery EngineerCommented:
In your outlook anywhere setup on Exchange Outlook Anywhere setup do you have it set with server1.scientiaconsulting.gr as an address?
0
aalexandrosAuthor Commented:
Exactly!
0
Rick FeeMessaging Engineer - Disaster Recovery EngineerCommented:
When you go to https://server1.scientiaconsulting.gr/owa  do you get the error Problem with the sites security certificate?   or does it go right to web app with the padlock image?  





Image2.gif
Image4.gif
0
aalexandrosAuthor Commented:
It go right to the second image, without error page!
0
aalexandrosAuthor Commented:
If you want, I can create an account for you, just to make sure what I said! :)
0
Rick FeeMessaging Engineer - Disaster Recovery EngineerCommented:
Can you take a screen shot  in Outlook your Microsoft  Exchange Proxy Settings, which is connection tab.    I want to say a look at those settings.   If still a no go I would say recreate the cert.          
0
aalexandrosAuthor Commented:
Sure, here are the settings:


outlook-anywhere-settings.PNG
0
Rick FeeMessaging Engineer - Disaster Recovery EngineerCommented:
I see you issue!    Look at msstd:    you have gt not gr
0
aalexandrosAuthor Commented:
Sorry for my late response. This is not a real error, cause I deleted my exchange account from the outlook and created again, 5 min before the screenshot, just to make sure that is not working. So, I had the correct settings.

Once again, I made the correct settings and I can't login. Look at the photo:

outlook-anywhere-settings.PNG
0
Rick FeeMessaging Engineer - Disaster Recovery EngineerCommented:
Change the Proxy Auth to Basic
0
aalexandrosAuthor Commented:
Done, nothing again! Have I to create a new cert?
0
Rick FeeMessaging Engineer - Disaster Recovery EngineerCommented:
well darn...odd odd...look if you want to create a test account so I can try feel free.    Send me the info to rfee@rickfee.com    I will then post here what I found
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Outlook

From novice to tech pro — start learning today.